Privacy Policy
Effective date: May 30, 2026
This policy explains which personal data we process through this website, for what purpose, on what legal basis, and what rights you have. We are committed to transparency and to complying with the General Data Protection Regulation (GDPR) and applicable Spanish law.
01. Data controller
Controller: Leather Cluster Barcelona, tax ID G08503104, registered at Adoberia Bella, Carrer del Rec 21-23, 08700 Igualada (Barcelona). Data protection contact: [email protected]. Data Protection Officer (if applicable): none has been designated.
02. What data we process
Contact form: name, email address, subject and message.
Newsletter: email address.
Course and event registration: name and email address; for paid activities, payment data is collected and processed directly by Stripe (we do not store card data).
Audience measurement: aggregated, anonymous usage data that does not identify you.
03. Purposes and legal bases
Responding to your enquiries: consent or pre-contractual measures.
Sending the newsletter: your consent, given via double opt-in.
Managing registrations and payments: performance of a contract.
Anonymous, aggregated audience measurement: legitimate interest in understanding site usage, with no storage on your device and no cross-site tracking.
Enhanced analytics (session replay and linking events to your email address): only with your consent.
04. Analytics and cookies
Audience measurement uses PostHog in cookieless mode: data is processed in memory, with no persistent identifier and no cross-site tracking, and is hosted in the European Union region. For this reason it does not require a cookie consent banner. See our Cookie Policy for details.
05. Recipients and processors
We share data with providers acting as processors under contract: Directus (content management software), hosted by the technical provider responsible for maintaining the website; Stripe (payment processing); Resend (email delivery); PostHog (analytics, EU region) and Microsoft Azure (automatic content translation). We do not sell or share your data for advertising purposes.
06. International transfers
Where a processor handles data outside the European Economic Area, it does so under the appropriate safeguards provided by the GDPR. PostHog and Microsoft Azure process data within the European Union; Stripe and Resend may process it in the United States under standard contractual clauses or the EU-US Data Privacy Framework.
07. Retention
We keep data for as long as necessary for each purpose: enquiries for up to 12 months from the last communication; registrations and payments for the statutory accounting and tax periods (up to 6 years); and the newsletter until you withdraw consent.
08. Your rights
You may exercise your rights of access, rectification, erasure, restriction, portability and objection, and withdraw consent at any time, by writing to [email protected]. You also have the right to lodge a complaint with the Spanish Data Protection Agency (www.aepd.es).
09. Changes to this policy
We may update this policy. If we do, we will revise the effective date and, where the changes are significant, inform you through the usual channels.
