Privacy Policy
Last updated: May 22, 2026
1. Introduction & Data Controller
Spanish Learning Hub ("we," "us," "our," or "Company") is committed to protecting your privacy. This Privacy Policy explains our privacy practices and how we handle information you provide to us or that we collect about you when you use our website, mobile applications, and other online services.
1.1 Data Controller Information
The data controller responsible for your personal data is:
1.2 Legal Basis
This Privacy Policy is governed by the General Data Protection Regulation (GDPR) (EU) 2016/679, applicable to all residents of the European Union. We comply with all data protection requirements under GDPR and other applicable regulations.
2. Information We Collect
2.1 Information You Provide
- Search Queries: When you search for articles, we collect the search terms you use
- Contact Information: If you contact us, we collect your name, email, and message content
- User Preferences: Theme preference, language selection, and other settings
2.2 Information Automatically Collected
- Device Information: IP address, browser type, device type, operating system
- Usage Data: Pages visited, time spent, articles viewed, click patterns
- Cookies & Similar Technologies: For analytics and user experience improvements
- Location Data: Approximate location based on IP address (not precise)
2.3 Third-Party Information
We may receive information from third-party services if you choose to connect your account to them.
3. How We Use Your Information
We use collected information for the following purposes:
- Providing and improving our services
- Personalizing your experience
- Analyzing usage patterns and trends
- Sending transactional emails and notifications
- Responding to your inquiries and requests
- Complying with legal obligations
- Preventing fraud and ensuring security
- Marketing and promotional communications (with your consent)
4. Legal Basis for Processing
We process your information based on:
- Consent: When you explicitly agree to processing
- Contractual Necessity: To provide services you request
- Legal Obligation: To comply with applicable laws
- Legitimate Interests: To improve our services and security
- Vital Interests: To protect health, safety, or fundamental rights
5. Data Sharing and Disclosure
5.1 Data Processors (GDPR Art. 28)
We share personal data with Data Processors who act on our behalf under written Data Processing Agreements (DPA). These processors include:
- Amazon AWS (Cloud Hosting): AWS Privacy Policy | DPA
- Google Analytics: Google Privacy Policy | Google Data Processor Terms
- Email Service Provider: For transactional emails only, with appropriate DPA in place
All Data Processors have been vetted for GDPR compliance and have Standard Contractual Clauses (SCCs) in place for data transfers.
5.2 Service Providers (Non-Personal Data Processing)
We work with service providers who may access non-personal technical information:
- CDN and security services (Cloudflare)
- Analytics services (aggregated, anonymized data only)
5.3 Legal Requirements & Law Enforcement
We may disclose your information when required by law, court order, or government request, but only to the extent required by applicable law. We will attempt to notify you of such requests unless legally prohibited.
5.4 Business Transfers
In case of merger, acquisition, or bankruptcy, your information may be transferred. You will be notified of any such change and any choices you may have regarding your data.
5.5 No Sale of Data
We do not sell, trade, or rent your personal information to third parties for marketing purposes. This applies to all users, including those outside the EU.
6. Data Retention & Deletion Rights
We retain personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy:
| Data Type | Retention Period | Legal Basis |
|---|---|---|
| Search queries & browsing history | 90 days (max) | Legitimate interest, performance optimization |
| Analytics data (anonymized) | 26 months | Google Analytics standard retention |
| Contact form submissions | 1 year or until issue resolved | Contractual necessity, legal obligation |
| Session cookies | Session only (when browser closes) | Essential functionality |
| Preference cookies | 1 year | User consent, legitimate interest |
| Tax/compliance records | 7 years | Legal obligation (EU tax law) |
6.1 Right to Erasure
You have the right to request deletion of your personal data at any time, subject to certain exceptions (e.g., legal obligations, legitimate interests). We will delete your data within 30 days unless we have a legal reason to retain it.
6.2 Data Minimization
We apply the principle of data minimization - we collect only the minimum personal data necessary for our stated purposes.
7. Security Measures
We implement industry-standard security measures including:
- HTTPS encryption for data in transit
- Secure password hashing
- Access controls and authentication
- Regular security audits
- Firewalls and intrusion detection
Note: No system is completely secure. We cannot guarantee absolute security.
8. Your GDPR Rights
Under the General Data Protection Regulation (GDPR), you have the following rights regarding your personal data:
8.1 Right of Access (Art. 15)
You have the right to obtain confirmation of whether we process your personal data and request a copy of that data in a structured, commonly used, and machine-readable format.
8.2 Right to Rectification (Art. 16)
You can request correction of inaccurate or incomplete personal data without undue delay.
8.3 Right to Erasure (Art. 17)
You have the right to request deletion of your personal data ("right to be forgotten"), except where processing is necessary for legitimate interests or legal compliance.
8.4 Right to Restrict Processing (Art. 18)
You may request that we limit the processing of your data while we verify its accuracy or during the handling of a dispute.
8.5 Right to Data Portability (Art. 20)
You have the right to receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller.
8.6 Right to Object (Art. 21)
You can object to processing of your personal data for direct marketing, or based on legitimate interests. We will cease processing unless we can demonstrate compelling legitimate grounds.
8.7 Right to Withdraw Consent
Where processing is based on consent, you can withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing based on consent before withdrawal.
8.8 Rights Related to Automated Decision-Making
You have the right not to be subject to decisions based solely on automated processing that produces legal or similar significant effects. We do not currently engage in such processing, but you have this right if circumstances change.
8.9 How to Exercise Your Rights
To exercise any of these rights, please submit a written request to:
Data Rights Request
Email: privacy@spanish-learning.com
Include: Your name, email, and specific request with relevant details
Response time: We will respond within 30 days (extendable to 90 days for complex requests)
No fees: We will not charge for reasonable requests, but may charge for manifestly unfounded or excessive requests
9. Cookies and Tracking Technologies
We use cookies and similar technologies for:
- Essential: Required for basic functionality
- Analytics: Understanding usage patterns
- Preferences: Remembering your settings
- Marketing: Showing relevant content (optional)
You can control cookies through your browser settings or our cookies banner.
10. Children's Privacy
Our service is not intended for children under 13. We do not knowingly collect information from children under 13. If we become aware that we have collected information from a child under 13, we will delete it promptly.
11. International Transfers
Your information may be transferred to, stored in, and processed in countries outside your country of residence, including the United States. These countries may have data protection laws different from your home country. By using our service, you consent to such transfers.
12. Third-Party Links
Our website may contain links to third-party websites. We are not responsible for the privacy practices of external sites. Please review their privacy policies before providing information.
13. Right to Lodge a Complaint with a Supervisory Authority
If you believe your personal data has been processed in violation of applicable data protection laws, you have the right to lodge a complaint with the competent supervisory authority (Data Protection Authority) of your country or the EU member state where you reside, without prejudice to any other administrative or judicial remedy.
EU Data Protection Authorities:
- Spain (AEPD): www.aepd.es | Email: avpd@aepd.es
- Poland (UODO): www.uodo.gov.pl
- Germany (BfDI): www.bfdi.bund.de
- France (CNIL): www.cnil.fr
- Italy (Garante): www.garanteprivacy.it
- Full list of EU authorities
Note: Filing a complaint with a supervisory authority does not affect your right to other remedies (e.g., judicial remedy).
14. Policy Updates
We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of significant changes by:
- Posting the updated policy on our website
- Updating the "Last updated" date at the top of this document
- Sending you an email notification (for material changes)
- Obtaining your consent (if required by law)
Your continued use of our service after changes signifies acceptance of the updated policy.
15. Contact Us
If you have questions about this Privacy Policy or our privacy practices, please contact us at:
Spanish Learning Hub - Data Protection
Email: hamlet07@o2.pl
Website: spanish-learning-hub.hamlet07.link
Response time: 14 days for non-complex inquiries