Privacy Policy

We take the protection of your personal data seriously.

A few important points up front:

  • We do not set tracking cookies
  • We do not use advertising or remarketing
  • We do not share your data with third parties for marketing purposes

General Scope of Data Processing

Data protection is of high importance to us. We comply with the EU General Data Protection Regulation (GDPR), the Spanish Organic Law on Data Protection and Guarantee of Digital Rights (LOPDGDD) and other applicable data protection laws. We collect, process and use personal data only insofar as this is necessary for the provision of a functional website and to fulfil our services.

You can generally visit our website without providing personal information. Personal data is only collected and used to the extent necessary to provide a functional website and our content and services.

For security reasons, this website uses TLS/SSL encryption for all incoming and outgoing data traffic. You can recognise the encryption by the padlock symbol in your browser's address bar and the use of «https://».

Data Controller

The controller within the meaning of GDPR is:

Tojo Dynamics S.L.

, España

Tax ID (CIF): B-27595826

Email: info@tojodynamics.es

Definitions

The terms used in this privacy policy correspond to those of Article 4 GDPR. In particular:

  • Personal data — any information relating to an identified or identifiable natural person.
  • Processing — any operation performed on personal data, such as collection, recording, storage, use, disclosure or erasure.
  • Controller — the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.
  • Processor — a natural or legal person which processes personal data on behalf of the controller (e.g. our hosting provider).
  • Consent — any freely given, specific, informed and unambiguous indication of the data subject's wishes by which they signify agreement to the processing.

Legal Bases for Processing

Depending on the type of processing, one of the following legal bases under Article 6(1) GDPR applies:

  • Art. 6(1)(a) — your explicit consent (e.g. for optional features)
  • Art. 6(1)(b) — performance of a contract or pre-contractual measures (e.g. response to your enquiry via the contact form)
  • Art. 6(1)(c) — compliance with a legal obligation we are subject to
  • Art. 6(1)(f) — legitimate interests, where these are not overridden by your rights and freedoms (e.g. server log files for security, aggregated analytics)

We do not carry out automated decision-making or profiling within the meaning of Art. 22 GDPR with your personal data.

Data Retention and Erasure

We store your personal data only as long as necessary for the purpose for which it was collected, or as required by law. Specifically:

  • Contact form submissions: until your enquiry has been fully resolved. Records may be retained for up to the limitation period for personal actions (5 years under Art. 1964 of the Spanish Código Civil) where needed to defend against legal claims, then deleted or anonymised.
  • Web analytics raw data: automatically deleted after 90 days. Anonymised, aggregated daily statistics may be retained longer.
  • Server log files: typically deleted after 14 days unless required for security investigation.

You can request the early deletion of your data at any time.

Server Log Files

Each time you access our website, our web server automatically records the following technical data:

  • Browser name and version
  • Operating system
  • IP address
  • Date and time of access
  • Referring URL (page you came from)
  • Name and URL of the file requested

This data is stored temporarily in log files. It is not combined with other personal data and cannot be associated with a specific person. We use it solely for technical statistics, website optimisation and the security of our IT systems. Legal basis: Art. 6(1)(f) GDPR — legitimate interest in operating a stable and secure website.

Cookies

This website uses only strictly necessary technical cookies:

  • csrftoken — protects forms against Cross-Site Request Forgery attacks
  • sessionid — required for the administration login (only set if you log in)
  • django_language — remembers your selected interface language (only set if you actively switch language)

We do not use tracking cookies, analytics cookies or advertising cookies. Pursuant to Article 22.2 LSSI-CE, technical cookies that are strictly necessary for the operation of the service do not require consent.

Web Analytics

We use a cookie-free, privacy-by-design analytics system to measure reach. Your IP address is not stored or shared, and visitors cannot be recognised across days or websites.

Analytics data is automatically deleted after 90 days. Legal basis: Art. 6(1)(f) GDPR — our legitimate interest in understanding how the site is used.

Contact Form and Email Contact

If you use our contact form, the data you enter (name, email address, company, subject, message) will be transmitted to us and stored. We do not collect IP addresses or browser fingerprints at submission time.

Legal basis: Art. 6(1)(b) GDPR if the enquiry aims at the conclusion of a contract; otherwise Art. 6(1)(f) GDPR — legitimate interest in answering your enquiry. Your data will not be passed to third parties.

The data is erased as soon as it is no longer required for the purpose of its collection — generally when the corresponding conversation with you has ended, unless commercial or tax retention obligations require longer storage.

Recipients and Data Processors

We do not transfer your personal data to third parties except where legally required. To operate the website we rely on the following processors, with whom data processing agreements (DPAs) pursuant to Art. 28 GDPR are in place:

Processor Purpose Location
Strato Website hosting Germany
Email recipient (info@tojodynamics.es) Receiving contact form notifications Depends on the email provider — typically EU

No data is transferred outside the European Economic Area (EEA). If this changes, this Privacy Policy will be updated accordingly and the legal safeguards (Standard Contractual Clauses or adequacy decisions) will be disclosed.

Your Rights as a Data Subject

Under GDPR you have the following rights with respect to your personal data:

  • Right of access (Art. 15) — to obtain confirmation as to whether and what personal data we process about you.
  • Right to rectification (Art. 16) — to have inaccurate data corrected without delay.
  • Right to erasure (Art. 17) — to have your data deleted («right to be forgotten»).
  • Right to restriction (Art. 18) — to restrict the processing of your data.
  • Right to data portability (Art. 20) — to receive your data in a structured, machine-readable format.
  • Right to object (Art. 21) — to object to processing based on Art. 6(1)(e) or (f) GDPR at any time.
  • Right to withdraw consent (Art. 7(3)) — to withdraw consent at any time with effect for the future.

To exercise any of these rights, please contact us using the addresses provided below.

Right to Lodge a Complaint

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement.

The competent supervisory authority in Spain is:

Agencia Española de Protección de Datos (AEPD)

C/ Jorge Juan, 6
28001 Madrid, España

www.aepd.es

Data Protection Enquiries

For any questions about this Privacy Policy or to exercise your rights, please contact us at:

Tojo Dynamics S.L.

Email: info@tojodynamics.es

Links to Third-Party Websites

Our website may contain links to other websites whose content we do not control. We assume no responsibility for the content of linked pages. At the time of linking, the linked pages were checked for possible legal violations. We are only responsible for third-party content if we have positive knowledge of it and it is technically possible and reasonable to prevent its use.

Security Measures

We apply appropriate technical and organisational measures pursuant to Art. 32 GDPR to ensure a level of security appropriate to the risk, including encryption in transit (HTTPS/TLS), access controls, hardened security headers (HSTS, X-Frame-Options, secure cookies in production) and regular dependency updates.

Minors

This website is not directed at persons under 14 years of age, and we do not knowingly collect personal data from minors (Art. 7 LOPDGDD). If we become aware that data of a minor has been submitted, it will be deleted without delay.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal or regulatory reasons. Changes will be announced by updating the date below.

Last updated: 2026-05-18

Legal Notice Contact Us