Privacy Policy
Last updated: December 2025
1. Introduction
ONSPRY ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services.
This policy complies with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
2. Data Controller
ONSPRY
Paul Ropel
Email: privacy@onspry.com
3. Information We Collect
3.1 Information You Provide
- Contact Information: Name, email address, phone number when you contact us
- Business Information: Company name, job title, project details
- Communication Data: Messages, feedback, and correspondence with us
3.2 Automatically Collected Information
- Technical Data: IP address, browser type, operating system, device information
- Usage Data: Pages visited, time spent on site, navigation patterns
- Cookies: Essential cookies for website functionality and analytics
3.3 Third-Party Services
We may collect information through:
- Analytics Services: Google Analytics (anonymized data)
- Contact Forms: Form submissions and inquiries
- Social Media: If you interact with our social media accounts
4. How We Use Your Information
4.1 Primary Purposes
- Service Delivery: To provide our consulting and development services
- Communication: To respond to your inquiries and provide support
- Website Improvement: To enhance user experience and site functionality
- Legal Compliance: To meet our legal obligations
4.2 Legal Basis (GDPR Article 6)
- Contract Performance: When providing services you've requested
- Legitimate Interest: For website analytics and business development
- Consent: For marketing communications (where applicable)
- Legal Obligation: To comply with applicable laws
5. Data Sharing and Disclosure
5.1 We Do Not Sell Your Data
We do not sell, trade, or rent your personal information to third parties.
5.2 Limited Sharing
We may share your information only with:
- Service Providers: Essential third-party services (hosting, analytics)
- Legal Requirements: When required by law or to protect our rights
- Business Transfers: In case of business sale or merger (with notice)
5.3 International Transfers
Your data is primarily processed within the European Economic Area (EEA). Any international transfers comply with GDPR requirements and appropriate safeguards.
6. Data Security
6.1 Security Measures
We implement appropriate technical and organizational measures to protect your data:
- Encryption: Data transmission and storage encryption
- Access Controls: Limited access to personal data
- Regular Updates: Security updates and monitoring
- Staff Training: Privacy and security awareness
6.2 Data Breach Procedures
In the unlikely event of a data breach, we will:
- Notify affected individuals within 72 hours
- Report to relevant authorities as required
- Take immediate steps to contain and remediate
7. Your Rights (GDPR)
7.1 Access and Information
- Right to Access: Request a copy of your personal data
- Right to Information: Know how we process your data
- Right to Rectification: Correct inaccurate data
- Right to Erasure: Request deletion of your data ("right to be forgotten")
7.2 Control and Portability
- Right to Restriction: Limit how we process your data
- Right to Portability: Receive your data in a portable format
- Right to Object: Object to processing based on legitimate interests
- Right to Withdraw Consent: Where processing is based on consent
7.3 Automated Decision Making
- Right to Human Review: Request human review of automated decisions
- Right to Explanation: Understand how automated decisions are made
8. Data Retention
8.1 Retention Periods
- Contact Information: 3 years after last contact
- Service Data: 7 years for legal and accounting purposes
- Website Analytics: 26 months (anonymized after 14 months)
- Marketing Data: Until consent withdrawal or 2 years of inactivity
8.2 Deletion
We will delete or anonymize your data when:
- Retention period expires
- You request deletion
- Data is no longer necessary for stated purposes
9. Cookies and Tracking
9.1 Essential Cookies
- Session Management: Website functionality
- Security: Protection against fraud and abuse
- Preferences: Language and display settings
9.2 Analytics Cookies
- Google Analytics: Website usage statistics (anonymized)
- Performance: Site optimization and user experience
9.3 Cookie Management
You can control cookies through:
- Browser Settings: Disable or delete cookies
- Cookie Banner: Accept or decline non-essential cookies
- Third-Party Opt-outs: Google Analytics opt-out
10. Children's Privacy
Our services are not intended for children under 16. We do not knowingly collect personal data from children under 16. If we become aware of such collection, we will delete it immediately.
11. Third-Party Links
Our website may contain links to third-party sites. We are not responsible for their privacy practices. Please review their privacy policies before providing personal information.
12. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of material changes by:
- Email: If you're a client or have provided contact information
- Website Notice: Prominent notice on our website
- Date Update: Updating the "Last updated" date
13. Contact Information
13.1 Privacy Inquiries
For privacy-related questions or to exercise your rights:
Email: privacy@onspry.com
Address: ONSPRY, Paul Ropel
13.2 Data Protection Authority
You have the right to lodge a complaint with your local data protection authority:
- EU: Your national data protection authority
- UK: Information Commissioner's Office (ICO)
- Switzerland: Federal Data Protection and Information Commissioner (FDPIC)
14. Legal Basis Summary
| Purpose |
Legal Basis |
Retention Period |
| Service Delivery |
Contract Performance |
7 years |
| Website Analytics |
Legitimate Interest |
26 months |
| Marketing |
Consent |
Until withdrawal |
| Legal Compliance |
Legal Obligation |
As required by law |
This Privacy Policy is effective as of December 2025 and will be reviewed annually.