Privacy Policy

Last updated: 28 September 2025

1. Data Controller

  • - Holder: Maria Gutierrez Maroto
  • - NIF: 48074995G
  • - Contact email: [email protected]
  • - Website: https://mariagm.com

This Policy explains how I process your personal data when you contact me, browse the website, or hire my design services. The information required by GDPR must be provided at the time of data collection.

2. Data I process and how I obtain it

  • - Contact form / email: name, email, phone (optional), message and minimal technical metadata.
  • - Web navigation: technical and analytical data (e.g., abbreviated/anonymized IP, device, language, referral URL) through cookies or similar technologies (see Cookie Policy).
  • - Proposals and contracting: identifying, billing and communication data necessary to prepare quotes and execute the service.

3. Purposes and legal bases

  • - Attending inquiries and requests (form or email). Basis: your consent and/or pre-contractual measures at the request of the data subject.
  • - Service provision and billing. Basis: execution of a contract and legal obligations (fiscal).
  • - Site improvement and statistics (analytics with cookies). Basis: consent (granted through the cookie banner).
  • - Site security (antibot/antifraud) through services like reCAPTCHA. Basis: legitimate interest in protecting the site, and/or consent if the tool requires it.

The bases and information duties comply with GDPR arts. 6 and 13 and LOPDGDD 3/2018.

4. Data retention

  • - Commercial inquiries: up to 12 months or while the commercial conversation lasts.
  • - Contractual and billing documentation: 6 years (commercial/fiscal obligations).
  • - Cookies: according to their type/purpose (see table in Cookie Policy).

The periods are limited to the minimum necessary according to regulations.

5. Recipients

  • - Technology providers (data processors) such as hosting, email, analytics, spam/bot protection and anonymous session recording to improve UX.
  • - Third parties when there is a legal obligation (e.g., tax administration).

In case of cookies/third-party services, the extended information is in the Cookie Policy and in each third party's policies (Google, Microsoft, etc.). The AEPD requires specific transparency in the use of cookies.

6. International transfers

When providers are outside the EEA (e.g., USA), appropriate safeguards (standard contractual clauses, additional measures) will be used whenever applicable.

7. User rights

You can exercise access, rectification, erasure, objection, restriction, portability and withdrawal of consent at any time by writing to [email protected]. You have the right to complain to the AEPD if you consider that I have not properly attended to your request. The GDPR requires that information be provided in writing, including by electronic means.

8. Security

I apply appropriate technical and organizational measures to protect data against loss, misuse, unauthorized access or disclosure.

9. Policy changes

I may update this Policy to reflect legal or technical changes. I will publish the current version with the date of last update.