Summary
Below we summarize the key points of our Web Privacy Policy.
| Data controller |
BASE TECHNOLOGY & INFORMATION SERVICES SLU (BASETIS) CIF B65208183 Address: Casa Milà – La Pedrera, C/Passeig de Gràcia 92, 1o 1a, 08008 Barcelona |
|---|---|
| Data Protection Officer (DPO) | Lawyer, Julia Carreras Marín |
| Who do we share your personal data with? |
We may share your personal data with the following recipients (and whenever we do so, we will ensure that we have an appropriate legal basis, as well as the necessary security measures and contractual safeguards in place): • Third parties that support our Services; • Any law enforcement authority or any authority or other third party to whom disclosure of the data is required by law; • New owners or reorganized entities in the event of a corporate restructuring, sale, purchase, or the creation of a joint venture affecting our business. We will never sell, distribute, or otherwise share your personal data unless we have your consent. |
| Legal bases for the processing of personal data |
BASETIS will always ensure that it has a legal basis to collect and process your personal data. These legal bases depend on the specific context in which we collect your data. Specifically, we collect and process your data on the basis of: • Handling requests or inquiries made by the user or data subject through the contact forms enabled for this purpose. Legal basis: consent of the data subject (Art. 6.1.a GDPR) • Participation in blogs through comments. Legal basis: consent of the data subject (Art. 6.1.a GDPR) • Subscription to Basetis content through the newsletter. Legal basis: consent of the data subject (Art. 6.1.a GDPR) • Communications received through the ethics channel, provided that it is expressly requested that the communication is not anonymous. Legal basis: public interest (Art. 6.1.e GDPR) • We collect and process your personal data in order to enable the use of our website (to establish the connection), ensure the continuous security and stability of the system, allow the technological administration of the network infrastructure, and optimize our website, as well as for internal statistical purposes. The IP address is used solely for statistical purposes, as well as in the event of attacks on the network infrastructure. Legal basis: Article 6.1.f) and Article 6.1.b) (GDPR) |
| International transfers | No international transfers of your data are planned. |
| Security | BASETIS places great importance on protecting your personal data against unauthorized access, unlawful processing, accidental loss, destruction, and damage. We implement appropriate technical and organizational measures to safeguard such information. |
| Retention period | BASETIS will retain your personal data for no longer than is necessary to fulfill the purposes described in this Privacy Policy. |
| Your data protection rights | You may contact us at any time to review and update your personal data. You may also contact us to request that we delete your personal data or restrict its processing, or to ask us to transfer it to a third party. |
| Updates to this Privacy Policy | We may update this Privacy Policy from time to time to reflect possible legal, technical, or commercial changes. We recommend that you review this page periodically to obtain the most up-to-date information about our privacy practices. |
| How to contact us | If you have any questions or concerns about this Privacy Policy, please contact us via this email: dpo@basetis.com |
Privacy Policy
1. Information we collect about you and sources we use
The personal data we may collect about you is categorized into the following general categories:
Information we collect directly from you:
• Identification and contact data: name, surname, email address, and the content of your message/request. The specific context of collection is through the contact form available on the website, in order to handle and manage your request.
• Newsletter subscription data: email address, name. Through the newsletter subscription form, for the purpose of sending our commercial communications.
• Communication data: any identification data or content you provide through the Basetis ethics channel in the corresponding section of the website, provided that you expressly request that the communication is not anonymous. And identification data (name and email address) or content you provide through the comments form on the Basetis Blog to interact with published posts.
Information we collect automatically (use of the website):
• When you visit our website, we automatically collect the following technical information. This information is essential for the proper functioning and security of the website.
• Connection and browsing data: your IP address, information about your browser and your operating system.
• Cookies and other similar technologies: both first-party and third-party cookies may be collected for technical, preference, and advertising purposes. For more information about how Basetis uses cookies and the data collected through them, you can consult our Cookies Policy, which is accessible at the bottom of our website.
2. Purpose of processing. Why do we process your data and on what legal basis?
At BASETIS, we collect your personal data mainly from two sources: the information you provide directly through website forms or communications, and the information that is generated automatically through the use of our technological infrastructure. The legal basis for collecting and processing this data, as described above, will depend on the specific context in which we collect it.
By providing this information, you, as a user, give your consent for the information to be collected, used, managed, and stored by BASETIS, only as described in the Legal Notice and in this Privacy Policy.
• Contact forms: this data is used to respond to your request and address any questions, comments, or concerns regarding our services. Legal basis: consent of the data subject (Art. 6.1.a GDPR)
• Blog newsletter subscription forms: name is optional and email is mandatory in order to send the informational newsletter. Legal basis: consent of the data subject (Art. 6.1.a GDPR)
• Blog comment form: name and email are requested in order to manage the publication of your comment on the blog article and to respond to it if necessary. Legal basis: consent of the data subject (Art. 6.1.a GDPR)
• Website technical information: the data is used to enable the use of the website (to establish the connection), ensure the continuous security and stability of the system, allow the technological administration of the network infrastructure, and for internal statistical purposes, applying appropriate security measures to safeguard the confidentiality, availability, and integrity of the data. Legal basis: legitimate interest of BASETIS in protecting the infrastructure and maintaining website security (Art. 6.1.f GDPR) and performance of a contract/pre-contractual request (Art. 6.1.b GDPR) for technical/contractual purposes related to the provision of the web service.
• Ethics channel communications: access to this channel is provided via a link that redirects to an external management system (Ithikios), and the personal data collected through it will be used to handle and process the communications received. The processing of personal data carried out through this channel, as well as the identity of the platform provider, is governed by its own privacy policy. Legal basis: public interest (Art. 6.1.e GDPR)
If you have questions or need further information about the legal basis on which we collect and process your personal data, please contact us using the contact details provided in the section “How to contact us”.
3. Who we share your personal data with
When providing you with the Services, depending on the circumstances, we may share your personal data with the following recipients (and whenever we do so, we will ensure that appropriate security measures and contractual safeguards are in place to protect it):
• Third-party providers that support our Services, e.g.: (Cookiebot, Mailchimp, Google Analytics, Ithikios, social networks, etc.), with whom BASETIS has entered into the legally required agreements. In these cases, providers act as data processors and will only access the data to perform their services on behalf of and for BASETIS, under a duty of confidentiality and always following its instructions. Some of these providers are entities located outside the European Economic Area (EEA), mainly in the United States (USA); such transfers will always be carried out with appropriate safeguards in accordance with GDPR requirements.
• Any law enforcement authority, regulatory body, government agency, court, or other third party to whom we believe it is necessary to disclose information: (i) to comply with applicable law or regulation, (ii) to exercise, establish, or defend our legal rights, or (iii) to protect your vital interests or those of any other person.
• Corporate transactions: if any part of our business enters into a joint venture, acquires another business, or is sold or merged with another commercial entity, your information may be disclosed or transferred to the resulting company or to new business partners or owners, or their agents and advisors. In such circumstances, we will always inform the relevant entities that they must only use your personal data for the purposes described in this Privacy Policy.
We will not sell, distribute, or disclose your personal data unless we have your consent or are required to do so by law.
4. International data transfers
As a general rule, in its regular data processing operations, BASETIS does not transfer personal data to countries outside the European Union that do not have an adequacy decision.
However, in exceptional cases where international transfers are carried out (e.g., technology and infrastructure service providers located in the United States), BASETIS guarantees that such transfers will always be made with appropriate safeguards and in compliance with the mechanisms provided by the GDPR (Articles 45 to 49 GDPR).
To know exactly which external service providers have access to your data and where they are located, you can consult section 3 “Who we share your personal data with” of this policy.
5. Information security
We place great importance on keeping your personal data secure and protected. Accordingly, we implement appropriate technical and organizational measures and industry-standard technology to protect it against unauthorized access and unlawful processing, accidental loss, destruction, and damage.
The security measures we use are designed to provide a level of protection appropriate to the risk of processing your personal data, ensuring the confidentiality, integrity, and quality of the information we handle in accordance with applicable data protection regulations.
6. Data retention
The personal data provided will be retained for the time necessary to fulfill the purpose for which it was collected and to determine any potential liabilities arising from that purpose, in addition to the periods established by applicable legal regulations.
7. Your rights regarding the processing of your personal data
BASETIS respects your privacy and data protection rights. Below is a summary of your rights regarding the personal data managed by BASETIS:
| Your rights | What does it mean? |
|---|---|
| Right to erasure (right to be forgotten) | You have the right to have your personal data deleted or removed. Please note that this is not an absolute right, as we may have legal or legitimate grounds to retain it. |
| Right to rectification | You have the right to have your personal data corrected when it is inaccurate or no longer valid, or to have it completed when it is incomplete. |
| Right to information | You have the right to obtain clear, transparent, and easily understandable information about how we use your personal data and about your rights. This information is provided in this Policy. |
| Right of access | You have the right to know whether your personal data is being processed and, if so, to know the purposes of the processing, categories of data, recipients, retention period, and your related rights, among others. |
| Right to withdraw consent | You have the right to withdraw any consent you have previously given for processing based on that consent. Withdrawing your consent will not affect the lawfulness of any processing carried out before its withdrawal, nor processing based on legal grounds other than consent. |
| Right to lodge a complaint with a supervisory authority | You have the right to lodge a complaint with the Spanish Data Protection Agency if you believe your rights regarding personal data protection have been violated (www.aepd.es). |
| Right to object to processing | You have the right to object to the processing of your data, unless BASETIS demonstrates legitimate grounds, or for the establishment, exercise, or defense of legal claims. |
| Right to data portability | You have the right to transfer, copy, or move your data from our database to another. This right can only be exercised in relation to data you have provided, when processing is based on a contract or your consent, and is carried out by automated means. |
| Right to restriction of processing | You have the right to request the restriction of processing of your personal data when the accuracy, lawfulness, or necessity of the processing is in question; in such cases, we may retain the data for the establishment or defense of legal claims. |
You may exercise your rights at any time via the email address indicated at the beginning of this Policy: dpo@basetis.com, by identifying yourself and specifying the reasons for your request.
8. Updates to this Privacy Policy
We may update this Privacy Policy from time to time to reflect possible legal, technical, or commercial changes. Whenever we update our Privacy Policy, we will take appropriate measures to inform you based on the significance of the changes we make. We will ensure that we obtain your consent for any material changes to the Privacy Policy where required by applicable data protection laws.
We recommend that you review this page periodically to obtain the most up-to-date information about our privacy practices.
9. How to contact us
If you have any questions about this Privacy Policy or wish to exercise any of your rights, please contact us via the following email address: dpo@basetis.com
Last Update Privacy Policy: 28/04/2026