007 // COMPLIANCE

Legal Protocol

Comprehensive regulatory documentation for NorthVectorLabs, operating from 08005, Carrer de Wellington 52, Barcelona, Spain. All policies comply with EU General Data Protection Regulation (GDPR) and applicable Spanish data protection laws.

01

Data Sovereignty Policy

1.1 Data Controller

NorthVectorLabs ("Controller"), registered at 08005, Carrer de Wellington 52, Barcelona, Spain, is the data controller responsible for the processing of personal data collected through this website and related services.

1.2 Data Collection & Purpose

We collect personal data solely for the purpose of executing requested services and maintaining business communications. The following data categories may be processed:

  • Contact information (name, email address, telephone number) for communication and service delivery
  • Project specifications and requirements for service execution
  • Payment information processed through secure third-party payment processors (Stripe)
  • Technical data (IP address, browser type) for security and performance optimization

1.3 Legal Basis for Processing

Personal data processing is conducted under the following legal bases as defined in Article 6 of the GDPR:

  • Consent: Where you have provided explicit consent for specific processing activities
  • Contract Performance: Where processing is necessary for the performance of a contract to which you are a party
  • Legitimate Interest: Where processing is necessary for our legitimate business interests, provided these are not overridden by your fundamental rights

1.4 Data Retention

Personal data is retained only for as long as necessary to fulfill the purposes for which it was collected. Project-related data is retained for the duration of the engagement plus a mandatory 6-year period in compliance with Spanish commercial record-keeping requirements. Contact data for prospective clients is retained for a maximum of 24 months from the last interaction.

1.5 Data Subject Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of Access (Article 15): Request copies of your personal data
  • Right to Rectification (Article 16): Request correction of inaccurate data
  • Right to Erasure (Article 17): Request deletion of your personal data
  • Right to Restriction (Article 18): Request limitation of processing
  • Right to Data Portability (Article 20): Receive your data in a structured, machine-readable format
  • Right to Object (Article 21): Object to processing based on legitimate interests

To exercise any of these rights, contact our Data Protection Officer at [email protected].

1.6 International Data Transfers

Your data is processed within the European Economic Area (EEA). Any transfer of data outside the EEA is conducted only with appropriate safeguards, including Standard Contractual Clauses (SCCs) approved by the European Commission.

1.7 Data Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. These measures include encryption, access controls, regular security assessments, and staff training programs.

02

Vector Consent Protocol

2.1 Cookie Usage

NorthVectorLabs uses cookies and similar tracking technologies to maintain site functionality and enhance user experience. Cookies are small text files stored on your device when you visit our website.

2.2 Essential Cookies

We deploy strictly necessary cookies that are required for basic website functionality:

  • Session cookies for maintaining your session state during navigation
  • Security cookies for protecting against cross-site request forgery
  • Preference cookies for storing your consent choices

These cookies do not require consent as they are essential for the website to function properly (Article 5(3) of the ePrivacy Directive).

2.3 Analytics & Performance Cookies

We do not currently deploy analytics or performance tracking cookies. Should this change in the future, we will update this policy and request your explicit consent before deploying any non-essential tracking technologies.

2.4 Third-Party Cookies

Our payment processing system (Stripe) may set cookies during transaction processing. These are governed by Stripe's own privacy policy. We do not have direct control over these cookies but ensure they are limited to transaction processing only.

2.5 Managing Cookie Consent

You can manage your cookie preferences at any time through the cookie consent banner displayed on your first visit. Your choices are stored in your browser's local storage and respected on subsequent visits. You can also control cookies through your browser settings.

2.6 Cookie Retention

Session cookies are automatically deleted when you close your browser. Persistent cookies are retained for a maximum of 12 months unless you withdraw consent earlier.

03

Refund Protocol

3.1 Refund Eligibility

NorthVectorLabs operates a milestone-based refund system designed to protect both client and service provider interests. Refund eligibility is assessed based on the following criteria:

  • Services not yet commenced: Full refund of any advance payments
  • Services in early phases (Phase 1: Discovery): Up to 75% refund of amounts paid to date
  • Services in active development (Phase 2: Engineering): Up to 40% refund based on completed milestones
  • Services in final delivery (Phase 3: Deployment): No refund for completed work; disputed amounts subject to arbitration

3.2 Refund Request Process

To request a refund, you must submit a written request to [email protected] within 30 days of the service event in question. Include your project identifier, a detailed description of the issue, and your preferred resolution outcome.

3.3 Refund Processing

Approved refunds are processed within 14 business days to the original payment method. International transfer fees, if applicable, are borne by the requesting party.

3.4 Dispute Resolution

In the event of a refund dispute that cannot be resolved through direct communication, both parties agree to submit to binding arbitration in Barcelona, Spain, in accordance with the rules of the Barcelona Arbitration Court.

3.5 Chargeback Policy

Clients agree to contact NorthVectorLabs directly to resolve any billing disputes before initiating a chargeback through their financial institution. Fraudulent chargebacks will be contested with full documentation of services rendered.

04

Terms of Operation

4.1 Service Agreement

By engaging NorthVectorLabs for services, you enter into a binding agreement subject to these Terms of Operation. All service engagements require a signed Statement of Work (SOW) specifying scope, deliverables, timelines, and pricing.

4.2 Intellectual Property

Upon full payment, all intellectual property rights for custom-developed deliverables transfer to the client. NorthVectorLabs retains the right to display anonymized case studies and portfolio entries unless explicitly restricted in the SOW.

4.3 Confidentiality

Both parties agree to maintain strict confidentiality regarding proprietary information shared during the engagement. This obligation survives termination of the agreement for a period of 36 months.

4.4 Limitation of Liability

NorthVectorLabs's total liability under any engagement shall not exceed the total fees paid by the client for the specific service giving rise to the claim. In no event shall NorthVectorLabs be liable for indirect, consequential, or punitive damages.

4.5 Force Majeure

Neither party shall be liable for delays or failures in performance resulting from causes beyond reasonable control, including but not limited to natural disasters, pandemics, government actions, or infrastructure failures.

4.6 Governing Law

These Terms are governed by and construed in accordance with the laws of Spain. Any disputes arising from these Terms shall be subject to the exclusive jurisdiction of the courts of Barcelona, Spain.

4.7 Amendments

NorthVectorLabs reserves the right to update these Terms with 30 days' written notice. Continued use of services after the effective date of any amendments constitutes acceptance of the modified terms.

Last updated: January 2026 | Document version: 2.1 | Regulatory framework: EU GDPR 2016/679, LOPDGDD (Spain)