General Data Protection Regulation (GDPR)

Compliance and data protection rights

Last updated: January 15, 2025

1. GDPR Introduction

The General Data Protection Regulation (GDPR) is the European regulation that governs the processing of personal data. At AstroWeb, we are committed to fully complying with this regulation and protecting your rights as a user.

1.1 GDPR Principles

We are governed by the following principles:

  • Lawfulness, fairness and transparency in processing
  • Limitation of processing purposes
  • Data minimization
  • Accuracy of data
  • Limitation of retention period
  • Integrity and confidentiality
  • Proactive responsibility

2. Legal Basis for Processing

We process your personal data based on the following legal grounds:

2.1 Consent

When you register, subscribe to our newsletter or accept cookies, you give explicit consent for the processing of your data.

2.2 Contract Performance

To provide you with our services, process payments and manage your account, we need to process your data as part of contract performance.

2.3 Legitimate Interest

To improve our services, prevent fraud and maintain the security of our website, we process data based on our legitimate interest.

2.4 Legal Obligation

We comply with legal obligations such as billing, accounting and compliance with tax regulations.

3. Your GDPR Rights

As a user, you have the following rights:

3.1 Right of Access

You can request information about what personal data we have about you and how we use it.

3.2 Right of Rectification

You can request the correction of inaccurate or incomplete data.

3.3 Right of Erasure (Right to be Forgotten)

You can request the deletion of your personal data in certain circumstances.

3.4 Right of Restriction

You can request that we limit the processing of your data in certain situations.

3.5 Right of Portability

You can request to receive your data in a structured format and transfer it to another controller.

3.6 Right of Objection

You can object to the processing of your data for direct marketing purposes.

3.7 Right to Withdraw Consent

You can withdraw your consent at any time.

4. Data Processing

We detail how we process your personal data:

4.1 Data Categories

  • Personal identification data (name, email, phone)
  • Billing and payment data
  • Website usage data
  • Technical data (IP, cookies, browser)
  • Communication and support data

4.2 Processing Purposes

  • Provide and manage our services
  • Process payments and billing
  • Customer communication
  • Service improvement and user experience
  • Compliance with legal obligations
  • Marketing (with explicit consent)

4.3 Retention Period

We retain your data only for the necessary time:

  • Account data: While you maintain an active account
  • Billing data: 7 years (legal obligation)
  • Marketing data: Until you withdraw consent
  • Usage data: 2 years for analysis and improvement
  • Support data: 3 years for query tracking

5. Data Sharing

We share data only in the following circumstances:

5.1 Service Providers

We work with trusted providers who help us operate: payment processors, hosting, web analytics.

5.2 Legal Requirements

We may share data when required by law or competent authorities.

5.3 Security and Protection

To protect our rights, property or security, or that of our users.

5.4 Explicit Consent

We only share data with third parties when you give explicit consent.

6. Security and Protection

We implement technical and organizational security measures:

  • Encryption of data in transit and at rest
  • Restricted access and strong authentication
  • Continuous security monitoring
  • Regular and secure backups
  • Staff training in data protection
  • Regular risk assessments

7. International Transfers

Some of our providers may be located outside the EEA. We ensure that these transfers comply with GDPR:

  • European Commission adequacy decisions
  • Approved standard contractual clauses
  • Codes of conduct and certification mechanisms
  • Additional protection measures when necessary

8. Breach Notification

In case of personal data breach that may pose a risk to your rights and freedoms:

  • We will notify the supervisory authority within 72 hours
  • We will inform you without undue delay
  • We will document all breaches
  • We will implement immediate corrective measures

9. Data Protection Officer

We have designated a Data Protection Officer (DPO) to oversee our GDPR compliance. You can contact the DPO:

  • Email: dpo@astroweb.tech

10. Supervisory Authority

If you are not satisfied with our response to your data protection inquiries, you have the right to file a complaint with the relevant supervisory authority in your country.

In Spain: Spanish Data Protection Agency (AEPD)

You can file your complaint through their official website.

11. Compliance Updates

We are committed to keeping our GDPR compliance updated. Any significant change in our practices will be communicated through our website.

12. GDPR Contact

To exercise your GDPR rights or make inquiries about data protection:

  • Email: dpo@astroweb.tech
  • Contact form on our website

We will respond to all requests within a maximum of 30 days.