Privacy
Privacy policy
This policy explains how Alfastar processes personal data received through the website, email, WhatsApp, telephone, quotes, invoices, payments and support requests.
Data controller
- Controller: Alfastar Business S.L.
- VAT / NIF: B54645478
- Address: C/ Gambo, 7-2-4, 03503 Benidorm (Alicante), España
- General email: info@alfastar.es
- Data protection email: privacidad@alfastar.es
Data we may process
Depending on the channel used and the service requested, we may process the following categories of data:
- Identification and contact data: name, company, email, phone, WhatsApp, address, city and tax data when required.
- Professional or business data: activity, technical needs, approximate number of devices, service location and data needed to prepare a quote.
- Data included by the customer in forms, emails, WhatsApp, calls, support requests or shared documentation.
- Billing, payment, quote, contract, incident and administrative data.
- Technical data required to diagnose or provide IT services: information about devices, systems, accounts, configurations, network, backups, software, domains, hosting or tools used.
- Technical website security data: logs, IP address, basic browser information, anti-spam protection and abuse prevention.
Purposes
- Respond to enquiries received via the website, email, WhatsApp, phone or other channels.
- Prepare quotes, proposals, initial reviews, paid consultations, orders, contracts, invoices and related documentation.
- Manage one-off payments, monthly subscriptions, direct debits, cards, PayPal, transfers and administrative checks.
- Provide remote or on-site IT support, maintenance, technical assistance, system reviews, backups, networks, Wi‑Fi, CCTV, cloud, automation and related services.
- Coordinate providers, licences, tools, hosting, domains, email, remote support or other third-party services when required for the requested service.
- Manage the commercial, administrative, accounting and tax relationship.
- Maintain the security of the website, forms, systems and communications.
- Comply with legal obligations and address possible claims.
Legal basis
The legal basis for processing may be, depending on the case, the implementation of pre-contractual measures requested by the data subject, the execution of a requested contract or service, compliance with legal obligations, consent when necessary and the legitimate interest in managing the professional relationship, preventing abuse, protecting system security, documenting requests and defending possible claims.
Remote assistance and incidental access to information
During technical assistance, remote review or intervention, Alfastar may incidentally view or access documents, emails, folders, configurations, users, logs, databases, photographs, cameras, backups or other information contained in the customer's devices or services.
Access is limited to what is necessary to provide the requested service. The customer should avoid sharing unnecessary information and, whenever possible, close documents, sessions or folders unrelated to the assistance.
When the customer is a company, self-employed person or organisation and Alfastar may access personal data of third parties under the customer's responsibility, it may be necessary to agree specific conditions as a data processor in accordance with Article 28 of the GDPR.
Recipients and providers
Alfastar does not sell personal data or transfer it to third parties for unrelated commercial purposes. The following providers may access personal data when necessary to provide or manage services:
- Hosting, infrastructure, email and security providers.
- Form, anti-spam and security services, such as Cloudflare Turnstile.
- Payment providers, such as Stripe and PayPal.
- Commercial management, CRM, quoting, incident, invoicing or documentation tools, such as STEL Order or equivalent.
- Communication services, such as email, telephone, WhatsApp and, where applicable, internal Telegram notifications for operational alerts.
- Remote support tools or technical providers required for the requested service.
- Backup and storage services, when applicable.
- Public administrations, banks, consultancy/accounting firms or competent authorities when there is a legal obligation or administrative need.
These providers will process data in accordance with their own terms or as data processors when applicable.
If you use WhatsApp or another messaging platform to contact Alfastar, the message content and certain metadata may be processed by that platform's provider under its own terms. Telegram is not offered as a main public support channel; if used, it will be limited to agreed communications or internal operational alerts, avoiding unnecessary sensitive information.
International transfers
Some technology, payment or communication providers may be located outside the European Economic Area or use international infrastructure. In such cases, processing must take place with appropriate safeguards under the GDPR, such as adequacy decisions, standard contractual clauses or other valid mechanisms.
Retention
Data will be retained for as long as necessary to handle the request, provide the service, maintain the commercial relationship and comply with legal, tax, accounting or claim defence obligations.
As a general rule, non-contracted enquiries will be kept for a reasonable period for follow-up; customer and service data will be kept while the commercial relationship exists and during applicable legal periods; technical data, logs and backups will be kept for periods proportionate to their operational and security purpose.
Data subject rights
You may exercise the rights of access, rectification, erasure, restriction of processing, portability, objection and not to be subject to individual automated decisions, when applicable, by writing to privacidad@alfastar.es, indicating the right you wish to exercise and providing the information necessary to identify the request.
You may also file a complaint with the Spanish Data Protection Agency (AEPD) if you consider that the processing does not comply with applicable regulations.
Security
Alfastar applies reasonable technical and organisational measures to protect the information processed. No Internet-connected system can be considered absolutely secure, so customers are advised to keep passwords, backups, permissions and access properly managed.
Changes to this policy
Alfastar may update this policy to reflect legal, technical, operational or provider changes. The version published on the website will be the applicable version at any time.