Privacy Policy

Last updated: February 2026

DDD ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your personal information when you visit our website at ddd.consulting or use our services.

Data Controller

The data controller responsible for your personal data is DDD, an AI enablement consultancy registered in Spain. You can reach us via our contact form.

1. Information We Collect

We collect information in the following ways:

  • Contact form submissions: When you reach out through our contact form, we collect your name, email address, company name, role, and message content.
  • Analytics data: We may collect anonymized usage data such as pages visited, time spent on pages, referring URLs, and general geographic location.
  • Cookies: We use essential cookies to ensure our website functions properly, and analytics cookies to understand how visitors interact with our site.

2. Legal Basis for Processing

We process your personal data under the following legal bases as defined by GDPR Art. 6(1):

  • Consent (Art. 6(1)(a)): For processing data submitted through our contact form and for analytics cookies.
  • Contract performance (Art. 6(1)(b)): For processing data necessary to deliver our consulting services to you.
  • Legitimate interest (Art. 6(1)(f)): For website functionality, security, and essential cookies required to operate our site.

3. How We Use Your Information

We use the information we collect to:

  • Respond to your inquiries and provide the services you request.
  • Improve our website, services, and overall user experience.
  • Analyze website traffic and usage patterns to optimize our content.
  • Send you relevant follow-up communications related to your inquiry (you can opt out at any time).

4. Data Sharing

We do not sell, rent, or trade your personal information to third parties. We may share your data with:

  • Service providers: Trusted third-party services that help us operate our website and deliver our services (e.g., hosting, email, analytics). These providers are contractually obligated to protect your data.
  • Legal requirements: If required by law, regulation, or legal process, we may disclose your information to the relevant authorities.

5. International Data Transfers

Some of our service providers (e.g., hosting, analytics) may process your data outside the European Economic Area (EEA). Where this occurs, we ensure appropriate safeguards are in place, including the use of Standard Contractual Clauses (SCCs) approved by the European Commission, or reliance on an adequacy decision, to protect your personal data in accordance with GDPR requirements.

6. Cookies

Our website uses the following types of cookies:

  • Essential / session cookies: Required for the website to function correctly, including authentication session cookies (NextAuth). These are processed under our legitimate interest (Art. 6(1)(f)) and cannot be disabled.
  • Analytics cookies: Help us understand how visitors use our website. These are only set with your consent (Art. 6(1)(a)). You can opt out through your browser settings or by using a privacy extension.

7. Your Rights

Under the General Data Protection Regulation (GDPR) and applicable data protection laws, you have the following rights:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate or incomplete personal data.
  • Right to erasure: Request deletion of your personal data, subject to legal obligations.
  • Right to restrict processing: Request that we limit the processing of your personal data under certain circumstances.
  • Right to data portability: Request a machine-readable copy of your data to transfer to another service.
  • Right to object: Object to processing of your personal data for specific purposes.
  • Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
  • Right to lodge a complaint: You have the right to lodge a complaint with the Spanish Data Protection Authority (Agencia Española de Protección de Datos, AEPD) at www.aepd.es.

To exercise any of these rights, please contact us using the details below.

8. Data Retention

We retain personal data collected through our contact form for up to two years from the date of submission, unless a longer retention period is required by law or an ongoing business relationship exists. Analytics data is retained in anonymized form and does not identify individual users.

9. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data protection rights, please reach out through our contact form.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. When we make changes, we will update the "Last updated" date at the top of this page. We encourage you to review this page periodically to stay informed about how we protect your data.