Privacy Policy

Last updated: April 14, 2026

1. Data Controller

The data controller responsible for processing your personal data is:

• Entity: MÄO Agency (Jessica Gavalda)
• Location: Barcelona, Spain
• Email: hello@maoagency.com

2. What data we collect

We may collect and process the following categories of personal data:

• Contact information: name, email address, phone number, company name
• Diagnostic data: brand and business information you voluntarily provide through our Brand Diagnostic Tool
• Technical data: IP address, browser type, device information, pages visited, and interaction data collected through cookies and analytics
• Communication data: messages, inquiries, and any information you provide when contacting us

3. Purpose and legal basis

We process your personal data for the following purposes:

• To respond to your inquiries (legal basis: legitimate interest)
• To provide our services and manage our client relationship (legal basis: contractual necessity)
• To deliver your Brand Diagnostic results (legal basis: consent)
• To send marketing communications only when you have opted in (legal basis: consent)
• To analyze website usage and improve our services (legal basis: legitimate interest)

4. Data sharing

We do not sell your personal data. We may share your data with:

• Service providers: hosting (Netlify), email (Google Workspace), CRM (GoHighLevel), analytics (Google Analytics), and domain services (Cloudflare), strictly for the purpose of delivering our services
• Legal obligations: when required by law, regulation, or legal process

All third-party service providers are contractually obligated to protect your data and process it only on our instructions.

5. International transfers

Some of our service providers are located outside the European Economic Area (EEA). In such cases, we ensure adequate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, to protect your data in accordance with GDPR requirements.

6. Data retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected:

• Client data: for the duration of our business relationship plus the legally required retention period
• Inquiry and diagnostic data: up to 24 months from the last interaction
• Marketing data: until you withdraw your consent
• Analytics data: as defined in our Cookie Policy

7. Your rights

Under GDPR and Spanish data protection law (LOPDGDD), you have the right to:

• Access your personal data
• Rectify inaccurate or incomplete data
• Erase your data ("right to be forgotten")
• Restrict processing in certain circumstances
• Data portability: receive your data in a structured, machine-readable format
• Object to processing based on legitimate interest
• Withdraw consent at any time, without affecting the lawfulness of prior processing

To exercise any of these rights, contact us at hello@maoagency.com. We will respond within 30 days.

8. Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These include SSL/TLS encryption, access controls, and regular security reviews.

9. Supervisory authority

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Spanish Data Protection Agency (Agencia Española de Protección de Datos, AEPD) at www.aepd.es.

10. Changes to this policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this page periodically.