Privacy Policy
This Privacy Policy is prepared for a Spain-based workspace design website receiving commercial enquiries and advertising traffic. It supports transparent disclosure for users in Spain, the European Union and the European Economic Area.
1. Data controller
The data controller is Incubipoga Workspace Studio, Calle de Génova 17, 28004 Madrid, Spain. Email: [email protected]. Phone: +34 91 438 72 64.
2. Personal data collected
We may process name, business email, phone number, company name, role, workspace location, floor area, user count, hybrid policy details, budget range, project message, submitted preferences, IP address, browser type, device information, pages visited, referrer, access time and cookie choices.
3. Purposes of processing
Data is processed to answer enquiries, assess project fit, prepare consultations or proposals, maintain business records, secure the website, measure website performance, understand advertising effectiveness and comply with legal obligations.
4. Legal bases under GDPR
Processing may rely on pre-contractual steps when you request a proposal, contract performance for active clients, legitimate interests in running a secure business website, legal obligations for accounting and compliance, and consent for optional analytics or advertising cookies.
5. Commercial enquiry data
Information submitted through forms is used to respond to the enquiry and evaluate workspace design scope. Please avoid sending confidential employee data, internal HR documents or sensitive business information unless a secure process has been agreed.
6. Cookies and consent
Essential cookies may be used for technical operation and remembering privacy choices. Analytics, advertising or conversion-measurement cookies should be activated only when legally permitted and, where required, after clear consent. Visitors should be able to manage non-essential cookie choices.
7. Advertising and conversion tracking
If Google Ads conversion tracking or analytics are connected, they may process campaign source, page visits, form interactions, approximate device data and conversion events. Such tools should be disclosed in the consent interface and configured to minimise unnecessary personal data.
8. Recipients and processors
Data may be processed by hosting providers, email services, CRM tools, analytics services, advertising platforms, IT support, accounting providers and legal advisers. Processors should be bound by data processing agreements where required.
9. International transfers
If providers process data outside the European Economic Area, appropriate safeguards such as adequacy decisions, Standard Contractual Clauses or additional protective measures should be used.
10. Retention
Unconverted enquiries are normally retained for up to 12 months. Client communication and contract records may be retained for statutory limitation, accounting and tax periods. Cookie consent records may be retained as needed to document compliance.
11. Data subject rights
You may request access, rectification, erasure, restriction, portability and objection. You may withdraw consent at any time where processing is based on consent.
12. Supervisory authority
You may lodge a complaint with the Spanish Data Protection Agency, the AEPD, or another competent supervisory authority if you believe your rights have been violated.
13. Security
We use reasonable organisational and technical measures including access limitation, secure account practices, reduced data collection and regular review of connected services.
14. Updates
This Privacy Policy may be updated when services, processors or legal requirements change. Last updated: 29 May 2026.