Privacy Policy

Last updated: March 2026

1. Data Controller

The data controller for seonyx.com is the owner of Seonyx Holdings, operating from Spain. For enquiries relating to your personal data, please contact contact@seonyx.com. Further business details are available on request.

2. What Data We Collect

When you submit an enquiry through our paid contact form, we collect and store:

  • Your full name
  • Your email address
  • Your company or organisation name (if provided)
  • The subject and body of your message
  • Your IP address at the time of submission (recorded for legal and anti-abuse purposes; disclosed in this policy in accordance with GDPR Art. 13)
  • Your browser user agent string
  • Payment metadata: the Stripe Payment Intent ID, the amount paid (€2.00), and the timestamp of the transaction

We do not collect, store, or have access to your full card number, CVV, or any other payment card details. All card processing is handled exclusively by Stripe Payments Europe Ltd.

3. Legal Basis for Processing

We process your personal data on the following legal bases under GDPR Article 6:

  • Article 6(1)(b) — Performance of a contract: Processing your name, email, and message content is necessary to deliver the paid contact service you have requested (i.e., routing your message to our inbox).
  • Article 6(1)(c) — Legal obligation: Retaining transaction records (payment amount, Stripe reference, timestamp) is required under Spanish tax law (obligations to Hacienda) and applicable financial record-keeping requirements.

4. How We Use Your Data

  • To deliver your message to our inbox and allow us to respond.
  • To maintain a record of paid transactions for accounting and legal compliance.
  • To investigate abuse or disputes if they arise.

We do not use your data for marketing purposes. We do not sell your data to third parties. We do not share your data with any third party except as described in section 5 below.

5. Third-Party Data Processors

Stripe Payments Europe Ltd processes your payment on our behalf. Stripe acts as a data processor under a data processing agreement with us. Stripe may process data outside the EEA; where it does so, it relies on Standard Contractual Clauses approved by the European Commission to ensure adequate protection. Stripe's privacy policy is available at stripe.com/privacy.

Email delivery: Your message content is transmitted to our inbox via SMTP. No third-party email marketing platform is used.

6. Retention Periods

  • Contact submissions (name, email, subject, message): retained for 12 months from the date of submission, then securely deleted.
  • Financial transaction records (payment amount, Stripe reference, timestamp, payer email): retained for 6 years in accordance with Spanish tax law requirements (obligations under the Ley General Tributaria).

7. Your Rights

Under GDPR you have the following rights regarding your personal data:

  • Access: You may request a copy of the data we hold about you.
  • Rectification: You may ask us to correct inaccurate data.
  • Erasure: You may ask us to delete your data, subject to legal retention obligations (see section 6).
  • Restriction: You may ask us to restrict processing while a dispute is resolved.
  • Portability: You may request your data in a structured, machine-readable format.
  • Objection: You may object to processing based on legitimate interests.

To exercise any of these rights, email contact@seonyx.com. We will respond within one month in accordance with GDPR Art. 12.

If you are not satisfied with how we handle your data, you have the right to lodge a complaint with the Spanish data protection authority: Agencia Espanola de Proteccion de Datos (AEPD), www.aepd.es.

8. Security

We take reasonable technical and organisational measures to protect your personal data. All data is transmitted over HTTPS. Payment processing uses Stripe's PCI DSS-compliant infrastructure. Access to stored submission data is restricted to authorised personnel only.

9. Changes to This Policy

We may update this policy from time to time. The "last updated" date at the top of this page reflects the most recent revision. Continued use of the contact form after changes are posted constitutes acceptance of the updated policy.