Privacy Policy | Nothing Fancy

Nothing Fancy, SL ("Nothing Fancy," "we," "us," or "our") is committed to protecting the privacy of our visitors and users. This Privacy Policy describes: (1) what information we collect; (2) how we use such information; (3) with whom we share it; and (4) your rights regarding your personal data.

Nothing Fancy, SL is a company registered in Spain and is subject to the EU General Data Protection Regulation (GDPR) and Spain's Ley Orgánica 3/2018 de Protección de Datos Personales y garantía de los derechos digitales (LOPDGDD). We act as the "data controller" for the personal information described in this policy.

Summary

We collect information related to your use of our website and services.
We use this information to provide our professional services and improve your experience.
You have the right to access, rectify, delete, or port your personal data at any time by contacting: privacy@nothingfancy.ai
We do not sell your personal information to third parties.
We store your data securely and only retain it for as long as necessary.

1. Data Controller Information

Company Name: Nothing Fancy, SL

Address: C/ Relator 9, bajo local, 41002 Sevilla, Spain

CIF: B23833247

Email: privacy@nothingfancy.ai

2. Please Read This Entire Policy

This Privacy Policy governs our information management practices, including how we gather, store, and share your information. By using our website (the "Site") and services, you agree to the practices described in this Privacy Policy.

This Privacy Policy is intended to provide you with a clear explanation of how, when, and why we collect and use your personal information, as well as an explanation of your legal rights under the GDPR and LOPDGDD.

If you have any questions after reading this policy, please contact us at: privacy@nothingfancy.ai

3. What Information Do We Collect?

We collect two types of information:

Anonymous Information

Non-identifiable information that does not enable us to identify you, such as:

Date, time, and duration of your visit
Pages viewed and links clicked
General geographic location (country/region level)
Browser type and device information

Personal Data

Information that can identify you directly or indirectly:

Category	Examples
Identifiers	Name, email address, phone number, postal address
Contact information	Professional title, company name
Technical data	IP address, browser type, device identifiers
Usage data	Browsing history on our Site, interaction with our services

4. How Do We Collect Information?

(a) Automatically through your use of the Site. When you visit our Site, we may collect technical and usage data through cookies and similar technologies. See Section 11 for more information on cookies.

(b) Information you provide directly. When you contact us, request our services, subscribe to our newsletter, or fill out a form, we collect the personal data you provide.

(c) Third-party sources. We may receive information from analytics providers (such as Google Analytics) that help us understand how our Site is used.

5. Legal Basis for Processing (GDPR Article 6)

Under the GDPR, we must have a legal basis to process your personal data. We rely on the following:

Purpose	Legal Basis
To provide our professional services	Performance of a contract (Art. 6.1.b)
To respond to your inquiries	Legitimate interest (Art. 6.1.f)
To send marketing communications	Consent (Art. 6.1.a)
To comply with legal obligations	Legal obligation (Art. 6.1.c)
To improve our Site and services	Legitimate interest (Art. 6.1.f)
To prevent fraud	Legitimate interest (Art. 6.1.f)

Where we rely on legitimate interest, we have conducted a balancing test to ensure your rights and freedoms are not overridden.

6. How Do We Use Your Information?

We use the information we collect to:

Provide and deliver our professional services
Respond to your inquiries and requests
Send you relevant information about our services (with your consent)
Improve our Site and user experience
Analyze usage patterns and optimize our services
Comply with legal and regulatory obligations
Protect against fraud and unauthorized access

7. Who Do We Share Your Information With?

We may share your personal data with:

Service providers: Third parties who help us operate our business (e.g., hosting providers, analytics services, email platforms). These providers process data only on our behalf and under our instructions.
Professional advisors: Lawyers, accountants, and auditors where necessary.
Public authorities: When required by law or to protect our legal rights.

We require all third parties to respect the security of your personal data and to process it in accordance with applicable law. We do not sell your personal information to third parties.

Third-Party Services We Use

Service	Purpose	Privacy Policy
Google Analytics	Website analytics	policies.google.com/privacy
Klaviyo	Email marketing	klaviyo.com/legal/privacy-notice

8. International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). When this occurs, we ensure appropriate safeguards are in place, such as:

Standard Contractual Clauses approved by the European Commission
Adequacy decisions by the European Commission
Other legally recognized transfer mechanisms

For more information about the safeguards we use, please contact us at privacy@nothingfancy.ai.

9. Data Retention

We retain your personal data only for as long as necessary for the purposes set out in this policy. The retention period depends on:

The nature of the data and our relationship with you
Legal obligations requiring us to retain data
Our legitimate business interests

Generally:

Contact form inquiries: 2 years from last contact
Client data: Duration of the relationship plus 6 years (as required by Spanish commercial law)
Analytics data: 26 months (Google Analytics default)

10. Your Rights Under the GDPR and LOPDGDD

You have the following rights regarding your personal data:

Right	Description
Access	Request a copy of your personal data
Rectification	Request correction of inaccurate data
Erasure	Request deletion of your data ("right to be forgotten")
Restriction	Request limitation of processing
Portability	Receive your data in a structured, machine-readable format
Object	Object to processing based on legitimate interests or for direct marketing
Withdraw consent	Withdraw consent at any time where processing is based on consent
Automated decisions	Not be subject to decisions based solely on automated processing

How to Exercise Your Rights

To exercise any of these rights, please contact us at:

Email: privacy@nothingfancy.ai

We will respond to your request within one month. This period may be extended by two additional months for complex requests, in which case we will inform you.

You will not be charged a fee unless your request is manifestly unfounded or excessive.

Right to Lodge a Complaint

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with the Spanish Data Protection Authority:

Agencia Española de Protección de Datos (AEPD)

C/ Jorge Juan, 6

28001 Madrid

Website: www.aepd.es

Tel: 901 100 099

11. Cookies and Similar Technologies

What Are Cookies?

Cookies are small data files stored on your device when you visit our Site. We use the following types:

Type	Purpose
Essential cookies	Necessary for the Site to function properly
Analytics cookies	Help us understand how visitors use our Site

Your Cookie Choices

When you first visit our Site, you will be presented with a cookie banner where you can accept or reject non-essential cookies.

You can also control cookies through your browser settings. Note that disabling certain cookies may affect Site functionality.

For more information, you can opt out of Google Analytics by visiting: tools.google.com/dlpage/gaoptout

12. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

Encryption of data in transit (HTTPS/TLS)
Access controls and authentication
Regular security assessments
Staff training on data protection

While we strive to protect your personal data, no method of transmission over the Internet is 100% secure. If you have reason to believe your data has been compromised, please contact us immediately.

13. Children's Privacy

Our services are not directed to individuals under 14 years of age (the age of consent under Spanish law for data processing). We do not knowingly collect personal data from children under 14. If we become aware that we have collected personal data from a child under 14 without appropriate consent, we will take steps to delete that information.

If you are a parent or guardian and believe your child has provided us with personal data, please contact us at privacy@nothingfancy.ai.

14. Marketing Communications

We may send you information about our services if you have:

Requested information from us
Used our services and not opted out of receiving marketing
Provided your consent to receive marketing communications

You can opt out of marketing communications at any time by:

Clicking the "unsubscribe" link in any marketing email
Contacting us at privacy@nothingfancy.ai

Opting out of marketing will not affect service-related communications.

15. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated effective date. For significant changes, we will provide prominent notice on our Site or contact you directly.

We encourage you to review this policy periodically to stay informed about how we protect your data.

16. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Nothing Fancy, SL

Address: C/ Relator 9, bajo local, 41002 Sevilla, Spain

CIF: B23833247

Email: privacy@nothingfancy.ai

Last modified: January 2026