Privacy Policy

TESTOPIA SPAIN, S.L. ("we," "our," or "us") respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, disclose, and safeguard your information when you visit testopia.es or contact us.

This policy complies with the EU General Data Protection Regulation (GDPR) and Spanish Organic Law 3/2018 (LOPDGDD).

The data controller responsible for your personal information is:

• Company: TESTOPIA SPAIN, S.L.
• Address: Lepant 270, 08013 Barcelona, Spain
• Email: info@testopia.es

Data Protection Officer

TESTOPIA SPAIN, S.L. does not currently have a designated Data Protection Officer as we do not meet the GDPR criteria requiring one (Article 37). For any data protection inquiries, please contact us using the information above.

Personal Data You Provide

We collect personal data when you contact us through our contact form:

Required Information:

• Name: Your full name
• Email address: Your email address
• Message: Your project description or inquiry details
• Service interest: The type of service you're interested in (automotive testing, software development, or general inquiry)

Optional Information:

• Company: Your company name (optional)
• Project timeline: When you need the project completed (optional: urgent, 1-3 months, 3-6 months, or 6+ months)

Job Applications and Recruitment Data

If you submit a job application or spontaneous application via email to careers@testopia.es, we collect:

• Personal identification: Name, email address, phone number (if provided)
• Professional information: Curriculum Vitae (CV), cover letter, work history, educational background, skills, qualifications
• Application details: Position applied for (if applicable), application date, and any additional information you choose to provide
• Communication records: Email correspondence related to your application

Legal Basis for Job Applications: We process job application data based on:

• Legitimate interest (Art. 6(1)(f) GDPR) to assess your suitability for current or future positions
• Pre-contractual necessity (Art. 6(1)(b) GDPR) if we proceed with your application for a specific open position
• Consent (Art. 6(1)(a) GDPR) when you submit a spontaneous application, understanding that we may keep your information on file for future opportunities

Important: Submitting an application, including spontaneous applications, means you understand that we may retain your data for recruitment purposes as described in our data retention policy. You may withdraw your application or request deletion of your data at any time.

Other Data Collection

• Communication records: If you contact us via email or phone outside the contact form, we may retain emails or call notes related to your inquiry

Website Analytics (No Cookies)

We use Umami, a privacy-friendly, self-hosted analytics solution that does not use cookies or similar tracking technologies. Umami operates without storing personal identifiers and processes aggregated, pseudonymized statistics. IP addresses are fully anonymized, and no data is shared with third parties (such as Google or Meta).

With your consent, we collect:

• Pseudonymous session identifiers (temporary, not linked to personal information)
• Page views and navigation paths
• Referrer information (where you came from)
• Geographic location (country/region from anonymized IP addresses)
• Visit duration

Without your consent, we only collect minimal aggregate statistics (e.g., total page views per page) that are necessary for website functionality. We do not track behavioral data such as scroll depth or detailed time measurements without your consent.

Legal Bases

We process your personal data based on the following legal grounds:

• Consent (Art. 6(1)(a) GDPR) when you voluntarily contact us
• Pre-contractual/contractual necessity (Art. 6(1)(b)) to respond and, if applicable, prepare or perform a contract
• Legal obligation (Art. 6(1)(c)) for accounting and tax records as required by Spanish law
• Legitimate interests (Art. 6(1)(f)) as detailed below

Legitimate Interests

We process personal data based on our legitimate interests in:

• Ensuring website and service security and functionality
• Responding to and managing business inquiries efficiently
• Maintaining business relationships and customer service quality
• Preventing fraud and ensuring data integrity
• Assessing and evaluating job applications for current and future positions
• Maintaining a talent pool for potential future opportunities

You have the right to object to processing based on legitimate interests at any time.

Is Providing Data Required?

Providing your personal data (name, email, message, and service interest) is necessary to respond to your inquiry. Without this required information, we cannot process your contact request or respond to you. Providing company name and project timeline is optional.

For job applications, providing your CV and contact information is necessary for us to evaluate your application. Without this information, we cannot consider you for positions.

Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or significantly affects you. Our data processing is primarily manual, with automated systems used only for technical operations (e.g., email routing, spam filtering) that do not make decisions about individuals.

We process your personal data to:

• Respond to and manage inquiries
• Prepare proposals and potential business relationships
• Maintain secure and reliable services
• Fulfill legal obligations (e.g., accounting)
• Evaluate and assess job applications for current and future positions
• Maintain a recruitment database for potential future opportunities

We use Umami, a privacy-friendly, self-hosted analytics solution that does not use cookies or similar tracking technologies. Umami operates without storing personal identifiers and processes only aggregated, pseudonymized statistics (e.g., total page views, referrers). IP addresses are fully anonymized, and no data is shared with third parties (such as Google or Meta).

Consent for Analytics

We seek your consent before enabling Umami analytics. Your consent preference is stored in your browser's local storage (not cookies) to remember your choice. You can withdraw your consent at any time through our privacy policy page.

What data we collect with your consent:

• Pseudonymous session identifiers (temporary, not linked to personal information)
• Page views and navigation paths
• Referrer information (where you came from)
• Geographic location (country/region from anonymized IP addresses)
• Visit duration

When you withdraw consent:

• We immediately stop collecting new analytics data
• Previously collected aggregated, pseudonymized statistics cannot be deleted as they are not linked to identifiable individuals and are no longer considered personal data under GDPR
• Your consent preference is removed from local storage

Legal Basis

We process analytics data based on your consent (Art. 6(1)(a) GDPR). You have the right to withdraw your consent at any time, which will immediately stop all analytics tracking.

Local Storage

We use browser local storage for two purposes:

1. Consent preference: To remember whether you have consented to analytics tracking. This is necessary to avoid asking for consent on every visit. The consent preference is stored with a timestamp and version identifier.

2. Theme preference: To store your visual theme preference (light or dark mode) to provide technical functionality and improve your user experience. When you select a theme preference, we store only the value "light" or "dark" in your browser's local storage. This setting:

   • Is stored locally on your device only
   • Is not transmitted to our servers
   • Is not used for tracking or analytics
   • Is not shared with third parties
   • Can be cleared at any time through your browser settings
   • Is necessary to maintain your visual preference across page visits

Technical details:

• Theme preference is stored under the key theme in localStorage
• Consent preference is stored under the key umami_analytics_consent in localStorage
• Both values are stored as plain text strings
• No personal information is stored in local storage

All local storage data is stored locally on your device and is not used for tracking or shared with third parties. You can clear this data at any time through your browser settings, which will reset your theme to the system default and require you to provide consent again for analytics.

We do not sell or rent personal data. We disclose data only when necessary:

Categories of Recipients

We may share your data with:

• Web hosting and infrastructure providers: to operate our website and services
• Email service providers: to send and receive communications
• Legal and professional advisors: when required for legal compliance
• Government authorities: when required by law or to comply with legal obligations

All third parties are contractually obligated to protect your data and may only use it for specified purposes.

International Data Transfers

We primarily process personal data within the European Economic Area (EEA). However, when we use third-party services, some data may be transferred outside the EEA:

• Email services: Our email service providers store data within EU data centers and use appropriate safeguards for any data transfers.
• Web hosting: Our hosting infrastructure is located within the EU/EEA.

All international data transfers are subject to appropriate safeguards in accordance with GDPR, including:

• EU Standard Contractual Clauses
• Adequacy decisions by the European Commission
• Other appropriate safeguards as required by law

If you have questions about specific data transfers, please contact us.

Security

We apply appropriate technical and organizational measures to protect your data, including encryption, access controls, and regular security assessments.

Data Retention Periods

We retain your personal data only for as long as necessary for the purposes set out in this policy:

• Contact inquiries: retained for 3 years from last contact, unless deletion is requested earlier. This period allows us to maintain business relationships and respond to follow-up inquiries.
• Job applications (for specific open positions): retained for 2 years from the date of application or the end of the recruitment process, whichever is later, unless deletion is requested earlier.
• Spontaneous applications (kept on file): retained for 2 years from the date of submission, unless deletion is requested earlier. You may request deletion of your application data at any time by contacting us at careers@testopia.es.
• Contract/accounting records: retained for 7 years as required by Spanish commercial and tax law (Law 58/2003, General Tax Law)
• Analytics data: aggregate statistics only, no personal identifiers retained

After these periods, we securely delete or anonymize your personal data unless legal obligations require longer retention. You have the right to request deletion of your application data at any time, even before these retention periods expire.

Under GDPR and Spanish law, you have the following rights regarding your personal data:

Your Rights

• Right to access – You have the right to request copies of your personal data
• Right to rectification – You have the right to request correction of inaccurate or incomplete information
• Right to erasure – You have the right to request deletion of your personal data, under certain conditions
• Right to restrict processing – You have the right to request restriction of processing, under certain conditions
• Right to object to processing – You have the right to object to our processing of your personal data, under certain conditions
• Right to data portability – You have the right to request transfer of your data to another organization or directly to you, under certain conditions
• Right to withdraw consent – Where processing relies on consent, you may withdraw it at any time without affecting prior processing

How to Exercise Your Rights

To exercise any of your rights, please:

1. For general privacy rights: Email us at info@testopia.es with subject line "Privacy Rights Request"
2. For job application data: Email us at careers@testopia.es with subject line "Application Data Request"
3. Include your name, email address, and the specific right you wish to exercise
4. We will respond within one month (may be extended by two months for complex requests)
5. No fee is charged unless requests are manifestly unfounded or excessive

Right to Lodge a Complaint

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement if you consider that the processing of your personal data violates the GDPR.

You may lodge a complaint with the Spanish Data Protection Authority (AEPD) at www.aepd.es or with the supervisory authority in your country of residence.

Processing of Job Application Data

When you submit a job application or spontaneous application to TESTOPIA, we process your personal data for recruitment purposes.

What Data We Process

• Curriculum Vitae (CV) and cover letter
• Contact information (name, email, phone number)
• Professional and educational background
• Skills, qualifications, and work experience
• Any additional information you provide in your application
• Communication records related to your application

How We Use Application Data

• Assess your suitability for current open positions
• Evaluate your qualifications and experience
• Maintain your application in our recruitment database for future opportunities (for spontaneous applications)
• Communicate with you about your application
• Comply with legal obligations related to recruitment

Data Sharing

Your application data is accessed only by:

• TESTOPIA recruitment team members and hiring managers
• Our email service provider (Microsoft 365) for technical processing

We do not share your application data with third parties, recruitment agencies, or external services without your explicit consent.

Your Rights Regarding Application Data

You have all standard GDPR rights regarding your application data, including:

• Right to access your application data
• Right to rectification if information is inaccurate
• Right to erasure (you can request deletion at any time)
• Right to withdraw your application and request deletion
• Right to object to processing based on legitimate interests

To exercise any rights regarding your application data, contact us at careers@testopia.es.