Clarentia Privacy Policy

Last update: November 7, 2025

In compliance with the provisions of Regulation (EU) 2016/679 of 27 April, General Data Protection Regulation (GDPR), and Organic Law 3/2018 of 5 December on Personal Data Protection and Guarantee of Digital Rights (LOPDGDD), users of this Website are informed about the processing of their personal data.

This Privacy Policy aims to inform users about the collection and processing of personal data obtained through the Website www.clarentia.es (hereinafter, the “Website”).

WHO IS THE DATA CONTROLLER?

  • Identity: Derrenger Baum, William Harry (hereinafter, the “CONTROLLER”)
  • Tax ID Number (NIF): 54885948-J
  • Address: Paseo de Alcobendas 12-33 (28109 Alcobendas-Madrid)
  • Email: bill.derrenger@clarentia.es

The CONTROLLER complies with the guidelines of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and the free movement of such data (GDPR), as well as Organic Law 3/2018 of 5 December, ensuring at all times the correct use and processing of users’ personal data.

WHAT DATA IS COLLECTED THROUGH THE WEBSITE?

The personal data to which the CONTROLLER will have access are those voluntarily provided by the user when contacting the CONTROLLER via email or any other means provided on the Website.

Specifically, the CONTROLLER will record the following information: 

  • – Data provided through emails sent to the addresses identified on the Website.

WHAT IS THE LEGAL BASIS FOR PROCESSING YOUR DATA?

Personal data provided by the user will be processed for the purposes and on the legal bases listed below:

  • – Explicit consent of the data subject (Art. 6.1.a GDPR).
  • – Performance of a contract or pre‑contractual measures (Art. 6.1.b GDPR).
  • – Compliance with legal obligations (Art. 6.1.c GDPR), when necessary to meet judicial or administrative requirements.
  • – Legitimate interest (Art. 6.1.f GDPR): to improve services, provide requested information, respond to enquiries or requests, ensure Website security, and prevent fraud, provided such interest does not override the user’s fundamental rights.

FOR WHAT PURPOSE WILL YOUR PERSONAL DATA BE PROCESSED?

In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR), and Organic Law 3/2018 of 5 December on the Protection of Personal Data and guarantee of digital rights, we inform you that the personal data you voluntarily provide to us through the various input fields made available for this purpose on the Website, or through any other channel for their collection, will be incorporated into the processing records under the responsibility of the CONTROLLER, for the management of the data collected for the following purposes:

  • – Responding to any enquiry, request, or petition submitted.
  • – Managing the requested service, responding to the user’s request, or processing their petition.
  • – Maintaining and managing the established and/or contractual relationship.
  • Maintaining communications of an informational nature that the entity considers to be of interest, through any means voluntarily provided, concerning services similar or related to those requested. In such cases, communications will be used solely for the purposes and uses strictly necessary for which the services were required, and may not be used for any other purpose. For any transfer different from what has been specified above, you will be duly informed and may exercise your right to object at any time.
  • – Conducting analyses and improvements on the Website regarding new services.
  • – Processing requests to unsubscribe from services.
  • – Any other purpose related to the functionalities offered at any given time through the Website.

No automated decisions will be made, nor will commercial profiles be created based on the data provided.

WHO WILL YOUR DATA BE DISCLOSED TO?

  • Your data will be processed and stored in compliance with the security measures required by current legislation, ensuring their integrity and confidentiality at all times. The data collected are adequate, relevant, and not excessive in relation to the purposes described.
  • Your data will not be disclosed to third parties except where there is a legal obligation to do so, or when necessary for the provision of services essential to the activity. Such collaboration is governed by a data processing agreement. In such cases, data will only be used for the purposes strictly necessary for the service requested, and not for any other purpose. For any disclosure other than those specified, you will be duly informed and may exercise your right to object at any time.
  • No international data transfers outside the European Union or to entities that do not comply with European data protection standards are envisaged. If any international transfer were to occur, it would be carried out in strict compliance with all necessary guarantees.
  • Consent will be deemed granted unless you expressly notify us of its revocation.
  • You expressly consent to being contacted through any voluntarily provided means.
  • The user is solely responsible for the truthfulness and accuracy of the data provided, the CONTROLLER acting in good faith as a mere service provider. 
  • If false data or data of third parties are provided without their consent, the CONTROLLER reserves the right to immediately delete such data to protect the rights of the data subjects, and declines any liability arising from failure to comply with this requirement.
  • The user guarantees that they have obtained the prior consent of any third parties whose personal data they provide to the CONTROLLER for the purposes described in this Privacy Policy. Before including or communicating such data, the user must inform those third parties of the content of this Privacy Policy. 
  • The CONTROLLER undertakes to comply with its duty of secrecy and its obligation to safeguard personal data, adopting all necessary technical and organisational measures to ensure their security and prevent alteration, loss, unauthorised processing, or access, considering the state of technology, the nature of the stored data, and the risks to which they are exposed.

DATA ON MINORS

We do not process data of minors under 14 years of age. Therefore, refrain from providing such data if you do not meet this age requirement or from providing data of third parties who do not meet it. The CONTROLLER accepts no responsibility for failure to comply with this provision.

WHAT DATA PROTECTION RIGHTS DO YOU HAVE?

  • – To know whether we are processing your data.
  • – To access your personal data.
  • – To request rectification of inaccurate data.
  • – To request erasure of your data when they are no longer necessary for the purposes for which they were collected or when consent is withdrawn.
  • – To request restriction of processing in certain circumstances.
  • – To data portability, receiving your data in a structured, commonly used, machine‑readable format, or having them sent to a new controller.
  • – To lodge a complaint with the Spanish Data Protection Agency (AEPD) or the competent supervisory authority.
  • – To withdraw consent at any time.

If you modify any data, please notify us so we can keep them updated.

Users may exercise these rights at any time under the terms established by law by contacting the data controller:

  • In writing to the entity's address: Paseo de Alcobendas 12-33 (28109 Alcobendas-Madrid)
  • By email to bill.derrenger@clarentia.es

If the user becomes aware of or considers that an event may constitute a breach of applicable data protection regulations, they may file a complaint with the Spanish Data Protection Agency (agpd.es).

FORM FOR EXERCISING YOUR RIGHTS

We have forms available for exercising your rights; you may request them by email or use those provided by the Spanish Data Protection Agency or third parties. These forms must be electronically signed. If the CONTROLLER has reasonable doubts regarding the identity of the applicant, additional information may be requested to confirm their identity. 

HOW LONG WILL WE TAKE TO RESPOND TO YOUR REQUEST?

It depends on the right exercised, but the maximum response time is one month from receipt of the request, extendable to two months for particularly complex matters, in which case you will be notified.

HOW LONG WILL WE KEEP YOUR PERSONAL DATA?

  • Personal data will be kept for as long as you remain linked to us.
  • Once the relationship ends, personal data processed for each purpose will be retained for the legally established periods, including the period during which a judge or court may request them.
  • Data will be retained until the legal periods expire, if there is a legal obligation to retain them, or, in the absence of such a period, until the data subject requests their deletion or withdraws consent.
  • All information and communications relating to the provision of our service will be retained while service guarantees remain in force to address potential claims.
  • Once the purposes for which the data were collected have been fulfilled and/or the legal periods have expired and/or the rights have been exercised, personal data will be duly blocked for a minimum period of five (5) years solely to address any liabilities that may arise. Such data will be deleted once those liabilities expire.

SECURITY, COOKIES, AND IP ADDRESSES

The Website uses generally accepted information security techniques, such as firewalls, access control procedures, and cryptographic mechanisms, to prevent unauthorised access to data. To achieve these purposes, the user accepts that the provider may obtain data for authentication of access controls. 

NOTIFICATION OF PERSONAL DATA SECURITY BREACHES

In the event of a personal data security breach, unless it is unlikely to pose a risk to the rights and freedoms of natural persons, the CONTROLLER will notify the Spanish Data Protection Agency within 72 hours of becoming aware of the incident, describing the nature of the breach, possible consequences, and measures adopted or proposed to remedy it, and, where possible, indicating the categories and approximate number of data subjects and records affected.

Likewise, when the breach is likely to entail a high risk to the rights and freedoms of individuals, the CONTROLLER will notify the affected data subjects as soon as possible, describing the possible consequences and the measures adopted or proposed to remedy the breach.

USE OF COOKIES AND ACTIVITY FILES

The provider, either directly or through a third party contracted for measurement services, may use cookies when a user browses the Website. Cookies are files sent to the browser by a web server to record user activity during browsing. Cookies used on the Website are associated only with an anonymous user and their computer and do not provide personal data by themselves.
Cookies allow the server hosting the Website to recognise the user’s browser to make browsing easier, for example, enabling access to areas, services, promotions, or competitions reserved for registered users without requiring login on each visit. They are also used to measure audience and traffic parameters and control progress and number of entries.
Users may configure their browser to be notified of the receipt of cookies and to prevent their installation.

Please consult your browser's instructions and manuals for further information. To use the Website, it is not necessary for the user to allow the installation of cookies sent by the Website or third parties acting on its behalf, although login may be required for services requiring prior registration. Cookies used on this Website are temporary and solely intended to make subsequent transmission more efficient. Under no circumstances will cookies be used to collect personal information.

IP ADDRESSES

The Website servers may automatically detect the IP address and domain name used by the user. An IP address is a number automatically assigned to a computer when it connects to the Internet. All this information is recorded in a server activity file duly registered, allowing subsequent processing of the data for statistical purposes only.

UPDATES AND CHANGES TO THE PRIVACY POLICY

The CONTROLLER reserves the right to introduce modifications to this Privacy Policy. When such changes occur, users will be informed through notices on the Website or any other appropriate means depending on the circumstances.