Privacy Policy
Last updated: (to be completed before publishing)
Lawyer review required. This Privacy Policy is a template and has not been reviewed by a qualified lawyer. It does not constitute legal advice. A qualified Spanish data protection lawyer must review and approve it before the site goes live.
1. Who We Are (Data Controller)
The data controller responsible for your personal data is:
Bright Office Cleaning
Carrer de Miquel, 26, 08830 Sant Boi de Llobregat, Barcelona, Spain
NIF/CIF: __________
legal@brightofficecleaning.com
Tel: __________
We operate the website brightofficecleaning.com and provide cleaning services in Spain.
2. What Data We Collect
We collect the following categories of personal data:
a) Data you provide directly (quote and contact form)
- Name
- Email address
- Phone number (optional)
- Property address or postcode
- Service requested
- Any additional details you include in the message field
b) Data collected automatically (analytics cookies — only after consent)
- Browser type and version
- Device type and operating system
- Pages visited and time on site
- Referring source (how you found the site)
- Approximate geographic location (city-level; IP address is anonymised before processing)
This data is collected via Google Analytics 4 (GA4) only when you accept analytics cookies. No full IP address is stored; anonymisation is enabled in GA4 settings.
c) Essential cookie data
- Session identifier (functional; expires when you close the browser)
- Cookie consent preference (stored for 12 months)
- CSRF token (security; functional)
3. Legal Basis for Processing
| Data type | Legal basis | Basis under GDPR Article |
|---|---|---|
| Quote/contact form data | Legitimate interest (to respond to your enquiry) or pre-contractual steps | Art. 6(1)(b) and 6(1)(f) |
| Analytics data (GA4) | Your consent | Art. 6(1)(a) |
| Cookie consent record | Legal obligation (RGPD + AEPD guidance) | Art. 6(1)(c) |
Note for lawyer review: confirm whether legitimate interest is the appropriate basis for contact form data, or whether consent should be used instead.
4. How We Use Your Data
- To respond to your quote request or contact enquiry — we use your name, email, phone, and enquiry details solely to reply with scope, availability, and pricing.
- To analyse website usage — GA4 analytics (consent-gated) help us understand which pages are most useful and how visitors find the site.
- To maintain security — CSRF tokens and session identifiers protect the website and its forms from automated attacks.
We do not use your data for automated decision-making or profiling.
5. Who We Share Your Data With
We do not sell, rent, or share your personal data with third parties for marketing purposes.
We may share data with the following processors:
| Processor | Purpose | Location | Safeguard |
|---|---|---|---|
| Resend (email delivery) | Delivering your quote request to our inbox | USA (EU data transfer possible) | Standard Contractual Clauses (SCCs) — verify Resend’s current DPA and SCC status before publishing |
| Google Analytics 4 | Website analytics (only after consent) | USA | SCCs + IP anonymisation |
| Web hosting provider (name to be completed) | Web hosting and server logs | (data centre location to be confirmed) | (processor DPA to be confirmed) |
6. Data Retention
| Data type | Retention period |
|---|---|
| Quote/contact form submissions | __________ (to be confirmed — e.g. 12 months from submission) |
| Email correspondence | __________ (to be confirmed — e.g. 24 months) |
| Analytics data (GA4) | Up to 14 months (configure in GA4 Data Settings) |
| Cookie consent records | 12 months |
| Server access logs | __________ (confirm with hosting provider) |
7. Your Rights Under GDPR
As a resident in the EU / EEA (or under Spanish RGPD / LOPDGDD), you have the right to:
- Access — request a copy of the personal data we hold about you
- Rectification — ask us to correct inaccurate data
- Erasure (“right to be forgotten”) — ask us to delete your data (subject to legal obligations)
- Restriction — ask us to restrict processing in certain circumstances
- Portability — receive your data in a structured, machine-readable format
- Object — object to processing based on legitimate interest
- Withdraw consent — withdraw analytics consent at any time via “Manage cookie preferences” in the footer
To exercise any of these rights, contact us at: legal@brightofficecleaning.com
We will respond within one calendar month (extendable to three months for complex requests).
If you are not satisfied with our response, you have the right to lodge a complaint with the Agencia Española de Protección de Datos (AEPD): www.aepd.es
8. Cookies
We use cookies as described in our Cookie Policy.
Non-essential cookies (analytics) are only placed after you provide consent via the cookie banner. You can manage or withdraw your preferences at any time using the “Manage cookie preferences” link in the footer.
9. Data Security
We apply appropriate technical and organisational measures to protect your personal data, including:
- HTTPS encryption for all data in transit
- Access controls limiting data access to team members who need it for their role
- Regular review of third-party processors’ security measures
- Form anti-spam measures (honeypot, time-based checks)
Note for lawyer review: confirm and expand these security measures with your hosting provider before publishing.
10. Changes to This Policy
We may update this Privacy Policy from time to time. The “Last updated” date at the top of this page reflects when changes were last made. Material changes will be communicated via a notice on the site.
11. Contact
For any questions about this Privacy Policy or to exercise your data rights:
Bright Office Cleaning
Carrer de Miquel, 26, 08830 Sant Boi de Llobregat, Barcelona, Spain
legal@brightofficecleaning.com