Privacy Policy

Data Controller Information

elvanto S.L. is the data controller for your personal information. Our registered office is located at Gran Vía 176, 48660 Bilbao, Basque Country, Spain. Our company registration number is B73951842, and our VAT number is ESB84295073.

Data We Collect

We collect various types of personal information depending on how you interact with our services. The data we collect includes information you provide directly to us and information we gather automatically when you use our website.

Information you provide to us:

• Contact information (name, email address, phone number, company name)
• Communication preferences and enquiry details
• Information provided during consultations or service delivery
• Business information relevant to our advisory services
• Feedback and correspondence with our team

Information we collect automatically:

• Website usage data and analytics information
• IP address and browser information
• Device information and operating system details
• Cookies and similar tracking technologies (see our Cookie Policy for details)

How We Use Your Information

We use your personal data for legitimate business purposes and only where we have a lawful basis to do so. How we use your information depends on the services you request and your relationship with elvanto.

Primary uses of your data:

• Providing corporate advisory services and responding to your enquiries
• Communicating with you about our services and your account
• Processing and fulfilling service requests
• Improving our website functionality and user experience
• Complying with legal and regulatory requirements
• Protecting our business interests and preventing fraud

We may also use your information to send you relevant business insights and updates about our services, but only where you have consented to receive such communications or where we have a legitimate interest to do so.

Legal Basis for Processing

Under GDPR, we must have a lawful basis for processing your personal data. The legal bases we rely on include:

• Contract performance: Processing necessary to perform our services or take steps prior to entering into a contract
• Legitimate interests: Processing necessary for our legitimate business interests, such as improving our services and website functionality
• Consent: Where you have given specific consent for certain processing activities
• Legal obligation: Processing required to comply with legal or regulatory requirements

Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

• With trusted service providers who assist us in operating our website and conducting our business
• When required by law, regulation, or legal process
• To protect our rights, property, or safety, or that of our clients or others
• In connection with a business transaction, such as a merger or acquisition

Any third parties we work with are required to maintain appropriate security measures and use your information only for the purposes we specify.

Data Retention

We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected, including satisfying legal, accounting, or reporting requirements. Data retention periods vary depending on the type of information and the purpose for which it was collected:

• Contact enquiry data: Retained for up to 3 years from last contact
• Client service data: Retained for up to 7 years after service completion for legal and regulatory compliance
• Website analytics data: Retained for up to 26 months
• Marketing communications: Retained until you unsubscribe or withdraw consent

When we no longer need your personal information, we will securely delete or anonymise it in accordance with our data retention policies.

Your Rights

Under data protection law, you have several rights regarding your personal information. Your rights include the right to request access to, correction of, or deletion of your personal data, as well as the right to restrict or object to certain processing activities.

Specifically, you have the right to:

• Access your personal data and receive information about how we process it
• Correct inaccurate or incomplete personal data
• Delete your personal data in certain circumstances
• Restrict processing of your personal data
• Object to processing based on legitimate interests
• Data portability in certain circumstances
• Withdraw consent where processing is based on consent
• Lodge a complaint with a supervisory authority

To exercise any of these rights, please contact us using the information provided in the contact section below. We will respond to your request within one month of receipt.

International Data Transfers

Your personal data is primarily processed within the European Economic Area (EEA). If we need to transfer your data outside the EEA, we will ensure appropriate safeguards are in place to protect your information, such as using Standard Contractual Clauses approved by the European Commission or ensuring the recipient country has an adequacy decision.

Data Security

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. These measures include encryption, access controls, secure data storage, and regular security assessments. However, no method of transmission over the internet or electronic storage is completely secure, and we cannot guarantee absolute security.

Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience and analyse website usage. For detailed information about the cookies we use and how to manage your cookie preferences, please see our Cookie Policy.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. When we make material changes, we will notify you by posting the updated policy on our website and updating the "last updated" date. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

Contact Information

If you have any questions about this Privacy Policy or how we handle your personal information, please contact us using the details below. We are committed to addressing your concerns promptly and transparently.