Last updated: 19 November 2025
The controller of the personal data collected through the website www.win2tec.com is Win2tec Sport S.L. with Tax ID (CIF) B 19998434 and registered address at C/ Calle Cid Campeador Nº 20, 16640 Belmonte (Cuenca), Spain.
For any query related to data protection, you may contact our Data Protection Officer (DPO) by email at dpo@win2tec.com. If you prefer, you may also call us on +34 645 358 304.
The processing of your personal data is governed by European and Spanish data protection law, specifically:
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR).
Organic Law 3/2018 of 5 December on Data Protection and the Guarantee of Digital Rights (LOPD GDD).
Directive (EU) 2002/58/EC (ePrivacy Directive) and the Cookie Guide of the Spanish Data Protection Agency (AEPD).
All processing activities we carry out follow the principles below, applied in a practical way:
Lawfulness: each processing operation is based on a valid legal ground (consent, performance of a contract, legitimate interest, legal obligation, etc.).
Fairness: we act in good faith and never mislead the data subject.
Transparency: the information we provide is clear, complete, and written in plain language (this policy, the cookie policy, and consent notices).
Data are collected only for specific, explicit and legitimate purposes and are not used for other incompatible purposes. Each form specifies the concrete purpose (e.g. “request for information”, “newsletter subscription”, “usage analysis”).
We request only the data that are strictly necessary for each purpose. We do not request sensitive data unless it is essential and we have the data subject’s explicit consent.
Data must be accurate and, where necessary, kept up to date. We use real-time validation (email, telephone), allow rectification at any time (see section 12), and maintain procedures to correct detected errors.
We keep data only for as long as necessary for the purpose pursued. Specific retention periods are set out in section 11; once the period expires, data are blocked and subsequently deleted securely (permanent deletion or anonymisation).
At Win2tec Sport S.L. we apply appropriate security measures to ensure that your personal data remain confidential, intact, and available at all times. We have strict access controls so that only authorised personnel and the Data Protection Officer can handle the information. In addition, we encrypt data both in transit and at rest, preventing it from being read by unauthorised third parties. We continuously monitor and periodically review access logs and internal processes to detect and remedy any irregularities, thereby ensuring ongoing protection of your data.
win2tec incorporates the principle of privacy by design and by default into all its systems and processes. From the planning phase of any new product or service, we assess the impact on privacy and design the architecture so that only the data strictly necessary for the intended purpose are collected, with the highest protection settings by default (for example, the cookie configuration excludes non-essential cookies until the user gives consent).
Personal data may be obtained directly from you (when you complete contact forms, subscribe to our newsletter, or comment on the blog) or from third parties who provide them to us with your consent (for example, email marketing or analytics service providers).
Identification data: first name, surname, email address and telephone number (when the user provides them in contact or subscription forms).
Browsing data: IP address, user agent, URLs visited, time spent on the site, and information generated by cookies.
Commercial communication data: newsletter subscription preferences.
Data of minors: these are not collected; if we were to receive such data, we would request the consent of parents or guardians and, if this is not provided, the data would be deleted immediately.
At Win2tec Sport S.L. we process your personal data for different purposes, each supported by the corresponding legal basis under the GDPR.
When you contact us to request information or assistance, we use your name, email address and telephone number in order to respond to your enquiries and provide support; this processing is based on consent (Art. 6.1(a)) or, if a contractual relationship exists, on performance of a contract (Art. 6.1(b)).
If you create an account on our site, identification and authentication data are necessary to allow you to access protected areas; here, the legal basis is performance of a contract (Art. 6.1(b)), as the account is an essential part of the service we provide.
For sending newsletters and other marketing communications, we use your email address and subscription preferences; this processing is based solely on consent (Art. 6.1(a)), and the subscriber may withdraw this consent at any time via the “unsubscribe” link included in each message.
Web analytics and service improvement are carried out through the collection of browsing data and analytics cookies. For non-essential cookies, we require consent (Art. 6.1(a)); for strictly necessary cookies, which ensure the proper functioning of the site and enable us to optimise the user experience, we rely on legitimate interest (Art. 6.1(f)).
Advertising and targeted marketing also use browsing data and advertising cookies, and in this case the legal basis is likewise consent (Art. 6.1(a)), managed through the cookie banner which allows the user to decide whether to authorise their use.
Finally, to protect website security and prevent fraud we collect IP address, access logs, and data generated by reCAPTCHA. This processing is based on legitimate interest (Art. 6.1(f)). We have carried out a balancing test weighing our business interest in ensuring security and service integrity against the rights and freedoms of the data subject, concluding that the security benefit outweighs any potential negative impact.
For processing based on legitimate interest (strictly necessary cookies and security/fraud measures), we have carried out a balancing test which considers:
Controller’s interest: ensuring the availability, security and proper functioning of the website.
User’s reasonable expectations: users expect the website to function without interruptions and basic security measures to be applied without being asked for explicit consent for every essential element.
Mitigation measures: partial anonymisation of IP addresses in Google Analytics, retention limited to 12 months, data encryption at rest, and access control.
The result concludes that the controller’s legitimate interest prevails and that the safeguards implemented sufficiently reduce any risk to the rights and freedoms of the data subject.
Data may be communicated to the following processors, always under a contract including confidentiality clauses and security guarantees equivalent to our own:
Google Analytics, for web analytics.
Meta (Facebook Pixel), for advertising and conversion measurement.
LinkedIn Insight Tag, for audience and conversion measurement on LinkedIn.
Email marketing provider (for example, Mailchimp), for sending newsletters.
Where required by law, data may be communicated to public authorities (Tax Agency, Law Enforcement, etc.). In such cases, only strictly necessary data will be provided.
Some of the above providers (Google, Meta, LinkedIn) may transfer data to servers outside the European Economic Area. These transfers are carried out under appropriate safeguards, specifically through Standard Contractual Clauses approved by the European Commission or adequacy decisions where the recipient country benefits from them.
Identification and contact data (name, email, telephone): five years from the last interaction with the site (e.g. last message sent).
Browsing and cookie data (anonymous): twelve months.
Newsletter subscription data: for as long as the subscription remains active and for one year after unsubscribing.
Cookie consent records: twelve months, or until the data subject requests erasure, whichever occurs first.
Once the relevant period has elapsed, data will be blocked and subsequently deleted securely (permanent deletion or anonymisation).
You have the following rights, which you may exercise free of charge by sending a written request to dpo@win2tec.com, indicating your full name, contact details, and the right you wish to exercise:
Right of access: to obtain information about the data we process and a copy of it.
Right to rectification: to correct inaccurate or incomplete data.
Right to erasure (right to be forgotten): to request deletion of your data, unless there is a legal obligation to retain it.
Right to restriction of processing: to request suspension of the use of your data while a dispute is being resolved.
Right to data portability: to receive your data in a structured, commonly used and machine-readable format.
Right to object: to object to processing for direct marketing purposes or profiling.
Right not to be subject to automated decisions (Article 22 GDPR).
To ensure the security of the process, we may request a copy of your identity document (DNI, NIE or passport). We will respond within one month of receiving the request (extendable to two months in complex cases).
If you believe your rights have not been satisfied, you may lodge a complaint with the Spanish Data Protection Agency (AEPD) via its electronic headquarters: https://www.aepd.es/solicitud-reclamacion.
Any consent you have given us for the processing of your data (for example, for cookies or newsletters) may be withdrawn at any time in a way that is as simple as when it was given:
For cookies: click on the “Manage cookies” link in the banner or footer and deactivate the categories you wish.
For newsletters: use the “unsubscribe” link at the end of each email or send a message to dpo@win2tec.com with the subject “Withdrawal of consent”.
Withdrawal will take effect immediately.
Our services are intended for adults. If, by mistake, we receive data relating to minors, we will immediately request the consent of the parent, guardian or legal representative. If such consent is not provided, the data will be deleted without delay.
win2tec S.L. has implemented appropriate technical and organisational measures to ensure the confidentiality, integrity and availability of the personal data it processes. These measures are chosen and updated continuously based on:
The nature, scope, context and purposes of processing.
The potential risks to the rights and freedoms of data subjects.
In general, our security policy includes, among other things, protection of communications through encryption, role-based access control with secure credentials, monitoring and logging of activities, periodic audits and vulnerability tests, and the conclusion of data processing agreements with external providers including confidentiality clauses and equivalent security requirements.
In the event of a security breach that may affect your personal data, win2tec will:
Assess the severity of the breach.
Notify the AEPD within 72 hours of detection, where the breach is likely to result in a high risk to the rights and freedoms of affected individuals.
Inform affected users clearly and without undue delay, indicating the nature of the breach, possible consequences, and measures adopted or planned to mitigate its effects.
We reserve the right to update or modify this Privacy Policy at any time. When the modification is relevant (for example, changes in purposes, legal bases, recipients or security measures), we will notify you via a banner on the website and, if we have your email address, by email.
The date of the last update will appear at the beginning of this document. We recommend that you review the policy periodically to stay informed of any changes.
Cookie Policy – https://www.win2tec.com/cookies-policy
AEPD Guide on Information to Data Subjects – https://www.aepd.es/sites/default/files/2023-06/guia_informacion_al_interesado.pdf
General Data Protection Regulation (GDPR) – https://eur-lex.europa.eu/legal-content/ES/TXT/?uri=CELEX%3A32016R0679
Organic Law on Data Protection and Guarantee of Digital Rights (LOPD GDD) – https://www.boe.es/buscar/doc.php?id=BOE-A-2018-16673
win2tec S.L. declares that it has adopted the necessary technical and organisational measures to ensure compliance with the General Data Protection Regulation (GDPR), the Organic Law on Data Protection and Guarantee of Digital Rights (LOPD GDD), and the AEPD Cookie Guide.
This policy is written in clear and accessible language, in accordance with the principles of transparency, accountability and security required by European and Spanish regulations.