Effective Date: July 10, 2025
Last Updated: July 10, 2025
At 8digits, your privacy is of utmost importance to us. This Privacy Policy describes how we collect, use, process, and disclose your personal data when you visit our website (www.8digits.es or any related subdomains), interact with us, or use our digital marketing services.
We are committed to processing your personal data in compliance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and Spain’s Organic Law 3/2018, of December 5, on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD).
The Data Controller responsible for the processing of your personal data collected through this website is:
Name: Peter Kiss
Trade Name: 8digits
Legal Status: Autónomo (Self-employed)
NIF/Tax ID: ESZ0486396C
Registered Address: Calle Playa de la ballena 8, Rota, Cádiz, 11520, Spain
Email: privacy@8digits.es
In accordance with the GDPR and LOPDGDD, we adhere to the following principles when processing your personal data:
Lawfulness, Fairness, and Transparency: We process data lawfully, fairly, and in a transparent manner.
Purpose Limitation: We collect data for specified, explicit, and legitimate purposes and do not further process it in a manner that is incompatible with those purposes.
Data Minimisation: We collect only adequate, relevant, and limited data to what is necessary for the purposes for which they are processed.
Accuracy: We ensure personal data is accurate and, where necessary, kept up to date.
Storage Limitation: We keep personal data for no longer than is necessary for the purposes for which the personal data are processed.
Integrity and Confidentiality: We process data in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
Accountability: As the Data Controller, we are responsible for and must be able to demonstrate compliance with these principles.
We may collect and process various types of personal data depending on your interaction with our website and services:
a. Information You Provide to Us Directly:
Contact Information: Name, email address, phone number, company name, and any other information you provide when filling out contact forms, requesting a quote, subscribing to our newsletter, or communicating with us directly via email or phone.
Professional Information: Information related to your business needs, goals, and interests that you share with us during consultations or service inquiries.
Application Data: If you apply for a job with us, we may collect your CV, cover letter, and other relevant application details.
b. Information Collected Automatically (via Cookies and Tracking Technologies):
Usage Data: Information about how you use our website, including pages visited, time spent on pages, links clicked, and search queries.
Technical Data: Internet Protocol (IP) address, browser type and version, operating system, device type, referrer URL, and other technology on the devices you use to access this website.
Location Data: General geographical location derived from your IP address.
For detailed information on the cookies we use and your choices regarding them, please refer to our Cookie Policy.
We process your personal data for the following purposes and on the stated legal bases:
| Purpose of Processing | Types of Data Collected | Legal Basis for Processing |
| a. To Respond to Your Inquiries & Provide Information | Contact Information, Professional Information | Legitimate Interest: To respond to user inquiries and provide requested information effectively. <br>Pre-contractual Measures: To assess and provide quotes for potential services. |
| b. To Manage and Provide Our Services | Contact Information, Professional Information, Billing Data | Performance of a Contract: Necessary for the provision of services you have contracted with us (e.g., digital marketing campaigns). <br>Legal Obligation: For invoicing and tax compliance. |
| c. To Send Marketing Communications (Newsletter) | Email Address, Name | Consent: We will only send you marketing communications if you have explicitly consented to receive them. You can withdraw your consent at any time. |
| d. For Website Analytics & Improvement | Usage Data, Technical Data, Location Data | Legitimate Interest: To understand how our website is used, improve its functionality, content, and user experience. <br>Consent: For non-essential cookies (e.g., analytics, marketing cookies). |
| e. To Manage Job Applications | Application Data, Contact Information | Legitimate Interest: To evaluate candidates for potential employment opportunities. <br>Consent: If specific, sensitive data is requested beyond standard application (e.g., references with explicit permission). |
| f. To Comply with Legal Obligations | All types of relevant data | Legal Obligation: To comply with applicable laws, regulations, legal processes, or governmental requests (e.g., tax, audit, legal requests). |
| g. To Protect Our Rights and Interests | All types of relevant data | Legitimate Interest: To establish, exercise, or defend legal claims, prevent fraud, or ensure the security of our services and systems. |
We retain your personal data only for as long as is necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.
The criteria used to determine our retention periods include:
Contractual/Service-Related Data: For the duration of our contractual relationship plus any statutory retention periods required by Spanish law (e.g., 6 years for commercial documents as per the Commercial Code, 4 years for tax purposes).
Inquiry Data: For a period necessary to resolve your inquiry and a reasonable time thereafter for follow-up or record-keeping, typically up to 1 year.
Marketing Consent Data: Until you withdraw your consent or object to the processing, or until it is no longer necessary for the purpose of sending communications (e.g., if emails bounce for a prolonged period).
Analytics Data: Typically for 26 months (Google Analytics default) unless shorter periods are set or you object.
Job Application Data: For a maximum of 2 years after the recruitment process is completed, unless you provide consent for longer retention for future opportunities.
Legal Obligation Data: For the period required by relevant law.
Once the retention period expires, your personal data will be securely deleted or anonymized.
We do not sell, rent, or trade your personal data. We may share your data with the following categories of recipients, always ensuring appropriate safeguards:
Service Providers (Data Processors): We may use third-party service providers who assist us in operating our website and providing our services. These may include:
Web hosting providers (e.g., [mention your hosting provider if you wish, or keep it general])
Website analytics providers (e.g., Google Analytics)
CRM systems (e.g., HubSpot, Zoho CRM, or similar)
Email marketing platforms (e.g., Mailchimp, Sendinblue)
Professional advisors (e.g., accountants, lawyers, business consultants)
Cloud storage providers
Payment processors (if applicable for online payments)
These service providers are contractually bound to process data only on our behalf and in accordance with our instructions, adhering to GDPR standards (Data Processing Agreements – DPAs).
Legal and Regulatory Authorities: When required by law or in response to valid requests by public authorities (e.g., courts, government agencies) to comply with legal obligations, enforce our policies, or protect our rights, property, or safety.
Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your personal data may be transferred as part of that transaction, provided the acquiring entity agrees to adhere to this Privacy Policy.
We primarily store and process your personal data within the European Economic Area (EEA). However, some of our service providers (as listed in Section 6) may be located outside the EEA.
In such cases, we ensure that any transfer of your personal data outside the EEA is conducted with appropriate safeguards in place, as required by the GDPR. These safeguards may include:
Transferring data to countries deemed to provide an adequate level of data protection by the European Commission.
Implementing Standard Contractual Clauses (SCCs) approved by the European Commission, which provide contractual obligations for data protection.
Ensuring the service provider has implemented Binding Corporate Rules (BCRs) or other approved mechanisms.
You can request more information about the specific safeguards applied to international transfers by contacting us using the details in Section 1.
Under the GDPR and LOPDGDD, you have the following rights regarding your personal data:
Right to Information: To receive clear, transparent, and easily understandable information about how we use your personal data and your rights. This is why we are providing you with this Privacy Policy.
Right of Access (Art. 15 GDPR): To obtain confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and specific information about its processing.
Right to Rectification (Art. 16 GDPR): To request the correction of inaccurate or incomplete personal data concerning you.
Right to Erasure (‘Right to be Forgotten’) (Art. 17 GDPR): To request the deletion of your personal data in certain circumstances (e.g., data no longer necessary for the purpose, withdrawal of consent, unlawful processing).
Right to Restriction of Processing (Art. 18 GDPR): To request the restriction of processing your personal data in certain situations (e.g., you contest the accuracy of the data, the processing is unlawful, but you oppose erasure).
Right to Data Portability (Art. 20 GDPR): To receive the personal data you have provided to us in a structured, commonly used, and machine-readable format, and to transmit those data to another controller, where technically feasible.
Right to Object (Art. 21 GDPR): To object to the processing of your personal data in certain situations, particularly where the processing is based on legitimate interest or for direct marketing purposes.
Right to Withdraw Consent (Art. 7(3) GDPR): Where processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
Rights related to Automated Decision-Making and Profiling (Art. 22 GDPR): You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, unless certain conditions apply. We do not engage in such automated decision-making.
To exercise any of these rights, please contact us at privacy@8digits.es. We will respond to your request within one month, which may be extended by two further months where necessary, taking into account the complexity and number of the requests. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights).
If you believe that your data protection rights have been violated, you have the right to lodge a complaint with the Spanish Data Protection Agency (Agencia Española de Protección de Datos – AEPD), the supervisory authority in Spain.
Contact Details for AEPD:
Website: www.aepd.es
Address: C/ Jorge Juan, 6. 28001 – Madrid, Spain
We have implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk of processing your personal data. These measures include:
Encryption of data in transit (SSL/TLS for website traffic).
Access controls to restrict unauthorized access to personal data.
Regular security assessments and updates.
Data backup and recovery procedures.
Staff training on data protection and security.
While we strive to protect your personal data, no method of transmission over the Internet or electronic storage is 100% secure. Therefore, we cannot guarantee its absolute security.
Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyze site traffic, and for marketing purposes. For detailed information on the types of cookies we use, their purpose, how you can manage your preferences, and your choices regarding them, please refer to our dedicated Cookie Policy.
Our website and services are not directed to children under the age of 14. We do not knowingly collect personal data from children under 14. If we become aware that we have collected personal data from a child under 14 without verifiable parental consent, we will take steps to delete that information promptly. If you believe we might have any information from or about a child under 14, please contact us.
We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. When we make changes, we will revise the “Effective Date” and “Last Updated” date at the top of this policy. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of the website after any modifications to this Privacy Policy will constitute your acceptance of such modifications.
If you have any questions or concerns about this Privacy Policy, our data processing practices, or if you wish to exercise any of your data protection rights, please do not hesitate to contact us:
Peter Kiss / 8digits
Email: privacy@8digits.es
Address: Calle Playa de la ballena 8, Rota, Cádiz, 11520, Spain
English 
Español 