Privacy Policy · Ignacio Amat — ignathedev.com | Full Sta...
Ignacio Amat Urbina - Full Stack Web Developer

Ignacio Amat

Available Full Stack Developer

Blog

Privacy Policy

Last updated: May 9, 2026

This Privacy Policy governs the processing of personal data collected through the website ignathedev.com (the "Site"), in accordance with Regulation (EU) 2016/679 General Data Protection Regulation (GDPR), Spanish Organic Law 3/2018 on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD), and Spanish Law 34/2002 on Information Society Services (LSSI-CE).

1. Data controller

As the controller resides in EU territory, GDPR applies directly and no Article 27 representative is required.

When a user contracts professional services, contractual provision and billing may be carried out via WebNexus LLC (Limited Liability Company formed in Delaware, USA; registered address: 8 The Green, Suite B, Dover, DE 19901, USA; File Number 10055034). In such case, client data provided in connection with the engagement (billing, contractual and commercial data) will be processed by WebNexus LLC under the safeguards established in the specific contract and in accordance with this policy.

2. Personal data collected

We process the following categories of personal data:

  • Contact form data: name, email address, message content and, optionally, company or phone when voluntarily provided by the user.
  • Browsing and technical data: IP address, browser type, operating system, language, pages visited, date and time of access, session duration and referrer. Collected via analytics tools.
  • Cookie-derived data: identifiers generated by Google Analytics 4 when the user provides consent (see Cookie Policy).
  • Technical data on contact form submission: IP address and user-agent shared temporarily with the rate limiting service solely to prevent abuse of the form (Art. 6.1.f GDPR — legitimate interest).

We do not collect special categories of data under Article 9 GDPR (racial or ethnic origin, political opinions, religious beliefs, genetic, biometric, health data, etc.).

3. Purposes and legal basis

Purpose Legal basis (Art. 6 GDPR)
Handle inquiries sent through the contact form and respond by email. Consent of the data subject (Art. 6.1.a) and pre-contractual measures (Art. 6.1.b).
Administrative, contractual and billing management of contracted professional services. Performance of contract (Art. 6.1.b) and compliance with tax and accounting legal obligations (Art. 6.1.c).
Statistical analysis of site usage with Google Analytics 4 to improve content and experience. Consent via cookie banner (Art. 6.1.a and Art. 22 LSSI-CE).
Technical performance measurement (Vercel Analytics and Speed Insights) to maintain infrastructure. Legitimate interest (Art. 6.1.f) in ensuring service security and availability. Aggregated processing without personal tracking cookies.
Limit abuse and bulk submissions to the contact form (technical rate limiting via Redis). Legitimate interest (Art. 6.1.f) in protecting the site and email systems from spam and flooding.
Compliance with legal obligations and authority requirements. Legal compliance (Art. 6.1.c).

4. Retention period

  • Contact form data: until the inquiry is handled and, where applicable, for a reasonable commercial follow-up period (maximum 24 months), unless the user requests deletion earlier.
  • Contractual and billing data: for the duration of the contract and subsequently for the applicable legal limitation periods (minimum 6 years for accounting obligations under the Spanish Commercial Code).
  • Analytics data (Google Analytics): default retention configured at 14 months.
  • Hosting provider technical logs (Vercel): retention according to provider policy, generally 30 days.

5. Recipients and international transfers

Personal data may be communicated to the following processors, bound by contract under Article 28 GDPR:

  • Vercel Inc. (USA) — hosting, CDN and technical analytics provider. Adherent to the EU-U.S. Data Privacy Framework. Privacy policy.
  • Outbound email (SMTP): contact form messages are delivered to the data controller's mailbox via an SMTP server configured for this site. If a third party provides that service (for example, hosting or domain email), their privacy policy and, where applicable, data-processing terms will apply.
  • Upstash Inc. (USA) — hosted Redis for contact form rate limiting. Self-certified under the EU-U.S. Data Privacy Framework. Privacy policy.
  • Google LLC / Google Ireland Ltd. — Google Analytics 4. Configured with IP anonymization and without Google Signals. Adherent to the EU-U.S. Data Privacy Framework. Privacy policy.
  • WebNexus LLC (Delaware, USA) — only for users who contract professional services billed through this entity. The transfer is based on the client's explicit consent upon signing the contract (Art. 49.1.a GDPR) and contract performance (Art. 49.1.b GDPR).

International transfers outside the European Economic Area are made with appropriate safeguards under Chapter V of GDPR, mainly Standard Contractual Clauses of the European Commission, the EU-U.S. Data Privacy Framework adequacy decision (where applicable) and, in the case of WebNexus LLC, explicit consent and contractual necessity.

No data is shared with third parties other than those listed, except by legal obligation.

6. Data subject rights

Under Articles 15 to 22 GDPR, users may exercise the following rights:

  • Access: know what personal data is being processed.
  • Rectification: request correction of inaccurate or incomplete data.
  • Erasure ("right to be forgotten"): obtain deletion of data when no longer necessary.
  • Objection: object to processing based on legitimate interest.
  • Restriction: request restriction of processing under Art. 18 GDPR.
  • Portability: receive data in a structured, commonly used and machine-readable format.
  • Withdrawal of consent: at any time, without retroactive effect on prior processing.
  • Not be subject to automated decisions producing legal effects. (We do not perform automated profiling.)

To exercise these rights, send an email to ignacioamat@ignathedev.com indicating the right you wish to exercise and attaching, if necessary, a copy of an identity document. Requests are answered within a maximum of one month (extendable by two additional months in complex cases).

Users may also lodge a complaint with the Spanish Data Protection Agency (AEPD, www.aepd.es) if they consider that their rights have not been duly addressed.

7. Security measures

The controller adopts appropriate technical and organizational measures (Art. 32 GDPR) to ensure a level of security suited to the risk: TLS encryption in all communications, access control, backups and periodic review. No internet system offers absolute security and the user assumes the residual risk associated with internet use.

8. Minors

The site is not directed at children under 14. No personal data of minors is knowingly requested or processed. If a parent or guardian discovers that a minor has provided data without authorization, they may request immediate deletion via the email indicated.

9. Changes to the policy

The controller reserves the right to modify this Privacy Policy to adapt it to legislative, judicial or operational changes. The date of the last update appears at the beginning of the document.

See also: Legal Notice · Cookie Policy

Hire me