Legal Framework

Regulatory Compliance

All protocols governing data processing, user rights, service agreements, and operational conduct for SummitKernelWorks, headquartered at 37002, Plaza Mayor 10, Salamanca, Spain.

01 Privacy Policy

Last updated: July 2026

SummitKernelWorks ("we", "our", "us"), registered at 37002, Plaza Mayor 10, Salamanca, Spain, is committed to protecting your personal data in full compliance with Regulation (EU) 2016/679 (General Data Protection Regulation — GDPR) and the Spanish Organic Law 3/2018 on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD).

1. Data Controller

The data controller responsible for processing your personal data is SummitKernelWorks, reachable at [email protected] and by postal mail at 37002, Plaza Mayor 10, Salamanca, Spain. Our Data Protection Officer contact is available upon formal request to the email address above.

2. Categories of Personal Data Collected

We collect and process the following categories of personal data through our contact forms, service engagement processes, and website analytics:

  • Identification Data: Full name, professional title, and organizational affiliation provided through our contact or inquiry forms.
  • Contact Data: Email address, telephone number, and postal address provided for service communication and delivery.
  • Technical Data: IP address, browser type and version, operating system, device identifiers, referring URLs, and page interaction events collected automatically through essential cookies.
  • Service Data: Project specifications, technical requirements, and business context voluntarily provided during service engagement scoping.
  • Financial Data: Transaction records related to service payments, processed through our certified third-party payment processor (Stripe). We do not store credit card numbers, CVVs, or full banking credentials on our servers.

3. Legal Basis for Processing

We process personal data under the following legal bases as defined in Article 6(1) GDPR:

  • Consent (Art. 6(1)(a)): For marketing communications, newsletter subscriptions, and non-essential cookie deployment where explicit opt-in consent has been obtained.
  • Contractual Necessity (Art. 6(1)(b)): For processing personal data required to perform a contract with you or to take pre-contractual steps at your request, including service delivery, project communication, and account management.
  • Legitimate Interest (Art. 6(1)(f)): For website analytics, security monitoring, and fraud prevention, where such processing does not override your fundamental rights and freedoms.

4. Purpose of Processing

Your personal data is processed for the following specific purposes:

  • Responding to your inquiries and establishing service engagement channels.
  • Delivering contracted digital engineering services and managing the associated project lifecycle.
  • Processing payments and maintaining accurate financial records as required by Spanish tax law.
  • Maintaining website functionality, security integrity, and performance optimization.
  • Complying with legal obligations, including tax reporting, data retention requirements, and regulatory audits.

5. Data Retention

Personal data is retained only for the duration necessary to fulfill the purposes for which it was collected:

  • Contact form data: Retained for 24 months from the date of submission, or until the associated service engagement is concluded, whichever is later.
  • Service engagement data: Retained for the duration of the contractual relationship plus 6 years as required by Spanish commercial and tax record-keeping obligations.
  • Financial transaction records: Retained for 5 years in compliance with Spanish General Tax Law (Ley General Tributaria) requirements.
  • Website analytics data: Aggregated and anonymized after 26 months. Identifiable data is not retained beyond this period.

6. Your Rights Under GDPR

Under the General Data Protection Regulation, you have the following rights regarding your personal data:

  • Right of Access (Art. 15): Request confirmation of whether we process your personal data and obtain a copy of such data.
  • Right to Rectification (Art. 16): Request correction of inaccurate personal data or completion of incomplete data.
  • Right to Erasure (Art. 17): Request deletion of your personal data where processing is no longer necessary, consent is withdrawn, or processing is unlawful.
  • Right to Restriction (Art. 18): Request restriction of processing in specific circumstances, including pending verification of accuracy or objection to processing.
  • Right to Data Portability (Art. 20): Receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller.
  • Right to Object (Art. 21): Object to processing based on legitimate interests, including direct marketing.
  • Right to Withdraw Consent (Art. 7(3)): Withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

To exercise any of these rights, contact us at [email protected]. We will respond to your request within 30 days. You also have the right to lodge a complaint with the Spanish Data Protection Agency (Agencia Española de Protección de Datos — AEPD) at www.aepd.es.

7. International Data Transfers

Some of our technology service providers may be located outside the European Economic Area (EEA). When personal data is transferred internationally, we ensure appropriate safeguards are in place, including EU Standard Contractual Clauses (SCCs) approved by the European Commission, or transfers to jurisdictions recognized as providing adequate data protection under Article 45 GDPR.

8. Security Measures

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. These measures include TLS encryption for data in transit, AES-256 encryption for data at rest where applicable, access controls with least-privilege principles, regular security audits, and staff training on data protection obligations.

02 Cookie Matrix

Last updated: July 2026

This Cookie Matrix explains how SummitKernelWorks uses cookies and similar technologies when you access our website at 37002, Plaza Mayor 10, Salamanca, Spain.

1. What Are Cookies

Cookies are small text files placed on your device by websites you visit. They are widely used to enable website functionality, improve user experience, and provide analytical information to website operators.

2. Categories of Cookies Deployed

We deploy the following categories of cookies on our website:

  • Strictly Necessary Cookies: Required for the website to function correctly. These enable core features such as session management, security tokens, and cookie consent state persistence. They cannot be disabled as the website would not function without them.
  • Performance Cookies: Collect anonymized information about how visitors use our website, including pages visited, time spent, and error encountered. These cookies do not identify you personally and are used solely to improve website performance.
  • Functional Cookies: Enable enhanced functionality and personalization, such as remembering your preferences and display settings across sessions.

3. Specific Cookies Used

Cookie Category Duration Purpose
cookie_consent Strictly Necessary 12 months Stores your cookie preference choice (accepted or declined).
session_id Strictly Necessary Session Maintains session state during active browsing.
csrf_token Strictly Necessary Session Prevents cross-site request forgery attacks on form submissions.

4. Managing Cookies

When you first visit our website, you are presented with a Cookie Consent Banner allowing you to accept or decline non-essential cookies. You may change your preference at any time by clearing your browser cookies and revisiting the site, where the consent banner will reappear.

You can also control cookies through your browser settings. Most browsers allow you to refuse or delete cookies. Note that disabling strictly necessary cookies may impair website functionality.

5. Third-Party Cookies

Our payment processing partner (Stripe) may deploy cookies during the checkout process. These are governed by Stripe's own cookie policy and privacy policy. We do not control third-party cookies and encourage you to review the relevant third-party policies directly.

03 Refund Protocol

Last updated: July 2026

This Refund Protocol governs all financial transactions between SummitKernelWorks, located at 37002, Plaza Mayor 10, Salamanca, Spain, and its clients for digital engineering services.

1. Milestone-Based Payment Structure

All service engagements operate on a milestone-based payment structure. Payments are invoiced upon the completion and client acceptance of predefined project milestones as outlined in the service agreement executed at project initiation. This structure ensures that payment obligations are directly correlated with verified deliverable completion.

2. Refund Eligibility

Refunds may be issued under the following circumstances:

  • Pre-Engagement Cancellation: If a service engagement is cancelled before any work has commenced, a full refund of any advance payment will be processed within 14 business days.
  • Milestone Non-Delivery: If we fail to deliver a milestone deliverable within the agreed timeframe and cannot provide a revised delivery schedule acceptable to both parties, you are entitled to a refund of the payment associated with that specific milestone.
  • Material Defect: If a delivered milestone contains material technical defects that cannot be remedied within two correction cycles, you may request a partial or full refund for that milestone, subject to assessment by both parties.

3. Non-Refundable Circumstances

The following are not eligible for refund:

  • Work completed and accepted under a signed milestone acceptance form.
  • Discovery, research, and scoping phases that have been delivered and documented.
  • Third-party service costs (hosting, domain registration, API licensing) incurred on the client's behalf.
  • Changes in project scope initiated by the client after milestone acceptance.

4. Refund Request Process

To request a refund, submit a formal written request to [email protected] detailing the specific milestone, the nature of the claim, and supporting evidence. We will acknowledge receipt within 3 business days and provide a substantive response within 14 business days. Approved refunds will be processed through the original payment method within 30 business days.

5. Dispute Resolution

In the event of a refund dispute that cannot be resolved through direct communication, both parties agree to submit the matter to mediation administered by a mutually agreed mediator in Salamanca, Spain, before initiating any formal legal proceedings. The applicable law governing this refund protocol is the law of Spain.

04 Service Contracts

Last updated: July 2026

These Terms of Service ("Terms") govern the provision of digital engineering services by SummitKernelWorks, located at 37002, Plaza Mayor 10, Salamanca, Spain, to its clients ("Client", "you"). By engaging our services, you agree to be bound by these Terms.

1. Scope of Services

All services are defined in the individual Service Agreement executed between SummitKernelWorks and the Client at project initiation. This agreement specifies the exact scope, deliverables, timeline, pricing, and acceptance criteria for the engagement. Any modifications to the agreed scope require a written change order signed by both parties.

2. Intellectual Property

Upon full payment of all invoiced amounts, the Client receives a perpetual, non-exclusive license to use all custom-developed deliverables as specified in the Service Agreement. SummitKernelWorks retains the right to use anonymized, non-client-identifiable technical methodologies, architectural patterns, and general know-how developed during the engagement. Pre-existing intellectual property, frameworks, and tools used in service delivery remain the property of SummitKernelWorks unless explicitly transferred in the Service Agreement.

3. Confidentiality

Both parties agree to maintain the confidentiality of all proprietary information disclosed during the engagement. This obligation survives termination of the service relationship for a period of 24 months. Confidential information includes, but is not limited to, business strategies, technical architectures, financial data, client lists, and unpublished product specifications.

4. Payment Terms

All invoices are payable within 14 days of the invoice date unless otherwise specified in the Service Agreement. Late payments incur a statutory interest rate as defined under Spanish commercial law. SummitKernelWorks reserves the right to suspend work on any project where an invoice remains unpaid beyond 7 days past its due date, after providing written notice.

5. Limitation of Liability

To the maximum extent permitted by applicable law, SummitKernelWorks's total aggregate liability under any Service Agreement shall not exceed the total fees paid by the Client under that specific agreement during the 12 months preceding the claim. SummitKernelWorks shall not be liable for indirect, consequential, incidental, or punitive damages, including lost profits, data loss, or business interruption, regardless of whether such damages were foreseeable.

6. Force Majeure

Neither party shall be liable for delays or failures in performance resulting from causes beyond reasonable control, including but not limited to natural disasters, war, terrorism, pandemics, government actions, power failures, internet infrastructure failures, or cyberattacks of a nature that could not reasonably have been prevented by industry-standard security measures.

7. Termination

Either party may terminate a Service Agreement with 30 days' written notice. SummitKernelWorks may terminate immediately if the Client materially breaches any term of the agreement and fails to cure such breach within 14 days of written notice. Upon termination, the Client is obligated to pay for all work completed and accepted up to the termination date.

8. Governing Law and Jurisdiction

These Terms are governed by the laws of Spain. Any disputes arising from or relating to these Terms or the services provided shall be subject to the exclusive jurisdiction of the courts of Salamanca, Spain, unless otherwise agreed in writing.

9. Amendments

SummitKernelWorks reserves the right to amend these Terms with 30 days' prior written notice. Continued use of our services after the effective date of any amendment constitutes acceptance of the amended Terms. Material changes to existing Service Agreements require mutual written agreement.