Privacy Policy

MM WEB DESIGN - We create a strong and attractive web presence.

Privacy Policy - MM Design Web

Last updated: July 30, 2025

1. GENERAL INFORMATION

Data Controller:

MM Design Web is the controller of the personal data you provide to us. We are committed to protecting your privacy and processing your personal data in a transparent, fair, and legal manner, in compliance with international data protection regulations.

Contact Information of the Controller:

Applicable Jurisdictions:

This privacy policy has been designed to comply with the strictest privacy laws worldwide, including:

- General Data Protection Regulation (GDPR) of the European Union

- California Consumer Privacy Act (CCPA/CPRA) of the United States

- United States Children's Online Privacy Protection Act (COPPA)

- General Data Protection Law (LGPD) of Brazil

- European Union ePrivacy Directive

- Other applicable international regulations

Declaration on Minors:

Our website and services are not directed to children under the age of 13. MM Design Web does not intentionally collect personal information from children under 13. If you become aware that a child under 13 has provided us with personal information, please contact us immediately so we can take appropriate steps to remove such information from our systems.

Data Protection Officer:

For specific data protection inquiries, you can contact our privacy team by email: privacidadaccesibilidadavisoslegales@mmdesignweb.com with the subject line

 "DATA PROTECTION".

2. INFORMATION WE COLLECT

MM Design Web collects different types of information to provide and improve our services. This information falls into the following categories:

2.1 Personally Identifiable Information

Personally identifiable information is information that can be used to directly identify you. We collect this information when you voluntarily provide it to us:

Contact Information: This includes your full name, last name, email address, phone number, and postal address. This information is essential for communicating with you and providing our web design services.

Commercial Information: Includes specific details of the projects you request, requested quotes, design preferences, technical specifications, and any other information related to the services you require from us.

Communication Data: This includes all messages, queries, comments, and feedback you send to us through contact forms, email, telephone, or any other means of communication. We also retain a history of our interactions to provide better service.

Billing Information: If you purchase our services, we collect information necessary for billing, including tax information, bank information for transfers (when necessary), and billing details.

2.2 Technical and Navigation Information

This information is automatically collected when you visit our website:

Browsing Data: Your IP address (which may be anonymized), web browser type and version, operating system, screen resolution, language settings, time zone setting, and information about the device used to access our site.

Cookies and Similar Technologies: We use cookies, web beacons, tracking pixels, and other similar technologies to enhance your experience on our website. These technologies allow us to remember your preferences, analyze site usage, and personalize content.

Website Usage Data: Information about how you interact with our website, including the pages you visit, the time you spend on each page, the links you click, the searches you perform, and your browsing patterns.

Referrer Information: Data about the website or source that directed you to our site, including search terms used in search engines, social media links, or advertising campaigns.

2.3 Third Party Information

In some cases, we may receive information about you from third-party sources:

Social Media: If you interact with us through social media platforms, we may receive information from your public profile in accordance with the privacy settings of that platform.

Service Providers: Our authorized service providers may provide us with additional information to improve our services, subject to applicable legal requirements.

Business Referrals: If you are referred by an existing customer or business partner, we may receive your basic contact information to establish initial communication.

3. COLLECTION METHODS

Personal information is collected through a variety of methods, all of which are transparent and with your knowledge:

3.1 Information Provided Directly by You

Contact Forms: When you complete any of our contact forms on the website, you voluntarily provide us with your personal information so we can respond to your inquiries.

Quote Requests: When you request a quote for our services, you provide us with detailed information about your needs and contact information.

Newsletter Subscriptions: If you subscribe to our newsletter, you provide us with your email address and, optionally, other information to personalize the content.

Direct Communications: All information you provide to us through email, phone calls, WhatsApp messages, or any other means of direct communication.

Contracts and Agreements: Information provided during the contracting process for our services, including data necessary for the formalization of contracts and commercial agreements.

3.2 Information Collected Automatically

Essential Cookies: These cookies are necessary for the basic functionality of our website. They are set automatically and do not require your explicit consent, as they are technically necessary to provide the service you have requested.

Web Analytics Tools: We use Google Analytics with IP anonymization settings to understand how visitors use our website. This tool provides us with aggregated statistics about site traffic, most visited pages, and general user behavior.

Marketing and Personalization Cookies: With your explicit consent, we use cookies that allow us to display personalized content, remember your preferences, and improve your browsing experience.

Tracking Technologies: We implement tracking pixels and web beacons to measure the effectiveness of our email communications and digital marketing campaigns.

3.3 Information from External Sources

Social Media Platforms: If you interact with our content on social media or use social login features, we may receive information from your public profile depending on the privacy settings of that platform.

Verification Services: In some cases, we may use third-party services to verify the information you provide, especially in significant business transactions.

Commercial Data Providers: Occasionally, we may enhance the information we have about client companies with public commercial data to improve our services.

4. PURPOSES OF THE PROCESSING

The processing of your personal data is carried out for specific, legitimate, and transparent purposes. We distinguish between primary purposes (essential for our services) and secondary purposes (which require your specific consent):

4.1 Main Purposes

These purposes are essential for the provision of our services and are based on the execution of contracts, legal obligations or legitimate interests:

Provision of Web Design Services: We use your personal information to design, develop, implement, and maintain websites and applications according to your specifications. This includes communicating about project progress, requesting feedback, delivering results, and providing follow-up technical support.

Project Management: Your data allows us to efficiently organize and manage projects, allocate resources, establish schedules, coordinate with our team, and ensure the timely delivery of contracted services.

Essential Business Communication: We use your contact information to respond to your inquiries, send requested quotes, confirm orders, provide project status updates, and maintain communication necessary to provide the service.

Customer Service and Technical Support: Your data allows us to provide technical support, resolve incidents, answer questions about our services, and ensure your satisfaction with the results we deliver.

Compliance with Legal Obligations: We process certain data to comply with tax, accounting, and other legal obligations applicable to our business activities, including maintaining business records and issuing invoices.

Protection of Rights and Legitimate Interests: We use information to protect our legitimate rights, prevent fraud, ensure the security of our systems, and defend our interests in the event of legal disputes.

4.2 Secondary Purposes (Require Specific Consent)

These purposes enhance your experience and our services, but require your explicit consent and can be revoked at any time:

Direct Marketing and Promotional Communications: With your consent, we use your contact information to send you special offers, news about new services, success stories, web design industry trends, and content we believe may be of interest to you.

Statistical Analysis and Service Improvement: We analyze aggregated and anonymized data to better understand our customers' needs, improve our services, develop new offerings, and optimize the user experience on our website.

Content Personalization: We use your information to personalize our website content, tailor our communications to your specific interests, and provide relevant recommendations about our services.

Market Research: With your consent, we may use your information to conduct market research, satisfaction surveys, and trend analysis to help us improve our services and develop new offerings.

Follow-up Communications: After completing a project, we may contact you to request feedback, offer maintenance services, inform you of relevant updates, or invite you to participate in case studies (always with your consent).

4.3 Specific Purposes by User Type

For Potential Clients: We use your information to assess your needs, provide personalized quotes, schedule consultations, and maintain communication throughout the decision-making process.

For Active Clients: We process your data for full project management, regular progress communications, approval requests, delivery of results, and billing for services.

For Previous Customers: We retain certain information to provide ongoing support, offer maintenance services, fulfill warranty obligations, and maintain business records as required by law.

For Newsletter Subscribers: We use your email address exclusively to send our newsletter with relevant content about web design, industry trends, and company news.

5. LEGAL BASIS FOR THE PROCESSING

The processing of your personal data is based on solid and specific legal grounds in accordance with the various applicable international regulations. Each processing purpose has a clearly identified legal basis:

5.1 Legal Basis according to the GDPR (European Union)

Data Subject Consent (Art. 6.1.a GDPR): We use this legal basis for direct marketing, non-essential cookies, optional statistical analysis, and any processing beyond what is strictly necessary for our core services. The consent we request is:

- Free: You can choose whether or not to give your consent without negative consequences for access to our basic services.

- Specific: We request separate consent for different purposes (marketing, analytical cookies, etc.).

- Informed: We provide you with clear information about what data we process and for what purposes.

- Unambiguous: We require clear affirmative action on your part (checking a box, clicking a button, etc.).

- Revocable: You can withdraw your consent at any time as easily as you gave it.

Performance of a Contract (Art. 6.1.b GDPR): This legal basis applies when processing is necessary for the performance of a contract to which you are a party, or in order to take steps at your request prior to entering into a contract. It includes:

- Processing your contact information to communicate with you about the project.

- Project data management to deliver contracted services.

- Processing billing information to complete transactions.

- Maintaining project records to meet contractual obligations.

Legitimate Interest (Art. 6.1.f GDPR): We apply this legal basis when we have a legitimate interest in processing your data, provided that this interest is not overridden by your fundamental rights and interests. Our legitimate interests include:

- Website security: Monitoring for suspicious activity, fraud prevention, and protection against cyberattacks.

- Service improvement: Analyzing website usage to optimize user experience and improve our services.

- Commercial communication with existing customers: Information about services similar to those they have already contracted.

- Internal management: Administration of our business, risk management and strategic planning.

Compliance with Legal Obligations (Art. 6.1.c GDPR): We process certain data to comply with legal obligations, including:

- Keeping accounting and tax records in accordance with Spanish law.

- Compliance with data protection regulations.

- Response to legal requests from competent authorities.

5.2 Legal Basis under CCPA/CPRA (California, USA)

Consumer Consent: For California residents, we obtain specific consent to:

- Collection and use of personal information for marketing purposes.

- Share information with third parties for their own commercial purposes.

- Use of sensitive personal information beyond what is necessary to provide the requested services.

Legitimate Business Interest: We process personal information when we have a legitimate business interest that is not overridden by consumer privacy rights:

- Provision and improvement of our services.

- Security and fraud protection.

- Compliance with legal obligations.

- Exercise or defense of legal rights.

5.3 Legal Basis according to the LGPD (Brazil)

Data Subject Consent: For residents of Brazil, consent is obtained as follows:

- Free: Without vices of will.

- Informed: With clear information about the purposes of the processing.

- Specific: For specific purposes.

- Highlighted: So that it stands out from other issues.

Contract Execution: When the processing is necessary for the execution of a contract to which the data subject is a party.

Legitimate Interest: When necessary to meet the legitimate interests of the controller or a third party, except where the fundamental rights and freedoms of the data subject prevail.

Compliance with Legal Obligation: To comply with legal or regulatory obligations by the controller.

5.4 Transparency in the Application of Legal Bases

For each communication or data collection, we clearly indicate the applicable legal basis. In our contact forms, cookie policies, and marketing communications, we specify whether we are acting on the basis of:

- Your consent (which you can withdraw).

- The contractual necessity (essential for the service).

- Our legitimate interest (with the option to object).

- A legal obligation (without the option to object, but with the right to information).

5.5 Conflict Management between Legal Bases

When we apply multiple legal bases for different purposes, we ensure that:

- Each purpose has its clearly identified legal basis.

- User rights are respected according to the most protective legal basis.

- Withdrawal of consent for a purpose does not affect processing based on other legal bases.

- We provide clear mechanisms for exercising specific rights under each legal basis.

6. SHARING INFORMATION WITH THIRD PARTIES

MM Design Web may share your personal information with third parties under specific circumstances and always under strict protection measures. All third parties with whom we share information are contractually obligated to protect your data and use it only for the specific authorized purposes.

6.1 Service Providers and Data Processors

We work with carefully selected service providers who help us operate our business and provide our services. These providers act as data processors under our instructions:

Hosting Services and Technical Infrastructure: We share technical and contact information with our web hosting providers to ensure our website functions properly and your data is secure. These providers are located in secure data centers and comply with international security standards.

Email and Communications Services: We use email marketing and communications platforms to send our newsletters, automated responses, and authorized marketing communications. These providers only have access to the email addresses and names necessary to deliver the communications.

Web Analytics Tools: We share anonymized and aggregated data with services like Google Analytics to understand the use of our website. We have configured these tools to anonymize IP addresses and comply with the strictest privacy regulations.

Payment Processors: When you process payments through our website, your payment information is shared directly with certified payment processors that comply with PCI DSS standards. We do not store full credit card information on our systems.

Customer Support Services: We may use customer relationship management (CRM) platforms and support tools to manage our communications with you more efficiently.

6.2 Collaborators and Business Partners

Authorized Technical Collaborators: For specific projects requiring specialized skills, we can work with external developers, designers, or consultants. These collaborators:

- They sign strict confidentiality agreements.

- They only receive the minimum information necessary to complete their part of the project.

- They are required to return or delete all information at the end of the project.

- They comply with the same data protection standards that we apply internally.

Integration Partners: If your project requires integration with third-party services (such as payment systems, social media APIs, or marketing services), we may share specific technical information necessary for these integrations, always with your knowledge and consent.

6.3 Professional Services

Legal Advice: We may share information with our legal advisors when necessary to obtain legal advice, defend our rights, or comply with legal obligations. These professionals are bound by professional secrecy.

Accounting and Tax Services: We share business and billing information with our accountants and tax advisors to comply with tax obligations and maintain accurate accounting records.

Auditors and Security Consultants: Occasionally, we may work with external auditors or security consultants to assess and improve our data protection practices. These professionals are bound by strict confidentiality agreements.

6.4 Legal Disclosure and Protection of Rights

Competent Authorities: We may disclose your personal information when legally required by:

- Court orders, subpoenas or mandates from competent authorities.

- Law enforcement investigations when we have a legal obligation to cooperate.

- Data protection regulators when requesting information within the framework of their supervisory functions.

Legal Proceedings: In the event of litigation, legal disputes, or arbitration proceedings, we may disclose relevant information to:

- Defend our rights and legitimate interests.

- Comply with orders from courts or arbitrators.

- Provide evidence necessary to resolve disputes.

Protection of Rights and Safety: We may disclose information when we believe in good faith that it is necessary to:

- Protect the safety, rights, or property of MM Design Web, our employees, or third parties.

- Prevent or investigate possible illegal activities, fraud, or violations of our Terms of Service.

- Respond to emergencies that threaten the life, health or safety of people.

6.5 Commercial Transfers

Mergers, Acquisitions, or Sale of Assets: In the event that MM Design Web is acquired, merges with another company, or sells substantially all of its assets, your personal information may be transferred as part of that transaction. In such cases:

- We will notify you in advance of the transfer.

- The acquiring company will be obliged to comply with this privacy policy.

- You will have the option to request deletion of your data prior to transfer.

- Your privacy rights will continue to be protected at the same or higher level.

6.6 Aggregated and Anonymized Information

We may share aggregated and anonymized statistical information that does not personally identify you with:

- Business partners for market analysis.

- Academic researchers for sector studies.

- Media outlets for industry reports.

- Professional organizations for sector benchmarking.

6.7 Guarantees and Protections

All third parties with whom we share personal information are subject to:

Data Processing Agreements: Contracts that specify how your personal data must be handled, protected, and disposed of.

Security Assessments: Regular reviews of the security measures implemented by our suppliers.

Compliance Audits: Periodic checks to ensure our suppliers comply with data protection standards.

Purpose Limitation: Contractual restrictions that limit the use of your data to specific authorized purposes only.

Incident Notification: Obligation to notify us immediately of any security breach or incident that may affect your data.

6.8 Your Rights Regarding Information Sharing

You have the right to:

- Know which specific third parties we have shared your information with.

- Request that we limit the sharing of your information with third parties.

- Withdraw your consent to share information where applicable.

- Request the deletion of your information from third-party systems when technically and legally possible.

To exercise these rights or obtain more information about our information sharing practices, you can contact us using the methods specified in the contact section of this policy.

7. USER RIGHTS

At MM Design Web, we are committed to ensuring the exercise of your rights regarding your personal data. Below, we detail your rights and how you can exercise them, in accordance with applicable international regulations.

7.1 Universal Rights (Applicable to all Users)

Regardless of your geographic location, you have the following fundamental rights:

Right of Access: You have the right to obtain confirmation as to whether or not we are processing personal data concerning you and, if so, the right to access such personal data and the following information:

- The purposes of the treatment.

- The categories of personal data involved.

- The recipients or categories of recipients to whom the personal data have been or will be communicated.

- The expected period for which the personal data will be retained or, if this is not possible, the criteria used to determine this period.

- The existence of the right to request the rectification or deletion of your personal data, the restriction of processing, or to object to such processing.

- The right to lodge a complaint with a supervisory authority.

- Where the personal data have not been obtained from the data subject, any available information regarding their source.

- The existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject.

Right to Rectification: You have the right to obtain, without undue delay, the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary declaration.

Right to Erasure (Right to be Forgotten): You have the right to obtain the erasure of personal data concerning you without undue delay when any of the following circumstances apply:

- The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.

- You withdraw the consent on which the processing is based and it is not based on another legal basis.

- You object to the processing and other legitimate grounds for processing do not prevail.

- The personal data has been unlawfully processed.

- The personal data must be deleted to comply with a legal obligation established by Union or Member State law to which the data controller is subject.

Right to Data Portability: You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format, and to transmit it to another data controller without hindrance when the processing is based on consent or a contract and is carried out by automated means.

Right to Object: You have the right to object at any time, for reasons relating to your particular situation, to the processing of your personal data based on legitimate interest. MM Design Web will cease processing your personal data unless we demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims.

7.2 Specific Rights by Jurisdiction

In addition to universal rights, certain jurisdictions grant additional rights:

For Residents of the European Union (GDPR):

Right to Restriction of Processing: You have the right to obtain restriction of the processing of your data when any of the following conditions apply:

- You challenge the accuracy of the personal data, for a period that allows the controller to verify its accuracy.

- The processing is unlawful and you oppose the erasure of your personal data and request a restriction on its use instead.

- The controller no longer needs the personal data for the purposes of the processing, but you need them for the establishment, exercise, or defense of legal claims.

- You have objected to the processing, while it is being verified whether the legitimate grounds of the controller override yours.

Right not to be subject to Automated Decisions, including Profiling: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, unless the decision is necessary for entering into or performing a contract, is authorized by Union or Member State law, or is based on your explicit consent.

For California Residents (CCPA/CPRA):

Right to Know: You have the right to request that a company that collects your personal information disclose to you:

- The categories of personal information that has been collected.

- The categories of sources from which the personal information is collected.

- The commercial or business purpose for collecting or selling personal information.

- The categories of third parties with whom the company shares personal information.

- The specific pieces of personal information we have collected about you.

Right to Deletion: You have the right to request the deletion of personal information that a business has collected about you, subject to certain exceptions.

Right to Opt Out of Selling/Sharing: You have the right to tell us not to sell or share your personal information. MM Design Web does not sell your personal information. However, if our practices change in the future, we will provide you with clear notice and a mechanism to exercise this right.

Right to Non-Discrimination: You will not be discriminated against for exercising any of your privacy rights under the CCPA/CPRA.

Right to Limit Use and Disclosure of Sensitive Personal Information: You have the right to limit the use and disclosure of your sensitive personal information to what is necessary to perform the services or goods you have requested from us.

For Residents of Brazil (LGPD):

The LGPD grants rights similar to those under the GDPR, including:

Right of Access: Confirmation of the existence of processing and access to data.

Right of Rectification: Correction of incomplete, inaccurate or outdated data.

Right to Anonymization, Blocking, or Deletion: Of data that is unnecessary, excessive, or processed in violation of the LGPD.

Right to Data Portability: To another service or product provider, upon express request.

Right to Deletion: Of personal data processed with the consent of the data subject, except in the cases provided for in the LGPD.

Right to Information: About the public and private entities with which the controller has shared data.

Right to revoke consent: At any time, by express statement of the owner.

Right to Object: To processing that does not comply with the provisions of the LGPD.

7.3 How to Exercise Your Rights

To exercise any of the aforementioned rights, you can contact us through the following channels:

By Email:

- Email: privacidadaccesibilidadavisoslegales@mmdesignweb.com

Subject: "EXERCISE OF PRIVACY RIGHTS"

By Postal Mail:

- Address: C/ SANT RAMON 29 - 08350 - ARENYS DE MAR (BARCELONA), Spain

Information Required in your Application:

To process your request efficiently and securely, please include the following information:

  • Full name and surname.
  • Email address associated with your data in our systems.
  • The specific right you wish to exercise (e.g. access, rectification, deletion).
  • Clear and specific details of your request (e.g. what data you want to correct, what information you want to access).
  • A copy of a valid ID document (national ID, passport, etc.) to verify your identity. This measure is to protect your privacy and ensure that only you or someone authorized on your behalf can access or modify your information.

Response Times:

We undertake to respond to your requests within the timeframes established by applicable regulations:

- GDPR (European Union): 1 month from receipt of the request. This period may be extended to 3 months in complex cases, of which we will notify you promptly.

- CCPA/CPRA (California): 45 days from receipt of the request. This period may be extended once for an additional 45 days, of which we will notify you.

- LGPD (Brazil): We will respond to your request immediately, or within 15 days for access and rectification requests, and within a reasonable time for other requests, depending on the complexity.

Identity Verification:

To protect your privacy and security, before processing your request, we will take reasonable steps to verify your identity. This may include requesting additional information that only you would know or verifying your email address. If we cannot verify your identity, we may not be able to fulfill your request.

Authorized Representative:

If you are an authorized representative making a request on behalf of a consumer, you must provide proof of registration with the California Secretary of State (for CCPA/CPRA) and proof that the consumer has granted you permission to act on their behalf.

Right to File a Complaint:

If you believe we have not processed your personal data in accordance with applicable regulations, or if you are not satisfied with the response to your request, you have the right to lodge a complaint with the competent data protection supervisory authority. In Spain, the authority is the Spanish Data Protection Agency (AEPD).

8. DATA SECURITY

At MM Design Web, the security of your personal data is a top priority. We implement robust technical, organizational, and physical measures to protect your information from unauthorized access, alteration, disclosure, or destruction. We continually strive to maintain the integrity, confidentiality, and availability of your data.

8.1 Technical Security Measures

Data Encryption:

- Encryption in Transit (SSL/TLS): All communications between your browser and our website are protected using SSL/TLS (Secure Sockets Layer/Transport Layer Security) encryption. This ensures that any data you send or receive (such as form information, login credentials, etc.) is encrypted and unreadable by unauthorized parties.

- Encryption at Rest: Sensitive data stored on our servers is protected with encryption at rest, adding an additional layer of security against unauthorized access to the database.

Network Protection:

- Firewalls: We implement advanced firewalls to monitor and control incoming and outgoing network traffic, blocking unauthorized access and protecting our systems from external threats.

- Intrusion Detection and Prevention Systems (IDS/IPS): We use tools to detect and prevent malicious activity or attempted intrusions into our network.

Application Security:

- Secure Development: Our systems and applications are developed following security best practices, including code reviews and vulnerability testing.

- Security Updates: We keep all our systems, software, and platforms updated with the latest security patches to protect against known vulnerabilities.

Backups and Disaster Recovery:

- We perform regular, encrypted backups of all critical data. These copies are securely stored in separate locations.

- We have disaster recovery plans to ensure service continuity and data availability in the event of a major incident.

Logical Access Control:

- We implement role-based access controls and the principle of least privilege, ensuring that only authorized personnel have access to the personal data necessary to perform their duties.

- We use strong authentication (complex passwords, multi-factor authentication where possible) to access our internal systems.

8.2 Organizational Security Measures

Internal Security Policies: We have established clear internal policies and procedures regarding the handling of personal data, information security, and incident response. These policies are mandatory for all our employees.

Staff Training and Awareness: All MM Design Web staff who have access to personal data receive regular training on data protection, information security, and individual responsibilities in compliance with regulations. A culture of privacy and security is fostered.

Confidentiality Agreements: All staff and external collaborators who handle personal data sign confidentiality agreements to ensure commitment to information protection.

Audits and Risk Assessments: We conduct periodic internal and external audits of our security measures to identify potential weaknesses and ensure continuous improvement. We conduct risk assessments to identify, analyze, and mitigate information security risks.

Security Incident Management: We have a security incident response plan that defines the steps to follow in the event of a security breach, including detection, containment, eradication, recovery, and post-incident analysis.

8.3 Notification of Security Breaches

In the event of a personal data breach that may pose a significant risk to your rights and freedoms, MM Design Web undertakes to:

Notification to the Supervisory Authority: We will notify the competent supervisory authority (e.g., the Spanish Data Protection Agency) without undue delay and, if possible, no later than 72 hours after becoming aware of it, unless the security breach is unlikely to constitute a risk to the rights and freedoms of natural persons (GDPR).

Communication to Data Subjects: If a personal data breach poses a significant risk to your rights and freedoms, we will communicate the breach to you clearly and concisely without undue delay. This communication will include the nature of the breach, the contact information of the data protection officer or point of contact, the potential consequences of the breach, and the measures taken or proposed to remedy the breach.

Corrective Measures: We will immediately implement the necessary corrective measures to mitigate the effects of the breach and prevent future occurrences.

9. DATA RETENTION

MM Design Web retains your personal data only for as long as necessary to fulfill the purposes for which it was collected, as well as to comply with our legal obligations, resolve disputes, and enforce our agreements. Once the data is no longer required, it is securely deleted or anonymized.

9.1 Retention Periods

The retention periods for your personal data are determined by the purpose of the processing and applicable legal obligations:

Commercial Contact Data: We retain contact data used for commercial communications (e.g., inquiries, quotes) for a period of 3 years from the last relevant contact or interaction, unless you request its deletion earlier.

Project and Contract Information: Data related to projects and service contracts is retained for a period of 5 years from the completion of the project or contract to comply with tax, accounting, and warranty obligations, as well as to defend against potential legal claims.

Analytics Data (Google Analytics): Data collected through Google Analytics (with anonymized IP) is retained for 26 months, in accordance with Google's default settings and our needs for long-term trend analysis.

Consents: Records of your consents (e.g., for marketing, non-essential cookies) are retained while the consent is active and for an additional 5 years after its revocation or the end of our relationship, in order to demonstrate legal compliance.

Communication and Support Data: Communications and support history are retained for a period of two years from the last interaction to provide continued service and resolve potential disputes.

Billing and Transaction Data: Financial and billing information is retained for the period legally established by Spanish tax and accounting legislation (currently 6 years for books and records, and 4 years for tax obligations).

9.2 Secure Data Deletion

Once the retention period has expired or when the data is no longer necessary for the purposes for which it was collected, MM Design Web implements procedures for its secure disposal:

Complete Erasure: Data is permanently removed from our active servers, databases, and backup systems using methods that make it impossible to recover.

Anonymization: In some cases, instead of deleting data, we may irreversibly anonymize it so that it can no longer be associated with you. Anonymized data may be used for statistical or research purposes without privacy restrictions.

Certification of Deletion: For certain types of data or in response to specific requests, we may provide certification of data deletion.

9.3 Exceptions to Elimination

We may retain your personal data for a longer period if necessary to:

  • Comply with a legal or regulatory obligation that requires a longer retention period.
  • The formulation, exercise or defense of legal claims.
  • Archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes, provided that appropriate safeguards are applied.

10. COOKIES AND SIMILAR TECHNOLOGIES

Our website uses cookies and similar technologies to improve your browsing experience, analyze site usage, and personalize content. This section explains what cookies are, how we use them, and how you can manage them, in compliance with the ePrivacy Directive and the GDPR.

10.1 What are Cookies?

Cookies are small text files that are stored on your device (computer, tablet, smartphone) when you visit a website. They allow the website to remember your actions and preferences (such as login, language, font size, and other display preferences) over time, so you don't have to keep re-entering them each time you return to the site or browse from one page to another.

10.2 Types of Cookies We Use

We classify the cookies we use into the following categories:

Essential Cookies (Strictly Necessary):

  • Purpose: These cookies are essential for the basic functioning of our website. They enable functions such as page navigation, access to secure areas of the site, and user session management. Without these cookies, the website cannot function properly.
  • Consent: They do not require your consent, as they are technically necessary to provide the service you request.
  • Examples: Session cookies, security cookies, language preference cookies.

Analytical or Performance Cookies:

  • Purpose: These cookies allow us to collect information about how visitors use our website, such as the most visited pages, time spent on the site, and if they encounter any errors. This information helps us improve the performance and usability of our website.
  • Consent: Your explicit consent is required. We use Google Analytics with anonymized IP address for this purpose.
  • Examples: Google Analytics cookies.

Functionality Cookies:

  • Purpose: These cookies allow the website to remember choices you make (such as your username, language, or the region you are in) and provide enhanced, more personal features. They may also be used to provide services you've asked for, such as watching a video or commenting on a blog.
  • Consent: They require your explicit consent.
  • Examples: User preference cookies, cookies to remember shopping cart contents.

Marketing or Advertising Cookies:

  • Purpose: These cookies are used to deliver ads more relevant to you and your interests. They are also used to limit the number of times you see an ad and to help measure the effectiveness of advertising campaigns. They are usually placed by advertising networks with the website operator's permission.
  • Consent: They require your explicit consent.
  • Examples: Campaign tracking cookies, retargeting cookies.

10.3 Cookie Management and Your Consent

At MM Design Web, we offer you complete control over cookies that are not strictly necessary. We have implemented a cookie consent management system that allows you to:

Consent Panel (Cookie Banner): When you visit our website for the first time, you will be presented with a clear and visible cookie banner. This banner will inform you about the use of cookies and offer you the following options:

  • Accept All: Consent to the use of all categories of cookies.
  • Reject All: Reject the use of all non-essential cookies.
  • Configure/Customize: Access a preferences panel where you can enable or disable specific categories of cookies (analytics, functionality, marketing).

Granular Settings: Our consent panel allows you to select which types of non-essential cookies you want to accept or reject. You can change your preferences at any time.

Easy Revocation: You can change your cookie preferences or withdraw your consent at any time via a permanent link in the footer of our website or by accessing the cookie consent panel again.

Browser Settings: In addition to our consent panel, most web browsers allow you to manage cookies through their settings. You can set your browser to notify you when you receive a cookie, to block certain cookies, or to delete existing cookies. Please note that disabling essential cookies may affect the functionality of our website.

10.4 Third-Party Cookies

Some cookies used on our website may be placed by third parties (e.g., Google Analytics, social networks). We have no control over these third-party cookies. To learn more about how these third parties use cookies, we recommend reviewing their own privacy policies.

11. INTERNATIONAL DATA TRANSFERS

MM Design Web may transfer your personal data to countries outside the European Economic Area (EEA) or your home jurisdiction, provided it is necessary for the provision of our services or to fulfill a legitimate purpose. In such cases, we ensure that your data is protected with appropriate safeguards, in accordance with international data protection regulations.

11.1 Protection Mechanisms for International Transfers

We implement the following mechanisms to ensure that your personal data receives an adequate level of protection when transferred internationally:

Adequacy Decisions: We transfer data to countries that the European Commission (for the GDPR) or the competent authorities of other jurisdictions have determined to provide an adequate level of data protection. This means that the laws of those countries guarantee a level of data protection comparable to that of the EU or the home jurisdiction.

Standard Contractual Clauses (SCCs): When we transfer data to countries without an adequacy decision, we use the Standard Contractual Clauses approved by the European Commission. These clauses are legally binding contractual commitments that oblige the data importer to protect personal data in accordance with EU standards.

Binding Corporate Rules (BCRs): If MM Design Web becomes part of a corporate group in the future, we may implement Binding Corporate Rules, which are internal data protection policies approved by data protection authorities and which permit data transfers within the group.

Explicit Consent: In the absence of an adequacy decision or standard contractual clauses, we may transfer your personal data if you have given your explicit consent to the proposed transfer, after being informed of the potential risks of such transfers to you due to the absence of an adequacy decision and appropriate safeguards.

Other Legal Exceptions: In limited cases, we may transfer personal data based on other legal exceptions permitted by the GDPR or LGPD, such as the necessity for the performance of a contract, the establishment, exercise, or defense of legal claims, or the protection of vital interests of the data subject.

11.2 Information on Transfer Destinations

Currently, international data transfers may occur through our service providers, who may have servers or processing equipment in different countries. For example:

  • Google Analytics: Website usage data (anonymized) may be processed by Google on its servers in the United States. Google complies with the EU-US Data Privacy Framework, which guarantees an adequate level of protection.
  • Hosting Providers: Our hosting providers may have data centers in different geographic locations. We ensure that these providers meet the highest security and privacy standards and that appropriate transfer mechanisms are in place.

We are committed to informing you about any significant changes to our international data transfer practices and ensuring that your data is always protected.

13. CHANGES TO THIS PRIVACY POLICY

MM Design Web reserves the right to modify or update this privacy policy at any time to reflect changes in our data practices, technology, or applicable law. Any changes will become effective immediately upon posting on this page.

We encourage you to review this policy periodically to stay informed about how we're protecting your information. The "Last Updated" date at the top of this page indicates when it was last revised.

If we make material changes to how we collect, use, or share your personal information, we will notify you through a prominent notice on our website or, if appropriate, through direct email communication.

14. CONTACT

If you have any questions, comments, or concerns about this privacy policy or our data protection practices, please feel free to contact us:

MM Design Web

Headline: Mario Albaladejo Barastegui

Address: C/ SANT RAMON 29 - 08350 - ARENYS DE MAR (BARCELONA), Spain

Telephone: +34 656 948 148

Email:  privacidadaccesibilidadavisoslegales@mmdesignweb.com

Website:  www.mmdesignweb.com

We'll be happy to assist you and answer any questions you may have.


12. AFFILIATE DISCLOSURE

At MM Design Web, we strive to provide high-quality, valuable content to our users. In order to maintain the operation of our website and continue providing useful resources, we participate in affiliate marketing programs. This means that some of the links you'll find on our website are affiliate links.

12.1 What is an Affiliate Link?

An affiliate link is a special type of URL that contains a unique identifier. When you click on one of these links and make a purchase or take a specific action (such as signing up for a service) on the third-party website, we may receive a small commission or compensation. It's important to note that this does not entail any additional cost to you ; the price of the product or service remains the same.

12.2 Our Commitment to Transparency and Honesty (FTC Guidelines)

At MM Design Web, "Seriousness, Transparency, and Honesty with our Users" are core values. We strictly adhere to the Federal Trade Commission's (FTC) guidelines regarding affiliate disclosure. This means:

  • Full Transparency: Whenever a link is an affiliate link, we will do our best to clearly indicate this, either through an explicit note, an icon, or the inclusion of this disclosure section.
  • Independence of Recommendations: The existence of an affiliate link does not influence our recommendations, opinions, or analysis. We always prioritize the quality, usefulness, and relevance of the products, services, or tools we recommend. Our main motivation is to help you find the best solutions for your web design needs.
  • At No Additional Cost to You: The commissions we receive come from the merchant or service provider, as a form of gratitude for referring them. You don't pay extra for using our affiliate links.

12.3 Affiliate Programs in which We Participate

MM Design Web participates in affiliate programs worldwide. This may include, but is not limited to, affiliate programs for hosting platforms, website builders, graphic design tools, WordPress themes and plugins, digital marketing services, and other products or services relevant to website creation and management.

12.4 Your Support

By using our affiliate links, you help us maintain this website, continue creating quality content for free, and invest in the continuous improvement of our resources. We sincerely appreciate your support.

If you have any questions about our participation in affiliate programs, please feel free to contact us.

Last updated: July 30, 2025

MM WEB DESIGN - We create a strong and attractive web presence.

MM DESIGN WEB