Privacidad

1. Data Controller

Controller: Francisco Martín Mahedero
Tax ID: 05313727Z
Address: Calle Cardenal Cisneros No. 4, 1-D, 28010 Madrid, Spain
Privacy contact email: ofi@imbexa.com

Imbexa has not appointed a Data Protection Officer. Therefore, any matter relating to the processing of personal data must be addressed through the contact channel above.

2. Scope of Application

This Privacy Policy applies to the processing of personal data carried out through the website imbexa.com, its forms, electronic communications, events, registration processes, private area or intranet and any other professional or commercial relationships linked to Imbexa.

3. Categories of Data Processed

Imbexa may process, depending on the case, the following categories of data:

1. Identification and contact data: name, surname, email address, telephone number, city, country and equivalent data.
2. Professional and business data: company, position, sector, workforce size, website and other professional information provided by the user or by the client company.
3. Account and authentication data: user identifier, credentials, access records, technical logs and data associated with account security.
4. Commercial or professional relationship data: requests, meetings, communications, documentation, incidents, service follow-up, relationship history and associated preferences.
5. Administrative or contractual data: data required for quotes, contracting, invoicing, collections, payments and compliance with legal obligations.
6. Browsing and cookie data: where applicable, in accordance with the Cookie Policy.

4. Source of the Data

As a general rule, data is provided directly by the data subject.

However, in certain cases Imbexa may process professional contact data provided by client companies, collaborators or authorized users when this is necessary to manage the professional relationship, create authorized access or enable communications linked to the service.

5. Purposes and Legal Bases

5.1. Handling inquiries and requests

Purpose: To handle forms, emails, information requests, meetings or requests related to Imbexa's services.
Legal basis: Application of pre-contractual measures at the request of the data subject and, where applicable, legitimate interest in properly managing the inquiries received.

5.2. User registration and management of the private area or intranet

Purpose: To create the account, authenticate access, manage credentials, enable private features, exchange documentation, allow communication with clients and maintain the operation of the private area.
Legal basis: Performance of pre-contractual measures and/or performance of the contractual or professional relationship.

5.3. Management of the commercial or professional relationship

Purpose: Preparation of proposals, provision of services, support, project follow-up, customer service, administration, accounting, invoicing, collections and compliance with legal obligations.
Legal basis: Performance of the contract, application of pre-contractual measures and compliance with legal obligations.

5.4. Operational or non-commercial communications

Purpose: To send necessary notices about the account, access, security, incidents, meetings, functional changes, support, documentation, activities or events linked to the existing relationship.
Legal basis: Performance of the contract or pre-contractual measures, compliance with legal obligations and/or legitimate interest in ensuring the proper provision of the service, security and continuity of the professional relationship.

5.5. Commercial communications

Purpose: Sending newsletters, content, news, event invitations, promotions and commercial information about Imbexa services by electronic means.

Legal basis:

• The data subject's consent, where required.
• In the case of previous clients, and only regarding Imbexa's own products or services similar to those initially contracted, legitimate interest/prior contractual relationship under the terms permitted by information society services regulations, always offering a simple and free opt-out.

5.6. Organization and management of events

Purpose: To manage registrations, attendance, logistical communications and follow-up of events organized or co-organized by Imbexa.
Legal basis: Application of pre-contractual measures, performance of the relevant relationship and, where applicable, the data subject's consent.

5.7. Security, fraud prevention and defense of claims

Purpose: To protect the website, intranet, accounts, systems and information; detect unauthorized access, prevent abuse, investigate incidents and defend claims.
Legal basis: Legitimate interest in protecting the security of the network, information and Imbexa's activity, as well as compliance with legal obligations where applicable.

6. Mandatory Nature of the Data

Fields marked as mandatory in the forms are necessary to handle the request, create the account, provide the service or maintain the professional or contractual relationship. If they are not provided, it may be impossible to process the registration, respond to the inquiry or provide the requested service.

7. Minors

Registration and use of the private area or intranet is reserved exclusively for people over 18 years of age.

Imbexa does not allow the deliberate registration of minors under 18 in these areas. If it detects that data from a minor has been provided in breach of this policy, it may cancel the account and block or delete the associated data, without prejudice to any other actions that may be appropriate.

8. Recipients of the Data

The data may be communicated to:

1. Public administrations, courts, tribunals, law enforcement authorities, when there is a legal obligation or valid request;
2. Financial institutions and payment providers, when necessary to manage collections or payments;
3. Legal, tax, accounting advisors and auditors, when necessary for managing the activity;
4. Technology providers and other processors that provide services to Imbexa, such as hosting, email, storage, collaboration tools, CRM, support, messaging, event management, security or cookie consent management.

Imbexa will not sell personal data to third parties.

9. Processors

When a provider processes personal data on behalf of Imbexa, it will act as a processor and the relationship will be formalized through the corresponding contract or legal act containing the requirements established by the applicable regulations.

10. International Data Transfers

As a general rule, Imbexa will seek to use providers located in the European Economic Area.

However, certain technology providers may be located outside the European Economic Area or involve remote access from third countries. In such cases, international transfers will only be carried out where there is an adequacy decision by the European Commission or, failing that, appropriate safeguards under Regulation (EU) 2016/679, including, where applicable, standard contractual clauses together with any necessary supplementary measures.

The data subject may request additional information about these safeguards by writing to ofi@imbexa.com.

11. Retention Periods

Data will be retained for the time necessary to fulfill the purpose for which it was collected and, subsequently, for the applicable legal periods or while liabilities may arise.

By way of guidance:

1. Data from inquiries and requests will be retained for the time necessary to handle them and reasonably follow up on the relationship initiated;
2. Account and private area data will be retained while the account remains active and, once cancelled, for the time necessary to address legal obligations, security incidents and possible liabilities;
3. Data linked to the contractual or professional relationship will be retained while it remains in force and, subsequently, for the legally required periods;
4. Data processed for commercial purposes will be retained until the data subject withdraws consent, requests unsubscribe or objects to such communications;
5. Technical and security records will be retained for the time necessary to ensure security, investigate incidents and evidence regulatory compliance.

12. Rights of Data Subjects

The data subject may exercise, at any time, the rights of access, rectification, erasure, objection, restriction of processing and portability, as well as withdraw consent when processing is based on it, by sending a request to ofi@imbexa.com.

Withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

13. Commercial Communications and Unsubscribe

The data subject may unsubscribe from commercial communications at any time:

1. Through the unsubscribe link or mechanism included in each electronic commercial communication; or
2. By writing to ofi@imbexa.com.

Unsubscribing from commercial communications will not prevent the sending of operational or service communications necessary for the account, private area, security or existing contractual or professional relationship.

14. Information Security

Imbexa applies appropriate technical and organizational measures to guarantee a level of security appropriate to the risk, taking into account the state of the art, implementation costs, the nature of the processing and the risks to the rights and freedoms of individuals.

However, no system can guarantee absolute security or total invulnerability against incidents, unlawful access, third-party attacks or network failures.

15. Personal Data Breaches

When a personal data breach occurs, Imbexa will act in accordance with the applicable regulations, assessing the risk to the rights and freedoms of the affected persons.

Where legally required, the breach will be notified to the competent supervisory authority and, where appropriate, to the affected data subjects, within the deadlines and under the terms set out by the regulations.

16. Changes to the Policy

Imbexa may modify this Privacy Policy to adapt it to regulatory, technical, operational or functional changes. The current version will be the one published on this page.