GDPR Compliance Notice
This Privacy Policy complies with the EU General Data Protection Regulation (GDPR). As a data subject, you have specific rights regarding your personal data. You can exercise these rights by contacting our Data Protection Officer using the information provided below.
1. DATA CONTROLLER
The data controller for your personal information is:
VALAR SPACE S.L.
2. INFORMATION WE COLLECT
Personal Information You Provide
We collect personal information that you provide directly to us, including:
- Contact Information: Name, email address, phone number, company name, job title
- Account Information: Username, password, profile information
- Communication Data: Messages, feedback, support requests, survey responses
- Marketing Preferences: Newsletter subscriptions, communication preferences
- Transaction Data: Billing information, payment details (processed by third-party providers)
Automatically Collected Information
When you visit our website, we automatically collect certain information:
- Technical Data: IP address, browser type, device information, operating system
- Usage Data: Pages visited, time spent, click patterns, referral sources
- Cookies and Tracking: See our Cookie Policy for details
- Location Data: General geographic location based on IP address
3. LEGAL BASIS FOR PROCESSING
Under GDPR, we process your personal data based on the following legal grounds:
- Consent: For marketing communications, cookies (except necessary ones), and optional features
- Contract Performance: To provide our services, process transactions, and fulfill agreements
- Legitimate Interest: For analytics, security, fraud prevention, and business operations
- Legal Obligation: To comply with applicable laws and regulations
- Vital Interest: To protect health, safety, or security when necessary
4. HOW WE USE YOUR INFORMATION
We use your personal information for the following purposes:
Service Provision
- Provide, maintain, and improve our flight dynamics platform
- Process transactions and manage your account
- Provide customer support and respond to inquiries
- Send service-related communications and updates
Business Operations
- Analyze usage patterns and improve our services
- Conduct research and development
- Ensure security and prevent fraud
- Comply with legal obligations
Marketing and Communications
- Send newsletters and product updates (with consent)
- Provide relevant content and recommendations
- Conduct surveys and gather feedback
- Deliver targeted advertising (with consent)
5. DATA SHARING AND DISCLOSURE
We may share your personal information in the following circumstances:
Service Providers
We work with trusted third-party service providers who process data on our behalf:
- Cloud Infrastructure: Vercel, AWS (data hosting and processing)
- Analytics: Google Analytics (website analytics)
- Email Services: Resend (transactional and marketing emails)
- Customer Support: Support ticket management systems
- Payment Processing: Stripe, PayPal (payment processing)
Legal Requirements
We may disclose your information when required by law or to:
- Comply with legal obligations or court orders
- Protect our rights, property, or safety
- Investigate fraud or security issues
- Enforce our terms of service
6. INTERNATIONAL DATA TRANSFERS
Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). When we transfer data internationally, we ensure appropriate safeguards are in place:
- Adequacy Decisions: Transfers to countries with adequate data protection
- Standard Contractual Clauses: EU-approved contracts with data processors
- Certification Schemes: Providers certified under recognized frameworks
- Binding Corporate Rules: For transfers within multinational organizations
7. DATA RETENTION
We retain your personal data only as long as necessary for the purposes outlined in this policy:
- Account Data: Until account deletion or 3 years after last activity
- Transaction Records: 7 years for accounting and tax purposes
- Marketing Data: Until consent is withdrawn
- Analytics Data: 26 months (Google Analytics default)
- Support Communications: 3 years after case closure
- Legal Hold: Extended retention when required by law
8. YOUR RIGHTS UNDER GDPR
As a data subject under GDPR, you have the following rights:
Right of Access (Article 15)
Request a copy of your personal data and information about how it's processed.
Right to Rectification (Article 16)
Correct inaccurate or incomplete personal data.
Right to Erasure (Article 17)
Request deletion of your personal data under certain circumstances.
Right to Restrict Processing (Article 18)
Limit how we process your personal data in specific situations.
Right to Data Portability (Article 20)
Receive your data in a machine-readable format or transfer it to another service.
Right to Object (Article 21)
Object to processing based on legitimate interests or for direct marketing.
How to Exercise Your Rights
You can exercise your rights by:
- Emailing our Data Protection Officer at privacy@valar.space
- Calling us at +34 650 860 938
- Writing to us at the address provided above
Response Time: We will respond to your request within 30 days. In complex cases, we may extend this by an additional 60 days and will inform you of any delay.
9. DATA SECURITY
We implement appropriate technical and organizational measures to protect your personal data:
Technical Safeguards
- Encryption in transit (TLS 1.3) and at rest (AES-256)
- Regular security assessments and penetration testing
- Secure development practices and code reviews
- Multi-factor authentication for administrative access
- Regular security updates and patch management
Organizational Measures
- Data protection training for all employees
- Access controls and principle of least privilege
- Data processing agreements with all vendors
- Incident response and breach notification procedures
- Regular privacy impact assessments
10. COOKIES AND TRACKING
We use cookies and similar technologies to enhance your experience. For detailed information about our use of cookies, please see our Cookie Policy.
You can manage your cookie preferences through our cookie consent banner that appears when you first visit our website.
11. CHILDREN'S PRIVACY
Our services are not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.
12. DATA BREACH NOTIFICATION
In the event of a data breach that poses a risk to your rights and freedoms, we will:
- Notify the relevant supervisory authority within 72 hours
- Inform affected individuals without undue delay if there is a high risk
- Provide clear information about the nature of the breach
- Describe the measures taken to address the breach
- Offer guidance on steps you can take to protect yourself
13. SUPERVISORY AUTHORITY
You have the right to lodge a complaint with a supervisory authority if you believe we have not complied with GDPR. The lead supervisory authority for Valar Space S.L. is:
Agencia Española de Protección de Datos (AEPD)
C/ Jorge Juan, 6, 28001 Madrid, Spain
Phone: +34 901 100 099
Website: www.aepd.es
14. CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
- Update the "Last updated" date at the top of this policy
- Notify you via email if you have an account with us
- Display a prominent notice on our website
- For significant changes, obtain your consent where required by law
15. CONTACT INFORMATION
If you have any questions about this Privacy Policy or our data practices, please contact us:
