Training that keeps pace with innovation, for a world that changes fast.

Banner Shape
Banner Shape
Banner Shape
Banner Shape

Privacy Policy

Last updated: 01/02/2026

Shadow Shape
Shadow Shape

1. Data Controller

Pursuant to Regulation (EU) 2016/679 (GDPR) and Ley Orgánica 3/2018 (LOPDGDD), the Data Controller is:

  • Controller: Click to reveal
  • Registered Office: Click to reveal
  • NIF/NIE: Click to reveal
  • Email: Click to reveal
  • Website: numberslab.net

2. Types of Data Collected

2.1 Data voluntarily provided by the User

Category Data When collected
Identification data Name, surname, email, phone Course purchase, contact form, newsletter, consulting
Billing data Full address, city, postal code, country Course purchase
Tax data NIF/NIE/VAT/Tax ID Course purchase (for invoicing)

2.2 Data collected automatically

Category Data Purpose
Navigation data IP address, browser type, operating system, pages visited, date/time of access Website functionality, security, analytics
Cookies Technical and profiling identifiers See Cookie Policy section

2.3 Data NOT collected

We do not collect sensitive data (data revealing racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, biometric data, health data, or data concerning sex life).

3. Purposes and Legal Bases for Processing

Purpose Legal Basis (GDPR) Data Processed
Contract execution for course sales Art. 6.1.b - Contract performance Identification data, billing
Compliance with tax and accounting obligations Art. 6.1.c - Legal obligation Tax data, billing
Sending operational communications regarding purchased courses Art. 6.1.b - Contract performance Email, name
Responding to requests via contact form Art. 6.1.b - Pre-contractual measures Identification data
Providing free consultation Art. 6.1.b - Pre-contractual measures Name, email
Sending newsletter and promotional communications Art. 6.1.a - Consent Email, name
Website security and fraud prevention Art. 6.1.f - Legitimate interest IP, navigation data
Recording terms acceptance Art. 6.1.f - Legitimate interest IP, date/time
Analytics and service improvement Art. 6.1.a - Consent Navigation data (anonymized)
Marketing and remarketing Art. 6.1.a - Consent Profiling cookies

3.1 Consent

For processing based on consent (newsletter, non-essential analytics, marketing), the User may withdraw consent at any time without affecting the lawfulness of processing based on consent given before its withdrawal.

3.2 Legitimate Interest

Processing based on legitimate interest is limited to:

  • IT security and fraud prevention
  • Proof of acceptance of Terms and Conditions
  • Service improvement based on aggregated and anonymized data

4. Data Recipients

Personal data may be disclosed to the following categories of recipients:

4.1 Service Providers (Data Processors)

Provider Service Country Safeguards
Stripe Inc. Payment processing USA SCCs + Data Privacy Framework
Google LLC Analytics (GA4), Google Meet USA SCCs + Data Privacy Framework
Zoom Video Communications Live course platform USA SCCs + Data Privacy Framework
Microsoft Corporation Microsoft Teams USA SCCs + Data Privacy Framework
Cal.com Inc. Consultation booking system USA SCCs
AlwaysData Website hosting France (EU) Native GDPR compliance

4.2 Authorities

Data may be disclosed to public authorities (tax, judicial) when required by law.

4.3 No Data Sales

We do not sell, rent, or transfer User personal data to third parties for marketing purposes.

5. International Transfers

Some of our service providers are based in the United States. Data transfers to the USA are carried out based on:

  • Standard Contractual Clauses (SCCs) approved by the European Commission (Decision 2021/914)
  • EU-US Data Privacy Framework for certified providers (Google, Microsoft, Stripe)

For more information about transfers, contact Click to reveal.

6. Data Retention Periods

Data Type Retention Period Reason
Contractual and tax data 10 years from end of relationship Tax obligations (Ley General Tributaria)
Terms acceptance logs 10 years Legal proof
Newsletter data Until consent withdrawal Consent
Navigation data (server logs) 12 months Security
Analytics cookies See Cookie Policy -
Marketing cookies See Cookie Policy -
Contact form requests 2 years from response Legitimate interest

At the end of the retention period, data is deleted or irreversibly anonymized.

7. Data Subject Rights

Pursuant to Articles 15-22 of the GDPR, the User has the right to:

Right Description
Access (Art. 15) Obtain confirmation of processing and a copy of data
Rectification (Art. 16) Correct inaccurate or incomplete data
Erasure (Art. 17) Request deletion of data (“right to be forgotten”)
Restriction (Art. 18) Restrict processing in certain circumstances
Portability (Art. 20) Receive data in a structured format and transfer it
Objection (Art. 21) Object to processing for legitimate interest or marketing
Withdraw consent (Art. 7) Withdraw consent at any time

7.1 How to exercise your rights

To exercise your rights, the User may:

  • Send an email to: Click to reveal
  • Clearly specify the request and attach a copy of an identity document

We will respond within 30 days of receiving the request. For complex or numerous requests, the deadline may be extended by an additional 60 days, with prior notice.

7.2 Complaint to Supervisory Authority

The User has the right to lodge a complaint with the competent Supervisory Authority:

AEPD - Agencia Española de Protección de Datos

Users residing in other EU countries may contact the Supervisory Authority in their country of residence.

8. Cookie Policy

8.1 What are Cookies

Cookies are small text files that websites save on the User’s device to remember preferences, improve browsing experience, and collect statistical information.

8.2 Types of Cookies Used

Technical/Functional Cookies (always active)

Name Provider Purpose Duration
PHPSESSID numberslab.net User session management Session
lang numberslab.net Language preference 1 year
cookie_consent numberslab.net Stores cookie preferences 1 year

These cookies are essential for website functionality and do not require consent.

Analytics Cookies (with consent)

Name Provider Purpose Duration
_ga Google Analytics Distinguishes users 2 years
_ga_* Google Analytics Maintains session state 2 years

Google Analytics 4 is configured with:

  • Anonymized IP
  • Disabled data sharing with other Google services
  • Data retention: 14 months

For more information: https://policies.google.com/privacy

Marketing Cookies (with consent)

Name Provider Purpose Duration
Remarketing cookies Google Ads Display personalized ads Variable

8.3 Managing Cookie Preferences

Users can manage cookie preferences:

  1. Cookie banner: On first access, by selecting desired categories
  2. Website settings: By clicking “Manage Cookies” in the footer
  3. Browser settings: By configuring the browser to block or delete cookies

Note: Disabling certain cookies may affect website functionality.

8.4 How to disable Cookies in the browser

  • Chrome: Settings > Privacy and security > Cookies
  • Firefox: Settings > Privacy and security > Cookies
  • Safari: Preferences > Privacy > Cookies
  • Edge: Settings > Privacy > Cookies

9. Security Measures

We adopt appropriate technical and organizational measures to protect personal data:

9.1 Technical Measures

  • SSL/TLS encryption for all communications
  • Encrypted access credentials (AES-256)
  • Regular data backups
  • Firewall and anti-malware protection
  • Regular system updates

9.2 Organizational Measures

  • Data access limited to the Controller only
  • Strong password policies
  • Continuous data protection training

9.3 Payment Security

Payments are processed by Stripe, PCI-DSS Level 1 certified. Credit card data does not pass through or get stored on our servers.

10. Minors

Our services are not intended for persons under 18 years of age. We do not knowingly collect personal data from minors. If a parent or guardian believes their child has provided personal data, they may contact us to request its deletion.

11. Third-Party Links

Our website may contain links to third-party websites (Stripe, Google, Zoom, etc.). We are not responsible for the privacy practices of such websites. We recommend consulting their respective privacy policies.

12. Changes to the Privacy Policy

We reserve the right to modify this Privacy Policy at any time. Changes:

  • Will be published on this page with the new update date
  • For substantial changes, we may send an email notification to registered users
  • Will take effect from the date of publication

We recommend periodically consulting this page.

13. Contacts

For any questions regarding the processing of personal data:

14. Related Documents

This Privacy Policy is drafted in compliance with Regulation (EU) 2016/679 (GDPR), Ley Orgánica 3/2018 de Protección de Datos Personales y garantía de los derechos digitales (LOPDGDD), and Ley 34/2002 de Servicios de la Sociedad de la Información y de Comercio Electrónico (LSSI-CE).