Privacy Center
01.Data Controller
Controller: Rubén Bordonada Arroyo
Email: contacto@iagovernance.com
Website: https://iagovernance.com
02.Data We Collect and How
A. Maturity Assessment (interactive form)
When you complete the assessment, we collect your questionnaire answers (industry, organization size, answers per area), the calculated score, the number of pending actions, and, optionally, your email if you choose to receive it. This data is automatically sent to a private spreadsheet (Google Sheets) and used to improve the assessment itself and generate aggregated, anonymous industry analysis. It is not linked to any identifiable user profile unless the email is voluntarily provided.
Technical data included: timestamp, completion time, referring URL, and UTM parameters when applicable.
B. Voluntary Email Capture in the Assessment
If you provide your email at the end of the assessment to receive the summary, that email is sent to the same Google Sheets spreadsheet along with the score and industry. It may be used to send the requested summary and, with consent, communications about new site resources. You can unsubscribe at any time via the link included in every email.
C. Digital Product Purchases
Purchases are processed entirely by Lemon Squeezy (see section 5). IAGovernance.com may receive the buyer's email for post-sale management (support and refunds). With the buyer's express consent, that email may be used for communications about new products.
D. Talent Survey
The talent survey form collects professional data (role, industry, country, experience, salary — voluntary). Data is anonymous by default. If you provide an email to receive the results, it is processed separately and not linked to your survey answers in published analyses.
E. Technical Server Logs
Hosting provider Netlify, Inc. records technical logs (IP, browser, date/time, URL) for security and availability purposes. This data is not directly accessible to the data controller and is managed per Netlify's privacy policy.
F. Google Fonts
The site loads fonts from fonts.googleapis.com. Google may log the user's IP for this service. Google states it does not use cookies for this purpose.
03.Purposes and Legal Basis of Processing
Assessment (anonymous data): Service improvement and industry research. Legal basis: legitimate interest (Art. 6.1.f GDPR).
Assessment email: Sending the requested summary and optional communications. Legal basis: consent (Art. 6.1.a GDPR).
Purchase management: Contract performance and post-sale management. Legal basis: contractual performance (Art. 6.1.b GDPR).
Talent survey (anonymous data): Research and publication of results. Legal basis: consent and legitimate interest.
Server logs: Security and availability. Legal basis: legitimate interest (Art. 6.1.f GDPR).
04.Data Retention
Assessment data is retained in Google Sheets for 24 months for trend analysis, after which it is anonymized. Voluntarily provided emails are kept until the user requests deletion. Purchase data is retained for the legally required period (5 years for tax obligations). Server logs are managed by Netlify per its policy.
05.Recipients and Data Processors
Google LLC (Google Sheets, Google Fonts) — Data processor for storing assessment and survey data. Transfer covered by the EU-US Data Privacy Framework and Standard Contractual Clauses.
Lemon Squeezy / A Maple Street Co., Inc. — Merchant of Record for payment processing and digital product distribution. Acts as data controller for transaction data. See their privacy policy.
Netlify, Inc. — Hosting provider. Data processor for technical server logs.
Plausible Analytics (where applicable) — Cookie-free web analytics tool with no identifiable personal data. Does not require consent.
Data is not shared with third parties for commercial purposes. No automated decisions with legal effects on users are made.
06.International Transfers
Data processed by Google LLC and Lemon Squeezy (A Maple Street Co., Inc.) involves transfers to the USA. These transfers are made under the EU-US Data Privacy Framework and, where applicable, the Standard Contractual Clauses adopted by the European Commission (Implementing Decision 2021/914).
07.Your Rights
Under GDPR and LOPDGDD, you can exercise the following rights over your personal data:
- Access: obtain confirmation of whether we process your data and a copy of it.
- Rectification: correct inaccurate or incomplete data.
- Erasure: request deletion of your data when no longer needed.
- Objection: object to processing based on legitimate interest.
- Restriction: request that we suspend processing under certain circumstances.
- Portability: receive your data in a structured format when processing is based on consent or contract.
- Withdrawal of consent: at any time, without affecting the lawfulness of prior processing.
To exercise these rights, contact us at contacto@iagovernance.com. You also have the right to file a complaint with the Spanish Data Protection Agency (AEPD).
08.Minors
The Website is not directed at children under 14. The assessment, survey, and product purchases require the user to be over 14. Purchasing products requires being over 18 or having authorization from a legal guardian.
09.Changes
This Privacy Policy may be modified to adapt to legislative or service changes. The last update date appears at the top. When changes are substantial, users who provided their email will be notified.
10.Contact and DPO
For privacy questions or to exercise your rights: contacto@iagovernance.com — or via this Privacy Center.
There is no legal obligation to appoint a DPO in this case, although the data controller personally handles all privacy requests.