Privacy Policy

Last updated: 1st January 2026

This Privacy Policy describes how ProductMaster S.L. ("we", "us", or "our") collects, uses, and protects your personal information when you visit our website or use our services. We are committed to protecting your privacy and ensuring transparency about our data practices.

Data Controller Information

ProductMaster S.L. is the data controller for the personal data we process. Our registered office is located at Calle Real 139, 07220 Palma de Mallorca, Balearic Islands, Spain. Registration Number: B58294061, VAT Number: ESB84629503.

Data Collection

We collect information about you when you visit our website, contact us, or use our services. The types of data we collect include:

• Contact Information: Name, email address, phone number, company name, and postal address when you contact us or request our services
• Technical Information: IP address, browser type, device information, and website usage data through cookies and analytics tools
• Communication Data: Records of our correspondence with you, including emails, phone calls, and meeting notes
• Project Information: Details about your project requirements and business needs when you engage our services

How We Use Your Information

We use your personal data for the following purposes, based on legitimate business interests and your consent where required:

• To respond to your enquiries and provide information about our services
• To deliver software development services and manage client projects
• To communicate with you about ongoing projects and service updates
• To improve our website functionality and user experience through analytics
• To comply with legal obligations and protect our business interests
• To send relevant marketing communications with your consent

Legal Basis for Processing

Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds:

• Consent: When you provide explicit consent for marketing communications or cookie usage
• Contract Performance: To fulfil our contractual obligations when providing services
• Legitimate Interest: For business operations, website improvement, and client relationship management
• Legal Obligation: To comply with applicable laws and regulations

Data Sharing and Disclosure

We do not sell your personal data to third parties. We may share your information in the following circumstances:

• With trusted service providers who assist in delivering our services (under strict confidentiality agreements)
• When required by law or to protect our legal rights
• In connection with a business transfer or merger (with appropriate safeguards)
• With your explicit consent for specific purposes

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected. Typically, we retain client data for up to 7 years after project completion for legal and business purposes. Contact enquiry data is retained for 2 years unless you become a client. Website analytics data is retained for 26 months. You may request earlier deletion of your data subject to our legal obligations.

Cookies and Tracking Technologies

Our website uses cookies and similar technologies to enhance your browsing experience and analyse website traffic. For detailed information about our cookie usage, please refer to our Cookie Policy.

Your Rights

Under GDPR and applicable data protection laws, you have the following rights regarding your personal data:

• Right of Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data in certain circumstances
• Right to Restrict Processing: Request limitation of how we process your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests or for marketing purposes
• Right to Withdraw Consent: Withdraw consent for processing where consent is the legal basis

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption, access controls, regular security assessments, and staff training on data protection principles.

International Data Transfers

Your personal data is primarily processed within the European Union. If we transfer data outside the EU, we ensure appropriate safeguards are in place, such as adequacy decisions or standard contractual clauses approved by the European Commission.

Contact Information

For any questions about this Privacy Policy or to exercise your rights, please contact us:

Complaints

If you believe we have not handled your personal data in accordance with applicable data protection laws, you have the right to lodge a complaint with the relevant supervisory authority. In Spain, this is the Agencia Española de Protección de Datos (AEPD).

Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or applicable laws. We will notify you of any material changes by posting the updated policy on our website with a new "last updated" date. We encourage you to review this policy regularly to stay informed about how we protect your personal data.