Privacy Policy

What data we process

We process only the data necessary to handle the relationship with the person visiting the site or contacting us. At this stage we do not offer user registration, checkout, or private areas.

• Data you send us when you write: name, email, company, message and the context of your enquiry.
• Minimal technical browsing and security data: IP address, user agent, date, requested URL and server logs.
• If the form includes anti-abuse protection, we also process technical identifiers and signals associated with Cloudflare Turnstile or the human-verification system enabled at that time.
• We do not request special categories of data and do not ask for more information than necessary to respond.

Purposes and legal basis

We use data for a limited and proportionate purpose, relying on the appropriate legal basis in each case.

• Responding to information requests or proposals: performance of pre-contractual measures or execution of a request by the data subject.
• Maintaining the technical security of the site and preventing abuse, spam or unauthorised access: legitimate interest in protecting the service.
• Verifying that contact form submissions come from a human interaction and reducing automated abuse: legitimate interest in protecting the service and its contact channels.
• Complying with legal obligations or responding to authority requests: compliance with a legal obligation.
• Sending commercial electronic communications only where consent exists or another valid legal basis applies under Law 34/2002 (LSSI-Ce).

Retention, recipients and transfers

Enquiries that do not lead to a further relationship are generally kept for up to 12 months from the last interaction. If the enquiry opens a real commercial conversation, data may be retained for up to 24 months while mutual interest exists or until the person objects. Technical logs and anti-abuse evidence are generally kept for up to 12 months, unless they must be kept longer to investigate incidents or respond to legal requests. If the relationship leads to contracting or invoicing, data will be retained for the applicable tax, accounting, civil or administrative legal periods.

• Data may be processed by hosting, email and technical support providers acting as data processors.
• When contact-form anti-abuse protection is active, Cloudflare Turnstile acts as a technical security provider to distinguish legitimate traffic from automated traffic.
• If the published site configuration enables optional analytics and the user accepts it, measurement may be provided by Google Analytics 4 and/or Google Tag Manager, and/or Microsoft Clarity, depending on the tool actually enabled.
• We do not sell personal data or share it with third parties for behavioural advertising.
• If any provider involves access from outside the European Economic Area, only adequate safeguards will be used and this policy will be updated accordingly.

Your rights

You may request access, rectification, erasure, objection, restriction of processing and portability by writing to contact@twinforce.es. You may also withdraw your consent where that is the basis of processing. We will reply within a maximum period of one month, unless the complexity or volume of the request allows an extension under the GDPR, in which case we will inform you. If you believe the processing is not lawful, you may lodge a complaint with the Spanish Data Protection Authority (AEPD).

Security and changes

We apply reasonable organisational and technical security measures to prevent unauthorised access, loss or alteration. If this website incorporates new integrations, optional analytics, automations or new processing purposes, we will update this policy before activating them.