Privacy Policy

1. Introduction

Welcome to Datavanza IA SL. We take data privacy seriously. This Privacy Policy outlines how we collect, use, store, share, and protect personal information obtained through our websites, software products, services, events, and communication channels. Our goal is full transparency and legal compliance, ensuring your rights as a data subject under the European General Data Protection Regulation (GDPR), UK GDPR, and other applicable data protection laws.

By using our services, you consent to the data practices described herein.

2. Who We Are

Datavanza IA SL is a Spanish technology company specializing in digital transformation, process automation, industrial intelligence, and AI-driven solutions. Our legal address is Passeig de Gràcia 95, 5º1º, 08008 Barcelona, Spain. For all data-related inquiries, please contact us at info@datavanzaia.com.

3. Types of Data We Collect

We collect and process the following categories of personal data, depending on your interaction with us:

• Identification Data: Name, company affiliation, job role.
• Contact Data: Email address, phone number, mailing address.
• Transactional Data: Service requests, contracts, payment records.
• Behavioral Data: Navigation history, page views, interaction timestamps.
• Technical Data: IP address, browser type, device IDs, login metadata.
• Communications: Emails, support tickets, feedback forms.
• Consent Records: Opt-in choices for email communications, cookie preferences.

4. Sensitive Data

We do not intentionally collect or process sensitive personal data (e.g., religious beliefs, health data, sexual orientation, biometric identifiers). Should such data be required for a specific service (e.g., accessibility surveys), we will request explicit consent and explain its purpose clearly.

5. Purpose of Data Processing

We process personal data for clearly defined purposes:

• Service Provision: Deliver our web services, applications, digital products and technical support.
• Contract Execution: Fulfill contractual obligations related to purchases, licenses, and consultancy services.
• Security & Risk Management: Detect, prevent, and investigate cybersecurity threats, unauthorized access or misuse.
• Marketing Communications: Send service updates, newsletters, and invitations (only if you opted-in).
• Analytics & Improvement: Understand usage trends and user experience to refine our offerings.
• Legal Compliance: Maintain required business records and fulfill obligations under fiscal, tax, or commercial law.

6. Legal Bases

We only process your personal data when at least one of the following applies:

• Consent: You have actively agreed to data processing (e.g., marketing preferences).
• Contract: Processing is necessary to fulfill or enter into a contract with you.
• Legal Obligation: We are required by law to process and store certain data.
• Legitimate Interest: We pursue business goals without overriding your rights (e.g., fraud prevention, product improvement).
• Vital Interest: In emergencies involving safety or health (rare).

7. Automated Decision-Making and AI

Some services may use Artificial Intelligence for analysis or personalization. These systems do not make legally binding decisions without human review. No profiling, scoring, or automated assessments are used to limit rights or access. We ensure that any algorithmic processing is auditable, explainable, and aligned with fairness principles.

8. Cookies & Tracking Technologies

Our websites use cookies and tracking tools to improve usability, security, and performance:

• Essential Cookies: Required for core functionality (e.g., login forms).
• Analytical Cookies: Help us monitor site traffic and usage trends.
• Marketing Cookies: Optional, used to personalize content or measure campaign effectiveness.

You may manage cookie preferences directly in your browser settings or through our consent tool. More detail is available in our Cookie Policy.

9. Data Sharing

We do not sell personal data to third parties. However, we may share it with:

• Service Providers: Trusted partners offering cloud hosting, security monitoring, payment processing, and data analytics.
• Legal Authorities: If legally required for investigations, audits, or law enforcement requests.
• Corporate Transitions: If our company is merged, acquired, or restructured.

All partners are required to comply with privacy and security standards through binding agreements.

10. Data Transfers Outside the EEA

If personal data is transferred to countries outside the European Economic Area (e.g., for cloud hosting), we ensure safeguards such as:

• Standard Contractual Clauses (SCCs)
• EU Adequacy Decisions
• Binding Corporate Rules (BCRs)

You may request a copy of applicable safeguards via email.

11. Data Retention

We retain data only for as long as necessary for its original purpose or legal compliance:

• Inactive accounts: deleted after 24 months
• Consent logs: stored up to 10 years
• Contractual data: retained for 5 years per commercial regulation

Once retention ends, data is securely deleted or anonymized using certified methods.

12. Data Security

We take security seriously and apply multiple protections:

• SSL encryption for data in transit
• Firewall and intrusion detection systems
• Role-based access controls
• Staff training in data protection
• Regular security audits and vulnerability scans

While no method is infallible, we continuously assess and upgrade our systems for resiliency and GDPR alignment.

13. Children's Data

Our services are intended for individuals aged 18 and above. We do not knowingly collect or process personal information from minors. If we discover that we have received data from a minor without verified parental consent, we will take immediate steps to delete the data and disable access. If you believe a minor has shared personal data with us, please notify us directly at info@datavanzaia.com.

14. Your Rights Under Data Protection Law

As a data subject, you have specific rights under the GDPR and similar laws. These include:

• Right of Access: Request information about what personal data we hold about you.
• Right to Rectification: Correct inaccurate or incomplete information.
• Right to Erasure: Request deletion of personal data where permitted (“right to be forgotten”).
• Right to Restriction: Limit how your data is processed in certain situations.
• Right to Object: Object to specific types of data processing, such as marketing.
• Right to Data Portability: Receive your data in a commonly used format and transfer it elsewhere.
• Right to Withdraw Consent: Withdraw previously given consent at any time, without affecting lawful prior usage.

You may exercise any of these rights by contacting us, and we will respond within 30 calendar days unless extensions are legally permitted.

15. Do-Not-Track & Global Privacy Controls

Web browsers may include "Do-Not-Track" (DNT) and "Global Privacy Control" (GPC) signals to indicate user preference for privacy. Currently, there is no universal standard enforcing these signals, and Datavanza IA SL does not respond to them. We continually monitor regulatory developments and will adapt our practices if standardized protocols are implemented.

16. International Data Transfers

In some cases, personal data may be transferred to service providers outside the European Economic Area (EEA). To safeguard such transfers, we implement appropriate legal mechanisms, including Standard Contractual Clauses approved by the European Commission, Binding Corporate Rules, and assessments of adequacy decisions.

You can request further information about the safeguards in place by contacting us directly.

17. Complaints and Oversight

If you are dissatisfied with how we handle your personal information, you may submit a complaint to a supervisory authority in your country. In Spain, this is the Agencia Española de Protección de Datos (AEPD). We encourage you to contact us first so we may attempt to resolve the issue amicably and promptly.

18. Policy Updates

This Privacy Policy may be updated periodically to reflect changes in our practices, technologies, or legal obligations. Major updates will be communicated via our website or email. All changes take effect immediately upon publication, unless otherwise stated. We recommend checking this page periodically for the latest version.

19. Contact Us

If you have any questions, concerns, or would like to exercise your data protection rights, please contact our privacy team:

Datavanza IA SL
Passeig de Gràcia 95, 5º1º
08008 Barcelona, Spain
Email: info@datavanzaia.com

20. Submitting Access Requests

You may submit Data Subject Access Requests (DSARs) by email or postal mail. Include details such as your full name, contact information, and specific request (e.g. access, deletion, correction). We may request identity verification before completing sensitive actions. We respond to all requests within 30 days as mandated by law, unless extensions are justified.