Privacy Policy
This policy explains how torresnicolas.com processes the personal data of users, readers, subscribers, and potential clients.
Data Controller
- Controller: Nicolás Carlos Alejandro Torres Barbano.
- Portuguese Tax ID: 315288884.
- Professional/Fiscal Address: R da Atlântida - Manta Rota n.º 9, 8900-038 Vila Nova de Cacela, Portugal.
- Email: hola@torresnicolas.com.
- Website: torresnicolas.com.
No data protection officer has been appointed, as it is not required for the current activity.
Personal Data Processed
The site may process the following categories of data:
| Category | Data | Source |
|---|---|---|
| Contact | Name, email, intention to contact, and message | Contact form or email |
| Newsletter | Email and acceptance of privacy | Subscription form |
| Security | IP, date and time, technical identifiers, anti-spam signals, and sending logs | Use of the site, forms, and internal security controls |
| AI Assistant | Messages sent to the assistant, date/time, technical metadata, and data necessary for security and debugging | Voluntary interaction with the widget |
| Professional Relationship | Contact data, tax data, and data necessary for proposals, contracts, or billing | Direct communication outside the website |
The website does not request sensitive data. The user should not send passwords, API keys, bank data, medical data, confidential information of third parties, or sensitive documentation through forms or automated assistants.
Purposes and Legal Bases
| Purpose | Description | Legal Basis |
|---|---|---|
| Respond to inquiries | Manage messages sent via form or email. | User consent and pre-contractual measures. |
| Manage commercial requests | Analyze needs, prepare responses, diagnostics, proposals, or related communications. | Pre-contractual measures and legitimate interest. |
| Send newsletter | Send content, news, and professional communications when the user subscribes. | Consent. |
| Security and anti-spam | Protect forms, prevent abuse, spam, attacks, or fraudulent use. | Legitimate interest and, where applicable, legal compliance. |
| Operate the AI assistant | Respond to initial inquiries, guide requests, and improve the experience. | Consent upon interaction and legitimate interest in providing the service. |
| Contractual and tax management | Manage professional services, invoices, contracts, and accounting/tax obligations outside the website. | Contract execution and compliance with legal obligations. |
Forms and Security
The contact form collects intention to contact, name, email, message, and legal acceptance. The newsletter form collects email and acceptance of privacy.
Forms are protected through validation, technical logs, internal security controls, and Cloudflare Turnstile verification to reduce automated abuse.
Newsletter and Commercial Communications
The newsletter will only be sent to users who have given their consent. Subscription must be confirmed through double opt-in before regular sending begins. Each communication will include a simple and free unsubscribe mechanism.
Subscription and technical newsletter management are handled internally for now, with no external email marketing provider declared.
AI Assistant
The AI assistant may record the content of the conversation, date and time, IP, technical identifiers, and other metadata necessary for security, debugging, operation, and service improvement.
Records of the assistant will generally be retained for a maximum of 30 days, unless it is necessary to retain them longer for technical, security, legal compliance, or management of a request initiated by the user.
No decision with relevant legal, contractual, or commercial effects is made solely in an automated manner.
Assistant ratings
If you rate an assistant response with an option such as “helpful” or “not helpful”, we may store a technical rating linked to that conversation in order to review and improve the service. That rating does not include the message content inside the feedback event or your contact details.
We may retain minimal technical data such as the widget identifier, language, page path, widget version, internal conversation reference, and the position of the rated message. We do not use this feedback to automatically create leads or send you commercial communications.
Recipients and Providers
Data may be processed by technological providers necessary to operate the site and address requests:
- Hosting and infrastructure: Hetzner, European infrastructure according to the current contract.
- Own or linked infrastructure: SectionCore, domain and related systems owned by the controller, when involved in forms, logs, newsletter, widget, or automations.
- Anti-spam security: Cloudflare Turnstile, to verify form submissions and reduce automated abuse.
- Newsletter: internal management through own or linked infrastructure; no external email marketing provider is currently declared.
- Necessary internal tools: email, request management systems, technical logs, backups, or automations, if active.
- Public administrations, accounting/tax advisory, or competent authorities: when necessary due to legal obligation.
Currently, no analytics tools such as Google Analytics, Meta Pixel, Hotjar, LinkedIn Insight Tag, or equivalent advertising systems are declared.
International Transfers
In general, efforts will be made to use infrastructure located in the European Union or with adequate guarantees. If any provider involves international data transfer, the guarantees provided by the GDPR will apply, such as standard contractual clauses, adequacy decisions, or other valid mechanisms.
Retention Periods
| Data | Indicative Period |
|---|---|
| Contact inquiries | During the management of the request and up to 12 months afterward, unless a commercial relationship or legal necessity exists. |
| Newsletter | Until the user withdraws their consent or requests to unsubscribe. |
| Technical and anti-spam logs | For the necessary period for security, debugging, and prevention of abuse. |
| AI assistant logs | 30 days as a general criterion. |
| Contractual, tax, and accounting data | For the applicable legal periods in Portugal and the European Union. |
Rights of Data Subjects
Users can exercise their rights of access, rectification, deletion, opposition, limitation, portability, and, where applicable, withdrawal of consent by sending a request to: hola@torresnicolas.com.
They can also file a complaint with the Comissão Nacional de Proteção de Dados (CNPD) in Portugal or, if applicable due to their place of residence, with the corresponding supervisory authority.
Security
The controller applies reasonable technical and organizational measures to protect personal data against loss, unauthorized access, alteration, or misuse. However, no system connected to the Internet can guarantee absolute security.
Changes to this Policy
This policy may be updated when the site’s configuration, providers, forms, newsletter, cookies, or applicable regulations change.
Date of last update: June 13, 2026.