3. Privacy Policy

NextGenWebs S.L. (Naranjatec) is responsible for the processing of its customers’ personal data, in accordance with Regulation (EU) 2016/679 (GDPR) and Organic Law 3/2018 (LOPDGDD).

• Management of contracts, invoicing and provision of services.
• Customer service and technical support.
• Compliance with legal and tax obligations.
• Commercial communication (only with express consent or a valid contractual relationship).

• Performance of the contract (Art. 6.1.b GDPR).
• Compliance with legal obligations (Art. 6.1.c GDPR).
• Legitimate interest in improving the service (Art. 6.1.f GDPR).
• Consent of the data subject (Art. 6.1.a GDPR), where applicable.

The data may be processed by service providers (processors) with whom Naranjatec has contracts in accordance with Art. 28 GDPR. No international transfers are made except for the use of sub-processors located in countries with adequate safeguards (e.g., EU standard contractual clauses).

Data subjects may exercise their rights of access, rectification, erasure, restriction, portability and objection by sending a written request to soporte@naranjatec.com, indicating the reference “Data protection”.

They may also lodge a complaint with the Spanish Data Protection Agency (AEPD).

When the Customer is a natural person, all rights under GDPR and LOPDGDD apply fully, including the right to withdraw consent at any time for non-essential processing such as commercial communications.

The data is retained for as long as the contractual relationship exists and for the periods required by law (normally 6 years for accounting/tax purposes).

Naranjatec applies appropriate technical and organisational measures to ensure the confidentiality, integrity and availability of personal data.