Privacy policy
Last updated: July 2026
1. Data controller
- Company: Gaspar Agustín Medina Burgardt
- Tax ID (RUT, Uruguay): 218573200012
- Registered address: Acevedo Díaz 1517, Montevideo, Uruguay, Uruguay
- Contact & data-rights email: contacto@gestorlocal.com
The controller is a Uruguayan company established outside the European Economic Area (EEA). GestorLocal is the trading name under which this service operates.
2. What we process and why
- B2B outreach (product validation): we contact aesthetic clinics and med spas at their publicly listed business contact details with a professional proposal related to their activity. Data processed: business name, generic/role email address (e.g. info@), city and website — sourced from public sources (the business's Google listing and its own website). We do not collect personal phone numbers, patient data or special categories of data.
- Demo bookings: if you book a demo through our scheduling link (Calendly), we process your name and email solely to coordinate and hold that call.
- Opt-outs and rights requests: we keep a minimal suppression list so we never contact you again once you opt out.
- Site statistics: we use GoatCounter for aggregate visit statistics, without cookies and without identifying individuals (anonymised IP).
3. Legal basis
For B2B outreach our legal basis is legitimate interest (GDPR Art. 6(1)(f)), supported by a documented Legitimate Interest Assessment with mitigations (minimal data, 1-click opt-out, permanent suppression). For demo bookings, the legal basis is taking pre-contractual steps at your request (Art. 6(1)(b)). Where GDPR applies to recipients in the EU, it does so under Art. 3(2); the controller currently relies on the Art. 27(2) exemption from appointing an EU representative (occasional, low-risk processing).
4. Processors and international transfers
We use the following processors under data processing agreements: Outscraper (public listings sourcing, US), Million Verifier (email deliverability checks, Hungary/EEA), Maildoso (sending infrastructure, US) and Smartlead (sequence sending, opt-out and suppression management, Australia). Transfers to processors outside the EEA are covered by Standard Contractual Clauses (SCC). Transfers from the EU to the controller in Uruguay are covered by the European Commission's adequacy decision for Uruguay (2012, confirmed in the 2024 review). We do not sell or share data with third parties for their own purposes.
5. Retention
- Outreach data and send/bounce/opt-out logs: kept for 5 years (to demonstrate compliance), then deleted or anonymised.
- Suppression list: kept indefinitely, minimised (email or hash only) — the only way to permanently honour an opt-out.
6. Your rights
You can exercise your rights of access, rectification, erasure, objection, restriction and portability at any time by emailing contacto@gestorlocal.com. We reply within 30 days. You can opt out of outreach by replying "UNSUBSCRIBE" or using the 1-click link in any email — processed within 7 days. If you are in the EU, you also have the right to lodge a complaint with your supervisory authority (in Spain, the AEPD — aepd.es). UK recipients may complain to the ICO (ico.org.uk).
7. Cookies
This is a static site and uses no cookies or tracking technologies. We use GoatCounter for aggregate visit statistics, without cookies and without identifying individuals (anonymised IP). If cookie-based analytics or any tracker are ever added, a compliant consent banner and cookie policy will be added first. Demo bookings happen on Calendly, which processes the data you enter there under its own privacy policy.
8. Security
The site is served over HTTPS only. Outreach data is limited to the minimum described above and handled in the listed processors' systems with restricted access.
← Back to home