Privacy and Security Policy
Executive summary.
Tektag Tech Media SL processes personal data relating to users, business contacts, prospects, customers, suppliers, investors, candidates, and other individuals who interact with the Website or with the company. Processing is carried out to manage requests, pre-contractual or contractual relationships, commercial communications where a valid legal basis exists, recruitment processes, legal compliance, security, claims defense, and the technical operation of the Website. Tektag adopts appropriate technical and organizational measures, limits access to authorized third parties, requires sufficient guarantees from its processors, and applies the safeguards required by applicable law where international transfers occur. Data subjects may exercise their rights by writing to info@tektag.net and may also lodge a complaint with the Spanish Data Protection Agency.
Last updated.
May 17, 2026.
Controller.
The controller is Tektag Tech Media SL, with VAT/ID ESB75458943, registered address at Jose Abascal 56, 28003 Madrid, and contact email info@tektag.net.
Mercantile Register details are unspecified in this version.
The Data Protection Officer is unspecified in this version. Until Tektag appoints and publishes a DPO, any privacy inquiry or rights request should be sent to info@tektag.net.
Scope and related documents.
This Policy applies to the Tektag Website and to the pages, forms, communications, or digital properties that link to it. It should be read together with the Legal Notice and, where applicable, the Cookie Policy available on the Website.
Data processed, purposes, legal bases, and retention.
| Context | Data that may be processed | Main purposes | Legal bases | Retention |
|---|---|---|---|---|
| General contact, forms, or email | Name, surname, email, company, role, phone number, message content, and request metadata | To handle inquiries, information requests, commercial proposals, demos, partnerships, and keep a record of the interaction | Consent; pre-contractual steps; legitimate interest in managing business communications | Until the request is resolved and thereafter blocked for the legally applicable periods. If commercial communications are sent, until objection or withdrawal of consent, as applicable |
| Customers and prospective customers | Identification and professional data, company details, commercial relationship history, communications, contractual data, invoicing, and where applicable payment data | To manage the commercial relationship, provide services, support, invoicing, collection, and account administration | Performance of a contract; pre-contractual steps; legal obligation; legitimate interest in account management | During the relationship and thereafter for as long as necessary for legal obligations, audit, claims defense, or limitation periods |
| Suppliers and collaborators | Contact and representative data, professional data, contractual, invoicing, and payment data | Supplier onboarding, contracting, supplier management, payments, accounting, and compliance | Contract; legal obligation; legitimate interest in procurement, administration, and supplier control | During the contractual relationship and thereafter for the periods required by applicable law and claims defense |
| Investors, prospective investors, or corporate contacts | Identification and professional data, represented entity, communications, submitted documentation, and due diligence materials | To manage corporate contacts, investment or financing opportunities, transaction follow-up, and corporate or regulatory compliance | Pre-contractual steps; legitimate interest; legal obligation where applicable | For the duration of the assessment or relationship and thereafter as needed for compliance and legal defense |
| Candidates and recruitment | CV, experience, education, portfolio, interviews, tests, and references provided by the candidate | To manage recruitment processes and, where appropriate, future vacancies compatible with the profile | Pre-contractual steps at the candidate’s request; consent where applicable; legitimate interest in recruitment and talent evaluation | Until the process closes and, if the application is kept for future vacancies, up to two years from receipt or latest update unless deleted earlier |
| Website browsing, cookies, and security | IP address, logs, online identifiers, browser/device data, security events, and cookies or equivalent technologies | Website operation, security, abuse/fraud prevention, technical analytics, and consent management | Legitimate interest; compliance with security obligations; consent where required for cookies or equivalent technologies | For as long as necessary for the relevant technical or security purpose and, for non-essential cookies, as stated in the Cookie Policy |
| Compliance, incidents, and rights handling | Data included in rights requests, complaints, security incidents, or authority requests | To respond to rights requests, manage incidents, comply with legal obligations, and defend claims | Legal obligation; legitimate interest in compliance, security, and legal defense | For as long as necessary to manage the request or incident and thereafter for the legally applicable periods |
Recipients, processors, and international transfers.
Tektag may disclose data to public administrations, courts, tribunals, law-enforcement bodies, or other authorities where there is a legal obligation to do so or where this is necessary for the exercise or defense of rights and legitimate interests. Tektag may also share data with Tektag group entities, if any and if necessary, and with processors providing services such as hosting/cloud, website maintenance, CRM, emailing, analytics, consent management, recruitment, support, professional advisory services, storage, or security.
Tektag will require those processors to provide sufficient guarantees and to enter into contracts compliant with applicable law. Where a provider is located outside the European Economic Area or remotely accesses data from outside the EEA, Tektag will apply appropriate safeguards, including adequacy decisions, standard contractual clauses, binding corporate rules, or any other valid mechanism recognized by applicable law. The identity of Tektag’s named processors and subprocessors is unspecified in this version and may be requested through info@tektag.net.
Data subject rights.
Data subjects may request access, rectification, erasure, objection, restriction of processing, and portability of their personal data, and may withdraw previously granted consent at any time. They may also lodge a complaint with the Spanish Data Protection Agency. To exercise rights, data subjects should write to info@tektag.net, stating the right they wish to exercise and the information reasonably needed to verify identity. If a request is particularly complex or affects third-party rights, Tektag may request additional proportionate and reasonable information.
Security and confidentiality.
Tektag adopts and maintains technical and organizational measures appropriate to the risk, taking into account the state of the art, implementation costs, and the nature, scope, context, and purposes of the processing. These measures may include access controls, privilege management, confidentiality obligations, encryption or pseudonymization where appropriate, backups, logging and monitoring, periodic assessment of measures, and restoration and incident-response procedures. Access to personal data will be limited to authorized personnel and to third parties that need access in order to provide services to Tektag.
However, no Internet-based security measure is absolute, and Tektag cannot guarantee complete and uninterrupted security. If you detect or suspect a security incident involving personal data, you may report it to info@tektag.net.
Minors, third-party links, and limits of liability.
The Website is not directed to children under 14 years of age. If a child below that age provides personal data, this must be done with authorization from a parent, guardian, or legal representative.
Third-party websites linked from the Website are governed by their own terms and policies. Tektag does not control their content or their privacy and security practices.
Nothing in this Policy excludes or limits Tektag’s liability to the extent that such exclusion or limitation is prohibited by applicable law.
Changes to this Policy and contact.
Tektag may amend this Policy to reflect legal, regulatory, technical, or business changes. The current version will be the one published on the Website together with its latest update date. Where changes are materially relevant, Tektag will communicate them by reasonable means if required by law or otherwise appropriate in light of the relationship with the affected individual.
For any privacy or security question, or to request information about recipients, processors, or transfers, you may contact info@tektag.net.
Technical and Organisational Measures
Tektag implements and maintains robust technical, organisational, and administrative security measures designed to ensure an appropriate level of protection of personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, misuse, or access, in accordance with applicable data protection laws including the General Data Protection Regulation (“GDPR”).
These measures are continuously reviewed and updated taking into account the state of the art, the nature, scope, context and purposes of processing, as well as the risks posed to the rights and freedoms of individuals.
The security measures implemented by Tektag include, where applicable:
- Encryption of data in transit through secure communication protocols such as TLS/HTTPS
- Segregated and secured cloud infrastructure environments
- Access control mechanisms based on least privilege and role-based permissions
- Multi-factor authentication (MFA) for administrative and internal systems
- Authentication and authorization controls for employees, contractors, and service providers
- Continuous monitoring, logging, and detection systems designed to identify suspicious or unauthorized activity
- Internal policies governing data access, confidentiality, acceptable use, and information security
- Employee training and awareness programs related to privacy, cybersecurity, and data protection obligations
- Vulnerability assessment and remediation processes, including periodic security reviews and updates
- Measures designed to protect systems against malware, intrusion attempts, denial-of-service attacks, and other cybersecurity threats
- Data minimisation practices and restrictions on the collection, storage, and retention of personal data
- Backup, redundancy, and disaster recovery procedures intended to ensure resilience and business continuity
- Procedures to manage, investigate, and respond to security incidents and personal data breaches
- Vendor and third-party assessments intended to ensure that service providers handling personal data implement appropriate safeguards
- Secure deletion and disposal procedures for personal data and storage media
- Organisational measures intended to ensure confidentiality obligations remain applicable to all personnel with access to personal data
Where applicable, Tektag also implements privacy-by-design and privacy-by-default principles in the development and operation of its technologies, services, and advertising solutions.
Tektag regularly evaluates and updates its technical and organisational measures to maintain an appropriate level of security consistent with evolving industry standards, regulatory requirements, and operational risks associated with digital advertising technologies and programmatic media services.
If you have questions regarding Tektag’s security measures or data protection practices, you may contact us at: