Kat MarinabyNowtica

— privacy —

Personal data protection policy

This policy explains how NOWTICA SASU, the company operating nowtica.es and nowtica.fr, processes the personal data you provide via forms or when requesting access to the configurator, in compliance with EU Regulation 2016/679 (GDPR) and Spanish Organic Law 3/2018 (LOPDGDD).

1. Data controller

Controller: NOWTICASASU (Société par actions simplifiée à associé unique)

Registered office: 16, place des Quinconces, 33000 Bordeaux, France

RCS / SIREN: 104 793 047 R.C.S. Bordeaux104 793 047

Publication director: Rodrigo Valverde

Contact: contact@nowtica.es

2. Data we collect

  • Contact information from the form: first and last name, email, phone, free message.
  • Credentials: username and password (stored bcrypt-hashed) when configurator access is granted.
  • Technical data: IP address and activity logs, used for security and service operations.

3. Purpose and legal basis

  • Responding to your enquiry and managing the commercial relationship — legal basis: consent and legitimate interest.
  • Validating and issuing credentials for the configurator — legal basis: pre-contractual measures at your request.
  • Sending commercial communications about the Lagoon range or relevant events — legal basis: explicit consent given via the form.

4. Retention

Data is kept for as long as the commercial relationship or interest persists, plus any applicable legal retention periods. You may request deletion at any time by writing to contact@nowtica.es.

5. Processors and transfers

To deliver the service, your data may be processed by trusted vendors under GDPR-compliant data-processing agreements:

  • Vercel Inc. (web hosting) — United States, EU-US Data Privacy Framework.
  • Cloudflare R2 (image and document storage) — United States, Standard Contractual Clauses.
  • Neon Inc. (PostgreSQL database) — European region (eu-central), or United States depending on configuration.
  • Resend Inc. (transactional email) — United States, Standard Contractual Clauses.
  • HubSpot Inc. (CRM, once integrated) — United States, EU-US Data Privacy Framework.

We do not share data with third parties for unauthorised commercial purposes.

6. Your rights

You may exercise your rights of access, rectification, deletion, restriction, portability and objection at any time by writing to contact@nowtica.es, clearly indicating the right you wish to exercise.

If you believe processing does not comply with regulations, you may file a complaint with the competent supervisory authority. As the controller is established in France, the lead authority is the CNIL (www.cnil.fr). If you reside in Spain, you may also contact the Spanish Data Protection Agency (www.aepd.es).

7. Security

We apply reasonable technical and organisational measures to protect your data: HTTPS in transit, bcrypt-hashed passwords, access control to the admin panel and periodic vendor reviews.

Last updated: 2026-05-12