Skip to main content
LayoutOrbitCraft
Start a project
Legal

Privacy policy.

This document describes how LayoutOrbitCraft S.L. ("we", "the studio") processes personal data collected through this website, through enquiries, and through commercial relationships. Last updated: 12 February 2026.

Who we are

The data controller is LayoutOrbitCraft S.L., with registered office at Avenida das Américas, 5, 27004 Lugo, Spain, tax identification number B-87654321. You can reach us at legal@layoutorbitcraft.com for any matter relating to your personal data.

Scope of this policy

This policy applies to:

  • visitors to layoutorbitcraft.com and any subdomains;
  • people who submit a contact form, request a proposal, or send us an enquiry by any means;
  • clients during the course of an engagement, and after the engagement has ended for the period required by law;
  • vendors, freelancers, and partners working with us under a contract.

It does not apply to third-party websites we link to. When you follow a link from our site to another, you are subject to the privacy policy of the destination.

What we collect and why

Information you provide directly

When you submit our contact form, request a proposal, or correspond with us by email or phone, we receive: your name, email address, phone number (if provided), company name (if provided), country, and the contents of your message. We use this information solely to reply to your enquiry and, if appropriate, to evaluate whether the studio is a good fit for the work you describe.

Information you provide through Stripe

When you purchase an hourly block or hold a custom engagement through this site, you are redirected to Stripe Payments Europe Limited ("Stripe"), which acts as the payment processor. Stripe receives your payment details directly; we do not store or have access to your full card number or CVC. We receive from Stripe a confirmation of payment, your name, email address, billing address, and the last four digits of the payment method. This information is necessary to fulfil the engagement and to issue an invoice that meets Spanish tax requirements.

Information collected automatically

When you visit our site we automatically collect a small set of technical data: your IP address (truncated and aggregated), your browser type and version, the pages you visit, the referring URL, and the time of your visit. We use this information for security monitoring, troubleshooting, and to understand which content is read. We do not link this technical data to identifiable individuals.

Cookies

We use a small number of cookies as described in our cookie policy. None of our cookies identify you personally. You can decline non-essential cookies through the banner that appears on your first visit, and your choice is stored in your browser.

Legal basis for processing

Under the General Data Protection Regulation (Regulation (EU) 2016/679) and the Spanish Data Protection Act (Ley Orgánica 3/2018), we rely on the following legal bases:

  • Contract (Article 6(1)(b)): processing necessary to enter into or perform an engagement with you.
  • Legitimate interest (Article 6(1)(f)): processing necessary to reply to enquiries, to maintain the security of our systems, and to keep records of past correspondence. We assess that these interests do not override your rights as a data subject.
  • Legal obligation (Article 6(1)(c)): processing necessary to comply with Spanish tax, accounting, and commercial law, including the retention of invoices and contracts.
  • Consent (Article 6(1)(a)): for non-essential cookies, and any optional communications you specifically opt into.

Who we share data with

We do not sell or rent your personal data. We share it only with the following categories of recipients, and only to the extent necessary:

  • Stripe Payments Europe Limited for payment processing.
  • Hosting provider for the operation of this website (a European Union-based provider with appropriate data processing terms).
  • Email and productivity providers (Google Workspace and similar) used to manage correspondence and project files.
  • Accountancy firm retained to handle our bookkeeping and tax filings, bound by professional confidentiality.
  • Public authorities when required by law, court order, or legitimate request from a competent authority.

All processors handling personal data on our behalf are bound by data processing agreements that meet the requirements of Article 28 of the GDPR.

International transfers

Some of our processors are based in or transfer data to countries outside the European Economic Area, in particular the United States. Where this is the case, we rely on adequacy decisions issued by the European Commission, on Standard Contractual Clauses adopted by the Commission, or on other safeguards permitted by Articles 44 to 49 of the GDPR.

How long we keep data

  • Enquiries that do not result in an engagement are retained for up to twenty-four months and then deleted.
  • Records relating to an engagement (contracts, invoices, project files) are retained for the period required by Spanish commercial and tax law, which is generally six years from the end of the relevant fiscal year.
  • Server logs and security records are retained for up to twelve months.
  • Cookie consent choices are stored in your browser and remain there until you clear them or change your selection.

Your rights

You have the following rights in relation to your personal data:

  • access — to request a copy of the personal data we hold about you;
  • rectification — to ask us to correct inaccurate or incomplete data;
  • erasure — to ask us to delete your data, subject to legal retention requirements;
  • restriction — to ask us to limit the processing of your data;
  • portability — to receive your data in a structured, machine-readable format;
  • objection — to object to processing based on legitimate interest;
  • withdrawal of consent — where processing is based on consent, you may withdraw it at any time without affecting processing carried out beforehand.

To exercise any of these rights, write to legal@layoutorbitcraft.com. We will respond within one calendar month and may ask for proof of identity before acting.

If you are not satisfied with how we have handled a request, you can lodge a complaint with the Spanish Data Protection Agency (Agencia Española de Protección de Datos, AEPD) at aepd.es.

Security

We apply technical and organisational measures appropriate to the risk presented by the processing we carry out, including: encryption of data in transit, access controls on internal systems, two-factor authentication for staff accounts, and a documented incident response process. No system is impenetrable, and we will notify affected individuals and the AEPD of any breach that meets the notification threshold under Article 33 of the GDPR.

Children

This site is not directed at children, and we do not knowingly collect personal data from anyone under sixteen.

Changes to this policy

We may update this policy from time to time. The date of the most recent change is shown at the top of the document. Material changes will be communicated through a notice on the site or by email where we have an active relationship with you.

Contact

For any matter relating to your personal data: legal@layoutorbitcraft.com · Avenida das Américas, 5, 27004 Lugo, Spain.