Privacy Policy

This Privacy Policy explains how we collect, use, and protect your personal information when you interact with our website.

1. Data Controller

The data controller responsible for processing your information is BZ Web Agency, located at Calle 11 Tolima – Colombia. You can contact us at info@bzwebagency.com for any concerns regarding data protection.

2. Categories of Personal Data Collected

We may collect a range of Personal Data, either directly from users or through the use of third-party services integrated into this website. The types of data collected include, but are not limited to:

• Identifying Information: such as first and last name.

• Contact Information: including email address.

• Usage Data: such as IP address, browser type, browsing behavior, session duration, and visited pages.

• Technical Data: such as cookies, device information, and identifiers.

• Tracking Data: gathered via analytics tools and third-party widgets.

Full details about each data category and its specific processing purpose can be found in the “Detailed Overview of Personal Data Processing” section of this policy.

Data may be either:

• Provided voluntarily by the user (e.g., through forms), or

• Collected automatically during use of the website.

Unless explicitly stated, all data requested by this website is necessary for the provision of services. Fields marked as optional can be skipped without affecting access to the core services.

If you are unsure which personal data is mandatory, you are encouraged to contact the Data Controller.

This website and integrated third-party tools may also use cookies or similar technologies to enable the proper functioning of the website and to achieve the purposes described in this policy and in our [Cookie Policy].

Users are solely responsible for any third-party personal data shared through this website.

3. How and Where We Handle Your Data

Processing Methods

We adopt appropriate technical and organizational measures to protect your Personal Data from unauthorized access, loss, misuse, or alteration. Data processing is performed using computers or IT-enabled tools, following internal procedures strictly related to the purposes outlined in this Privacy Policy.

Authorized persons involved in the operation of this website (e.g., administrative, IT, legal, or marketing personnel) and external parties (such as third-party service providers, hosting companies, communication agencies) may have access to the data. Where applicable, such third parties are appointed as Data Processors under legally binding agreements.

A full list of third-party service providers and their roles may be requested at any time.

Location of Processing

Personal Data is processed at the Data Controller’s main office and in other locations where processing parties are based. This may include locations outside the User’s country of residence.

If your data is transferred internationally, such transfers are made in compliance with applicable data protection laws. For transfers to countries outside the EEA or Switzerland that do not provide an adequate level of data protection, standard contractual clauses or other safeguards are used as required by the GDPR and FADP.

Data Retention

Personal Data will be retained for as long as necessary to fulfill the purposes for which it was collected or to comply with legal obligations.

Once the applicable retention period expires, Personal Data will be deleted or anonymized. After this point, rights such as access, rectification, or portability cannot be exercised.

4. Why We Collect and Use Your Data

We collect and use Personal Data for the following purposes, in compliance with GDPR Article 6, the Swiss FADP, and applicable U.S. state laws (e.g., CCPA):

• To provide access to and improve our services.

• To fulfill contractual obligations or respond to pre-contractual requests.

• To meet legal obligations or respond to lawful requests by public authorities.

• To communicate with users, respond to inquiries, and manage support.

• To maintain and secure our website and prevent misuse or fraud.

• To analyze user behavior and site performance.

• To manage internal operations such as backup, hosting, and infrastructure maintenance.

• To send marketing and promotional messages, when legally permitted.

Legal bases for processing may include user consent, contractual necessity, legal obligation, public interest, or legitimate interest, as further explained in the “Legal Basis for Processing” section.

5. Detailed Overview of Personal Data Processing

Below is an outline of third-party services used on this website and the related Personal Data collected and processed:

• Google Analytics 4 (Google LLC):
  Tracks user behavior for analytics and reporting. IP anonymization is enabled.
  Data Collected: Usage data, cookies, session statistics, user identifiers.
  Legal Basis: Legitimate interest / User consent (where required).

• WordPress (Self-Hosted):
  Platform used to build and manage website content.
  Data Collected: Names, email addresses (via forms).
  Legal Basis: Contractual necessity / Legitimate interest.

• Contact Forms:
  Used to collect inquiries and feedback.
  Data Collected: Name, email address, usage data.
  Legal Basis: Consent / Contractual necessity.

• Google Fonts (Google LLC):
  Loads fonts for aesthetic purposes.
  Data Collected: IP address, browser data, cookies.
  Legal Basis: Legitimate interest.

• Elementor Form Widget (Elementor Ltd.):
  Manages form submissions and design.
  Data Collected: First name, email address.
  Legal Basis: Consent / Contractual necessity.

• Google Tag Manager (Google LLC):
  Organizes scripts and tracking codes.
  Data Collected: Usage data, cookies.
  Legal Basis: Legitimate interest / Consent.

6. Cookies and Tracking Technologies

This website uses cookies and similar technologies to:

• Operate the website and ensure security.

• Monitor user interactions for analytics.

• Personalize content or improve user experience.

Users can manage cookie preferences directly from their browser settings. For a detailed description of the types of cookies used and their purpose, refer to our [Cookie Policy].

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including to meet legal, regulatory, tax, accounting, or reporting requirements.

• Under the GDPR (EU): Personal data will be kept for the duration necessary for the purpose it was collected. If processing is based on consent, data will be deleted upon withdrawal of consent unless a longer retention is legally required. Data processed to comply with legal obligations or legitimate interests will be retained as long as necessary for those purposes.

• Under the Swiss Federal Act on Data Protection (FADP): Data will be retained for no longer than necessary for the purposes of collection or as long as required by law.

• Under U.S. law: Retention periods may vary depending on state or federal requirements (e.g., CCPA or HIPAA), but data is not retained longer than necessary for business, legal, or security reasons.

Once the retention period expires, personal data will be securely deleted or anonymized, and users’ rights (e.g., access, rectification, erasure, portability) can no longer be exercised over deleted data.

8. User Rights

You have the following rights regarding your personal data, in accordance with applicable laws:

Under the GDPR (EU):

• Right of Access: Obtain confirmation of whether your data is being processed and access a copy.

• Right to Rectification: Request correction of inaccurate or incomplete data.

• Right to Erasure (“Right to be Forgotten”): Request deletion of your data under specific conditions.

• Right to Restrict Processing: Temporarily limit processing in certain cases.

• Right to Object: Object to processing based on legitimate interest or public task.

• Right to Data Portability: Receive your data in a structured, commonly used format and transfer it to another controller.

• Right to Withdraw Consent: Withdraw previously given consent at any time, without affecting the lawfulness of prior processing.

• Right to Lodge a Complaint: Contact your local data protection authority.

Under the Swiss FADP:

• Right of Access: Request information on what personal data is being processed.

• Right to Object: Oppose processing, including demanding restriction, deletion, or prohibition of disclosure to third parties.

• Right to Rectification: Request correction of inaccurate personal data.

• Right to Data Portability: Receive and transmit personal data to another data controller.

Under U.S. Regulations (e.g., CCPA):

• Right to Know: Request disclosure of what personal information is collected, used, or shared.

• Right to Delete: Request deletion of certain personal information.

• Right to Opt-Out: Opt out of the sale or sharing of personal data.

• Non-Discrimination: Not to be discriminated against for exercising privacy rights.

To exercise your rights, please use the contact details provided in the Contact section. Requests will be handled promptly and in accordance with applicable laws.

9. Security Measures

We apply industry-standard technical and organizational measures to safeguard your personal data against unauthorized access, disclosure, alteration, or destruction. These may include:

• Encryption of data in transit and at rest

• Firewalls and intrusion detection systems

• Access control and authentication mechanisms

• Staff training and confidentiality agreements

Despite our efforts, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security but are committed to continuously improving our practices.

10. Changes to This Policy

We may revise this privacy policy from time to time to reflect legal, technical, or operational changes. When updates are made, we will update the “Last Updated” date at the top of this page and post the revised version on this site. We encourage you to review the policy regularly.

Substantial changes may also be communicated via email or direct notice, where required by law.

11. Contact

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us at:

info@bzwebagency.com

We will respond to all inquiries as soon as possible, and always within the timeframes required by applicable data protection laws.