Legal Information

Privacy Policy

Last updated: January 15, 2026

Índice
  1. 01Data Controller
  2. 02Data We Process, Purpose, and Legal Basis
  3. 03Retention Periods
  4. 04Recipients and Data Processors
  5. 05Your Rights
  6. 06Security Measures
  7. 07Minors
  8. 08Changes to This Policy

At REGENERING, we take the protection of your personal data seriously. This Policy explains who is responsible for data processing, what data we collect, for what purpose, on what legal basis, with whom we share it, and what rights you can exercise, in accordance with Regulation (EU) 2016/679 (GDPR) and the Spanish Organic Law 3/2018 (LOPDGDD).

01

Data Controller

  • Responsible: Michael Gourion (brand name: REGENERING)
  • Tax ID (NIF): X2551651P
  • Address: Edificio San Cristóbal, Calle Panamá 32, Planta 1, Oficina 4, 38009 Santa Cruz de Tenerife, Canary Islands, Spain
  • Contact Email: info@regenering.com
02

Data We Process, Purpose, and Legal Basis

We process only the data strictly necessary for the following purposes:

  • Contact and Commercial Inquiries. Name, email, company, position, and message content. Legal basis: consent of the data subject (Art. 6.1.a GDPR) and legitimate interest in responding to your request.
  • Contracting Professional Services. Identifying and fiscal data, billing data, communications related to the assignment. Legal basis: performance of a contract (Art. 6.1.b) and compliance with legal obligations (Art. 6.1.c) — fiscal and accounting.
  • Online Store Purchases and Subscriptions. Billing data, order history, subscription data. Payment data (card) is processed directly by Stripe; we do not store it. Legal basis: performance of a contract and legal obligations.
  • Operational Diagnosis (Pulse Express and similar). Questionnaire responses, name, email, company, and position. Legal basis: consent and performance of the requested service.
  • User Account on the Website. Email and data associated with the profile. Legal basis: performance of the contract for access to the platform.
  • Commercial Communications and Newsletter. Email and preferences. Legal basis: express consent, revocable at any time via the unsubscribe link included in each sending.
  • Website Analytics. Anonymized or pseudonymized browsing data through Metricool and Google Analytics 4. Legal basis: user consent (see Cookies Policy).
03

Retention Periods

  • Contact data without subsequent contracting: up to 12 months from the last contact.
  • Contractual and fiscal data: for the duration of the contract and, upon its termination, for the legal retention periods (up to 6 years for commercial and accounting purposes; 4 years for tax purposes).
  • Subscription data: while the subscription is active and for the applicable legal periods after its cancellation.
  • Pulse diagnosis data: up to 24 months or until the data subject requests its deletion.
  • Newsletter: until consent is withdrawn.
04

Recipients and Data Processors

We do not transfer your data to third parties unless there is a legal obligation. We do work with data processors who provide services on behalf of REGENERING under the corresponding data processing agreement (Art. 28 GDPR):

  • Stripe Payments Europe, Ltd. — payment gateway and subscription management.
  • Supabase (Lovable Cloud) — database infrastructure, authentication, and storage.
  • Cloudflare, Inc. — hosting, CDN, and site protection.
  • Google Ireland Ltd. (Google Analytics 4) — web analytics.
  • Metricool Software S.L. — web and social media analytics.
  • Resend / transactional email provider — sending invoices, notifications, and newsletter.

Some of these providers are located outside the European Economic Area. In those cases, international transfers are carried out under the Standard Contractual Clauses approved by the European Commission or other adequate safeguards in accordance with Chapter V of the GDPR.

05

Your Rights

You can exercise the following rights over your personal data at any time:

  • Access to the data we process about you.
  • Rectification of inaccurate or incomplete data.
  • Erasure ("right to be forgotten") when it is no longer necessary.
  • Restriction of processing in the cases provided for by the GDPR.
  • Objection to processing for legitimate reasons.
  • Data Portability in a structured and commonly used format.
  • Withdrawal of Consent at any time, without retroactive effects.

To exercise them, write to info@regenering.com indicating the right you wish to exercise and attaching a copy of your identity document when necessary to verify your identity. We will respond within a maximum period of one month.

If you consider that the processing does not comply with regulations, you can file a complaint with the Spanish Data Protection Agency (www.aepd.es).

06

Security Measures

We apply appropriate technical and organizational measures to ensure a level of security appropriate to the risk: encryption in transit (HTTPS/TLS), access control, robust authentication, backups, and providers with recognized certifications (SOC 2, ISO 27001) for critical infrastructure.

07

Minors

REGENERING services are exclusively aimed at adults and professionals/companies. We do not knowingly collect data from children under 14 years of age. If you detect that a minor has provided us with data without authorization, please contact us and we will delete it.

08

Changes to This Policy

We may update this Policy to reflect legal, technical, or business changes. The applicable version will always be the one published on this page, with its date of last update.

For any questions about the processing of your data, please write to info@regenering.com.