Privacy Policy
Last Updated: November 2025
Effective Date: November 2025
1. Introduction
Gemelo Digital (“Gemelo Digital,” “we,” “us,” or “our”) is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at gemelo-ai.com and use our services.
We process personal data in compliance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the Spanish Organic Law 3/2018 on Data Protection and Guarantee of Digital Rights (“LOPDGDD”), and other applicable data protection legislation.
By using our Platform, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our data practices, please do not access or use our services.
2. Data Controller
The data controller responsible for your personal data is:
Gemelo Digital
Email: privacy@gemelo-ai.com
Website: https://gemelo-ai.com
For matters related to data protection, you may contact our Data Protection contact at: dpo@gemelo-ai.com
3. Categories of Personal Data We Collect
We may collect and process the following categories of personal data:
3.1 Information You Provide Directly
- Identity data: name, surname, job title, company name
- Contact data: email address, telephone number, postal address
- Account data: username, password, account preferences
- Professional data: company information, industry sector, business role
- Communication data: records of correspondence and inquiries
- Feedback data: survey responses, product reviews, testimonials
3.2 Information Collected Automatically
- Technical data: IP address, browser type and version, operating system, device identifiers
- Usage data: pages visited, time spent on pages, navigation paths, click patterns
- Location data: country and city based on IP address (approximate location only)
- Performance data: page load times, error reports, service interaction metrics
3.3 Information from Third Parties
- Business partner data: information shared by our commercial partners for service delivery
- Publicly available data: information from public databases and professional networks
- Analytics providers: aggregated insights from third-party analytics services
4. Legal Bases for Processing
We process your personal data based on one or more of the following legal grounds under Article 6 of the GDPR:
4.1 Contract Performance (Article 6(1)(b) GDPR)
Processing necessary for the performance of a contract to which you are a party, or to take steps at your request prior to entering into a contract. This includes:
- Providing access to our Platform and services
- Managing your account and user preferences
- Processing service requests and inquiries
- Delivering contracted digital twin and optimization services
4.2 Legitimate Interests (Article 6(1)(f) GDPR)
Processing necessary for our legitimate interests, provided these interests do not override your fundamental rights. Our legitimate interests include:
- Improving and developing our Platform and services
- Analyzing usage patterns to enhance user experience
- Protecting the security and integrity of our systems
- Conducting business analytics and reporting
- Marketing our services to existing customers (with opt-out option)
4.3 Legal Obligation (Article 6(1)(c) GDPR)
Processing necessary to comply with legal obligations, including:
- Tax and accounting requirements
- Responding to lawful requests from public authorities
- Compliance with EU regulations applicable to our industry
4.4 Consent (Article 6(1)(a) GDPR)
Where required, we obtain your explicit consent before processing certain data, particularly for:
- Sending marketing communications to prospective customers
- Placing non-essential cookies on your device
- Processing special categories of personal data, if applicable
You may withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal.
5. How We Use Your Personal Data
We use your personal data for the following purposes:
5.1 Service Provision
- Creating and managing your user account
- Providing access to our digital twin platform and AI optimization tools
- Processing and responding to your inquiries and support requests
- Delivering technical documentation and training materials
5.2 Platform Improvement
- Analyzing usage patterns to improve functionality and user experience
- Conducting research and development for new features
- Testing and debugging our software and systems
- Monitoring platform performance and reliability
5.3 Communication
- Sending service-related notifications and updates
- Responding to your inquiries and feedback
- Providing customer support
- Sending marketing communications (where consent obtained or legitimate interest applies)
5.4 Security and Compliance
- Protecting the Platform from unauthorized access and cyber threats
- Detecting and preventing fraud and abuse
- Complying with legal obligations and regulatory requirements
- Enforcing our Terms of Use and other agreements
5.5 Business Operations
- Managing business relationships with clients and partners
- Processing payments and managing billing (for paid services)
- Conducting internal reporting and analytics
- Planning and executing business strategies
6. Data Sharing and Disclosure
We do not sell your personal data. We may share your information with the following categories of recipients:
6.1 Service Providers
We engage trusted third-party service providers who process data on our behalf, including:
- Cloud hosting and infrastructure providers (within the EU/EEA)
- Analytics and performance monitoring services
- Customer relationship management platforms
- Email and communication service providers
All service providers are contractually bound to process data only according to our instructions and in compliance with GDPR requirements.
6.2 Business Partners
We may share data with technology partners involved in delivering our services, such as:
- Terminal Operating System (TOS) providers for integration purposes
- Port authority systems for service delivery
- Technology integration partners
6.3 Legal and Regulatory Authorities
We may disclose personal data when required by law or in response to:
- Valid legal processes (subpoenas, court orders)
- Requests from law enforcement or regulatory authorities
- Protection of our legal rights and interests
- Prevention of fraud or security threats
6.4 Corporate Transactions
In the event of a merger, acquisition, reorganization, or sale of assets, your personal data may be transferred to the acquiring entity, subject to appropriate data protection safeguards.
7. International Data Transfers
Gemelo Digital primarily stores and processes personal data within the European Economic Area (EEA). If we transfer personal data outside the EEA, we ensure adequate protection through:
- European Commission adequacy decisions
- Standard Contractual Clauses approved by the European Commission
- Binding Corporate Rules (where applicable)
- Your explicit consent (where appropriate)
You may request information about specific safeguards by contacting us at privacy@gemelo-ai.com.
8. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required by law.
Our standard retention periods are:
| Data Category | Retention Period |
| Account data | Duration of account plus 3 years |
| Transaction records | 6 years (Spanish commercial law) |
| Communication records | 3 years from last interaction |
| Analytics data | 26 months (anonymized thereafter) |
| Marketing consent records | Duration of consent plus 3 years |
| Technical logs | 12 months |
When retention periods expire, we securely delete or anonymize the data.
9. Your Data Protection Rights
Under the GDPR and LOPDGDD, you have the following rights regarding your personal data:
9.1 Right of Access (Article 15 GDPR)
You have the right to obtain confirmation of whether we process your personal data and, if so, access to the data and information about our processing activities.
9.2 Right to Rectification (Article 16 GDPR)
You have the right to request correction of inaccurate personal data and completion of incomplete data.
9.3 Right to Erasure (Article 17 GDPR)
You have the right to request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for its original purpose.
9.4 Right to Restriction (Article 18 GDPR)
You have the right to request restriction of processing in specific situations, such as when you contest the accuracy of the data.
9.5 Right to Data Portability (Article 20 GDPR)
You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.
9.6 Right to Object (Article 21 GDPR)
You have the right to object to processing based on legitimate interests or for direct marketing purposes. For direct marketing, we will stop processing upon your objection.
9.7 Rights Related to Automated Decision-Making (Article 22 GDPR)
You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects, unless exceptions apply.
9.8 Right to Withdraw Consent
Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, please contact us at privacy@gemelo-ai.com. We will respond within one month, which may be extended by two additional months for complex requests.
10. Data Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:
- Encryption of data in transit using TLS/SSL protocols
- Encryption of sensitive data at rest
- Access controls and authentication mechanisms
- Regular security assessments and penetration testing
- Employee training on data protection and security
- Incident response and breach notification procedures
- Physical security measures for our infrastructure
While we strive to protect your personal data, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security.
11. Children’s Privacy
Our Platform is not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a minor, please contact us immediately at privacy@gemelo-ai.com, and we will take steps to delete such information.
12. Links to Third-Party Websites
Our Platform may contain links to third-party websites or services. This Privacy Policy does not apply to those external sites. We encourage you to review the privacy policies of any third-party sites you visit.
13. Changes to This Privacy Policy
We may update this Privacy Policy periodically to reflect changes in our practices or applicable law. When we make material changes, we will:
- Update the “Last Updated” date at the top of this policy
- Post a notice on our Platform
- Where required, notify you by email
We encourage you to review this Privacy Policy regularly.
14. Supervisory Authority
If you believe that our processing of your personal data violates data protection laws, you have the right to lodge a complaint with a supervisory authority. In Spain, the competent authority is:
Agencia Española de Protección de Datos (AEPD)
Website: https://www.aepd.es
Address: C/ Jorge Juan, 6, 28001 Madrid, Spain
Phone: +34 901 100 099
However, we encourage you to contact us first so we can address your concerns directly.
15. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Gemelo Digital
Website: https://gemelo-ai.com
General Inquiries: info@gemelo-ai.com
We are committed to working with you to resolve any privacy concerns.