Skip to main content
ForxaXR
Back to home

Privacy policy

Last updated: 2026-03-31

1. Data controller

  • Company:
  • VAT:
  • Address:
  • Email:

2. Data we collect and purpose

Through the contact form we collect: name, email, company, reason for contact and message. This data is voluntarily provided by the user for the sole purpose of addressing their inquiry and, where applicable, establishing a commercial relationship.

We do not collect data through tracking cookies, analytics or profiling tools. Fonts are loaded locally (no connection to external servers such as Google Fonts).

3. Legal basis for processing

The processing of your data is based on your consent, given when submitting the contact form (Article 6.1.a GDPR). For contractual relationships, the legal basis is the performance of a contract (Article 6.1.b GDPR).

4. Data recipients

Your data will not be shared with third parties except where required by law. The following providers may access technical data (IP, web traffic) as part of site operation:

  • Cloudflare Inc. (CDN and web protection): may process visitor IP addresses. Operates under Standard Contractual Clauses (SCCs) and the EU-US Data Privacy Framework.
  • The web server is hosted on Vortal XR, S.L.'s own infrastructure in Spain.

5. International transfers

Cloudflare Inc. (USA) may process technical data (IPs) outside the EEA. This transfer is covered by Standard Contractual Clauses (SCCs Modules 2 and 3) and the Data Privacy Framework, in accordance with Article 46 GDPR.

6. Data retention

Contact form data will be retained for a maximum of 1 year or until the inquiry is addressed, whichever comes first. Contractual relationship data will be retained for the duration of the contract plus 5 years in accordance with tax and commercial legislation.

7. Data subject rights

You have the right to access, rectify, erase, object to, restrict processing and request portability of your data. To exercise these rights, write to:

We will respond within a maximum of 1 month. If you consider your rights have not been properly addressed, you may file a complaint with the Spanish Data Protection Agency (AEPD): www.aepd.es

8. Security measures

We adopt appropriate technical and organizational measures to protect your data: encryption in transit (SSL/TLS), two-factor authentication access control, multi-layered firewall defence, encrypted backups (3-2-1 strategy), network segmentation and continuous monitoring.

9. Data Protection Officer

Vortal XR, S.L. is not required to appoint a Data Protection Officer under Article 37 GDPR and Article 34 LOPDGDD (fewer than 250 employees, no large-scale processing of sensitive data). The CTO acts as internal data protection officer.