Privacy Policy

2. Data Controller and Contact Information

2.1 Data Controller

MuSigmas is the data controller responsible for the processing of your personal data. Our contact information is:

• Company Name: MuSigmas
• Email: monalisa.roy@musigmas.com
• Website: www.musigmas.com
• Address: Carrer Buscarons 22, 08022 Barcelona, Spain

2.2 Data Protection Officer

If you have any questions, concerns, or requests regarding this Privacy Policy or our processing of your personal data, please contact our Data Protection Officer at:

• Email: monalisa.roy@musigmas.com
• Subject Line: “Privacy Policy Inquiry” or “Data Protection Request”

2.3 Supervisory Authority

If you are not satisfied with our response to your request or believe that our processing of your personal data violates GDPR, you have the right to lodge a complaint with a supervisory authority. In Spain, the supervisory authority is:

• Name: Agencia Española de Protección de Datos (AEPD)
• Website: www.aepd.es
• Address: C/ Jorge Juan, 6, 28001 Madrid, Spain
• Phone: +34 912 663 517
• Email: internacional@aepd.es

3. Types of Personal Data We Collect

We collect and process various types of personal data depending on how you interact with our website and services. Personal data means any information relating to an identified or identifiable natural person (“data subject”).

3.1 Personal Data You Provide to Us

We collect personal data that you voluntarily provide to us when you:

• Contact Us: When you contact us through our contact form, email, or phone, we collect your name, email address, phone number, and any message content you provide.
• Request Information: When you request information about our services, we collect your name, email address, company name, and any other information you provide.
• Subscribe to Our Newsletter: When you subscribe to our newsletter, we collect your email address and name.
• Schedule a Meeting: When you schedule a meeting through our Calendly integration, we collect your name, email address, phone number, and any additional information you provide.
• Apply for a Position: When you apply for a position with us, we collect your name, email address, phone number, resume, cover letter, and any other information you provide.

3.2 Personal Data We Collect Automatically

When you visit our website, we automatically collect certain information about your device and how you interact with our website, including:

• Device Information: IP address, browser type and version, operating system, device type, and screen resolution.
• Usage Information: Pages visited, time spent on pages, click patterns, navigation paths, and referral sources.
• Location Information: General geographic location based on your IP address (country/region level, not precise location).
• Technical Information: Cookies, web beacons, pixel tags, and similar tracking technologies (see our Cookie Policy for more information).

3.3 Personal Data We Receive from Third Parties

We may receive personal data about you from third parties, including:

• Google Analytics: We receive aggregated and anonymized analytics data from Google Analytics about how visitors use our website.
• Social Media Platforms: If you interact with us on social media platforms, we may receive information about your interactions.
• Business Partners: We may receive information about you from our business partners or service providers.

3.4 Special Categories of Personal Data

We do not intentionally collect special categories of personal data (also known as “sensitive personal data”) as defined in GDPR Article 9, such as:

• Racial or ethnic origin
• Political opinions
• Religious or philosophical beliefs
• Trade union membership
• Genetic data
• Biometric data
• Health data
• Sex life or sexual orientation

If you provide us with any special categories of personal data, we will process it only with your explicit consent or as required by law.

4. How We Collect Personal Data

We collect personal data through various methods, including:

4.1 Direct Collection

We collect personal data directly from you when you:

• Contact Forms: Fill out our contact form on our website, providing your name, email address, phone number, and message content
• Email Communications: Send us emails, including your email address, name, and any personal data contained in your message
• Phone Calls: Call us, including your phone number and any personal data you provide during the conversation
• Newsletter Subscriptions: Subscribe to our newsletter, providing your email address and name
• Meeting Scheduling: Schedule a meeting through our Calendly integration, providing your name, email address, phone number, and any additional information you provide
• Job Applications: Apply for a position with us, providing your name, email address, phone number, resume, cover letter, and any other information you provide
• Business Inquiries: Request information about our services, providing your name, email address, company name, and any other information you provide

4.2 Automatic Collection

We automatically collect personal data when you visit our website through:

• Cookies and Tracking Technologies: We use cookies, web beacons, pixel tags, local storage, session storage, and similar technologies to collect information automatically when you visit our website. For detailed information about our use of cookies, please see our Cookie Policy.
• Server Logs: Our web servers automatically log information about your visit, including your IP address, browser type and version, operating system, device type, pages visited, time spent on pages, referral sources, and access times
• Analytics Tools: We use analytics tools such as Google Analytics to collect information about how visitors use our website, including page views, clicks, navigation patterns, and user behavior
• Error Logs: We collect information about technical errors and issues that occur on our website to help us identify and fix problems

4.3 Third-Party Collection

We may receive personal data about you from third parties, including:

• Google Analytics: We receive aggregated and anonymized analytics data from Google Analytics about how visitors use our website
• Social Media Platforms: We may receive information from social media platforms (e.g., LinkedIn, Twitter) if you interact with us on those platforms, such as when you share our content or follow our accounts
• Business Partners: We may receive information from our business partners or service providers when they refer you to us or provide services on our behalf
• Public Sources: We may collect information from publicly available sources, such as company websites or professional directories, to supplement the information you provide to us

5. Legal Basis for Processing Personal Data

Under GDPR Article 6, we process your personal data based on the following legal bases:

5.1 Consent (Article 6(1)(a) GDPR)

We process your personal data based on your explicit consent when you:

• Subscribe to our newsletter
• Accept non-essential cookies
• Provide special categories of personal data
• Consent to marketing communications

Withdrawing Consent: You can withdraw your consent at any time by contacting us or adjusting your preferences. Withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal.

5.2 Legitimate Interests (Article 6(1)(f) GDPR)

We process your personal data based on our legitimate interests when:

• Providing and improving our website and services
• Analyzing website usage and user behavior
• Preventing fraud and ensuring security
• Responding to your inquiries and requests
• Managing our business operations

Balancing Test: We have conducted a balancing test to ensure that our legitimate interests do not override your fundamental rights and freedoms. You have the right to object to processing based on legitimate interests.

5.3 Contract Performance (Article 6(1)(b) GDPR)

We process your personal data to perform a contract or take steps at your request before entering into a contract when:

• Providing services you have requested
• Processing your orders or requests
• Managing our business relationship with you

5.4 Legal Obligation (Article 6(1)(c) GDPR)

We process your personal data to comply with legal obligations when:

• Complying with tax and accounting requirements
• Responding to legal requests or court orders
• Complying with regulatory requirements
• Preventing fraud and ensuring security

5.5 Vital Interests (Article 6(1)(d) GDPR)

We may process your personal data to protect your vital interests or those of another person in emergency situations, such as medical emergencies or threats to physical safety.

6. Purpose of Processing Personal Data

We process your personal data for the following purposes:

6.1 Website Operation and Improvement

We process your personal data to provide and improve our website and services:

• Providing and maintaining our website and ensuring it functions properly
• Improving website functionality, performance, and user experience
• Analyzing website usage and user behavior to understand how visitors interact with our website
• Identifying and fixing technical issues, errors, and bugs
• Ensuring website security, preventing fraud, and protecting against unauthorized access
• Optimizing website content, layout, and design based on user feedback and analytics

6.2 Communication and Customer Service

We process your personal data to communicate with you and provide customer service:

• Responding to your inquiries, requests, and questions submitted through contact forms, emails, or phone calls
• Providing customer support and assistance
• Sending you information about our services, products, and offerings
• Managing our business relationship with you, including scheduling meetings and managing communications
• Following up on inquiries and maintaining communication records

6.3 Marketing and Advertising

We process your personal data for marketing and advertising purposes (with your consent):

• Sending you marketing communications, newsletters, and promotional materials
• Personalizing marketing content and advertisements based on your interests and preferences
• Measuring the effectiveness of marketing campaigns and analyzing campaign performance
• Managing newsletter subscriptions and email marketing lists
• Conducting market research and analyzing customer preferences

6.4 Legal and Regulatory Compliance

We process your personal data to comply with legal and regulatory requirements:

• Complying with legal obligations, including tax, accounting, and regulatory requirements
• Responding to legal requests, court orders, subpoenas, and governmental requests
• Protecting our legal rights and interests, including enforcing our terms of service and policies
• Preventing fraud, illegal activities, and security threats
• Maintaining records required by law or regulation

6.5 Business Operations

We process your personal data to manage our business operations:

• Managing our business operations, including internal administration and record-keeping
• Processing job applications and managing recruitment processes
• Managing business relationships with clients, partners, and service providers
• Conducting business analytics, reporting, and performance measurement
• Managing contracts, agreements, and business transactions
• Conducting research and development to improve our services

7. Data Sharing and Disclosure

We may share your personal data with the following categories of recipients:

7.1 Service Providers

We may share your personal data with third-party service providers who perform services on our behalf, including:

• Website Hosting: Service providers who host our website and store our data, including website content, databases, and files
• Analytics Providers: Service providers who help us analyze website usage and user behavior (e.g., Google Analytics). For detailed information about our use of analytics cookies, please see our Cookie Policy.
• Email Service Providers: Service providers who help us send emails, manage newsletter subscriptions, and manage email marketing campaigns
• Customer Support: Service providers who help us provide customer support, manage customer inquiries, and handle customer communications
• Meeting Scheduling: Service providers who help us schedule meetings and manage calendars (e.g., Calendly)
• Cloud Storage: Service providers who provide cloud storage and backup services for our data
• Security Services: Service providers who help us ensure website security, prevent fraud, and protect against unauthorized access
• Payment Processors: Service providers who process payments (if applicable)

Data Processing Agreements: We have entered into data processing agreements with all service providers to ensure they comply with GDPR requirements and only process your personal data for the purposes we specify. These agreements require service providers to:

• Process personal data only in accordance with our instructions
• Implement appropriate technical and organizational measures to protect personal data
• Not use personal data for their own purposes
• Assist us in responding to data subject requests
• Notify us of any data breaches

7.2 Business Partners

We may share your personal data with our business partners when necessary to provide services or fulfill business obligations, but only with your consent or as required by law.

7.3 Legal Requirements

We may disclose your personal data if required by law, regulation, legal process, or governmental request, including:

• Responding to court orders or subpoenas
• Complying with regulatory requirements
• Protecting our legal rights and interests
• Preventing fraud or illegal activities

7.4 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your personal data may be transferred to the acquiring entity. We will notify you of any such transfer and ensure that your personal data is protected in accordance with this Policy.

7.5 With Your Consent

We may share your personal data with third parties when you have given us your explicit consent to do so.

8. International Data Transfers

Some of our service providers and business partners are located outside the European Economic Area (EEA). When we transfer your personal data to these third parties, we ensure appropriate safeguards are in place to protect your data, including:

8.1 Standard Contractual Clauses (SCCs)

We use standard contractual clauses approved by the European Commission to ensure adequate protection of your personal data when transferring it to countries outside the EEA.

8.2 Adequacy Decisions

We only transfer data to countries that have been deemed adequate by the European Commission, meaning they provide an adequate level of data protection.

8.3 Data Processing Agreements

We have entered into data processing agreements with all third-party service providers to ensure they comply with GDPR requirements and protect your personal data.

8.4 Your Rights

You have the right to object to international data transfers. If you object, we may not be able to provide certain services that rely on these transfers. You can request information about the safeguards we have in place for international data transfers by contacting us.

9. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required or permitted by law. Our data retention periods are as follows:

9.1 Contact Information

• Contact Form Submissions: Retained for 3 years from the date of submission or until you request deletion
• Email Communications: Retained for 3 years from the date of last communication or until you request deletion
• Newsletter Subscriptions: Retained until you unsubscribe or request deletion

9.2 Website Usage Data

• Analytics Data: Retained for up to 14 months (Google Analytics default) or until you withdraw consent
• Server Logs: Retained for 90 days
• Cookie Data: Retained according to the cookie’s expiration date (see our Cookie Policy for more information)

9.3 Legal and Regulatory Requirements

We may retain your personal data for longer periods if required by law, regulation, or legal process, such as:

• Tax and accounting requirements (typically 7 years)
• Legal claims or disputes
• Regulatory investigations

9.4 Deletion

We delete or anonymize your personal data when it is no longer necessary for the purposes for which it was collected, unless we are required to retain it for legal or regulatory purposes. You can request deletion of your personal data at any time by contacting us.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. Our security measures include:

10.1 Technical Measures

• Encryption: We use SSL/TLS encryption to protect data in transit
• Secure Storage: We store data on secure servers with access controls
• Firewalls: We use firewalls and intrusion detection systems to protect against unauthorized access
• Regular Updates: We regularly update our systems and software to address security vulnerabilities
• Backup Systems: We maintain backup systems to ensure data availability and recovery

10.2 Organizational Measures

• Access Controls: We limit access to personal data to authorized personnel only
• Employee Training: We provide regular training to employees on data protection and security
• Data Processing Agreements: We have data processing agreements with all service providers
• Incident Response: We have procedures in place to respond to data breaches and security incidents

10.3 Data Breaches

In the event of a data breach that may affect your personal data, we will:

• Notify the relevant supervisory authority within 72 hours, as required by GDPR Article 33
• Notify affected individuals without undue delay if the breach is likely to result in a high risk to their rights and freedoms, as required by GDPR Article 34
• Take immediate steps to contain and remediate the breach
• Conduct a post-incident review to prevent future breaches

11. Your Rights Under GDPR

Under the General Data Protection Regulation (GDPR), you have the following rights regarding your personal data:

11.1 Right to Information (Article 13 GDPR)

You have the right to be informed about the collection and use of your personal data. This Privacy Policy provides comprehensive information about our processing of your personal data.

11.2 Right of Access (Article 15 GDPR)

You have the right to access your personal data and obtain information about how we process it, including:

• The purposes of processing
• The categories of personal data concerned
• The recipients or categories of recipients
• The retention period or criteria for determining it
• Your rights under GDPR

You can request a copy of your personal data by contacting us at monalisa.roy@musigmas.com.

11.3 Right to Rectification (Article 16 GDPR)

You have the right to have inaccurate personal data corrected. If you believe any personal data we hold about you is inaccurate, please contact us, and we will correct it.

11.4 Right to Erasure (Article 17 GDPR - “Right to be Forgotten”)

You have the right to request the deletion of your personal data in certain circumstances, such as when:

• The data is no longer necessary for the purposes for which it was collected
• You withdraw your consent and there is no other legal basis for processing
• You object to processing and there are no overriding legitimate grounds
• The data has been unlawfully processed

11.5 Right to Restrict Processing (Article 18 GDPR)

You have the right to restrict the processing of your personal data in certain circumstances, such as when:

• You contest the accuracy of the data
• You object to processing based on legitimate interests
• The processing is unlawful, but you do not want the data deleted

11.6 Right to Data Portability (Article 20 GDPR)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller, where:

• The processing is based on consent or contract
• The processing is carried out by automated means

11.7 Right to Object (Article 21 GDPR)

You have the right to object to the processing of your personal data for:

• Direct marketing purposes (you can object at any time)
• Processing based on legitimate interests (we will stop processing unless we can demonstrate compelling legitimate grounds)

11.8 Right to Withdraw Consent (Article 7(3) GDPR)

You have the right to withdraw your consent at any time. Withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal. You can withdraw your consent by contacting us or adjusting your preferences.

11.9 Right to Lodge a Complaint (Article 77 GDPR)

You have the right to lodge a complaint with a supervisory authority if you believe that our processing of your personal data violates GDPR. In Spain, the supervisory authority is the Agencia Española de Protección de Datos (AEPD).

11.10 Exercising Your Rights

To exercise any of your rights under GDPR, please contact us at monalisa.roy@musigmas.com with the following information:

• Your full name and contact information
• A clear description of the right you wish to exercise
• Any relevant information to help us process your request
• Proof of identity (if required)

Response Time: We will respond to your request within one month of receipt, as required by GDPR Article 12(3). If your request is complex or we receive multiple requests, we may extend the response time by up to two additional months, and we will inform you of any such extension.

12. Children’s Privacy

Our website and services are not intended for children under the age of 16. We do not knowingly collect personal data from children under 16 without parental consent.

If you are a parent or guardian and believe that your child has provided us with personal data, please contact us at monalisa.roy@musigmas.com, and we will delete such information.

If we become aware that we have collected personal data from a child under 16 without parental consent, we will take steps to delete such information promptly.

13. Cookies and Tracking Technologies

We use cookies and similar tracking technologies on our website to collect and store information about your device and how you interact with our website. Cookies are small text files that are placed on your device when you visit our website.

Cookie Policy: For detailed information about our use of cookies, including the types of cookies we use, their purposes, durations, and how to manage them, please see our Cookie Policy.

Cookie Consent: We obtain your consent before setting non-essential cookies through our cookie consent banner. You can manage your cookie preferences at any time through our cookie settings or your browser settings.

Personal Data Collected Through Cookies: Cookies may collect personal data such as your IP address, device information, browsing behavior, and preferences. This personal data is processed in accordance with this Privacy Policy and our Cookie Policy.

14. Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational, legal, or regulatory reasons. We will notify you of any material changes by:

• Posting the updated policy on our website with a new “Last Updated” date
• Displaying a notice on our website when you visit
• Sending you an email notification if you have provided your email address

Material Changes: We will notify you of any material changes to this Policy, including:

• Changes to the types of personal data we collect
• Changes to the purposes for which we process personal data
• Changes to your rights or how you can exercise them
• Changes to third parties with whom we share personal data

Continued Use: Your continued use of our website or services after any changes to this Policy constitutes your acceptance of the updated Policy. If you do not agree with any changes, please stop using our website or services and contact us to request deletion of your personal data.

Review: We encourage you to review this Privacy Policy periodically to stay informed about how we collect, use, and protect your personal data. The “Last Updated” date at the bottom of this Policy indicates when it was last revised.