Privacy and Personal Data Policy

1. INTRODUCTION.

For Tutopress LLC (hereinafter the “Company” or “Tutopress”), the protection of your personal data and your privacy is a priority. The purpose of this Privacy and Personal Data Processing Policy (hereinafter, the “Policy”) is to inform you clearly and transparently about how the information you provide is collected, used, stored, and protected.

This Policy governs the Processing of Personal Data of Users, Clients, collaborators, contractors, strategic partners, and any natural person (Data Subject) whose personal information is processed by us.

We invite you to read this policy carefully to understand your rights and our obligations under applicable data protection regulations, including the General Data Protection Regulation (GDPR).

By contracting our services, you accept the practices described in this document.

2. DEFINITIONS.

For this Policy and taking into account the definitions stipulated in the European Union’s General Data Protection Regulation (GDPR), the following definitions apply:

Data Subject: The natural person who owns the personal data.

Personal Data: Any information relating to an identified or identifiable natural person. An identifiable natural person can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Data Processing: Any operation or set of operations which is performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

International Data Transfer: Any processing of personal data that involves a transfer of said data outside the territory of the Data Subject’s country of residence.

Data Controller: The natural or legal person, public or private, who by themselves or in association with others, determines the purposes and means of the Processing of the data.

Data Processor: The natural or legal person, public authority, agency, or other body that processes personal data on behalf of the Data Controller.

Consent of the Data Subject: Any freely given, specific, informed and unambiguous indication of the data subject’s (the Data Subject’s) wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the Processing of Personal Data concerning him or her.

Database: An organized set of personal data that is subject to Processing.

General Data Protection Regulation: Hereinafter “GDPR”. It is the regulation that governs data protection throughout the European Union, regardless of where its processing takes place.

Client: The natural or legal person who contracts the services offered by the Company.

User: The person who browses or interacts with the Website, whether or not they have contracted a service.

Quote: The formal document that the Company sends to the Client. It details the type of Service, scope, pricing, timelines, and payment terms, among other important aspects related to the Service. The approval of this document by the Client is an indispensable prerequisite to starting any project.

Deliverables: The final products that the Company agrees to deliver to the Client upon completion of a Service. These may include PDF reports, measurement plans, or demonstration videos that verify the proper functioning of the implemented configurations.

Confidential Information: Comprises all non-public information that the Client shares with the Company for the proper provision of the Service. This includes, but is not limited to, business data, marketing strategies, and access credentials to digital platforms.

Parties: Refers jointly to the Client and the Company (Tutopress LLC).

Services: The professional digital analytics consulting services offered by the Company. They include, without limitation, the implementation of conversion tracking, the configuration of Google Analytics 4, the creation of dashboards in Looker Studio, and training, among other services provided by Tutopress.

Website: The internet portal https://juansaparicio.com/, owned by the Company, through which the services are presented.

3. PRINCIPLES.

In the processing of your Personal Data, the following principles are specifically applied, without excluding the other principles regulated and mentioned by the GDPR.

Principle of lawfulness: The data of Data Subjects is processed following the laws governing the matter and other developing provisions. We do not process data that is partial, incomplete, fragmented, or misleading.

Principle of purpose limitation: The Data Processing adheres to a defined, legitimate, explicit, and informed purpose, in accordance with current laws and the General Data Protection Regulation. In this document, the Data Subject can learn about the purposes of their data Processing.

Principle of consent (freedom): We carry out Data Processing only with the prior, express, and informed consent of the Data Subject. Personal data may not be obtained or disclosed without prior authorization, or in the absence of a legal or judicial mandate that exempts consent.

Principle of transparency: We guarantee the Data Subject’s right to obtain, at any time and without restriction, information related to the Processing of their personal data (such as the identity of the controller, the purpose, or the transfer of data to third parties).

Principle of security: The information subject to Processing is handled with the necessary technical, human, and administrative measures to ensure the security of the records, preventing their alteration, loss, consultation, use, or unauthorized or fraudulent access.

Principle of confidentiality: All persons involved in the Processing of personal data are obligated to guarantee the confidentiality of the information, even after their relationship with any of the tasks that comprise the Processing has ended.

Principle of storage limitation: The retention of data is limited to the purposes for which it is processed. Once those purposes have been achieved, the data is deleted or, at a minimum, anonymized to remove any element that would allow the data subjects to be identified.

Principle of data minimization: The personal data collected will be adequate, relevant, and limited to what is strictly necessary concerning the purposes for which they are processed.

4. SCOPE OF APPLICATION.

5. DATA CONTROLLER.

The entity responsible for the Processing of personal data (the Data Controller) is:

Company: Tutopress LLC, a Limited Liability Company domiciled in the State of Delaware, United States of America, with Employer Identification Number (EIN) 38-4332853.
Email: [email protected]
Contact Telephone: (Enter)
Address: 16192 Coastal Highway, Lewes, 19958 Delaware, United States of America.

6. LEGAL BASIS FOR PROCESSING.

6.1. Legal bases.

We process your Personal Data based on different legal grounds under the GDPR, depending on the nature of our relationship with you:

6.1.1. Performance of a contract: When a Client contracts our Services and accepts a Quote, we process their Personal Data because it is essential to perform the contract and fulfill our obligations.

6.1.2. Consent: We rely on your free and informed consent in the following situations:

To respond to your request when, as a Website User or potential Client, you contact us through our form.
To install non-essential cookies on your device when you browse our Website.

Remember that you have the right to withdraw your Consent at any time, without affecting the lawfulness of the Processing based on consent before its withdrawal.

6.1.3. Legitimate interest: We may also process data when it is necessary for our legitimate interests as a company. This includes:

The administrative and communication management with our collaborators, contractors, and strategic partners.
The analysis of our Website’s usage to maintain security and improve our services.

6.2. How and what data we collect: We collect your personal information through different means. At each point of collection, you will be informed about the specific details of the processing (purpose, recipients, etc.) through informational clauses. The main means are:

Directly from you: When, as a User or potential Client, you complete the contact form on our Website, we collect the following data: Name, last name, company name, email address, company size, and the services you need.

During the provision of the service: Once you become a Client, for the project’s execution, we also store technical data such as Google Analytics 4 measurement IDs or pixel IDs.

Automatically while Browsing: Through the use of cookies, we may collect basic technical information about your browsing as a Website User.

During the Company’s administrative management: To carry out Tutopress’s administrative activities and manage our relationship with collaborators, contractors, and strategic partners, we collect the necessary data for communication, project management, and billing, such as: name, identification number, country of residence, physical address, email address, contact telephone number, and any other data essential for the fulfillment of corporate purposes.

6.3. How and where we store information: The information you share with us is stored securely on external servers provided by the following technology platforms, which we use for our internal management:

A CRM managed in Notion.
Spreadsheets in Google Sheets.
Documents in Google Drive.

Access to this information is protected and restricted through the controls and permission levels offered by these same platforms, ensuring that only authorized and project-invited personnel can consult it. The preceding list is not restrictive; the Company may use other technology platforms in the provision of its services.

6.4. Who we share your Data With: Tutopress does not sell or share your personal data with third parties for their purposes. However, to operate, it uses the services of technology providers such as, without limitation, Google and Notion, who act as “Data Processors” on behalf of the Company. This means they store the information, but Tutopress maintains control over it, and they are obligated to protect it.

6.5. Specific information about cookies: Cookies may be used to enhance your experience on our Website. In such cases, we distinguish between:

Essential cookies: These are necessary for the basic functioning of the site and do not require your consent.

Non-essential cookies (for analytics, performance, etc.): These help us understand how you use the site to improve it. These cookies will only be activated if you give us your explicit consent through the cookie management banner that will appear when you visit the Website.

You can accept, reject, or configure your preferences for non-essential cookies at any time. Most browsers also allow you to manage cookies from their settings. Please note that if you block or decide to delete cookies, your browsing experience may be limited.

6.6. Other legal bases for processing: The Data Subject’s authorization will not be necessary in exceptional cases expressly permitted by the GDPR or applicable data protection law, such as to comply with a legal obligation or a judicial requirement.

7. PURPOSES AND USE OF DATA.

The Data Controller will perform operations that include the collection, storage, use, circulation, international transfer, and/or deletion of Personal Data. This Processing will be carried out exclusively for the authorized purposes outlined in this Policy and the specific authorizations granted by the Data Subject. Personal data will be processed for the following purposes:

7.1. Purposes related to our Clients and website Users:

Provision of the service: To use your contact and business data to effectively execute the contracted Services, from the Quote to the delivery of the Deliverables.

Communication and support: To handle your inquiries, requests, and provide support through our communication channels when you complete our contact form.

Billing management: To process payments and issue the corresponding invoices for the Services provided.

Website Analysis and improvement: To use anonymous browsing data (through cookies) to understand how Users interact with the Website and to improve its functionality and the Services provided.

7.2. Purposes related to our Collaborators, Contractors, and Strategic Partners:

Contractual and administrative management: To manage the contractual or commercial relationship, including the creation of contracts, service orders, and the management of payments and billing.

Operational communication: To maintain fluid communication for the coordination of projects, tasks, and responsibilities.

Fulfillment of obligations: To comply with the legal and tax obligations arising from the contractual relationship.

7.3. Purposes common to all Data Subjects:

Security: To protect the security of the systems and the information we process.

Legal compliance: To comply with the requirements of competent judicial or administrative authorities.

El Responsable del Tratamiento realizará operaciones que incluyen recolección de Datos Personales, su almacenamiento, uso, circulación, transferencia internacional y/o supresión. Este Tratamiento se realizará exclusivamente para las finalidades autorizadas y previstas en la presente Política y en las autorizaciones específicas otorgadas por parte del Titular. Los datos personales serán tratados con las siguientes finalidades:

8. USER’S RESPONSIBILITY.

By providing us with your data through our various communication channels, the Data Subject warrants that they are of legal age and that the data provided is true, accurate, complete, and current. To this end, the Data Subject confirms they are responsible for the veracity of the data communicated and will keep said information appropriately updated to reflect their real situation, assuming responsibility for any false or inaccurate data they may provide, as well as for any direct or indirect damages that may result.

9. INFORMATION RETENTION PERIOD.

We retain your personal data only for the period necessary to fulfill the purpose for which it was collected, to comply with legal obligations, and to address any potential liabilities that may arise from the fulfillment of the purpose for which the data was gathered.

In any case, and as a general rule, we will keep your personal information as long as a contractual relationship exists or you do not exercise your right to erasure and/or restriction of processing. In such cases, the information will be blocked from active use and kept only for as long as it may be necessary for the exercise or defense of legal claims or to address any type of liability that must be attended to.

10. DATA SUBJECT RIGHTS AND CONTACT.

10.1. Rights.

You, as the Data Subject, have specific rights over your personal information that you can exercise at any time. Below, we explain what they are and how you can exercise them.

Right of access: You have the right to request confirmation from us as to whether we are processing your personal data and to access it.

Right to rectification: You have the right to request the correction of your personal data if it is inaccurate or to have it completed if it is incomplete.

Right to erasure (“Right to be Forgotten”): You have the right to request the deletion of your personal data when, among other reasons, it is no longer necessary for the purposes for which it was collected.

Right to restriction of Processing: You have the right to request the restriction of the processing of your data. In this case, we will only keep it blocked for the exercise or defense of legal claims.

Right to object: You have the right to object to the processing of your data for specific purposes.

Right to Data Portability: You have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format, and to transmit it to another controller without hindrance from us.

Right to withdraw Consent: For any processing based on your consent, you have the right to withdraw it at any time.

10.2. How can you exercise your rights?

Communication Channel: To exercise any of your rights, you can send us a clear request to the following email address: [email protected].

Content of the Request: To expedite the process, your request should indicate:

Your full name.
The specific right you wish to exercise (access, rectification, etc.).
A clear description of your petition.
Supporting documents (if applicable).
Physical and/or email address for notifications.
Signature of the Data Subject.

Identity verification: To protect your privacy and ensure that only you or your authorized legal representative exercises the rights over your data, we may request that you verify your identity. If you are acting through a representative, they must provide a document that proves said representation.

Response times: Exercising your rights is free of charge. We will respond to you within a maximum period of one (1) month from the receipt of your request. This period may be extended by another two (2) months if necessary, taking into account the complexity and number of requests, in which case we will inform you of such an extension.

11. DATA SHARING AND INTERNATIONAL TRANSFERS.

11.1. Data sharing: To provide our services efficiently, we need to use technology providers that store or manage data on our behalf. These providers act as our “Data Processors,” which means they can only use the data according to our instructions and are obligated to maintain its confidentiality and security.

Our main Data Processors are:

Notion: Used for our CRM management.
Google: Used for document and spreadsheet management through Google Drive and Google Sheets.

Notwithstanding the foregoing, the Company may use other technology providers to carry out the provision of its services. Tutopress does not sell, rent, or share your personal information with other third parties for their own commercial purposes.

11.2. International Transfers. When using the services of technology providers, your personal information is stored on their servers. We ensure that these international transfers are protected by adequate legal safeguards, including an equivalence of data protection obligations, which guarantee the security of your information.

12. SECURITY MEASURES.

To protect your information against loss, alteration, or unauthorized access, use, or disclosure, we have implemented a set of appropriate organizational and technical security measures. These measures are based on a risk analysis and are periodically reviewed to ensure their adequacy and effectiveness. They include, among others, the following:

12.1. Organizational measures:

Logical access control: Access to databases is restricted, ensuring that even our employees and collaborators can only access the information strictly necessary to perform their duties.

Confidentiality commitment: All our employees and the third parties who provide us with services have signed confidentiality agreements or clauses, obligating them to maintain the secrecy of the information they process.

Secure destruction: Media containing personal data, whether physical or electronic (CDs, hard drives,etc.), are not discarded without first applying secure deletion procedures or physical destruction that prevents the recovery of the information.

12.2. Technical measures:

Access Control: Access to information is technically restricted through the configuration of individualized permissions on our platforms, ensuring that only authorized persons can access the data of a specific project.

Secure Authentication: We protect the accounts that manage the information through the use of strong passwords and the mandatory activation of Two-Factor Authentication (2FA) to prevent unauthorized access.

Data Encryption: Your information is protected by encryption both in transit (when communicated over the internet) and at rest (when stored on our providers’ servers), following industry standards.

12.3. Security breach management:

Response procedure: In the event of a security breach affecting your data, we have a procedure to investigate the incident, assess the risk, and take the necessary corrective measures.
Notification to the authority: We will notify any relevant security breach to the competent supervisory authority within a period not exceeding seventy-two (72) hours from when we become aware of it.
Notification to Data Subjects: If the security breach represents a high risk to your rights, we will notify you directly.

12.4. Limitation of security:

While we take all reasonable measures, no security system is impenetrable. Absolute security cannot be guaranteed. If information under our control is compromised as a result of a security breach, we will take all appropriate measures to investigate the incident and comply with our notification obligations.

13. CHANGES TO THE PRIVACY POLICY.

We reserve the right to modify this Privacy Policy at any time to adapt it to new legislation or new industry practices. Any changes will be effective upon their publication.

13.1. Notification of changes:

For minor changes (such as grammatical or style corrections, or any other), we will simply update the “Last Updated” date at the end of this document.
If we make material changes that affect your rights or the way we process your data (for example, new purposes, new recipients, etc.), we will notify you in advance, through a prominent notice on our Website or by sending a direct communication to your email address.

We recommend you review this Policy periodically. Your continued use of our Services after the changes are published will constitute your acceptance of them.

For any clarification regarding this Policy, you can contact our Customer Support team via email at: [email protected].

Date of last update: July 16, 2026.