Back
Legal

Privacy Policy

How ONSPRY collects, uses, and protects personal data when you visit the website or use our services.

Last updated: December 2025

1. Introduction

ONSPRY (“we,” “our,” or “us”) is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services.

This policy complies with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data Controller

Controller

ONSPRY

Paul Ropel Email: privacy@onspry.com

3. Information We Collect

3.1 Information You Provide

Contact Information

Name, email address, phone number when you contact us. Business Information: company name, job title, project details. Communication Data: messages, feedback, and correspondence with us.

3.2 Automatically Collected Information

Technical Data

IP address, browser type, operating system, device information. Usage Data: pages visited, time spent on site, navigation patterns. Cookies: essential cookies for website functionality and analytics.

3.3 Third-Party Services

Limited external sources

Analytics services (Google Analytics anonymized data), contact forms, and social media if you interact with our social media accounts.

4. How We Use Your Information

  • Service Delivery: To provide our consulting and development services
  • Communication: To respond to your inquiries and provide support
  • Website Improvement: To enhance user experience and site functionality
  • Legal Compliance: To meet our legal obligations
4.2 Legal Basis (GDPR Article 6)

Basis

Contract Performance, Legitimate Interest, Consent, and Legal Obligation.

5. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties.

  • Service Providers: Essential third-party services (hosting, analytics)
  • Legal Requirements: When required by law or to protect our rights
  • Business Transfers: In case of business sale or merger (with notice)

Your data is primarily processed within the European Economic Area (EEA). Any international transfers comply with GDPR requirements and appropriate safeguards.

6. Data Security

  • Encryption: Data transmission and storage encryption
  • Access Controls: Limited access to personal data
  • Regular Updates: Security updates and monitoring
  • Staff Training: Privacy and security awareness

In the unlikely event of a data breach, we will notify affected individuals within 72 hours, report to relevant authorities as required, and take immediate steps to contain and remediate.

7. Your Rights (GDPR)

  • Right to Access: Request a copy of your personal data
  • Right to Information: Know how we process your data
  • Right to Rectification: Correct inaccurate data
  • Right to Erasure: Request deletion of your data (“right to be forgotten”)
  • Right to Restriction: Limit how we process your data
  • Right to Portability: Receive your data in a portable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Where processing is based on consent
  • Right to Human Review: Request human review of automated decisions
  • Right to Explanation: Understand how automated decisions are made

8. Data Retention

PurposeRetention Period
Contact Information3 years after last contact
Service Data7 years for legal and accounting purposes
Website Analytics26 months (anonymized after 14 months)
Marketing DataUntil consent withdrawal or 2 years of inactivity

We will delete or anonymize your data when the retention period expires, you request deletion, or data is no longer necessary for stated purposes.

9. Cookies and Tracking

  • Session Management: Website functionality
  • Security: Protection against fraud and abuse
  • Preferences: Language and display settings
  • Google Analytics: Website usage statistics (anonymized)
  • Performance: Site optimization and user experience

You can control cookies through browser settings, the cookie banner, and third-party opt-outs.

10. Children’s Privacy

Our services are not intended for children under 16. We do not knowingly collect personal data from children under 16. If we become aware of such collection, we will delete it immediately.

11. Third-Party Links

Our website may contain links to third-party sites. We are not responsible for their privacy practices. Please review their privacy policies before providing personal information.

12. Changes to This Policy

  • Email: If you’re a client or have provided contact information
  • Website Notice: Prominent notice on our website
  • Date Update: Updating the “Last updated” date

13. Contact Information

13.1 Privacy Inquiries

Contact us

privacy@onspry.com Address: ONSPRY, Paul Ropel

RegionAuthority
EUYour national data protection authority
UKInformation Commissioner’s Office (ICO)
SwitzerlandFederal Data Protection and Information Commissioner (FDPIC)

14. Legal Basis Summary

PurposeLegal BasisRetention Period
Service DeliveryContract Performance7 years
Website AnalyticsLegitimate Interest26 months
MarketingConsentUntil withdrawal
Legal ComplianceLegal ObligationAs required by law

This Privacy Policy is effective as of December 2025 and will be reviewed annually.