Privacy Policy

Last updated: 26 March 2026

ThreeStepTech ("we", "us", or "our") is a digital agency based in Marbella, Spain. This Privacy Policy explains how we collect, use, store, and protect your personal data when you visit our websites (threesteptech.com and its subdomains) or use our services.

1. Information We Collect

We may collect the following types of personal data:

• Contact information — name, email address, phone number, provided when you fill in a contact form, book a consultation, or send us a message.
• Business information — company name, website URL, or project details you share with us.
• Usage data — pages visited, time spent on site, referral source, browser type, device type, and IP address, collected automatically through analytics tools.
• Cookies and similar technologies — see Section 6 below.

2. How We Use Your Information

We use the data we collect to:

• Respond to your enquiries and provide the services you request.
• Schedule and manage consultation bookings.
• Send you project updates and relevant communications.
• Improve our websites, content, and services.
• Analyse website traffic and usage patterns.
• Comply with legal obligations.

We will not send you unsolicited marketing emails unless you have given explicit consent. You can opt out at any time.

3. Legal Basis for Processing (GDPR)

As we operate from Spain within the European Economic Area, we process your personal data under one or more of the following legal bases:

• Consent — where you have given clear consent (e.g. submitting a contact form).
• Contractual necessity — where processing is necessary to fulfil a contract or take pre-contractual steps at your request.
• Legitimate interest — where we have a legitimate business interest that does not override your rights (e.g. improving our services, website analytics).
• Legal obligation — where we are required to process data by law.

4. Data Sharing

We do not sell your personal data. We may share data with:

• Service providers — trusted third parties that help us operate our business (e.g. hosting, CRM, email, analytics). These include Vercel (hosting), Google Analytics (analytics), and GoHighLevel (CRM).
• Legal authorities — if required by law or to protect our legal rights.

All third-party providers are required to handle your data in accordance with applicable data protection laws.

5. Data Retention

We keep your personal data only for as long as necessary to fulfil the purposes outlined in this policy, or as required by law. Contact form submissions and lead data are typically retained for up to 24 months after your last interaction with us, unless you request earlier deletion.

6. Cookies

Our websites use cookies and similar technologies:

• Essential cookies — required for the site to function properly (e.g. theme preference).
• Analytics cookies — Google Analytics (GA4) to understand how visitors use our site. These cookies collect anonymised data including pages visited, session duration, and referral source.

You can manage cookie preferences through your browser settings. Disabling cookies may affect site functionality.

7. Your Rights

Under the GDPR, you have the right to:

• Access your personal data and request a copy.
• Rectify inaccurate or incomplete data.
• Erase your personal data ("right to be forgotten").
• Restrict processing of your data.
• Object to processing based on legitimate interest.
• Data portability — receive your data in a structured, machine-readable format.
• Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, contact us at admin@threesteptech.com.

8. Data Security

We take reasonable technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. Our websites are served over HTTPS, and we use reputable, security-conscious service providers.

9. International Transfers

Some of our service providers may process data outside the EEA (e.g. in the United States). Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions by the European Commission.

10. Children's Privacy

Our services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have collected data from a minor, please contact us and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. We encourage you to review this page periodically.

12. Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please get in touch:

• Email: admin@threesteptech.com
• Phone: +34 711 032 227
• Location: Marbella, Spain

You also have the right to lodge a complaint with the Spanish Data Protection Agency (Agencia Espanola de Proteccion de Datos, www.aepd.es) if you believe your data protection rights have been violated.