Last updated: 20 May 2026.
At Talleres Feudo SL we take the protection of personal data of users of our website very seriously. This privacy policy explains what data we collect, for what purpose, on what legal basis and what rights you have as a data subject under Regulation (EU) 2016/679 (GDPR) and Spanish Organic Act 3/2018 on Data Protection and Digital Rights (LOPDGDD).
1. Data controller
| Company name | Talleres Feudo SL |
|---|---|
| VAT / Tax ID | B31129414 |
| Address | Carretera Zaragoza, 28, km 15 (N-121), 31398 Campanas, Navarra (Spain) |
| Contact email | administracion@talleresfeudo.com |
| Phone | +34 948 360 103 |
2. Data we collect and purpose of processing
We process the personal data the user voluntarily provides through the following channels:
| Channel | Data | Purpose | Legal basis |
|---|---|---|---|
| Contact form | Name, company, email, phone, message | Handle the enquiry, prepare a quote and maintain related commercial communication | Consent of the data subject (art. 6.1.a GDPR) and pre-contractual measures (art. 6.1.b GDPR) |
| Direct email | Data contained in the email itself | Reply to the communication received | Legitimate interest of the controller (art. 6.1.f GDPR) |
| Phone call | Data provided by the data subject | Commercial assistance | Consent and legitimate interest |
3. Retention period
- Contact data and quote requests: up to 3 years from the last contact with the data subject, unless otherwise expressly stated or a subsequent contractual relationship arises.
- Data related to contractual relationships and commercial documentation: 6 years from the end of the relationship (article 30 of the Spanish Commercial Code).
- Tax-relevant data: the periods set out by tax legislation (generally a 4-year limitation period).
Once these periods have elapsed, data shall be blocked for the legally required time and subsequently deleted in a secure manner.
4. Recipients and data sharing
Your personal data shall not be shared with third parties, except where required by law. The following processors have access to the data, all bound by data processing agreements pursuant to art. 28 GDPR:
- Arsys Internet S.L.U. (Spain, EU) — web hosting provider. Data are stored on servers located in the European Union, which therefore does not involve an international transfer.
- Cloudflare, Inc. (United States) — Turnstile anti-bot service, which protects contact and quote forms against automated submissions. The international transfer is covered by the Standard Contractual Clauses approved by the European Commission and by Cloudflare's adherence to the EU-US Data Privacy Framework.
- Google Ireland Limited (Ireland, EU / United States) — only if the user consents to the "preferences" or "analytics" cookie category, via Google Maps (showing the workshop location) and Google Analytics 4 (aggregate statistical measurement of website usage). Transfers are covered by the EU-US Data Privacy Framework.
- Microsoft Ireland Operations Limited (Ireland, EU / United States) — only if the user consents to the "analytics" cookie category, via Microsoft Clarity (heatmaps and anonymous recording of website interaction, without directly identifying data). Transfers are covered by the EU-US Data Privacy Framework.
Contact and quote forms are processed on our own servers hosted by Arsys (EU), without involvement of external form managers. Communications are sent by email to internal company accounts.
5. Rights of the data subject
The user may at any time exercise the following rights regarding their personal data:
- Access: know what data of theirs we are processing.
- Rectification: correct inaccurate data.
- Erasure ("right to be forgotten"): request the deletion of their data when no longer needed.
- Objection: object to the processing of their data for a specific purpose.
- Restriction of processing in certain cases.
- Data portability: receive their data in a structured, commonly used and machine-readable format.
- Withdrawal of consent at any time, without affecting the lawfulness of processing based on prior consent.
To exercise these rights, send an email to administracion@talleresfeudo.com stating your name, the right you wish to exercise and, if necessary to identify you, a copy of your ID document.
If you believe the processing of your data does not comply with the applicable regulations, you may file a complaint with the Spanish Data Protection Agency (www.aepd.es).
6. Security measures
Talleres Feudo SL adopts the appropriate technical and organisational measures to ensure a level of security appropriate to the risk of the processing, in accordance with art. 32 GDPR, including HTTPS encryption on the website, access control and backups.
7. Modifications
Talleres Feudo SL reserves the right to amend this policy to bring it into line with new legislation or case law. In such cases, changes will be announced on the website with reasonable advance notice.