Saltar al contenido

Legal

Política de privacidad

Vigente desde · Versión v1.0

Texto legal canónico en inglés. Esta página muestra el texto original sin traducir para evitar exposición por traducción automática.

1. Data controller

Federico Nicolas Lussoro, trading as Olaaia, Mar del Plata, Buenos Aires, Argentina, is the data controller for personal data collected via this website and through client engagements. Contact: contact@olaaia.com.

2. Data collected

Website forms (contact, scoping): name, email address, optional company, tier, budget band, free-text message. Stored in the engagement inbox and CRM for follow-up.

Web analytics: aggregated, IP-truncated session data via Google Analytics 4 (Vercel Analytics is privacy-friendly and does not set tracking cookies). No precise location, no cross-site tracking.

Calendar bookings: data collected by Cal.com under their privacy policy when a visitor books a slot through the embedded widget. Olaaia receives only name, email, time slot, and any notes the visitor adds.

Engagement records: contractual documents, signed scope documents, signed NDAs, invoices, and accounting records kept for the period required by Argentine tax law (currently ten years).

3. Purposes and legal basis

Personal data is processed to (a) reply to inquiries, (b) deliver contracted services, (c) issue invoices and comply with Argentine tax law, (d) maintain website security, and (e) measure aggregate site usage. Legal bases under GDPR Article 6: legitimate interest (a, d, e), contract performance (b), legal obligation (c). Under Ley 25.326, consent and contractual performance.

4. Retention

Contact-form data: 24 months from the last interaction. Booking data: 24 months from the meeting. Engagement and accounting records: 10 years as required by Argentine tax law. Aggregate analytics: 14 months. Internal logs containing client information: deleted within 30 days of handover.

5. Sub-processors

Vercel Inc. (hosting and edge functions, EU and US regions), Resend (transactional email), Google LLC (Google Analytics 4, Tag Manager), Cal.com (scheduling), and the client's chosen broker / venue (operational integrations only, never custodial). Each sub-processor's privacy posture is reviewed at onboarding.

6. Your rights

EU / UK (GDPR / UK GDPR): right of access, rectification, erasure, restriction, portability, objection, and the right to lodge a complaint with the supervisory authority of the visitor's habitual residence.

California (CCPA / CPRA): right to know, delete, correct, limit use of sensitive personal information, and opt out of sale or sharing (Olaaia does not sell or share personal data).

Argentina (Ley 25.326, Personal Data Protection): rights of access, rectification, update, and removal. Complaints to the Agencia de Acceso a la Información Pública (AAIP).

Requests are addressed to contact@olaaia.com and answered within 30 days.

7. International transfers

Some sub-processors are located outside Argentina and the European Economic Area. Transfers rely on Standard Contractual Clauses (EU) or adequacy decisions where available. Argentine clients are informed that data may transit servers in the United States and the European Union.

8. Cookies and similar technologies

Essential cookies: locale preference, route session identifier. No tracking cookies are set without explicit consent. Google Analytics 4 is loaded with anonymise_ip set and consent gating where applicable.

9. Security

Olaaia takes reasonable technical and organisational measures to protect personal data: TLS 1.2+ in transit, role-based access, encrypted backups, audit logs. Suspected incidents are notified to affected individuals and the AAIP within 72 hours where required.

10. Changes to this policy

Material changes are published on this page and noted in the changelog. Continued use of the site after a change constitutes acceptance.