Todolux
Sign in
Todolux

Privacy Policy and Cookies

Last updated: May 2026

1. Data controller

  • Controller: Todolux Ingeniería S.L.
  • Tax ID (CIF/NIF): B72946189
  • Address: C/ Campus, 24. 30100, Murcia. Spain
  • Email: legal@todo-lux.com
  • Data Protection Officer: Not appointed (not mandatory under Art. 37 GDPR).

2. Personal data we collect

Depending on the user's interaction with the Platform, we may collect the following data:

2.1. Data provided by the user

  • Account registration: first name, last name, email address, password (encrypted), user type (manufacturer, professional, distributor).
  • Professional profile: company, position, phone number, address, country.
  • Contact forms: name, email address, message.

2.2. Data obtained from third parties

  • Google sign-in (OAuth): name, email address, profile picture, and Google identifier. Only data that the user expressly authorizes through the Google consent process is accessed.

2.3. Automatically collected data

  • Technical data: IP address, browser type, operating system, screen resolution, preferred language.
  • Browsing data: pages visited, time spent, actions performed on the Platform.
  • Monitoring data: application performance metrics collected by a third-party performance monitoring service to ensure service stability and performance.

3. Purpose of data processing

We process personal data for the following purposes:

Purpose Legal basis (GDPR)
Management of user registration and account Art. 6.1.b — Performance of a contract
Provision of Platform services Art. 6.1.b — Performance of a contract
Responding to inquiries and requests Art. 6.1.b — Performance of a contract
Identity verification via reCAPTCHA Art. 6.1.f — Legitimate interest (security)
Performance monitoring and improvement Art. 6.1.f — Legitimate interest (service quality)
Compliance with legal obligations Art. 6.1.c — Legal obligation

4. Data recipients

Personal data may be disclosed to:

  • Google LLC (reCAPTCHA v3): for security verification on forms. Google may collect hardware and software data, such as device and application data. Collected data is used to improve reCAPTCHA and for general security purposes. Google Privacy Policy.
  • Google LLC (OAuth / social sign-in): when the user chooses to sign in with Google. Google Privacy Policy.
  • Infrastructure and hosting providers: for hosting the Platform and its services.
  • Third-party performance monitoring services: currently Laravel Nightwatch, used to detect errors, degradations and technical service metrics.
  • Competent authorities: when required by law.

No international data transfers outside the European Economic Area are made, except to providers that have adequate safeguards under the GDPR (standard contractual clauses, adequacy decisions, or certified privacy frameworks).

5. Data retention

Personal data will be retained for the time necessary to fulfill the purpose for which it was collected:

  • Account data: while the account remains active and for the applicable legal period after cancellation.
  • Contact data: for the time necessary to address the inquiry, plus the legal limitation period.
  • Browsing and technical data: maximum 26 months.
  • Performance monitoring data: according to the third-party service retention configuration.

6. User rights

In accordance with the GDPR and the Spanish LOPDGDD, the user may exercise the following rights:

  • Access: know what personal data is being processed.
  • Rectification: correct inaccurate or incomplete data.
  • Erasure: request the deletion of data when it is no longer necessary.
  • Objection: object to data processing under certain circumstances.
  • Restriction: request the restriction of data processing.
  • Portability: receive data in a structured, commonly used format.

To exercise these rights, send an email to legal@todo-lux.com indicating the right you wish to exercise and attaching a copy of your identity document.

If you believe your rights have not been properly addressed, you may file a complaint with the Spanish Data Protection Agency (www.aepd.es).

7. Security

Todolux Ingeniería S.L. has adopted appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction, including:

  • Encryption of passwords and sensitive data.
  • Encrypted communications via HTTPS/TLS.
  • Session tokens with httpOnly and SameSite protection.
  • Security verification via Google reCAPTCHA v3.

8. Cookie Policy

8.1. What are cookies?

Cookies are small text files stored on the user's device when visiting a website. They can remember information, protect the session, measure Platform usage or, if the user accepts, measure advertising campaigns.

8.2. Cookies used on the Platform

Todolux applies a privacy-first model: it does not load Google Tag Manager or non-essential cookies before the user's explicit consent.

Provider Purpose Legal basis Cookies Duration Link
Todolux/Laravel session, CSRF, technical preference and consent record service performance / legitimate interest XSRF-TOKEN, todolux_session, locale, remember_web_*, todolux_cmp_v1 session / up to 180 days for todolux_cmp_v1 own policy
Google reCAPTCHA form security and abuse prevention legitimate interest Google variables variable Google
Google Analytics 4 usage analytics consent _ga, _ga_* up to 2 years Google
Google Ads conversions, measurement and remarketing consent _gcl_au, _gcl_aw, _gcl_dc variable, approx. 90 days Google
Meta Pixel campaign measurement and remarketing consent _fbp, _fbc up to 90 days Meta
LinkedIn Insight Tag B2B campaign measurement consent bcookie, lidc, li_fat_id or other LinkedIn cookies variable LinkedIn

Third-party cookies may vary depending on provider configuration. Todolux cannot delete cookies already installed on external domains, but it prevents their loading before consent and best-effort deletes known first-party cookies when consent is rejected or withdrawn.

8.3. Legal basis

Technical, necessary and security cookies are processed for service performance or legitimate interest and are exempt from consent when strictly necessary.

Preferences, analytics and marketing cookies are only enabled with the user's express consent.

8.4. Managing cookies

The user can accept all, reject all or configure categories from the banner. They can also change or withdraw consent at any time from the cookie settings link in the footer.

You can also configure your browser to reject cookies or alert you when a website attempts to install them:

Please note that disabling technical cookies may affect the proper functioning of the Platform.

9. Changes

Todolux Ingeniería S.L. reserves the right to modify this policy to adapt it to legislative developments or changes to the Platform. Any changes will be published on this page with the updated date.

We use cookies

We use necessary cookies for the Platform to work and, only if you allow it, preferences, analytics and marketing cookies. You can accept, reject or configure your choice. More info in our Cookie Policy.