Privacy policy
Last Updated: March 2025
Controller:
Dominik Schmidtke
Brand Name: NOCAPLAB (a brand of collision.media)
Address: 40789 Monheim am Rhein, Germany
Email: info@nocaplab.eu
Phone: +351937875375
1. Scope
This Privacy Policy applies to personal data collected through:
Creator Submissions (Google Forms),
Newsletter Subscriptions (Brevo),
Brand Submissions (Squarespace).
We operate in Spain and Portugal and comply with the EU General Data Protection Regulation (GDPR) and local data protection laws.
2. Data We Collect and Why
Below is a summary of the data we collect, its purpose, and the legal basis for processing:
| Submission Type | Data Collected | Purpose | Legal Basis |
|---|---|---|---|
| Creator Submissions | Name, email, and details from Google Forms. | Evaluate submissions, assign TIER categories, and communicate via Brevo. | Contractual necessity (Art. 6(1)(b) GDPR. |
| Newsletter Subscriptions | Email address (via Brevo). | Send newsletters after double opt-in (DOI) confirmation. | Consent (Art. 6(1)(a) GDPR. |
| Brand Submissions | Name, email, company details (via Squarespace). | Respond to inquiries and manage campaigns via Brevo. | Legitimate interest (Art. 6(1)(f) GDPR. |
3. Data Retention
Creator/Brand Submissions: Retained for 3 years after the last contact (unless legally required longer).
Newsletter Subscriptions: Retained until you unsubscribe or request deletion.
4. Third-Party Providers
We share data with:
Google (Forms/Sheets): Processes data in the EU (GDPR-compliant).
Brevo (France): Email service provider (GDPR-compliant).
Squarespace (USA): Data transfers rely on Standard Contractual Clauses (SCCs).
5. Your Rights
Under GDPR, you can:
Access, correct, or delete your data.
Object to processing or restrict how we use your data.
Withdraw consent (e.g., unsubscribe via Brevo emails).
Port your data to another provider.
To exercise these rights, contact us at: [Insert Contact Email].
We will respond within 30 days.
6. International Data Transfers
Data may be transferred outside the EU (e.g., Squarespace in the USA). All transfers use GDPR-approved safeguards (e.g., SCCs).
7. Security Measures
We use encryption, access controls, and regular security audits to protect your data.
8. Complaints
If you believe we violated GDPR, you may lodge a complaint with:
Spain: Agencia Española de Protección de Datos (AEPD) – https://www.aepd.es/.
Portugal: Comissão Nacional de Protecção de Dados (CNPD) – https://www.cnpd.pt/.
9. Updates
We will notify you of significant changes via email or a website notice.