Privacy Policy
Last updated: 10 June 2026
1. Who we are and scope
This Privacy Policy explains how sentrismg.com (the “Site”), operated by Sentris Media Group (“SMG”, “we”, “us”), processes personal data. It covers the Site itself, email correspondence with us, and the data processing involved in contracting our Academy or studio services. It does not cover third-party platforms we link to (YouTube, Spotify), which operate under their own policies.
Data controller (GDPR Art. 4(7)): Sentris SLU, a single-member limited company (societat limitada unipersonal) under the laws of the Principality of Andorra, tax registration (NRT) L-719314-P, registered office at Carrer de la Constitució 13, 7-4, AD700 Escaldes-Engordany, Principality of Andorra. Andorra benefits from a European Commission adequacy decision, so data flows between the EU/EEA and Andorra are recognized as adequately protected.
Privacy contact for all matters in this policy: info@sentrismg.com. We answer data-protection requests within one month, as the GDPR requires (Art. 12(3)).
2. The short version
- This Site sets no cookies and uses no analytics, advertising, fingerprinting, or tracking of any kind.
- Every font, image, script, and style is served from our own server. Merely visiting this Site transmits your data to no third party.
- We process personal data in three cases only: technical server logs, email you choose to send us, and contract/billing data if you buy from us.
- We never sell, rent, or trade personal data, and we run no profiling or automated decision-making.
3. Processing activities in detail
3.1 Visiting the Site — server logs
Our web server automatically records technical request data: IP address, date and time, requested URL, HTTP status code, transferred bytes, referrer, and browser user-agent string. We use these logs exclusively for security (detecting attacks and abuse) and reliability (diagnosing faults).
| Data | IP address, timestamp, request metadata |
|---|---|
| Purpose | Security, abuse prevention, fault diagnosis |
| Legal basis | Legitimate interest (Art. 6(1)(f) GDPR) in a secure, reliable service |
| Retention | Maximum 30 days, then automatic deletion; longer only for entries preserved as evidence of a specific attack |
| Recipients | Hosting provider Hetzner Online GmbH (Germany), bound by a GDPR Art. 28 data processing agreement; processing within the EU |
3.2 Contacting us — email
When you write to any of our addresses (info@, business@, press@, jobs@), we process your email address, name if given, and the content of your message in order to handle your inquiry.
| Data | Email address, name (if provided), message content, attachments |
|---|---|
| Purpose | Answering and handling your inquiry; business, press, hiring, and partnership communication |
| Legal basis | Pre-contractual steps / contract (Art. 6(1)(b)) for commercial, Academy, and job inquiries; otherwise legitimate interest (Art. 6(1)(f)) in responding to correspondence |
| Retention | As long as needed for the matter and the relationship it documents; afterwards only where commercial/tax law requires archiving. Job applications: deleted at latest 6 months after the position closes, unless you ask us to keep your profile |
| Recipients | Email is operated on Google Workspace (Google Ireland Ltd.) under Google's data processing terms, which include EU Standard Contractual Clauses for transfers outside the EEA |
3.3 Buying from us — Academy enrollment and services billing
If you enroll in the Sentris Academy or contract our studio services, we process the data needed to conclude, perform, and account for that contract.
| Data | Name, billing address, email, the agreement, invoices, payment confirmations (we never store full card numbers — payment runs through the payment provider named at checkout) |
|---|---|
| Purpose | Contract conclusion and performance, invoicing, accounting, tax compliance |
| Legal basis | Contract (Art. 6(1)(b)); legal obligation (Art. 6(1)(c)) for invoicing and accounting records |
| Retention | Statutory commercial and tax retention periods for contractual and billing records, then deletion |
| Recipients | The payment provider used for your transaction (named during checkout), our accountants, and authorities where legally required |
3.4 What we deliberately do NOT do
- No cookies (not even “essential” ones — the Site needs none), no localStorage tracking, no fingerprinting, no pixels.
- No analytics platforms, tag managers, advertising networks, or social-media embeds.
- No third-party fonts or CDNs — everything is self-hosted, so your IP address is not shared with font or asset providers.
- No profiling and no automated decision-making within the meaning of Art. 22 GDPR.
- No processing of special categories of data (Art. 9). Please do not send us such data.
- No data sales, ever. This is not a “we value your privacy” banner over an ad-tech stack — there is no ad-tech stack.
4. Links to other platforms
The Site links to our channels on YouTube (Google) and our show on Spotify, and our blog links to other public resources. Following those links takes you to services with their own controllers and policies. No data flows to them from merely viewing this Site — the request happens only when you click.
5. International transfers
Site hosting and server logs stay within the EU (Germany). Email via Google Workspace may involve transfers outside the EEA, safeguarded by the EU–US Data Privacy Framework and/or Standard Contractual Clauses as implemented in Google's data processing terms. We do not otherwise transfer personal data to third countries.
6. Your rights
Under Articles 15–21 GDPR you can, at any time and free of charge:
- Access — obtain a copy of the personal data we hold about you and information on its processing (Art. 15);
- Rectification — have inaccurate data corrected and incomplete data completed (Art. 16);
- Erasure — have data deleted where there is no longer a legal ground to keep it (Art. 17);
- Restriction — have processing limited while a dispute about it is resolved (Art. 18);
- Portability — receive data you provided in a structured, machine-readable format (Art. 20);
- Objection — object to processing based on legitimate interest, including the server logs (Art. 21); we then stop unless compelling legitimate grounds prevail.
To exercise any right, email info@sentrismg.com. We may ask you to verify your identity before disclosing data. You additionally have the right to lodge a complaint with a supervisory authority — in Spain, the Agencia Española de Protección de Datos (www.aepd.es); elsewhere, the authority of your habitual residence or workplace (Art. 77).
7. Security
The Site is served exclusively over TLS (HTTPS) with modern protocol versions. Our infrastructure is patched continuously; administrative access is restricted, key-based, and logged. We apply defense-in-depth HTTP security headers, principle-of-least-privilege internally, and we minimize data by design — the most effective protection for data is not collecting it.
8. Children
The Site is not directed at children and we do not knowingly process children's data. Our YouTube content is governed by YouTube's own audience settings and policies on that platform.
9. Changes to this policy
We will update this policy whenever our actual practices change — for example, if we introduce privacy-respecting analytics, a contact form, or a new payment flow. The date at the top reflects the current version; material changes will be visibly noted on this page.