Privacy Policy

1. Data controller

Controller: Javier de Miguel
NIF: 50744375G
Address: Calle Ponzano 50, 1C, 28003 Madrid, Spain
Contact email: javier@demiguel.co
Website: demiguel.co

2. Data we collect

Through the contact form and booking system on this website, we collect the following personal data: full name, email address, phone number (optional), type of support requested, preferred format (in-person/online), and any message the user chooses to include.

We do not collect special category data (health data, sexual orientation, etc.) through this form. Such data would only be processed within the context of a professional counselling relationship, with additional explicit consent and under the safeguards of Article 9 of the GDPR.

3. Purpose of processing

The data collected is used exclusively to respond to the user's information or contact request, manage the potential professional counselling relationship, and send relevant information about the services offered, only if the user has expressly requested it.

4. Legal basis

Processing is based on the user's explicit consent (Article 6.1.a GDPR), given when completing the contact form and accepting this privacy policy. For data processed within a professional counselling relationship, the legal basis is the performance of a service contract (Article 6.1.b GDPR) and, where applicable, explicit consent for special category data (Article 9.2.a GDPR).

5. Data retention

Contact data will be retained for as long as necessary to respond to the request and, where applicable, for the duration of the professional relationship. Once concluded, data will be blocked for the legally applicable periods (5 years under Article 1964 of the Spanish Civil Code), after which it will be deleted.

6. Recipients

Personal data will not be disclosed to third parties except where legally required. The contact form sends data via email. The website is hosted by Netlify, Inc. (United States), which acts as a data processor under the European Commission's Standard Contractual Clauses. Booking is managed through Cal.com, which processes scheduling data under its own privacy policy.

7. Your rights

Under the GDPR, you may exercise the following rights at any time: access to your personal data, rectification of inaccurate or incomplete data, erasure ("right to be forgotten"), restriction of processing, data portability, and objection to processing.

To exercise these rights, please send a request to javier@demiguel.co stating your name and the right you wish to exercise. Your request will be addressed within one month in accordance with Article 12 of the GDPR.

You also have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD) at www.aepd.es.

8. Security

Appropriate technical and organisational measures are applied to protect personal data against unauthorised access, alteration, loss or destruction. The website uses a secure connection (HTTPS/TLS).

9. Minors

This website and the services offered are intended for persons aged 18 and over. We do not knowingly collect data from minors.

10. Changes

This privacy policy may be updated to reflect regulatory changes or changes in professional activity. The date of the last update is indicated below.

Last updated: June 2026