Last updated: November 6, 2025

1. Who is the Controller of your data?

In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR), and Organic Law 3/2018 of December 5 (LOPDGDD), we inform you that the personal data you provide will be processed by:

• Owner: Fundación Alto Emprendimiento

• Tax ID (NIF): [ADD FOUNDATION NIF]

• Registered Office: Camín de San Roque, number one, Ranón, 33459, ASTURIAS

• Email: info@fundacionaltoemprendimiento.org

• Website: fundacionaltoemprendimiento.org

2. Principles we will apply to your personal information

In the processing of your personal data, we will apply the following principles that comply with the requirements of the GDPR:

• Principle of lawfulness, fairness, and transparency: We will always require your consent for the processing of your data for one or more specific purposes, about which we will inform you beforehand with absolute transparency.

• Principle of data minimization: We will only request data that is strictly necessary in relation to the purposes for which we require it.

• Principle of storage limitation: Data will be kept for no longer than necessary for the purposes of the processing.

• Principle of integrity and confidentiality: Your data will be processed in a manner that ensures appropriate security and guarantees its confidentiality.

3. For what purpose do we process your personal data?

At Fundación Alto Emprendimiento, we process the information provided by interested parties in order to manage the various activities derived from specific procedures carried out regarding:

• Contact Forms: To manage and respond to the inquiries, doubts, or suggestions you send us. The legal basis is your explicit consent given by checking the acceptance box and submitting the form.

• Management of product/service sales: To manage the contracting of our services or the purchase of products, process payments, carry out shipping (if applicable), and comply with our contractual and tax obligations. The legal basis is the execution of a contract to which you are a party.

• User Registration: To manage your registration as a registered user and allow you access to private areas, manage your profile, and your activity history. The legal basis is the execution of a contract or the application of pre-contractual measures.

We will not use your personal data for any other purpose not described in this policy, except by legal obligation or judicial requirement.

4. How long will we keep your data?

The personal data provided will be kept for the time strictly necessary to fulfill the purpose for which it was collected, and to determine possible liabilities that could derive from said purpose.

• Client data (contracting): For the duration of the contractual relationship and, subsequently, for the legally required periods (e.g., 6 years for commercial purposes and 5 years for tax purposes).

• Data for communications (Newsletter): Until you withdraw your consent.

• Contact form/inquiry data: Until your inquiry has been resolved and, subsequently, for a reasonable period for the management of possible claims.

5. What is the legitimacy for the processing of your data?

The legal basis for processing your data is, depending on the purpose:

• Consent of the data subject: For submitting contact forms, newsletter subscriptions, or posting comments.

• Execution of a contract: For the purchase of products, contracting of services, or registration as a user.

• Compliance with a legal obligation: For the processing of data associated with billing and tax obligations.

• Legitimate interest of the controller: For the management of website security or for anonymous statistical analysis.

6. To which recipients will your data be communicated?

To fulfill the indicated purposes, your personal data may be communicated to:

• Service providers who need to process data on our behalf (Data Processors), such as:

  • Hosting: [NAME OF YOUR HOSTING COMPANY], to host the website.

  • Email Marketing Platform: [E.G., Mailchimp, MailerLite, etc.], for sending newsletters.

  • Payment Gateways: [E.G., Stripe, PayPal], to process payments.

  • Consultancy/Management: For compliance with our tax and accounting obligations.

We ensure that all our data processors comply with the GDPR and offer sufficient guarantees to protect your rights. Some of these companies may be located outside the European Economic Area (EEA), in which case we ensure that international data transfers are carried out under adequate guarantees (e.g., European Commission Standard Contractual Clauses).

• Competent public authorities and bodies, when required by applicable regulations (e.g., Tax Agency, Judges, and Courts).

Outside of these cases, we will not transfer or sell your data to third parties.

7. What are your rights when you provide us with your data?

Any person has the right to obtain confirmation as to whether or not Fundación Alto Emprendimiento is processing personal data concerning them. As a data subject, you have the right to:

• Right of Access: Request and obtain information about your personal data being processed.

• Right to Rectification: Request the correction of your data if it is inaccurate or incomplete.

• Right to Erasure (or «to be forgotten»): Request that your data be deleted when, among other reasons, it is no longer necessary for the purposes for which it was collected.

• Right to Restriction of Processing: Request the restriction of the processing of your data, in which case we will only keep it for the exercise or defense of claims.

• Right to Data Portability: Receive your personal data in a structured, commonly used, and machine-readable format, and transmit it to another controller.

• Right to Object: Object to your personal data being processed.

How to exercise your rights?

You can exercise your rights by sending a written communication to the Foundation’s registered office or to the email address info@fundacionaltoemprendimiento.org, including in both cases a photocopy of your ID or equivalent identifying document, and specifying the right you wish to exercise.

Protection of rights: If you consider that your rights have not been duly addressed, you have the right to file a claim with the Spanish Data Protection Agency (AEPD), whose electronic headquarters is accessible through www.aepd.es.

8. Veracity of data and minors

The User guarantees that the personal data provided is true and is responsible for communicating any modification thereof. Our services are not directed to minors under 14 years of age. By accepting this policy, you guarantee that you are over 14 years old.

9. Security Measures

The Foundation has adopted the necessary technical and organizational measures to guarantee the security and integrity of the personal data it processes, as well as to prevent its loss, alteration, and/or access by unauthorized third parties. Our website uses an SSL certificate that ensures the encrypted transmission of data.

10. Changes to the Privacy Policy

We reserve the right to modify this policy to adapt it to new legislation or case law. In such cases, we will announce the changes introduced on this page with reasonable notice before they are put into practice.