Privacy Policy
Last updated: 30 May 2026At Zerolagia we respect your privacy and are committed to protecting the personal data you provide. This policy clearly explains what data we collect, why we collect it and what rights you have over it, in compliance with Regulation (EU) 2016/679 (GDPR), the Spanish Organic Law 3/2018 on Personal Data Protection (LOPDGDD) and the LSSI-CE.
1. Data controller
- Owner: Bogdan Shadrin (self-employed professional, trading as Zerolagia)
- Tax ID (NIF): 04785257S
- Address: Las Lagunas de Mijas, 29640 Mijas (Málaga), Spain
- Contact email: info@zerolagia.com
- Phone: +34 612 49 49 00
- Website: https://zerolagia.com
Given its size and nature, Zerolagia is not required to appoint a Data Protection Officer (DPO). For any privacy-related matter, users may contact the owner directly.
2. Data we collect
We only process data that the user voluntarily provides when using the website, or that is technically generated while browsing:
2.1 Contact form
- Name and surname
- Email address
- Phone number (optional)
- Free-text message
2.2 "I don't have a website yet" form
- Type of business
- Project goals
- Business name (optional)
- Business location
- Desired timeframe
- Free-text description
- Name, email and phone (optional) for contact
2.3 Scanner tool
- The URL entered by the user for analysis
- Optional email if the user requests the report by email
- Analysis results are not stored unless the user requests the report by email
2.4 Technical browsing data
- IP address (anonymised for analytics)
- Browser and device type
- Country of access
- Pages visited, time on site (only if you accept analytics cookies)
We do not collect: special category data (health, religion, sexual orientation, etc.) or data from children under 14. If you are under that age, please leave the site or ask an adult to contact us on your behalf.
3. Purposes of processing
- Reply to enquiries: respond to messages submitted through the contact and "I don't have a website yet" forms.
- Commercial follow-up: contact you again if you showed interest in our services and have not expressly opted out.
- Scanner technical analysis: run the requested analysis on the URL provided and email you the report if you request it.
- Website improvement: understand anonymously how the site is used, which sections work best and where there is friction. Only if you accept analytics cookies.
- Legal compliance: meet applicable legal obligations (tax, accounting, etc.) where required.
4. Legal basis for processing
| Data | Legal basis | GDPR reference |
|---|---|---|
| Contact / "I don't have a website" forms | Consent by voluntarily submitting the form | Art. 6.1.a |
| Scanner (URL + optional email) | Performance of a service requested by the user | Art. 6.1.b |
| Subsequent commercial follow-up | Legitimate interest in the pre-contractual relationship initiated by the user | Art. 6.1.f |
| Analytics cookies (Google Analytics) | Explicit consent (cookie banner) | Art. 6.1.a |
| Accounting retention | Compliance with a legal obligation | Art. 6.1.c |
5. Data retention
- Contact forms: 24 months from the last contact, unless you request earlier deletion.
- Scanner data: the analysed URL is kept in technical logs for a maximum of 30 days; email only if you provided it to receive the report (same 24-month period).
- Analytics data: according to Google Analytics retention settings (default: 14 months from last activity).
- Accounting data: applicable legal periods (generally 6 years for invoices under the Spanish Commercial Code).
6. Recipients and data processors
We do not sell or share personal data with third parties for commercial purposes. For the website to function, we use the following data processors (sub-processors), all under contracts or clauses complying with the GDPR:
| Provider | Purpose | Location |
|---|---|---|
| Netlify Inc. | Web hosting, forms and CDN delivery | USA (DPF + EU SCCs) |
| Google Ireland Ltd. | Google Analytics 4 (only with consent) | Ireland / USA (DPF) |
| Cloudflare Inc. | DNS, email management and domain registrar | USA (DPF + EU SCCs) |
| Brevo (Sendinblue SAS) | Transactional and commercial email delivery | France (EU) |
| n8n.io (self-hosted) | Scanner automation and notifications | EU server (Hostinger) |
Some providers (Netlify, Google, Cloudflare) are based in the USA. International transfers are made under the Data Privacy Framework (DPF) recognised by the European Commission and/or Standard Contractual Clauses (SCCs) approved by the EU.
We may also share data when:
- Required by law or a competent authority.
- Necessary to defend the controller's legitimate rights.
7. Your rights
As a data subject, you have the following rights regarding your personal data:
- Access: find out what data we hold about you.
- Rectification: correct inaccurate or incomplete data.
- Erasure (right to be forgotten): request that we delete your data.
- Restriction of processing: request that we suspend processing without deleting the data.
- Portability: receive your data in a structured, machine-readable format.
- Objection: object to processing based on legitimate interest.
- Withdrawal of consent: revoke given consent at any time, without affecting prior lawfulness.
- Not to be subject to automated decision-making: we do not carry out automated decisions with significant legal effects.
To exercise any of these rights, write to info@zerolagia.com stating which right you wish to exercise. We will respond within a maximum of one month.
If you believe the processing of your data does not comply with regulations, you may lodge a complaint with the Spanish Data Protection Agency: www.aepd.es · C/ Jorge Juan 6, 28001 Madrid · Tel. +34 901 100 099.
8. Security measures
We apply appropriate technical and organisational measures to protect personal data against unauthorised access, alteration or loss:
- HTTPS / TLS 1.3 encryption on all communications.
- HTTP security headers (HSTS, CSP, X-Frame-Options).
- Web Application Firewall (WAF) at hosting level.
- Restricted, authenticated access to internal systems.
- Honeypot anti-spam protection on forms.
- Regular backups and GDPR-certified providers.
9. Commercial communications
If we send you commercial communications by email at any time, you can unsubscribe at any moment by clicking the "unsubscribe" link in the email itself or by writing to info@zerolagia.com.
In accordance with article 21 of the LSSI-CE, we do not send unsolicited commercial communications to people who have had no prior relationship with us.
10. Changes to this policy
This policy may be updated to reflect changes in our services or applicable regulations. The "Last updated" date at the top indicates the version in force. Substantial changes will be communicated prominently on the website or, where appropriate, by email.
11. Contact
For any question about this policy or the processing of your personal data: info@zerolagia.com.