41elements
Last updated: March 2026
41elements ("we", "us", or "our") is committed to protecting and respecting your privacy. This
Privacy Policy explains how we collect, use, disclose, and safeguard your personal data in
accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and the
Spanish Organic Law 3/2018 on the Protection of Personal Data ("LOPDGDD").
Please read this policy carefully. By using our services,
The data controller responsible for your personal data is:
41elements
Registered address: Madrid, Spain
Email: privacy@41elements.com
If you have any questions about this policy or our data practices, please contact us at the
address above.
We may collect and process the following categories of personal data:
• Full name and contact details (email address, phone number)
• Company name and job title
• Billing and payment information
• Communications you send us (emails, support requests, feedback)
• Account credentials (username, password hash)
• IP address and approximate geolocation
• Browser type, version, and operating system
• Pages visited, time spent, and navigation paths
• Referral source and search terms
• Device identifiers and cookie data
• Information from analytics platforms (e.g. Google Analytics)
• Information from payment processors (e.g. Stripe)
• Social login data if you choose to authenticate via third-party providers
We process your personal data on the following legal grounds under Article 6 GDPR:
To provide, operate, and maintain our services as agreed under our Terms of Service,
including account management, billing, and customer support.
To improve our products and services, prevent fraud and abuse, maintain security, and
conduct analytics — where our interests are not overridden by your rights.
For marketing communications, non-essential cookies, and any other processing where we
have asked for and received your explicit consent. You may withdraw consent at any time.
Where we are required to retain or disclose data to comply with applicable law, regulation, or
legal proceedings.
We use the personal data we collect for the following purposes:
• Providing, maintaining, and improving our services and applications
• Creating and managing your user account
• Processing transactions and sending related documentation
• Communicating with you regarding your account, updates, or support requests
• Sending marketing and promotional communications (with your consent)
• Analysing usage to improve user experience and product development
• Detecting, preventing, and addressing fraud, abuse, and security incidents
• Complying with legal obligations and enforcing our Terms of Service
We do not sell, rent, or trade your personal data. We may share your data with trusted third
parties in the following circumstances:
We engage trusted third-party companies to perform functions on our behalf, including
hosting, payment processing, analytics, and email delivery. These processors are
contractually bound to handle data only as we instruct and in compliance with GDPR.
We may disclose your data if required to do so by law, court order, or governmental
authority, or to protect the rights, property, or safety of 41elements, our users, or the public.
In the event of a merger, acquisition, or sale of assets, your personal data may be
transferred to the acquiring entity. We will notify you
Some of our third-party service providers may be located outside the European Economic
Area (EEA). Where we transfer personal data to countries not deemed adequate by the
European Commission, we ensure appropriate safeguards are in place, such as:
• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions for the relevant recipient country
• Binding Corporate Rules where applicable
We retain personal data only for as long as necessary for the purposes described in this
policy, or as required by law. Retention periods are determined by:
• The duration of your contractual relationship with us
• Legal obligations to retain records (e.g. tax and accounting requirements under
Spanish law — typically 5 to 7 years)
• Legitimate business needs such as resolving disputes or enforcing agreements
When data is no longer needed, we securely delete or anonymise it.
As a data subject, you have the following rights under the GDPR:
You may request a copy of the personal data we hold about you and information about how
it is processed.
You may request that we correct any inaccurate or incomplete personal data.
You may request deletion of your personal data where it is no longer necessary for its
original purpose, where you withdraw consent, or where processing is unlawful.
You may request that we limit the processing of your data under certain circumstances.
You may request a structured, machine-readable copy of your personal data to transfer to
another controller.
You may object to processing based on legitimate interests or for direct marketing purposes,
at any time.
You have the right not to be subject to solely automated decisions that produce significant
legal or similarly significant effects.
To exercise any of these rights, please contact us at privacy@41elements.com. We will
respond within 30 days. You will not be charged a fee for exercising your rights unless
requests are manifestly unfounded or excessive.
We use cookies and similar tracking technologies to enhance your experience, analyse site
traffic, and personalise content. Our cookies are categorised as follows:
• Strictly necessary cookies: Required for the operation of our services. These cannot
be disabled.
• Analytical/performance cookies: Help us understand how visitors interact with our
website.
• Functionality cookies: Allow us to remember your preferences and settings.
• Targeting/advertising cookies: Used to deliver relevant advertisements (only with
your consent).
You may manage your cookie preferences at any time via our Cookie Settings panel or
through your browser settings. Note that disabling certain cookies may affect the
functionality of our services.
We implement appropriate technical and organisational measures to protect your personal
data against unauthorised access, alteration, disclosure, or destruction. These include:
• Encryption of data in transit (TLS/SSL) and at rest
• Access controls and authentication mechanisms
• Regular security assessments and vulnerability testing
• Employee training on data protection and security practices
In the event of a personal data breach that poses a risk to your rights and freedoms, we will
notify the relevant supervisory authority (AEPD) within 72 hours and inform you without
undue delay where required.
Our services are not directed to individuals under the age of 16. We do not knowingly collect
personal data from children. If we become aware that we have collected data from a child
without verified parental consent, we will delete it promptly. If you believe we have
inadvertently collected such data, please contact us immediately.
Where we are required to retain or disclose data to comply with applicable law, regulation, or
If you believe we have processed your personal data unlawfully or in breach of this policy,
you have the right to lodge a complaint with the Spanish Data Protection Authority:
Agencia Espanola de Proteccion de Datos (AEPD)
Website: www.aepd.es
Address: C/ Jorge Juan, 6, 28001 Madrid, Spain
We would, however, appreciate the opportunity to address your concerns directly before you
contact the supervisory authority.
We may update this Privacy Policy from time to time to reflect changes in our practices,
technology, or legal requirements. When we make material changes, we will notify you by
email or by posting a prominent notice on our website, and update the "Last updated" date at the top of this document.
We encourage you to review this policy periodically.
If you have any questions, concerns, or requests relating to this Privacy Policy or our data
practices, please contact us:
41elements
Email: privacy@41elements.com
Address: Madrid, Spain
We are committed to resolving