Thera HPA SPA Online Privacy & Cookies Policy
(Last Updated: June 1, 2026)
Thera HPA SPA (“Thera,” “we,” “us” or “our”) is committed to protecting your privacy. This Privacy Policy explains what personal information we collect, how we use and share it, and your rights regarding that information, in line with internationally recognized data protection standards such as the EU General Data Protection Regulation (GDPR), UK data protection laws, and principles similar to the California Consumer Privacy Act (CCPA). We strive for transparency and data minimization in all our practices. This Policy applies to personal data collected through our corporate informational website https://thera-hpa.com (“Site”). Thera HPA SPA acts as the Data Controller for information processed via this Site.
1. Scope of this Policy
This Privacy Policy covers how we handle personal information of visitors to our Site. It does not apply to third-party websites or services that may be linked on our Site – those are governed by their own privacy policies. By using our Site, you agree to the data practices described in this Policy. If you do not agree, please do not use the Site.
2. Information We Collect and Use
We follow a principle of data minimization – collecting only the information we need for defined purposes. Currently, Thera’s Site is primarily informational and does not include features like user accounts, comments, contact forms, newsletters, or online payments. As a result, the personal data we collect is minimal and falls into two main categories:
-
Data You Provide Voluntarily: Our Site does not directly prompt you to submit personal data. However, if you choose to contact us using the contact details or LinkedIn link provided on the Site (for example, by sending us an email or connecting on social media), you may provide personal information such as your name, email address, phone number, or other details. We will use this information only to respond to your inquiry or communicate with you and for any purpose you might expect (e.g. discussing our services or providing information you requested).
-
Data Collected Automatically: When you visit our Site, certain technical data is automatically collected by our hosting platform (GoDaddy) and by your own web browser. This includes your IP address, device and browser type, approximate location (based on IP), and cookies or similar technologies, which may collect information like site usage metrics and preferences (explained further below). We use this information to ensure our Site functions correctly, maintain security, and understand usage patterns in an aggregate, non-identifying way. This data helps us to administer and improve the Site’s performance and does not directly identify you in our systems. [godaddy.com]
Summary of Data Categories: To clarify our limited data practices, the table below summarizes the types of personal data we handle, its purpose, our legal basis (where applicable), and how long we typically retain it:
| Category of Personal Data | Examples | Purpose & Use | Legal Basis (if applicable) | Retention Period |
|---|---|---|---|---|
| Contact & Communication Data | Name, email address, phone number (only if you contact us directly via email, phone, or LinkedIn) | • To respond to your inquiries or messages and provide requested information • To engage in potential business discussions or follow-ups |
Legitimate interest (to communicate with you and respond to your request); or Contractual necessity (pre-contract steps if you inquire about our services) | Retained only as long as needed to fulfill your request or communication, and then deleted or archived securely unless further retention is required for legal or business reasons (e.g. ongoing business relationship) |
| Technical & Usage Data | IP address, device/browser type, operating system, usage logs, cookies (if any) | • To deliver Site content to you and ensure technical functionality • To maintain security (e.g. detect misuse) • To measure visits and improve Site performance (via aggregate analytics, if any) |
Legitimate interest (to operate a functional, secure website and understand usage); Consent for non-essential cookies (not currently used) | Logs are retained for only a short period necessary for these purposes (e.g. automatically rotated and deleted in a matter of days or weeks [godaddy.com]). Cookies expire after their defined duration (see #cookies-and-similar-technologies below). |
Note: The Site currently does not collect sensitive personal data (e.g. health, financial, or identification numbers), nor user-generated content like comments or uploaded media, as these features are not enabled. We do not knowingly collect any personal data beyond what is described above. If our practices or the Site’s functionality changes, we will update this Privacy Policy accordingly.
3. Cookies and Similar Technologies
What are cookies? Cookies are small text files stored on your device by websites you visit. They serve various functions, such as remembering your preferences or enabling site features. When you visit our Site, limited cookies may be placed on your browser to ensure the Site works properly. For example, our hosting platform might use cookies or similar technologies to support technical performance (like load balancing) or to recognize if your browser supports cookies. These cookies do not identify you personally, and we do not use any analytics or advertising cookies that track your browsing beyond our Site.
Types of cookies we use:
- Strictly Necessary Cookies: These are essential for the Site’s operation (for instance, to load pages or remember any settings you choose). They are typically session cookies that expire when you close your browser, or short-term cookies with limited lifespan (e.g. to remember a preference). Consent for these essential cookies is generally not required under laws like the EU ePrivacy Directive, since they are needed for the service you requested (accessing the website). We currently use only such necessary cookies.
At this time, we do not use any non-essential cookies (e.g. for analytics, advertising, or social media tracking). If this changes in the future, we will update this policy and request any required consent.
Your choices regarding cookies: Most web browsers allow you to delete cookies or block new cookies via their settings. You can typically configure your browser to notify you before cookies are placed or to block cookies from certain websites or altogether. Please note that if you disable cookies entirely, some features of websites (including ours) may not function as intended. For more information on managing cookies, refer to your browser’s help documentation.
4. Third-Party Links and Content
Our Site may include links to external websites or embed content from third parties (for example, a link to our LinkedIn page or a QR code that directs you to our contact details). When you interact with third-party content, those third-party sites may collect your data (e.g. reading your IP address, setting their own cookies, or tracking your interaction), exactly as if you visited those sites directly. Thera is not responsible for how external sites handle your data, and such activity is not covered by this Privacy Policy. We encourage you to review the privacy policies of any third-party sites you visit via links from our Site.
5. How We Share Your Information
Your personal information is never sold to third parties for marketing or any other purpose. We share personal data only in a few limited circumstances:
- Service Providers: We may use trusted third-party service providers or partners to support our website operations (for example, our website hosting provider, which stores site data and logs on its servers). These partners process personal data solely on our behalf and under our instructions for the purposes described in this Policy, and we ensure they implement appropriate security safeguards.
- Legal Requirements and Protection: We may disclose personal information if required to comply with applicable laws, regulations, or legal processes (such as a court order or government demand), or to enforce our site terms, protect our rights, privacy, safety, or property, or respond to fraud or security issues.
Apart from the above, we do not share your personal data with any third parties. In particular, we do not share personal information for cross-context behavioral advertising (targeted advertising), nor do we engage in any data selling or monetization practices.
6. International Data Transfers
Given the global nature of internet services, your information (e.g. technical data in server logs or any information you provide) might be transferred to or stored on servers in countries different from your own. For instance, our Site may be hosted by a provider (like GoDaddy) using data centers outside your country, potentially including the United States. We understand that data protection laws vary by country, but we will take appropriate steps to protect your information in line with this Privacy Policy and applicable law.
If you are located in the European Economic Area (EEA), United Kingdom, or other regions with data transfer restrictions, we will ensure that adequate safeguards are in place for any transfer of your personal data to countries not deemed to have adequate data protection. For example, we may rely on European Commission-approved Standard Contractual Clauses (SCCs) to ensure your data is protected when transferred internationally, or other equivalent legal mechanisms.
7. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes described in this Policy (see the summary table above), unless a longer retention period is required or permitted by law. In practice, this means:
- Communications Data: If you contact us, we will keep your message and our response for as long as needed to address your inquiry or provide our services to you. Unless further communications occur or you become our client (necessitating longer retention), we typically remove or anonymize such communications within a reasonable time after concluding our interaction.
- Technical/Log Data: Server logs and technical records are automatically purged on a regular, short-term schedule (for example, our hosting service rotates and deletes logs after a matter of days). We do not keep usage data longer than a few months at maximum. [godaddy.com]
- Cookies: Cookies generally expire as noted in the #cookies-and-similar-technologies section (usually when you close your browser or after a defined short period).
When we no longer have a legitimate need or legal obligation to keep your personal data, we will securely delete or anonymize it.
8. Data Security
We take the security of your personal information seriously. Thera implements technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. These measures include, for example, using reputable hosting with access controls for personal data (such as restricting log access to authorized personnel), employing encryption and secure protocols for the website, and maintaining internal policies and training on data protection. While no website or online transmission can be entirely secure, we work to ensure a level of security appropriate to the risk of any personal data we process.
9. Your Privacy Rights
Depending on your jurisdiction, you may have certain rights regarding your personal data. Thera HPA SPA is committed to honoring the rights applicable to you under relevant data protection laws:
- Access and Portability: You can request confirmation if we are processing your personal data and, if so, access to that data, including a copy in a portable format.
- Rectification: You have the right to correct or update any inaccurate or incomplete personal information we hold about you.
- Erasure: You can ask us to delete your personal data in certain circumstances – for example, if it’s no longer needed for the purpose collected.
- Restriction: You have the right to request that we limit the processing of your data under specific conditions (for instance, while we address an accuracy or objection claim).
- Objection: You may object to our processing of your personal information if you believe our lawful basis is not sufficient, or to opt out of any direct marketing (though we currently do not engage in such marketing).
- Withdraw Consent: Where we rely on your consent to process data (for example, if we ever use non-essential cookies or you sign up for a future newsletter), you can withdraw that consent at any time, and we will stop the processing that relied on consent.
- Not to be Subject to Automated Decisions: You have the right not to be subject to decisions based solely on automated processing (including profiling) that have significant effects on you; however, we do not engage in such decision-making with the limited data we handle.
California Residents: If you are a resident of California, you are entitled to certain additional rights under the California Consumer Privacy Act (CCPA) (as amended by the CPRA), including the right to know what categories of personal information we collect, right to deletion of your personal information (subject to some exceptions), and right to non-discrimination for exercising your privacy rights. You also have the right to opt out of the sale or sharing of your personal information, but please note that we do not sell personal information nor share it for cross-context behavioral advertising, so this right is largely not applicable to our practices. If you send us a request regarding your data, we will respond in accordance with applicable law and within any required timeframes.
To exercise your rights or make any privacy-related request, please contact us (see the #contact-us section below). We may need to verify your identity (for your protection) before processing certain requests. If you are in the EEA/UK and have concerns about our data practices, you also have the right to lodge a complaint with your local data protection supervisory authority.
10. Children’s Privacy
Our Site and services are not directed to children, and we do not knowingly collect personal data from anyone under the age of 16 (or the minimum age applicable in your jurisdiction). If you are under 16, please do not submit any personal information to us. If we learn that we have inadvertently collected personal data from a child under the relevant age without appropriate consent, we will promptly delete it. Parents or guardians who believe we might have any unauthorized information about their child can contact us to request removal.
11. Updates to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. When we update the policy, we will change the “Last Updated” date at the top. Material changes will be highlighted on our Site or communicated through other appropriate means. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.
12. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at:
Email: joseluis.cardenas@thera-hpa.com
We will respond to your inquiry as soon as reasonably possible, and no later than required by applicable law. Thank you for visiting our Site and trusting Thera HPA SPA. Your privacy is important to us, and we are committed to safeguarding it.
