Privacy Policy
Privacy Policy Statement on the Use of this Service (Website)
Privacy Policy
Last updated: 03/03/2026
This Privacy Policy explains how INTERNET OF THINGER S.L. (“Thinger.io”, “we”, “us”, “our”) collects and processes personal data when you visit or use https://thinger.io and related websites, products, services, and documentation (collectively, the “Services”).
This Policy is intended to provide the information required by the EU General Data Protection Regulation (“GDPR”) and applicable Spanish data protection laws.
1) Data Controller
Controller: INTERNET OF THINGER S.L. VAT/Tax ID: ESB88230602 Registered office: C/Jacinto Benavente, 2A. Planta 1ª. Edificio Tripark. 28232 – Las Rozas de Madrid. Spain Contact email: [email protected]
If you contact us, please include enough information for us to verify your identity.
2) Data Protection Officer (DPO)
Data Protection Officer (DPO): We have not appointed a DPO, as we are not legally required to do so. For privacy-related questions, please contact us at [email protected]
3) Personal Data We Process
Depending on how you interact with the Services, we may process:
Identification and contact data: name, surname, email address, phone number (if provided).
Professional data: company name, role/department, country (if provided).
Content you provide: messages, inquiries, support requests, and attachments you submit.
Account and service data (if you create/use an account): username, authentication data, API keys/tokens, settings, subscription details, billing contact details.
Technical and usage data: IP address, device identifiers, browser type, operating system, pages viewed, timestamps, and similar usage logs.
Cookie and tracker data: as described in our Cookie Policy.
We do not intentionally collect special categories of data (e.g., health data, political opinions). Please avoid including such data in free-text fields unless strictly necessary.
4) Where Personal Data Comes From
We collect personal data:
Directly from you (forms, emails, account creation, support tickets).
Automatically (cookies, logs, analytics when you browse).
From service providers acting on our behalf (e.g., hosting, email delivery, analytics), only as needed to provide the Services.
5) Purposes and Legal Bases
We process personal data for the following purposes and under the following legal bases:
A) Responding to inquiries (Contact forms / email)
Purpose: handle your request and communicate with you.
Data: identification/contact data; message content; company/department (if provided).
Legal basis: consent (Art. 6(1)(a) GDPR) and/or pre-contractual measures (Art. 6(1)(b)) when your request relates to a potential contract.
Retention: see Section 7.
B) Providing and operating the Services (accounts, authentication, platform features)
Purpose: create and manage accounts, provide functionality, deliver the service, customer support.
Data: account and service data; technical data; support communications.
Legal basis: performance of a contract (Art. 6(1)(b)).
Retention: see Section 7.
C) Security, fraud prevention, and abuse detection
Purpose: protect the Services, prevent abuse, investigate incidents, ensure integrity and availability.
Data: technical and usage data; logs; account identifiers.
Legal basis: legitimate interests (Art. 6(1)(f)) in keeping our systems secure.
Retention: see Section 7.
D) Analytics and service improvement
Purpose: understand how users interact with the website to improve content and performance.
Data: technical/usage data; cookie identifiers.
Legal basis: consent (Art. 6(1)(a)) for non-essential cookies/trackers, as applicable.
Retention: see Section 7 and Cookie Policy.
E) Marketing communications (optional)
Purpose: send newsletters, product updates, and marketing communications.
Data: contact data; preferences (subscription status).
Legal basis: consent (Art. 6(1)(a)). You can withdraw at any time (see Section 9).
Retention: until you withdraw consent or unsubscribe, plus limited time to record suppression (see Section 7).
F) Billing and payments (if you purchase Services)
Purpose: manage subscriptions, invoicing, payments, accounting.
Data: billing contact details; transaction and invoice data.
Legal basis: performance of a contract (Art. 6(1)(b)) and legal obligation (Art. 6(1)(c)) for accounting/tax.
Retention: see Section 7.
G) Legal compliance and claims
Purpose: comply with legal obligations, respond to lawful requests, defend legal claims.
Data: as required for the specific obligation/claim.
Legal basis: legal obligation (Art. 6(1)(c)) and/or legitimate interests (Art. 6(1)(f)).
Retention: for the legally required periods.
6) Recipients and Data Sharing (Disclosures)
We do not sell your personal data.
We may share personal data with:
Service providers (processors) that help us operate the Services (e.g., hosting, email delivery, analytics, customer support tools). They process data under our instructions and subject to appropriate contractual safeguards.
Professional advisors (legal, accounting) when necessary.
Public authorities when required by law or to protect rights and safety.
7) Data Retention
We keep personal data only for as long as necessary for the purposes described above:
Contact requests: for the time needed to handle your request and follow-up; then stored for a limited period for record-keeping and legal defense (typically up to 2 years depending on limitation periods).
Accounts and service data: for as long as your account is active; after deletion, data may be retained for a limited period for security, backups, and legal obligations.
Marketing subscriptions: until you unsubscribe/withdraw consent; we may retain minimal data in a suppression list to ensure we respect your choice.
Billing and invoices: retained for the legally required tax/accounting periods (typically 5 years).
Security logs: retained for a limited period necessary for security monitoring and incident investigation (typically 1 month).
Cookies/trackers: see our Cookie Policy for cookie-specific durations.
8) International Data Transfers
We may use service providers located in, or that store/process data in, countries outside the European Economic Area (EEA).
Where international transfers occur, we rely on appropriate safeguards, such as:
European Commission adequacy decisions, and/or
Standard Contractual Clauses (SCCs), and additional measures where necessary.
Details can be requested via [email protected].
9) Your Rights (GDPR)
Subject to applicable law, you have the right to:
Access your personal data
Rectification of inaccurate data
Erasure (“right to be forgotten”)
Restriction of processing
Data portability
Objection to processing based on legitimate interests
Withdraw consent at any time (this does not affect processing already carried out)
To exercise your rights, contact us at [email protected]. We may request information to verify your identity.
10) Right to Lodge a Complaint (Supervisory Authority)
If you believe our processing of your personal data infringes data protection law, you have the right to lodge a complaint with your supervisory authority.
For Spain, the supervisory authority is the Agencia Española de Protección de Datos (AEPD).
11) Security Measures
We implement appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.
No method of transmission or storage is 100% secure, but we work to protect your data using industry-standard practices.
12) Children
Our Services are not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has provided personal data, contact us at [email protected].
13) Changes to this Privacy Policy
We may update this Privacy Policy from time to time. We will post the updated version on this page and update the “Last updated” date.
14) Contact
For any privacy-related questions, contact: [email protected]
Last updated