Compliance Matrix

Legal Architecture

Complete regulatory compliance documentation for CanyonSignalWorks. All policies are aligned with EU GDPR requirements and international data protection standards.

01

Privacy Policy

1.1 Data Controller Identification

The data controller responsible for the processing of personal data collected through this website is CanyonSignalWorks, registered at 17003, Carrer Xavier Montsalvatge 22, Girona, Spain. For any inquiries regarding data processing, you may contact our Data Protection Officer at [email protected].

1.2 Categories of Personal Data Processed

We collect and process the following categories of personal data:

  • Identity Data: Full name, professional title, and organizational affiliation provided through contact forms or direct communications.
  • Contact Data: Email address, telephone number, and physical address provided for service delivery and communication purposes.
  • Technical Data: Internet Protocol (IP) address, browser type and version, time zone setting, browser plug-in types, operating system, and platform.
  • Usage Data: Information about how you use our website, including pages visited, time spent on pages, navigation paths, and interaction patterns.
  • Communication Data: Content of messages sent through contact forms, email correspondence, and any other communication channels.

1.3 Legal Basis for Processing

We process personal data under the following legal bases as defined in Article 6 of the EU General Data Protection Regulation (GDPR):

  • Consent (Article 6(1)(a)): Where you have given explicit consent for specific processing purposes, such as subscribing to newsletters or accepting non-essential cookies.
  • Contractual Necessity (Article 6(1)(b)): Where processing is necessary for the performance of a contract to which you are a party, or to take steps at your request before entering into a contract.
  • Legitimate Interests (Article 6(1)(f)): Where processing is necessary for our legitimate interests or those of a third party, provided such interests are not overridden by your fundamental rights and freedoms.

1.4 Data Retention Periods

Personal data is retained only for as long as necessary to fulfill the purposes for which it was collected. Contact form submissions are retained for a maximum of 24 months from the date of submission. Contract-related data is retained for the duration of the contractual relationship plus 6 years in accordance with Spanish commercial record-keeping requirements. Technical and usage data is aggregated and anonymized after 12 months.

1.5 Data Subject Rights

Under the EU GDPR, you have the following rights regarding your personal data:

  • Right of Access (Article 15): The right to obtain confirmation as to whether personal data is being processed and to access such data.
  • Right to Rectification (Article 16): The right to request correction of inaccurate personal data or completion of incomplete data.
  • Right to Erasure (Article 17): The right to request deletion of personal data where there is no compelling reason for continued processing.
  • Right to Restrict Processing (Article 18): The right to request restriction of processing in certain circumstances.
  • Right to Data Portability (Article 20): The right to receive your personal data in a structured, commonly used, machine-readable format.
  • Right to Object (Article 21): The right to object to processing based on legitimate interests, including profiling.

1.6 International Data Transfers

Personal data may be transferred to, stored, and processed in countries outside the European Economic Area (EEA). Where such transfers occur, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, Binding Corporate Rules (BCRs), or other legally recognized transfer mechanisms.

1.7 Data Security Measures

We implement appropriate technical and organizational measures to ensure the security of personal data, including encryption of data in transit and at rest, regular security assessments, access controls, and incident response procedures. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and, where required, notify affected individuals without undue delay.

1.8 Supervisory Authority

You have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work, or place of the alleged infringement if you consider that the processing of your personal data infringes the EU GDPR. For complaints related to our operations, the competent authority is the Agencia Española de Protección de Datos (AEPD).

02

Cookies Policy

2.1 Cookie Architecture Overview

This website employs cookies and similar tracking technologies to enhance user experience, analyze site performance, and support marketing activities. Cookies are small text files stored on your device when you visit our website. This policy explains how CanyonSignalWorks uses cookies and the choices available to you.

2.2 Essential Cookies

Essential cookies are necessary for the website to function properly and cannot be disabled. They are typically set in response to actions you take, such as setting privacy preferences, logging in, or filling in forms.

Cookie Name Purpose Duration
session_id Maintains user session state Session
csrf_token Prevents cross-site request forgery Session
cookie_consent Stores user cookie preferences 12 months

2.3 Analytics Cookies

Analytics cookies help us understand how visitors interact with our website by collecting and reporting information anonymously. These cookies allow us to measure and improve site performance.

Cookie Name Purpose Duration
_ga Google Analytics - Distinguishes unique users 24 months
_gid Google Analytics - Distinguishes unique users 24 hours

2.4 Cookie Management

You can manage your cookie preferences at any time through our Cookie Consent Banner, which appears on your first visit. You may also control cookies through your browser settings. Please note that disabling certain cookies may impact website functionality.

To learn more about cookies and how to manage them, visit www.allaboutcookies.org.

03

Refund Policy

3.1 Scope and Applicability

This Refund Policy governs all service engagements between CanyonSignalWorks and its clients. By engaging our services, you acknowledge and agree to the terms outlined in this policy. Refund eligibility is determined based on the stage of service delivery, the nature of the engagement, and adherence to contractual obligations.

3.2 Project-Based Services

For project-based engagements, refunds are evaluated according to the following milestone-based structure:

  • Pre-Discovery Phase: Full refund (100%) if cancellation occurs before the commencement of the Deep Discovery & Structural Mapping phase.
  • During Discovery Phase: Partial refund (50%) minus any costs already incurred for deliverables produced during the Discovery phase.
  • Post-Discovery Phase: No refund is available once the Core Engineering & Algorithmic Integration phase has commenced, as resources have been allocated and development work initiated.

3.3 Subscription and Retainer Services

For ongoing subscription or retainer-based services, clients may cancel with 30 days' written notice. A pro-rata refund will be issued for the remaining prepaid period, calculated from the date of cancellation. No refund is available for services already rendered during the current billing period.

3.4 Refund Request Procedure

To request a refund, you must submit a written request to [email protected] including:

  • Original contract or agreement reference number
  • Detailed justification for the refund request
  • Supporting documentation, if applicable

3.5 Processing Timeline

All refund requests will be acknowledged within 5 business days. A determination will be made within 15 business days of receiving the complete request. Approved refunds will be processed within 30 business days using the original payment method.

04

Terms of Service

4.1 Acceptance of Terms

By accessing or using the services provided by CanyonSignalWorks, registered at 17003, Carrer Xavier Montsalvatge 22, Girona, Spain, you agree to be bound by these Terms of Service. If you do not agree to these terms, you must not access or use our services. These terms constitute a legally binding agreement between you (the "Client") and CanyonSignalWorks (the "Provider").

4.2 Scope of Services

The Provider offers digital engineering, web development, and related technology consulting services. The specific scope, deliverables, timeline, and pricing for each engagement will be defined in a separate Statement of Work (SOW) or service agreement executed between the parties. These Terms apply to all services unless explicitly superseded by a written agreement.

  • All service specifications are subject to mutual agreement as documented in the applicable SOW.
  • Any changes to the agreed scope must be documented through a formal change request process.
  • The Provider reserves the right to refuse scope changes that would compromise project quality or timeline.

4.3 Payment Terms

Payment terms are as specified in the applicable SOW. Unless otherwise agreed:

  • Invoices are payable within 14 days of invoice date.
  • Late payments incur a statutory interest rate of 8% per annum plus applicable administrative costs.
  • The Provider may suspend services if payment is overdue by more than 30 days.
  • All prices are exclusive of applicable taxes unless otherwise stated.

4.4 Intellectual Property

Upon full payment, the Client receives a perpetual, non-exclusive, worldwide license to use all deliverables produced under the engagement. The Provider retains ownership of pre-existing intellectual property, frameworks, methodologies, and tools developed independently of the specific engagement. The Provider may use anonymized, aggregated project data for portfolio and case study purposes unless explicitly prohibited in writing.

4.5 Confidentiality

Each party agrees to maintain the confidentiality of all proprietary information disclosed during the course of the engagement. This obligation survives termination of the agreement for a period of 3 years. Confidential information may not be disclosed to third parties without prior written consent, except as required by law.

4.6 Limitation of Liability

The Provider's total aggregate liability under any engagement shall not exceed the total fees paid by the Client for the specific services giving rise to the claim. The Provider shall not be liable for indirect, incidental, special, consequential, or punitive damages, including but not limited to loss of profits, data, business opportunities, or goodwill.

4.7 Governing Law and Jurisdiction

These Terms shall be governed by and construed in accordance with the laws of Spain. Any disputes arising from or relating to these Terms or the services provided shall be subject to the exclusive jurisdiction of the courts of Girona, Spain. The parties agree to attempt to resolve any dispute through good-faith negotiation before initiating formal proceedings.

4.8 Termination

Either party may terminate the agreement with 30 days' written notice. The Provider may terminate immediately if the Client breaches material obligations, including non-payment. Upon termination, the Client shall pay for all services rendered up to the termination date. All deliverables completed prior to termination shall be delivered to the Client upon receipt of final payment.

4.9 Amendments

The Provider reserves the right to amend these Terms at any time. Material changes will be communicated to active clients via email with at least 30 days' notice. Continued use of services after the effective date of any amendment constitutes acceptance of the updated Terms.

Last Updated: January 2026 | Version 1.0

© 2026 CanyonSignalWorks. All rights reserved.