Privacy Policy

Last updated: December 5, 2025

EU GDPR Compliant: This Privacy Policy complies with the General Data Protection Regulation (EU) 2016/679 (GDPR) and Spanish Organic Law 3/2018 on Personal Data Protection and Digital Rights Guarantee (LOPDGDD).

Introduction

At Catalogador, we are committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our collection management service, in accordance with the EU General Data Protection Regulation (GDPR) and Spanish data protection laws.

Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the application.

Data Controller

The Data Controller responsible for your personal data is:

Catalogador

Spain

Email: privacy@catalogador.com

Data Protection Contact: dpo@catalogador.com

For any questions regarding data protection, you may contact our Data Protection Officer at the email address above.

Information We Collect

Personal Data

We may collect personally identifiable information that you voluntarily provide when:

  • Registering for an account (email address, username, password)
  • Using our contact form (name, email, message content)
  • Subscribing to our newsletter (email address)

Collection Data

Information you add to your collections, including:

  • Item details (titles, descriptions, categories, tags)
  • Images you upload
  • Loan records and borrower information you create
  • Personal notes, ratings, and progress tracking data

Automatically Collected Data (Technical Data)

When you access Catalogador, we may automatically collect:

  • Device information (browser type, operating system, device type)
  • Usage data (pages visited, features used, time spent)
  • IP address (may be anonymized for analytics)
  • Referral source (how you arrived at our site)

How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our services
  • Process your requests and manage your account
  • Send you technical notices and support messages
  • Respond to your comments, questions, and requests
  • Analyze usage patterns to improve user experience (with appropriate legal basis)
  • Protect against fraudulent or unauthorized activity
  • Comply with legal obligations
We do NOT:
  • Sell your personal data to third parties
  • Use your data for targeted advertising
  • Share your collection data with anyone without your explicit consent
  • Make automated decisions that significantly affect you
  • Profile you for marketing purposes without consent

Data Storage & Security

Your data is stored securely using industry-standard encryption and security measures. We implement:

  • HTTPS/TLS encryption for all data transmission
  • Secure password hashing (passwords are never stored in plain text)
  • Regular security audits and penetration testing
  • Access controls and role-based authentication
  • Regular backups with encrypted storage
  • Staff training on data protection

While we implement appropriate technical and organizational measures to protect your information, no electronic transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to maintaining appropriate protection standards.

International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). When we transfer data outside the EEA, we ensure appropriate safeguards are in place:

  • Adequacy decisions: Transfers to countries the European Commission has determined provide adequate protection
  • Standard Contractual Clauses (SCCs): EU-approved contractual terms that provide appropriate safeguards
  • Data Processing Agreements: Binding agreements with third-party processors

Our primary data storage is within the European Union. If you would like more information about international transfers, please contact us.

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this privacy policy, or as required by law.

Data Type Retention Period
Account data Duration of account + 30 days after deletion request
Collection data Duration of account + 30 days after deletion request
Contact form submissions 2 years from submission
Analytics data 26 months (anonymized)
Legal/compliance records As required by applicable law (typically 6-10 years)

When you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain certain information for legal obligations or legitimate business purposes.

Your Rights Under GDPR

Under the EU General Data Protection Regulation and Spanish data protection law, you have the following rights regarding your personal data:

Right to Information (Art. 13-14)
Be informed about how your data is collected and used
Right of Access (Art. 15)
Request a copy of your personal data we hold
Right to Rectification (Art. 16)
Request correction of inaccurate or incomplete data
Right to Erasure (Art. 17)
"Right to be forgotten" - request deletion of your data
Right to Restriction (Art. 18)
Request limited processing of your data
Right to Data Portability (Art. 20)
Receive your data in a portable, machine-readable format
Right to Object (Art. 21)
Object to processing based on legitimate interests
Right to Withdraw Consent
Withdraw consent at any time (where processing is based on consent)
How to Exercise Your Rights

To exercise any of these rights, please contact us at privacy@catalogador.com or use our contact form.

We will respond to your request within one month. This period may be extended by two further months where necessary, taking into account the complexity and number of requests.

Right to Lodge a Complaint

If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority. In Spain, this is:

Agencia Española de Protección de Datos (AEPD)

Spanish Data Protection Agency

C/ Jorge Juan, 6, 28001 Madrid

Website: www.aepd.es

Phone: +34 901 100 099

Cookies & Tracking Technologies

We use cookies and similar tracking technologies in accordance with EU cookie legislation (ePrivacy Directive) and GDPR requirements. Cookies are small text files stored on your device.

Types of Cookies We Use

Type Purpose Duration Consent Required
Strictly Necessary Essential for the website to function (authentication, security, session management) Session / 1 year No (exempt)
Preferences Remember your settings and preferences (language, theme) 1 year Yes
Analytics Help us understand how you use Catalogador (page views, features used) 2 years Yes

Cookie Consent

When you first visit our website, you will be presented with a cookie consent banner. Non-essential cookies will only be placed after you provide your consent. You can:

  • Accept all cookies
  • Accept only strictly necessary cookies
  • Customize your cookie preferences
  • Withdraw consent at any time through your browser settings or our cookie settings panel

Managing Cookies

You can control and manage cookies through your browser settings. Note that disabling strictly necessary cookies may affect the functionality of the application.

Third-Party Services

We may use third-party services that process personal data:

Service Purpose Data Processed
Microsoft Azure Cloud hosting and storage All application data
Azure Application Insights Application monitoring and analytics Technical data, usage patterns
SendGrid Email delivery Email addresses, message content
External Metadata APIs Book/movie information lookup Search queries (ISBNs, titles)

All third-party processors are bound by Data Processing Agreements (DPAs) that ensure GDPR compliance. We encourage you to review their privacy policies.

Children's Privacy

In accordance with Article 8 of the GDPR and Spanish law (LOPDGDD), Catalogador is not intended for children under 14 years of age. We do not knowingly collect personal information from children under 14.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@catalogador.com. We will take steps to delete such information from our systems.

Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. When we make material changes:

  • We will update the "Last updated" date at the top of this page
  • We will notify registered users via email for significant changes
  • We may display a prominent notice on our website

We encourage you to review this privacy policy periodically. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy, your personal data, or wish to exercise your rights, please contact us:

General Privacy Inquiries: privacy@catalogador.com

Data Protection Officer: dpo@catalogador.com

Or use our contact form.

We aim to respond to all privacy-related inquiries within 72 hours, and to formal rights requests within one month as required by GDPR.

GDPR Privacy Highlights
  • EU-based data storage - Your data stays in the European Union
  • No data selling - We never sell your personal information
  • Full GDPR rights - Access, rectify, delete, or port your data
  • Encryption - All data transmitted over HTTPS/TLS
  • Cookie consent - Non-essential cookies require your consent
  • Data export - Download your data in portable format anytime
  • Account deletion - Delete your account and data within 30 days
Your Rights at a Glance

Under EU GDPR, you have the right to:

Access your data
Correct inaccuracies
Delete your data
Export your data
Object to processing
Withdraw consent
Related Documents
Terms of Service Contact Us