Last review: May 9, 2026
This policy explains how VEI processes personal data from visitors, prospects, clients, and CMS users under the GDPR, Spanish data protection law, and digital services rules.
The controller is Vanguard Edge Intelligence (VEI). For privacy questions or rights requests, contact support@vei.solutions.
VEI has not appointed a Data Protection Officer because, based on the current activity, it is not mandatory. If the activity or processing volume changes, this policy will be updated.
We request only the data needed to answer enquiries and manage a commercial or contractual relationship. The public contact form collects name, email, optional company, message, privacy acceptance, and optional marketing consent.
We may also process limited technical data for security and operation: IP address, technical headers, date/time, temporary abuse-prevention keys, cookie preferences, and private CMS session data.
We process data to answer enquiries, prepare proposals, provide services, administer the CMS, keep systems secure, comply with legal obligations, and, if accepted, send marketing communications or measure site usage.
| Purpose | Lawful basis |
|---|---|
| Answer forms and prepare proposals | Pre-contractual steps or legitimate interest in responding to your request. |
| Service delivery and client management | Contract performance and compliance with legal obligations. |
| Commercial communications | Consent when selected in the form or prior relationship where permitted by law. |
| Security, abuse prevention, and rate limiting | Legitimate interest in protecting the website, CMS, and systems. |
| Google Analytics through Tag Manager | Prior, configurable, and withdrawable consent. |
| Tax, accounting, or legal obligations | Compliance with applicable legal obligations. |
VEI uses technology providers that must process data only under documented instructions and with appropriate safeguards. We do not sell personal data.
| Provider or category | Use | Transfers and safeguards |
|---|---|---|
| Resend | Internal notifications for new leads and transactional email. | May involve processing outside the EEA. Resend publishes a DPA, subprocessors, and transfer mechanisms such as DPF/SCCs. |
| Google Tag Manager / Google Analytics | Tag management and traffic/performance measurement if analytics is accepted. | May involve processing by Google only if analytics is accepted. Before GTM loads, consent is denied by default; GA4 must respect that choice. |
| Hosting, database, and storage | Website, private CMS, media, and operational backups. | Depends on the contracted provider, under processor terms and appropriate safeguards. |
| Advisers or authorities | Tax, legal compliance, or defence of claims. | Only where necessary and lawful. |
We keep data only for as long as needed for each purpose. Commercial enquiries are retained while the conversation is active and, as a general criterion, up to 24 months if they do not become a contractual relationship, unless a legal obligation or claim defence requires longer retention.
Client data is kept during the contractual relationship and applicable legal periods. Cookie preferences may be retained for up to 24 months. Abuse-prevention keys are temporary and automatically purged when expired.
You may request access, rectification, erasure, objection, restriction, portability, and withdrawal of consent by writing to support@vei.solutions. Withdrawing consent does not affect processing carried out before withdrawal.
If you believe your request has not been handled properly, you may lodge a complaint with the Spanish Data Protection Authority.
We apply reasonable technical and organisational measures: httpOnly CMS sessions, password and session hashes, form validation, honeypot protection, rate limiting, security headers, CMS access control, and minimisation of public data.
No measure removes every risk. If you identify a vulnerability or improper processing, contact support@vei.solutions so we can investigate.
VEI's website and services are aimed at businesses and professionals, not minors. We do not make automated decisions with legal effects on website visitors.
We will update this policy when processing activities, providers, or legal requirements change. The current version will always be the one published on this page.