Privacy policy

Your data, treated with the respect required by GDPR and the Spanish LOPDGDD.

1. Data controller

The controller of your personal data is:

• Ingeniatic Desarrollo, S.L. (hereinafter, "Aviot").
• Tax ID (CIF): B-30861728
• Address: Parque Tecnológico de Fuente Álamo, Km 2.5, Edificio CEDIT, 30320 Fuente Álamo de Murcia, Spain.
• Privacy contact email: privacidad@ingeniatic.com

2. What data we collect

Through this website we only process the data you voluntarily provide via the contact form, plus minimal technical browsing data.

2.1. Contact form data

• Name and surname.
• Company or facility.
• Email.
• Phone (optional).
• Sector of activity.
• Free-text message.

2.2. Technical browsing data

• IP address.
• User-agent (browser and operating system).
• Strictly necessary cookies for the operation of the site (see Cookie policy).

What we do NOT collect through the site: GPS geolocation data, health data, sensitive special-category data, or data concerning minors. We also do not use third-party analytics tools that rely on cookies (Google Analytics, Meta Pixel, etc.).

3. Purpose of processing

• To handle your request for a quote, information or commercial support.
• To keep you informed about the status of your enquiry and, where applicable, prepare a proposal.
• To comply with our legal obligations (tax, accounting, employment, etc.).
• To send you commercial communications about Aviot and related services, only if you tick the corresponding box or there is a pre-existing commercial relationship under article 21 LSSI.

4. Legal basis

• Consent (art. 6.1.a GDPR): granted by submitting the contact form. You can withdraw it at any time.
• Performance of a contract or pre-contractual measures (art. 6.1.b GDPR): when your enquiry leads to a commercial proposal.
• Legal obligation (art. 6.1.c GDPR): retention of tax and accounting data.
• Legitimate interest (art. 6.1.f GDPR): website security (IP logging against fraud/spam) and service improvement.

5. Retention periods

• Contact-form data: for the duration of the commercial relationship and up to 24 months after the last interaction, unless you request earlier deletion.
• Tax and billing data from a contract: 6 years, as required by law.
• Technical server logs (IP, user-agent): up to 30 days for security and abuse-prevention purposes.
• Marketing communications: until you withdraw consent.

6. Recipients and processors

Your data is not shared with third parties, except for service providers strictly necessary to deliver the service, all bound by data-processing agreements under art. 28 GDPR:

• Cloudflare, Inc. (United States, with EU servers) — provider of hosting (Cloudflare Pages), DNS, database (D1) and CDN.
• Resend, Inc. (United States, EU sending infrastructure) — transactional email provider for delivering enquiries to Ingeniatic Desarrollo, S.L.
• Hostinger International Ltd. (Lithuania, EU) — mailbox provider for info@aviot.es.

International transfers

Some of our processors (Cloudflare, Resend) are US entities that may process data outside the European Economic Area. These transfers are made under the Standard Contractual Clauses (SCC) approved by the European Commission and, where applicable, the EU-U.S. Data Privacy Framework, ensuring a level of protection equivalent to that required by the GDPR.

7. Your rights

As a data subject, you have the right to:

• Access: know what data we hold about you.
• Rectification: correct inaccurate data.
• Erasure ("right to be forgotten"): delete your data when no longer necessary.
• Object to specific processing activities.
• Restrict processing in certain cases.
• Portability: receive your data in a structured, commonly used format.
• Not be subject to automated decisions with significant legal effects.
• Withdraw consent at any time.

8. How to exercise your rights

Write to privacidad@ingeniatic.com stating your request and attaching a copy of an identity document. We will respond within a maximum of one month.

If you believe we have not handled your request properly, you can file a complaint with the Spanish Data Protection Agency (www.aepd.es).

9. Security

We apply appropriate technical and organizational measures to protect your data: in-transit encryption (TLS 1.2+), role-based access control and authentication, operation logging, backups and incident-response plans. We will notify any relevant security breach to the AEPD and, where applicable, to those affected, within the timeframes required by law.

10. Changes to this policy

We may modify this policy to adapt it to legal, technical or service changes. Any change will be published on this page with an updated date.

Last updated: April 2026.