← Back

Privacy Policy

How Pablo Otero processes your personal data under Regulation (EU) 2016/679 (GDPR) and Spanish Organic Law 3/2018 (LOPDGDD).

Last updated:

1. Data controller

Owner
Pablo Otero Fariña
NIF
35599105G
Address
Sor Aurora Estévez 14, España
Email
[email protected]

2. Data we process

We collect only the data strictly necessary to provide our services:

  • Contact form: name, age, phone number, optional email, plan of interest and optional sporting goal.
  • Contracting and payment: name and email provided to Stripe. The Provider never stores full payment-card details.
  • Follow-up communications: internal notes on your sporting progress, contact dates and, optionally, a link to your plan in Train2Go.
  • Technical data: IP address sent to the Cloudflare Turnstile anti-bot service when the form is submitted (not stored in our database).

3. Purposes and legal basis

Handle contact requests
Pre-contractual measures at the data subject’s request (Art. 6.1.b GDPR).
Provide the coaching service
Performance of the contract (Art. 6.1.b GDPR).
Process the monthly payment
Performance of the contract (Art. 6.1.b GDPR).
Comply with legal obligations
Tax, accounting and defence against claims (Art. 6.1.c GDPR).
Protection against bots and abuse
Legitimate interest of the Provider in protecting the service (Art. 6.1.f GDPR).

4. Retention periods

  • Contact data without contracting: up to 24 months from the last contact, unless deletion is requested earlier.
  • Contractual data: for the duration of the contract and the legal periods applicable to tax and accounting obligations (up to 6 years).
  • Billing data: for the limitation period of actions arising from the contract.

5. Recipients and processors

To provide the service, we share data with the following processors, all with contractual guarantees under Art. 28 GDPR:

  • Cloudflare, Inc. (USA) — hosting, CDN, database (D1) and the Turnstile anti-bot service. International transfers covered by the European Commission’s Standard Contractual Clauses and the EU-US Data Privacy Framework. Cloudflare privacy policy.
  • Stripe Payments Europe, Ltd. (Ireland) — payment gateway and subscription management. Stripe privacy policy.
  • Resend, Inc. (USA) — sending the notification email to the Provider when a new contact form is received. Resend privacy policy.

Beyond the above, we do not share data with third parties except where legally required.

6. Your rights

As a data subject, you may exercise the following rights at any time by emailing [email protected] with proof of identity:

  • Access to the data we hold about you.
  • Rectification of inaccurate data.
  • Erasure (“right to be forgotten”).
  • Objection to processing.
  • Restriction of processing.
  • Portability of data in a structured, commonly used format.
  • Withdraw consent at any time, without affecting the lawfulness of prior processing.

If you believe your request has not been handled properly, you may complain to the Spanish Data Protection Agency (www.aepd.es).

7. Security measures

The Provider applies the technical and organisational measures needed to ensure the confidentiality, integrity and availability of the data: encryption in transit (TLS), hosting on infrastructure with SOC 2 and ISO 27001 certifications, access control to the admin panel via Cloudflare Access, and least privilege.

8. Cookies

The use of cookies and similar technologies is described in the Cookie Policy.

9. Changes to this policy

The Provider may update this policy to reflect legal or business changes. The date of the last update is shown at the top of this page.