Logo
Main Menu

Privacy policy

Last Updated: May 5, 2025

1. Introduction & Compliance Framework

Despertare Agile Solutions, trading as Tamarindo Agile Catalyst, S.L. (“Company,” “we,” “our”), is committed to protecting your privacy. We comply with the EU General Data Protection Regulation (GDPR), Spain’s Organic Law 3/2018 (LOPDGDD), and other applicable laws. Although our annual revenue is below €200,000, we maintain robust privacy practices.

  • Record of Processing Activities: We maintain an internal Record of Processing Activities (RoPA) in accordance with Article 30 GDPR.
  • Data Protection Officer (DPO): Although a formal DPO is not required for our scale, for any data‑protection inquiries please contact us at info@despertareagile.com.

2. Information We Collect

We collect personal data in the following categories:

Contact Information:  Name, email address, phone number, company details, and professional title.
Business Information: Project requirements, team size, current agile practices, and business challenges.
Website Usage Data: Information such as IP address, device details, browser type, and pages visited.
Transaction Data: Payment and invoicing details.
Cookies & Tracking Technologies:  See our Cookie Policy for details.

3. How We Use Your Data

We use your data to:

  • Provide, personalize, and improve our consulting services.
  • Process inquiries, proposals, and manage billing.
  • Communicate service updates, industry insights, and offers (with your consent, which you may withdraw at any time).
  • Enhance website functionality and ensure security.
  • Comply with legal obligations (e.g., tax and accounting requirements).

4. Legal Basis for Processing

Our processing is based on:

  • Contract Performance: Necessary to provide our consulting services.
  • Legitimate Interests: For business development and service improvement.
  • Consent: For marketing communications and for non‑essential cookies (opt‑in required).
  • Legal Obligations: As required under applicable laws.

5. Data Sharing & International Transfers

  • Third-Party Service Providers: We share data only with trusted providers (e.g., payment processors, hosting services) under strict confidentiality obligations.
  • International Transfers: When transferring data outside the EEA, we use the latest Standard Contractual Clauses (SCCs) and conduct Transfer Impact Assessments (TIAs) with supplementary safeguards such as encryption and pseudonymization.
  • U.S. Data: Although we do not sell your personal information, we serve U.S. clients and adhere to similar rights as under the GDPR. California residents have additional rights as set forth below.

6. Data Security & Retention

  • Security Measures: We employ encryption, access controls, multi-factor authentication, and regular security assessments.
  • Retention Periods:
    • Website analytics data is retained for up to 26 months.
    • Financial, contractual, and transaction records are retained for 7 years (or as required by law).
    • Prospect data is deleted after 24 months of inactivity.
    • Client engagement data is retained only as long as necessary to provide our services.

7. Your Rights

Under GDPR, LOPDGDD, and related laws, you have the right to:

  • Access, correct, or delete your personal data.
  • Restrict or object to processing, or request data portability.
  • Withdraw consent for marketing communications.
  • Verification Procedures: To ensure data security, we may request a minimal set of information (e.g., the email address and a recent invoice number) to verify your identity before processing any rights request.
  • Response Time: We will respond to your requests within 30 days, extendable to 60 days in complex cases.

California Residents:

  • We do not sell your personal information.
  • California residents have the right to request disclosure, deletion, correction, or limitation of the use of their sensitive personal information. To exercise these rights, please contact us at [Privacy Email].

8. Children’s Data

Our services are not directed at individuals under 18 years of age. We do not knowingly collect personal data from minors; if we become aware that it has been collected, we will promptly delete it.

9. Data Protection Impact Assessments (DPIAs)

For any high-risk processing activities—including automated analytics or behavioural profiling—we conduct Data Protection Impact Assessments (DPIAs) in accordance with EDPB guidance.

3. Policy Updates & Contact

We may update this Privacy Policy periodically. The latest version will be posted on our website with an updated “Last Updated” date. Your continued use of our services signifies acceptance of any changes.
Contact: For inquiries or to exercise your rights, please use our secure online contact form:

Contact





    Data controller: Tamarindo Agile Catalyst, S.L.; Purpose: sending information about our products and services to the subscriber. Legal basis: consent; Recipients: data will not be shared with third parties, except where required by law; Rights: access, rectify and delete the data, as well as other rights, as explained in the additional information. More information in our Privacy Policy.

    Fields marked with * are necessary to complete the submission process.

    Contact
    Pages
    LEGAL Information
    Linkedin

    Despertare Agile Solutions © 2025.

    Esta web está financiada por la Unión Europea - Next Generation EU

    Scroll to Top