This Data Protection Policy explains how Sigma AI processes and protects your personal data in compliance with the GDPR and Spanish data protection legislation.
Owner: SIGMA. AI, SLU.
Registered office: Avenida de Burgos 114, Madrid, Spain, Postal Code: 28050, Madrid.
SIGMA. AI, SLU (hereinafter, “the Controller“) is the controller of the personal data obtained from users through the use of this website, in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter “GDPR“) and in Organic Law 3/2018, of 5 December, on the Protection of Personal Data and guarantee of digital rights (hereinafter “LOPDGDD”).
To ensure the proper management of the processing of your personal data, please contact us via our anonymous contact form.
| Purpose of processing | Additional information | Legitimating basis |
|---|---|---|
| Contact form | Through the contact form available on our website, you provide us with information such as your name, contact details and any other information you choose to share. Once we have received your communication, we will be able to contact you to resolve your question or concern. | The legitimate interest of the Data Controller in responding to requests for information received through its consultation channels. |
| Marketing Activities | We will process the data provided through the contact form in order to send you our marketing communications and provide you with the information about our products and services that you request. | The consent of the data subject. |
| Cookies | We use cookies to differentiate you from other users, learn more about your preferences and offer you a more personalized browsing experience. For more information, please see Section 6 of this Privacy Policy. | The consent of the data subject. |
The Data Controller may communicate your personal data to the Public Bodies and Administrations, only when necessary for compliance with the applicable legal obligations.
You may also communicate your data to subsidiaries and related companies of our Group, for internal administrative purposes.
In addition, the Controller collaborates with certain third-party service providers who process your personal data on our behalf, such as:
The controller follows strict criteria for selecting service providers to comply with its data protection obligations and forms the corresponding Data Processing Agreement with them in accordance with Article 28 of the GDPR.
We engage the following subprocessors to process personal data on our behalf. Each subprocessor is contractually bound by a Data Processing Agreement (DPA) that includes the obligations required under Article 28 of the GDPR.
| Subprocessor | Function | Location / Hosting |
|---|---|---|
| Cloudflare, Inc. | CDN, DNS, DDoS protection, edge hosting, SSL/TLS termination | United States (EU data residency options enabled where available) |
| Supabase, Inc. | Managed PostgreSQL database, authentication service, object storage | United States (EU data residency options enabled where available) |
We perform annual security and compliance reviews of all subprocessors. If we add or replace a subprocessor, we will update this list and provide at least 30 days' notice on this page before the change takes effect.
SIGMA AI, SLU belongs to the SIGMA Group, whose holding company is an American company headquartered in Miami, USA. In this regard, the recipients of your personal data may be located, in some particular cases, outside the European Union. In such cases, we require them to comply with the applicable data protection requirements. Therefore, we only transfer your personal data to a third country or international organisation if they offer appropriate safeguards.
You can learn more about the measures implemented by SIGMA. AI, SLU by contacting our DPO via our anonymous contact form.
The period of storage of your personal data will be that which is strictly necessary to comply with the purpose for which they were provided or collected. In this regard, the criteria that the Data Controller uses to set the storage periods of your personal data have been determined in accordance with the requirements established in the applicable legislation, regulations and normative guidelines.
In this regard, the Data Controller guarantees that it will not process the personal data unless it is necessary for the formulation, exercise or defence of claims or when this is required to provide them to the Public Administration, Judges and Courts during the limitation period of their legal rights or obligations. Your personal data will subsequently be deleted.
Similarly, in the event that the processing of personal data is supported by legitimate interest or consent given by you, we will process the personal data until you object to the processing (unless compelling legitimate interests prevail on the part of the Controller) or withdraw your consent.
Retention schedule
You may at any time exercise your right of access or erasure ("right to be forgotten") by contacting us — see "What are your data protection rights?" below.
You may contact SIGMA. AI, SLU at any time, being able to exercise your rights:
Where there is reasonable doubt as to the identity of the natural person making the request, additional information necessary to confirm the identity of the data subject may be requested.
Likewise, you are informed that you may revoke the consents granted whenever you wish, by contacting SIGMA. AI, SLU at the postal address or email indicated above.
Finally, if you wish to have more information about your rights in terms of data protection or need to file a complaint, you can contact the Spanish Data Protection Agency, with address at Calle Jorge Juan, 6, 28001, Madrid, in order to safeguard your rights ( www.aepd.es).
Our website uses cookies to differentiate you from other users, which helps us to provide you with an optimal browsing experience and to improve our site. Some areas of the site also use cookies to learn more about you and provide you with a more personalized experience. We process this personal data to:
You can find all the details in our Cookie Policy.
SIGMA. AI, SLU reserves the right to modify this privacy and data protection policy to adapt it to the regulations in force at all times and to the instructions or recommendations given by the supervisory authorities, so we recommend reading it before each access and browsing of the website.
We strive to maintain the accuracy and integrity of the personal data we hold. It is essential that you inform us of any updates to your contact details or other personal data to ensure that we have the most up-to-date information about you. Please contact us for any updates via our anonymous contact form.
At Sigma AI, we respect our clients' right to control how their brand, name, logo, and trademarks are used for marketing or promotional purposes. If you are a client and do not wish for your brand, company name, logo, or any identifying marks to appear on our website, case studies, presentations, press releases, or any other promotional materials, you may opt out at any time.
To opt out, please send a written request via our anonymous contact form with the subject line "Opt-out — Brand and Logo Usage". Please include your company name and a brief confirmation that you do not consent to the use of your brand or logo as a client reference. We will process your request within 10 business days and confirm once your preferences have been updated.
This opt-out does not affect any contractual obligations between your company and Sigma AI, nor does it limit our ability to provide the services agreed upon. It solely restricts the use of your brand and logo for public-facing marketing, promotional, or communications purposes.