Privacy Policy

In accordance with the General Data Protection Regulation (GDPR) - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 - and Spain's Organic Law 3/2018, of December 5, on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD), the following information is provided about the data controller: Data Controller: Liliya Yakhneva Contact email: [INSERT EMAIL] Location: Barcelona, Spain Website: appliedstuff.com The Owner is responsible for the processing of your personal data collected through this website.

We collect personal data only when you voluntarily provide it through the following forms on our website: Newsletter subscription: - Email address (required) - First name (optional) - Phone number (optional) Contact form: - Name (required) - Email address (required) - Subject (required) - Message (required) Lead magnet downloads: - Name (required) - Email address (required) - Phone number (required - to deliver content updates and resources via direct communication channels) We do not collect special categories of personal data as defined in Article 9 of the GDPR, including data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data, or data concerning sexual orientation. Automatically collected data: Our hosting provider Vercel may automatically collect certain technical data for security and performance purposes, including IP address, browser type, operating system, referring URL, pages visited, and date/time of access. This data is collected by the hosting infrastructure and is not used by us for identification purposes.

We process your personal data based on the following legal grounds under the GDPR: Consent (Article 6.1.a GDPR): When you subscribe to our newsletter, submit a contact form, or download resources, you provide your explicit consent by actively checking the consent checkbox. You may withdraw your consent at any time without affecting the lawfulness of processing carried out prior to withdrawal. Legitimate Interest (Article 6.1.f GDPR): For website security, fraud prevention, and maintaining the proper functioning of our website and systems. We never process personal data without a valid legal basis.

Your personal data is processed exclusively for the following purposes: - To send our newsletter with content updates (only if you have explicitly subscribed) - To respond to inquiries submitted through the contact form - To deliver requested lead magnets and resources - To maintain the security and proper functioning of the website - To analyze website usage in aggregate form (only with your analytics cookie consent) We will never use your personal data for purposes other than those described above without obtaining your prior consent.

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected: - Newsletter subscribers: Your data is retained until you unsubscribe. After unsubscription, your data will be permanently deleted within 30 days. - Contact form submissions: Your data is retained for 12 months after the inquiry has been resolved, after which it is permanently deleted. - Lead magnet downloads: If you opted in to the newsletter, your data is retained under the newsletter policy. Otherwise, your data is retained for 12 months and then permanently deleted. - Server logs: Technical access logs are retained for 90 days. After the applicable retention period, all personal data is permanently deleted from our systems and those of our data processors.

We may share your personal data with the following third-party service providers who act as data processors on our behalf: Vercel Inc (United States) - Purpose: Website hosting and content delivery - Data processed: IP addresses, technical access data - Safeguards: EU Standard Contractual Clauses (SCCs) - Privacy policy: https://vercel.com/legal/privacy-policy Resend (United States) [when activated] - Purpose: Transactional email delivery (newsletter, confirmations) - Data processed: Email address, name - Safeguards: EU Standard Contractual Clauses (SCCs) - Privacy policy: https://resend.com/legal/privacy-policy Crisp (France) [when activated] - Purpose: Live chat support - Data processed: Chat messages, email if provided, IP address - Safeguards: Data stored within the EU - Privacy policy: https://crisp.chat/en/privacy/ Brevo, formerly Sendinblue (France) [when activated] - Purpose: Newsletter email campaigns, CRM, contact management, email automation - Data processed: Email address, name, phone number if provided, subscription preferences, email engagement data - Safeguards: Data stored in the EU (France), fully GDPR compliant and certified. Data Processing Agreement available from Brevo. - Privacy policy: https://www.brevo.com/legal/privacypolicy/ Plausible Analytics (EU) [when activated] - Purpose: Privacy-friendly website analytics - Data processed: Aggregated anonymous usage data only. Plausible does not use cookies, does not collect personal data, and does not track individual visitors. - Safeguards: Data processed and stored within the EU - Privacy policy: https://plausible.io/privacy Note about fonts: This website uses Google Fonts (Playfair Display and Inter) self-hosted through Next.js at build time. All font files are served from our own servers. No requests are made to Google servers, and no data is shared with Google. We do not sell, trade, or rent your personal data to any third party. For any transfers of personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, including EU Standard Contractual Clauses, in compliance with GDPR Chapter V.

Under the GDPR, you have the following rights regarding your personal data: - Right of access (Article 15 GDPR): You have the right to obtain confirmation as to whether your personal data is being processed and to access that data. - Right to rectification (Article 16 GDPR): You have the right to request the correction of inaccurate personal data. - Right to erasure (Article 17 GDPR): You have the right to request the deletion of your personal data when it is no longer necessary for the purpose for which it was collected. - Right to restriction of processing (Article 18 GDPR): You have the right to request the restriction of processing of your personal data under certain circumstances. - Right to data portability (Article 20 GDPR): You have the right to receive your personal data in a structured, commonly used, and machine-readable format. - Right to object (Article 21 GDPR): You have the right to object to the processing of your personal data based on legitimate interest. - Right to withdraw consent: You may withdraw your consent at any time without affecting the lawfulness of processing carried out prior to withdrawal. - Right to lodge a complaint: You have the right to lodge a complaint with the Spanish Data Protection Agency (Agencia Espanola de Proteccion de Datos - AEPD) at www.aepd.es. To exercise any of these rights, please contact us at [INSERT EMAIL]. We will respond to your request within 30 days. We may need to verify your identity before processing your request.

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction: - SSL/TLS encryption for all data transmitted between your browser and our website - API keys stored server-side in environment variables, never exposed to the browser - Server-side form processing through secure API routes - Regular security review of our systems and processes - Access to personal data limited to the data controller only - Use of GDPR-compliant third-party data processors with appropriate data processing agreements While we take all reasonable precautions to protect your data, no method of transmission over the Internet or method of electronic storage is 100% secure.

This website uses cookies. For detailed information about the cookies we use, their purposes, and how to manage your preferences, please refer to our Cookie Policy. You can manage your cookie preferences at any time through the cookie consent banner that appears when you first visit the website, or through the cookie settings link in the website footer.

The Business X-Ray is a free interactive diagnostic tool offered on this website. It asks approximately 160 questions about how your business operates and generates a personalized report based on your answers. Data stored: When you use the Business X-Ray, the following data is saved locally in your web browser using localStorage technology: - Your answers to diagnostic questions, stored as anonymous question-identifier-to-letter pairs (for example, "4_3": "b"). No free-text input is collected. - The date and time you started the diagnostic - The date and time of your most recent activity - Your language preference (English or Spanish) - Your current position in the diagnostic (the page you last visited) Where your data is stored: All Business X-Ray data is stored exclusively in your browser's local storage on your own device. It is never transmitted to any server controlled by us or by any third party. The diagnostic makes zero network calls with your data. The data cannot be accessed by us, and we have no ability to retrieve, view, or process it. Legal basis: This storage is necessary for the performance of the service you have requested (Article 6.1.b GDPR). You choose to use the diagnostic, and the local storage is essential for the tool to function, for you to resume your progress, and for you to view your results. No consent is required for storage that is strictly necessary to provide a service explicitly requested by the user (Article 22.2 LSSI-CE). Retention: Your Business X-Ray data is automatically discarded by the application after 7 days of inactivity, measured from your most recent interaction with the diagnostic. After this period, the data is deleted from your browser on your next visit to the site. You do not need to take any action for this to happen. Your rights and how to exercise them: Although this data is stored on your own device and is not accessible to us, you retain full control over it. You can: - Delete your data instantly using the "Delete my X-Ray data from this device" link on the Results page of the diagnostic - Delete it manually by clearing your browser's site data for appliedstuff.com - Wait 7 days from your last interaction for automatic deletion Under the GDPR, you also have the right of access (Article 15), rectification (Article 16), erasure (Article 17), restriction of processing (Article 18), data portability (Article 20), and the right to object (Article 21). Because this data exists only on your device, you exercise these rights directly through your browser. If you have questions about your data protection rights in relation to this tool, contact us at [INSERT EMAIL]. If you believe that your rights have been violated, you have the right to lodge a complaint with the Spanish Data Protection Agency (Agencia Espanola de Proteccion de Datos - AEPD) at www.aepd.es.

This website is not directed at individuals under the age of 16. We do not knowingly collect personal data from children under 16 years of age. If we discover that we have inadvertently collected personal data from a child under 16, we will take immediate steps to delete that data from our systems. If you are a parent or guardian and believe that your child has provided personal data through this website, please contact us at [INSERT EMAIL] so that we can take appropriate action.

We reserve the right to update this Privacy Policy at any time. Any changes will be published on this page with an updated date. In the event of significant changes to this policy, we will make reasonable efforts to notify you via the website or by email to subscribers. Continued use of the website after modifications constitutes acceptance of the updated Privacy Policy.

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, you can contact us at: Email: [INSERT EMAIL] Location: Barcelona, Spain If you are not satisfied with our response or believe that your data protection rights have been violated, you have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD): Agencia Espanola de Proteccion de Datos (AEPD) Website: www.aepd.es Address: C/ Jorge Juan 6, 28001 Madrid, Spain