The data controller for your personal data is:

At Rondo we respect the privacy of our users. This Privacy Policy explains how we collect, use, disclose and safeguard your information when you visit our website, in compliance with the General Data Protection Regulation (GDPR) and Spanish Organic Law 3/2018 on Personal Data Protection (LOPDGDD).

We process your personal data based on the following legal bases under Article 6 of the GDPR:

• •Consent: For sending commercial communications and non-essential cookies
• •Contract performance: To provide contracted services and manage your account
• •Legitimate interest: To improve our services, prevent fraud and ensure security
• •Legal obligation: To comply with applicable tax, accounting and legal requirements

We use the information collected to:

• •Provide, maintain and improve our services
• •Process transactions and send related information
• •Send marketing emails (with your consent)
• •Personalise your experience on our site
• •Analyse trends and use data in aggregated form
• •Comply with legal and regulatory obligations

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:

• •Account data: While you maintain your relationship with us, plus the legal limitation period
• •Billing data: 6 years (tax obligation)
• •Marketing data: Until you withdraw your consent
• •Navigation and cookie data: As indicated in our Cookie Policy
• •Contact requests: 2 years from the last communication

We implement technical, administrative and physical measures to protect your personal information against unauthorised access, alteration, disclosure or destruction. This includes:

• •SSL/TLS encryption for data transmission
• •Firewalls and intrusion detection systems
• •Role-based access control
• •Regular security audits
• •Strong password policies

To provide our services, we use technology providers that may process data outside the European Economic Area (EEA). In these cases, we ensure that adequate safeguards exist in accordance with the GDPR:

• •Supabase (database and authentication): EU servers with Standard Contractual Clauses
• •Vercel (web hosting): Compliance with the EU-US Data Privacy Framework
• •Google Analytics (analytics): Standard Contractual Clauses from the European Commission

You can request more information about these transfers by contacting us.

Under the General Data Protection Regulation (GDPR) and LOPDGDD, you have the right to:

• •Access: Know what personal data we process about you
• •Rectification: Correct inaccurate or incomplete data
• •Erasure: Request deletion of your data ('right to be forgotten')
• •Restriction: Restrict processing of your data in certain circumstances
• •Portability: Receive your data in a structured format and transfer it to another controller
• •Objection: Object to processing of your data, especially for marketing purposes
• •Automated decisions: Not be subject to decisions based solely on automated processing
• •Withdraw consent: At any time, without affecting the lawfulness of prior processing

To exercise any of these rights, contact us at hello@getrondo.ai

If you consider that the processing of your data is not adequate, you have the right to file a complaint with the Agencia Española de Protección de Datos (AEPD).

We do not sell, trade or rent your personal information. We only share data when:

• •You have given your explicit consent
• •It is necessary to provide our services
• •Required by law or competent authority
• •Necessary to protect our rights and security

We use cookies and similar technologies to improve your experience. You can control cookie preferences through our Cookie Policy.

Our website is not directed at minors under 18 years of age. We do not deliberately collect information from minors. If we learn that we have collected data from a minor, we will delete that information immediately.

We may update this Privacy Policy from time to time. Significant changes will be notified via a prominent notice on our website or by email.

If you have questions about this Privacy Policy or our privacy practices, contact us: