Identity of the Data Controller
The entity responsible for the processing of your personal data collected through this website is:
piensas.xyz, LLC
1209 Mountain Road PL NE, 87110 Albuquerque, New Mexico, USA
Privacy & data enquiries: wesolve@piensas.xyz
For any question about this Privacy Policy or the processing of your personal data, contact us at the address above. We will confirm receipt and respond within one calendar month of receiving your request.
Personal Data We Collect
Contact form data
When you submit an enquiry or contact form on this website, we collect the personal data you voluntarily provide:
- First and last name
- Email address
- Country of residence or origin of contact
- Message content
Technical and server log data
Our servers automatically record standard access log entries, which may include IP addresses, browser user-agent strings, referring URLs, and request timestamps. This data is processed on the basis of our legitimate interest in maintaining the security and integrity of our infrastructure (Art. 6(1)(f) GDPR). We do not use this data to identify individuals or for marketing purposes. Server logs are retained for a maximum of 30 days, after which they are deleted.
We do not collect payment information, government identification numbers, or special categories of personal data as defined in Art. 9 GDPR (e.g. health data, biometric data, racial or ethnic origin, political opinions, or religious beliefs).
How We Use Your Data
We process your personal data only for the specific purposes listed below, each supported by a defined legal basis under Art. 6 GDPR:
Responding to your enquiry
We use your name, email, and message content to reply to your request and manage the ensuing correspondence. Legal basis: Consent (Art. 6(1)(a) GDPR).
Business record-keeping
We maintain internal records of communications to support our legitimate business operations. Legal basis: Legitimate interest (Art. 6(1)(f) GDPR).
Security and abuse prevention
Server log data (including IP addresses) is analysed to detect, investigate, and prevent unauthorised access, attacks, and abuse. Legal basis: Legitimate interest (Art. 6(1)(f) GDPR).
We do not sell, rent, or trade your personal data to third parties for their own marketing purposes. We do not create automated profiles or make automated decisions that produce significant legal or similarly significant effects on you (see also Section 07, Art. 22 GDPR).
Data Retention
| Data Category | Retention Period | Basis |
|---|---|---|
| Contact form submissions | 2 years from last interaction | Business necessity / consent |
| Server access logs | 30 days | Security / legitimate interest |
At the end of the applicable retention period, your data is securely deleted or irreversibly anonymised. You may also request early deletion at any time by emailing wesolve@piensas.xyz (see Section 07 — Your Rights).
Cookies
This website uses cookies and similar technologies. Some are set by piensas.xyz (first-party), and others are set by third-party services we rely on for fonts and JavaScript module delivery. For a complete description of cookies used, their categories, retention periods, and detailed instructions on how to manage or withdraw your consent, please see our dedicated Cookie Policy.
Data Security
We implement appropriate technical and organisational security measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. Our practices include:
- Encryption in transit: All connections to this website are protected with Transport Layer Security (TLS/HTTPS).
- Access controls: Personal data is accessible only to authorised personnel who demonstrably require it for their role.
- Data minimisation: We collect only the data strictly necessary for the stated purposes (Art. 5(1)(c) GDPR).
- Privacy by design: Security and privacy considerations are embedded in our architecture and development processes from the outset.
- Periodic security reviews: We review and update our security practices as the threat landscape evolves.
In the event of a personal data breach that is likely to result in risk to your rights and freedoms, we will notify the competent supervisory authority within 72 hours and, where required by law, will communicate the breach to the affected individuals without undue delay (Arts. 33–34 GDPR).
Your Rights under GDPR
If you are located in the European Economic Area (EEA), the United Kingdom, or another jurisdiction with equivalent data protection legislation, you have the following rights with respect to your personal data:
Right of access (Art. 15)
Obtain confirmation of whether we process your data and request a copy of it.
Right to rectification (Art. 16)
Request correction of inaccurate or incomplete personal data we hold about you.
Right to erasure (Art. 17)
Request deletion of your personal data ("right to be forgotten"), subject to applicable exceptions.
Right to restriction (Art. 18)
Request that we limit the processing of your data to specific purposes or suspend it.
Right to portability (Art. 20)
Receive your data in a structured, machine-readable format and transmit it to another controller.
Right to object (Art. 21)
Object to processing based on legitimate interests, including profiling for direct marketing.
Right re: automated decisions (Art. 22)
Not to be subject to decisions based solely on automated processing — including AI profiling — that produce significant legal or similarly significant effects. We do not make such decisions.
Right to withdraw consent (Art. 7(3))
Withdraw consent at any time, without affecting the lawfulness of processing carried out prior to withdrawal.
How to exercise your rights: Send a written request to wesolve@piensas.xyz. We will acknowledge receipt and respond within one calendar month. Exercising these rights is free of charge.
You also have the right to lodge a complaint with your national data protection supervisory authority — for example, the AEPD (Spain), CNIL (France), the ICO (United Kingdom), or the relevant authority in your country of residence — if you believe the processing of your personal data does not comply with applicable law.
International Data Transfers
piensas.xyz, LLC is incorporated and operates in the United States. When we process personal data of individuals resident in the EEA or the United Kingdom, we ensure that appropriate safeguards are in place for international transfers as required by Chapter V GDPR.
Transfers of EEA personal data to third countries — including the United States — are protected by one or more of the following mechanisms:
- Standard Contractual Clauses (SCCs) — Controller-to-Processor Module 2, as approved by European Commission Decision 2021/914/EU.
- The EU–U.S. Data Privacy Framework (DPF) where the recipient is a certified DPF participant.
- Additional supplementary measures (e.g. encryption, pseudonymisation, access controls) assessed on a case-by-case basis following a Transfer Impact Assessment (TIA).
| Provider category | Service | Transfer mechanism |
|---|---|---|
| Web hosting provider | Website hosting & infrastructure | SCCs / EU–U.S. DPF |
| Email service provider | Managing contact form enquiries | SCCs / EU–U.S. DPF |
We review our data processor agreements regularly and will update this section if new processors are engaged or transfer mechanisms change. You may request a copy of applicable SCCs by writing to wesolve@piensas.xyz.
Changes to this Policy
We may update this Privacy Policy from time to time to reflect changes in our data practices, applicable law, or our services. When we make material changes, we will update the "Last updated" date at the top of this page and post the new version at piensas.xyz/privacy.html. We encourage you to review this page periodically. Where changes materially affect how we process your personal data and we hold your contact details, we will endeavour to notify you by email.