ES

Privacy Policy

Data protection and privacy information (GDPR and LOPDGDD compliant)

Effective Date: March 2024 | Last Updated: March 2026

Babela Consulting Sociedad Limitada ("we", "us", "our", or "Company") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and protect your personal data in accordance with the General Data Protection Regulation (GDPR, EU Regulation 2016/679) and the Organic Law for Data Protection in Spain (LOPDGDD, Law 3/2018).

Please read this Privacy Policy carefully. By accessing and using our website, you acknowledge that you have read, understood, and agree to be bound by all the provisions of this Privacy Policy.

1. Data Controller Identification

The data controller responsible for the processing of your personal data is:

Data Controller: Babela Consulting Sociedad Limitada

Business Address: Calle Navellos 14, 46003 Valencia, Spain

Tax ID (CIF): B56887342

Contact Email: b@babelaconsulting.com

Data Protection Contact: b@babelaconsulting.com

If you have any questions about this Privacy Policy or our data processing practices, you may contact us using the information provided above.

2. Types of Personal Data Collected

We may collect and process the following categories of personal data:

2.1 Contact Information

  • Name and surname
  • Email address
  • Telephone number
  • Company name and position
  • Mailing address

2.2 Communication Data

  • Contents of correspondence you send to us via email or contact forms
  • Records of our communications with you
  • Your communications preferences

2.3 Technical Data

  • IP address
  • Browser type and version
  • Operating system
  • Access times and duration
  • Pages visited and their frequency
  • Device information (type, model, identifier)
  • Geolocation data (non-precise)

2.4 Behavioral Data

  • Website navigation patterns
  • Interaction with website features
  • Search queries and preferences
  • Pages visited before and after using our website

2.5 Optional Information

When you complete forms on our website, any information you choose to provide voluntarily, including additional details about your business needs or service interests.

3. Legal Basis for Processing

We process your personal data only when we have a valid legal basis to do so, as required by Articles 6 and 9 of the GDPR:

3.1 Consent (GDPR Article 6(1)(a))

When you provide your consent to process your data, such as through contact forms, newsletter subscriptions, or cookie consent. You may withdraw this consent at any time.

3.2 Contract Performance (GDPR Article 6(1)(b))

When necessary to fulfill a contract or to take steps at your request prior to entering into a contract with us.

3.3 Legal Obligation (GDPR Article 6(1)(c))

When required by Spanish, European, or other applicable law, including accounting, tax, and regulatory requirements.

3.4 Legitimate Interests (GDPR Article 6(1)(f))

When necessary to pursue our legitimate business interests, including improving our services, security, fraud prevention, and marketing, provided such interests are not overridden by your fundamental rights and freedoms.

3.5 Website Analytics

Technical data regarding website usage is collected primarily through cookies and similar technologies to improve website functionality and user experience.

4. Purposes of Data Processing

We process your personal data for the following purposes:

4.1 Service Delivery

  • To respond to your inquiries and provide information about our services
  • To process and fulfill requests for proposals, quotations, or consultations
  • To establish and maintain business relationships
  • To provide customer support

4.2 Communication

  • To send you information about our services and offerings (subject to your consent where required)
  • To notify you about changes to our policies or website
  • To respond to your questions and maintain correspondence

4.3 Website Management

  • To monitor and improve website functionality and performance
  • To analyze user behavior and website usage patterns
  • To customize your experience on our website
  • To ensure website security and prevent fraud

4.4 Legal Compliance

  • To comply with legal obligations under Spanish and EU law
  • To establish, exercise, or defend legal claims
  • To enforce our terms and conditions and other agreements

4.5 Business Development

  • To develop and improve our services and offerings
  • To conduct market research and analyze trends
  • To support business planning and strategy

4.6 Marketing (where consented)

  • To send newsletters and marketing communications (only with prior explicit consent)
  • To inform you about events, webinars, or publications
  • To personalize marketing content based on your interests

5. Data Retention Periods

We retain personal data for as long as necessary to fulfill the purposes for which it was collected, in accordance with applicable law:

5.1 General Retention Policy

  • Contact Information: Retained for the duration of our business relationship plus 3 years, or as required by law
  • Communication Records: Retained for 3 years from the date of the last communication
  • Technical Data: Retained for up to 13 months for analytics purposes
  • Newsletter/Marketing Subscriptions: Retained until you unsubscribe or withdraw consent
  • Website Analytics: Retained for up to 26 months (configurable)

5.2 Legal Requirements

Some data may be retained longer when required by Spanish tax law, accounting regulations, or other applicable legislation. In such cases, data will be retained for the minimum period required by law.

5.3 Data Deletion

Once retention periods expire, personal data will be securely deleted or anonymized unless further retention is required by law or for legitimate business purposes.

6. Data Sharing and Recipients

We do not sell or rent your personal data to third parties. However, your data may be shared with the following recipients for the purposes outlined in this Privacy Policy:

6.1 Service Providers

We may share data with third-party service providers who assist us in operating our website and conducting our business, including:

  • Web hosting and cloud service providers
  • Email service providers
  • Website analytics providers
  • Customer relationship management (CRM) platforms
  • Payment processors (if applicable)

6.2 Legal and Regulatory Authorities

We may disclose your data when required by law, court order, regulatory request, or to protect our legal rights and the safety of others.

6.3 Business Transfers

In the event of a merger, acquisition, bankruptcy, or sale of assets, your personal data may be transferred as part of that transaction. We will provide notice if such a change occurs.

6.4 Data Processing Agreements

All third-party recipients who process personal data on our behalf have been contractually bound by Data Processing Agreements (DPAs) compliant with GDPR Article 28, ensuring appropriate safeguards for your data.

7. International Data Transfers

Your personal data is primarily stored and processed within the European Union. However, we may transfer data to countries outside the EU/EEA if necessary for the purposes outlined in this Privacy Policy.

7.1 Transfer Safeguards

Any international transfers of personal data are made only to countries deemed to have adequate data protection by the European Commission, or with appropriate safeguards such as:

  • Standard Contractual Clauses (SCCs)
  • Binding Corporate Rules (BCRs)
  • Your explicit consent

7.2 US Transfers

If data is transferred to the United States, it may be transferred to processors certified under mechanisms such as Standard Contractual Clauses, ensuring compliance with GDPR requirements.

8. Your Data Subject Rights (GDPR Articles 15-22)

Under the GDPR and LOPDGDD, you have the following rights regarding your personal data:

8.1 Right of Access (Article 15)

You have the right to obtain confirmation of whether we are processing your personal data and to request access to your data. We will provide you with a copy of the data we hold about you without undue delay.

8.2 Right of Rectification (Article 16)

You have the right to request the correction or completion of inaccurate or incomplete personal data. We will correct your data without undue delay.

8.3 Right to Erasure (Article 17)

You have the right to request the deletion of your personal data in certain circumstances, such as when:

  • The data is no longer necessary for the purposes for which it was collected
  • You withdraw consent and no other legal basis exists
  • You object to processing and no overriding legitimate interest exists
  • The data has been unlawfully processed
  • The data must be deleted to comply with a legal obligation

8.4 Right to Restrict Processing (Article 18)

You have the right to request that we limit the processing of your personal data in certain circumstances, such as:

  • During the verification of data accuracy
  • When processing is unlawful but you request restriction instead of deletion
  • When we no longer need the data but you require it for legal claims

8.5 Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller without hindrance.

8.6 Right to Object (Article 21)

You have the right to object to the processing of your personal data, including:

  • Marketing communications and profiling
  • Processing based on legitimate interests
  • Direct marketing and similar activities

8.7 Right to Lodge a Complaint

You have the right to lodge a complaint with the Spanish Data Protection Authority (Agencia Española de Protección de Datos - AEPD) if you believe we are processing your data in violation of your rights. You may file a complaint with the AEPD without prejudice to other remedies available under law.

8.8 How to Exercise Your Rights

To exercise any of these rights, please contact us using the information provided in Section 1. We will respond to your request without undue delay and within the timeframes specified by GDPR (typically 30 days, extendable to 90 days for complex requests).

9. Cookies and Similar Technologies

Our website uses cookies and similar tracking technologies to collect technical data and improve user experience. For detailed information about the cookies we use, please refer to our Cookie Policy.

You have the right to accept or reject non-essential cookies, and you may change your preferences at any time through your browser settings or our cookie management tool.

10. Data Security

We implement comprehensive technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:

10.1 Security Measures

  • SSL/TLS encryption for data transmission
  • Secure password protection and authentication mechanisms
  • Access controls limiting data access to authorized personnel
  • Regular security audits and vulnerability assessments
  • Firewalls and intrusion detection systems
  • Secure data backup and disaster recovery procedures
  • Employee training on data protection and security

10.2 Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority as required by GDPR Article 33-34 without undue delay.

10.3 Limitations of Security

While we employ robust security measures, no system can guarantee absolute security. We encourage you to use strong passwords and protect your login credentials.

11. Children's Privacy

Our website and services are not directed to children under the age of 13 or the applicable age of digital consent in your jurisdiction. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child without parental consent, we will delete such data immediately. If you believe we have collected data from a child, please contact us immediately.

12. Third-Party Links and Services

Our website may contain links to third-party websites and services. This Privacy Policy applies only to our website. We are not responsible for the privacy practices of third-party websites. Please review the privacy policies of any third-party sites before providing personal information.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our data processing practices or legal requirements. We will notify you of any material changes by posting the revised Privacy Policy on our website with an updated "Last Updated" date. Your continued use of the website following any such changes constitutes acceptance of the revised Privacy Policy.

14. Contact Information for Data Protection Inquiries

For questions about this Privacy Policy, to exercise your data subject rights, or to report a data protection concern, please contact us at:

Babela Consulting Sociedad Limitada

Data Protection Officer/Contact

Calle Navellos 14
46003 Valencia, Spain

Email: b@babelaconsulting.com

14.1 Spanish Data Protection Authority (AEPD)

If you wish to lodge a complaint regarding our data processing practices, you may contact the Spanish Data Protection Authority:

Agencia Española de Protección de Datos (AEPD)
C/ Jorge Juan, 6
28001 Madrid, Spain
Website: www.aepd.es

This Privacy Policy is effective as of March 2024 and was last updated in March 2026.