Privacy Policy | AprenderIA

Privacy Policy

Last updated: March 2026

1. Data Controller

The data controller responsible for the personal data collected through this website is:

2. EU Representative

In accordance with Article 27 of Regulation (EU) 2016/679 (GDPR), a representative in the European Union has been designated:

3. Data We Collect

We may collect the following types of information:

  • Identification data: name, surname, email address.
  • Browsing data: IP address, browser type, pages visited, time spent on site, traffic sources, website interactions (via Microsoft Clarity, loaded through Google Tag Manager).
  • Transaction data: information related to course purchases, managed through the Thinkific platform and processed securely via Stripe.
  • Communication data: messages sent through contact forms or newsletter subscriptions.

4. Purpose of Processing

We use your personal data to:

  • Manage your access to courses and content purchased through Thinkific.
  • Send you communications related to your account and purchases.
  • Send you our newsletter if you have voluntarily subscribed.
  • Respond to your enquiries submitted through contact forms.
  • Analyse website usage to improve our services and user experience.
  • Comply with legal and tax obligations.

5. Legal Basis

The processing of your data is based on:

  • Consent (Art. 6.1.a GDPR): when you subscribe to our newsletter or accept non-essential cookies.
  • Contractual performance (Art. 6.1.b GDPR): to manage your access to purchased courses. Providing your data is a necessary requirement in order for us to deliver the service; without it, we would be unable to grant you access to the courses.
  • Legitimate interest (Art. 6.1.f GDPR): to improve our services, analyse website usage, and prevent fraud.
  • Legal obligation (Art. 6.1.c GDPR): to comply with applicable tax and legal requirements.

6. Data Sharing with Third Parties

We do not sell your personal data. We share information with the following service providers, who act as data processors:

  • Thinkific (Thinkific Labs Inc., Canada): online course management platform where our content is hosted and student accounts are managed.
  • Stripe (Stripe, Inc., USA): secure payment processing.
  • SendGrid (Twilio Inc., USA): transactional email delivery and communications through contact forms.
  • Google Tag Manager / Google Analytics (Google LLC, USA): script management and website traffic and behaviour analysis (both loaded via GTM).
  • Microsoft Clarity (Microsoft Corporation, USA): user behaviour analysis through heatmaps and session recordings (loaded via Google Tag Manager).
  • Cloudflare (Cloudflare, Inc., USA): website hosting and distribution (CDN), threat protection, and performance.
  • CookieYes (CookieYes Limited, UK): cookie consent management.
  • Trustpilot (Trustpilot A/S, Denmark): domain verification for reviews.

We may also disclose your data to competent authorities when required by law.

7. International Data Transfers

As the data controller is established in the United Arab Emirates and uses service providers based outside the European Economic Area (EEA), your data may be transferred to the following countries:

  • United States: Stripe, SendGrid, Google (Tag Manager / Analytics), Microsoft Clarity, Cloudflare.
  • Canada: Thinkific (country with an adequacy decision from the European Commission).
  • United Arab Emirates: data controller.

For transfers to the USA, we ensure that providers have appropriate safeguards in place in accordance with the GDPR, such as standard contractual clauses approved by the European Commission or adherence to the EU-U.S. Data Privacy Framework.

8. Your Rights

In accordance with the General Data Protection Regulation (GDPR), you have the right to:

  • Access: request a copy of your personal data.
  • Rectification: correct inaccurate or incomplete data.
  • Erasure: request deletion of your data.
  • Portability: receive your data in a structured, commonly used format.
  • Objection: object to the processing of your data, particularly processing based on legitimate interest.
  • Restriction: request restriction of processing.
  • Not to be subject to automated decisions: we do not make decisions based solely on automated processing of your data, including profiling, that produce legal effects concerning you or similarly significantly affect you.

To exercise these rights, you can contact our EU representative at mrtglezlpz@gmail.com or directly at fernandezromeroolga@gmail.com.

You also have the right to lodge a complaint with a data protection supervisory authority in the European Union. In Spain, the competent authority is the Spanish Data Protection Agency (AEPD).

9. Security

We implement technical and organisational measures to protect your personal data against unauthorised access, loss, or destruction. These measures include:

  • SSL/TLS encryption for all data transmissions.
  • Restricted access to personal data, limited to authorised personnel only.
  • Use of providers with recognised security standards (PCI DSS in the case of Stripe).

10. Data Retention

We retain your personal data for the time strictly necessary to fulfil the purpose for which it was collected:

  • Customer data (purchases and account): for as long as you maintain an active account and, after cancellation, for the legally required period to comply with tax and accounting obligations (minimum 5 years).
  • Contact form data: 6 months from the resolution of the enquiry.
  • Newsletter data: until you request unsubscription.
  • Browsing and analytics data: according to the configuration of each tool (see Google Analytics and Microsoft Clarity privacy policies).

11. Changes to This Policy

We may update this policy periodically. We will notify you of significant changes through our website or by email. We recommend reviewing this page regularly.

12. Contact

If you have questions about this privacy policy or wish to exercise your rights, you can contact us at: