Legal

Privacy policy.

How we process your personal data when you visit viktrum.com or write to us. Fully compliant with GDPR and Spanish LOPDGDD.

Last updated: 12 May 2026 · Version 1.0

1. Data controller

Owner: [Full legal name]
Tax ID (NIF): [NIF/DNI]
Address: [Full address, postal code, province]
Contact email: hello@viktrum.com
Activity: Technology consultancy and software development under the brand Viktrum.

2. Data we process

We only process the data you provide voluntarily. Specifically:

  • Contact data: name, email, phone number (if provided) and company name.
  • Navigation data: IP address, browser type, pages visited and visit duration (see Cookie policy).
  • Communication data: the content of messages you send us by email or form.

We do not collect special categories of data (health, ideological, religious, biometric data) through this website. If your business requires processing of sensitive data, we formalize it in a specific Data Processing Agreement (DPA) before starting any project.

3. Purposes and legal basis

We process your data for the following purposes:

  • Handling your request for information or call booking — legal basis: pre-contractual measures at your request (Art. 6.1.b GDPR).
  • Sending you commercial communications about our services — only with your explicit consent (Art. 6.1.a GDPR). You may withdraw it at any time.
  • Complying with our legal obligations — legal basis: compliance with a legal obligation (Art. 6.1.c GDPR).
  • Anonymous statistical analysis of site usage — legal basis: legitimate interest (Art. 6.1.f GDPR), always with aggregated data and no personal identification.

4. Retention periods

  • Commercial contact data: up to 3 years from the last contact if no contractual relationship is formalized.
  • Active client data: during the contractual relationship and the applicable legal periods (6 years for commercial documentation, 5 years for tax compliance).
  • Navigation data: 13 months maximum (Spanish AEPD recommendation).

5. Recipients and data processors

We do not transfer your data to third parties for commercial purposes. We do use technology providers acting as data processors who comply with GDPR:

  • Cloudflare — web hosting and DDoS protection (EU servers).
  • Google Workspace — corporate email (Google Ireland).
  • Cal.com — appointment management (GDPR-compliant provider).
  • Supabase — database in European region (eu-west-1).
  • Anthropic — AI models (with no-training clauses on client data).

We sign processor contracts (DPAs) with all providers who process personal data on behalf of Viktrum, in accordance with Article 28 GDPR.

6. International transfers

When we work with providers outside the European Economic Area (for example, Anthropic in the United States), we apply the safeguards provided by GDPR: Standard Contractual Clauses approved by the European Commission or adherence to the EU-US Data Privacy Framework where applicable.

7. Your rights

You may exercise the following rights over your data at any time:

  • Access — know what data we process about you.
  • Rectification — correct inaccurate data.
  • Erasure — request deletion of your data when no longer needed.
  • Objection — object to processing for reasons related to your particular situation.
  • Restriction — request the restriction of processing in certain cases.
  • Portability — receive your data in a structured, commonly used format.
  • Withdraw consent — when processing is based on your consent.

To exercise any of these rights, write to hello@viktrum.com indicating the right you exercise and attaching a copy of your ID or equivalent identification document. We will respond within a maximum of one month.

8. Claims to the AEPD

If you believe the processing of your data does not comply with regulations, you may file a claim with the Spanish Data Protection Agency (AEPD) (www.aepd.es), C/ Jorge Juan, 6, 28001 Madrid.

9. Changes to this policy

We may update this policy when applicable regulations, our services, or our providers change. Any substantial change will be notified on this same page with a new update date; if it affects users with an active contractual relationship, it will be communicated directly by email.