Your privacy and data protection matter to us
This Privacy and Data Protection Policy governs the processing of personal data of users and visitors to the website of Ibarretxe Associates (hereinafter, the "Company"), as well as that of any natural person whose data may be processed as a result of accessing or using the website and the services provided through it. This policy reflects the Company's commitment to privacy, confidentiality, and data security, and ensures full compliance at all times with the applicable legislation on personal data protection—specifically, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation – GDPR), Organic Law 3/2018 of 5 December on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD), and any other applicable legislation in force in Spain.
The data controller responsible for the processing of personal data is:
Name: Ibarretxe Associates SL
Email: info@eibarretxeassociates.eu
The Company will collect only the personal data strictly necessary for the development of its activities. This may include, among others: full name, postal address, email address, telephone number, and, where applicable, information relating to the user's relationship with or interest in the Company (such as submitting information requests, making orders, or participating in events, publications or activities, etc.). Personal data may be obtained through electronic communications with the Company or via any other legitimate channel expressly authorised by the user.
The personal data collected shall be processed for the following purposes, depending on the activities and services provided by the Company:
The legal basis for processing shall be the data subject's explicit consent, the necessity of processing for the performance of a requested contract or service, or compliance with legal obligations applicable to the Company.
These principles reflect the concepts of accountability and privacy by design and by default, which require the Foundation to carry out risk assessments and implement appropriate safeguards.
Personal data shall be retained only for the period strictly necessary to fulfil the purposes for which they were collected; for as long as a contractual or pre-contractual relationship exists between the user and the Company; for the legally established timeframes required to comply with legal obligations or to exercise or defend potential claims; or until the data subject withdraws their consent, where applicable. In all cases, the Company shall establish regular review periods for stored data and shall proceed, where appropriate, to anonymise or delete such data when processing is no longer necessary for the purpose for which it was originally collected.
Personal data shall not be disclosed to third parties, except where there is a legal obligation, a judicial requirement, the express authorisation of the data subject, or where such disclosure is necessary for the provision of the requested service and the fulfilment of the Company's purposes. No international transfers of data outside the European Economic Area (EEA) are envisaged, except in strict compliance with the safeguards and requirements established under applicable legislation. Should such a transfer become necessary, the user will be informed in advance of the transfer and the safeguards in place.
Data subjects may exercise their rights of access, rectification, erasure, objection, restriction of processing, data portability, and the right not to be subject to automated individual decision-making, in accordance with Articles 15 to 22 of the General Data Protection Regulation (GDPR) and the relevant provisions of Organic Law 3/2018 (LOPDGDD). To exercise these rights, data subjects may contact the Company in writing via the email address provided, enclosing a copy of their passport, national identity document or other valid proof of identity. Furthermore, data subjects have the right to lodge a complaint with the Spanish Data Protection Agency (www.aepd.es) if they consider that their rights have not been duly respected.
The Company undertakes to adopt and implement all appropriate and legally required technical and organisational measures, in accordance with the circumstances and the state of the art, to ensure the confidentiality, integrity, availability, and resilience of personal data, as well as to promptly restore availability and access to data in the event of a physical or technical incident. Where applicable, the Company shall also carry out data protection impact assessments and risk analyses in line with the requirements of the GDPR and the LOPDGDD, in accordance with the principle of proactive accountability.
In accordance with applicable legislation, only individuals aged fourteen (14) or older may provide personal data through the website. If the Company becomes aware that it has received personal data from a person under the age of 14 without the prior consent of their parents, legal guardians, or representatives, such data shall be deleted immediately. In the case of activities or events intended for minors, the Company shall obtain the consent of their legal representatives, where appropriate.
The Company reserves the right to amend this Privacy Policy in order to adapt it to future legislative, judicial, or technical developments that may affect its compliance or the services provided. Any such amendments will be duly communicated on this page and shall take effect upon publication; users are therefore advised to consult this Privacy Policy periodically.
For any matters related to the protection of your personal data, as well as for exercising the rights mentioned above, you may contact the Company at:
Email: info@ibarretxeassociates.eu
In the event that services or activities requiring a specific data protection policy are offered through the website—such as internal reporting channels, whistleblowing procedures, staff recruitment processes, or participation in international projects—the Company will expressly inform users by means of a specific notice and, where applicable, obtain their consent.
The Company may engage third-party service providers who act as data processors to support the operation of the website and the provision of services (including, but not limited to, hosting providers, email and newsletter platforms, customer relationship management tools, and web analytics or security services). In all such cases, the Company will ensure that appropriate data processing agreements are in place, in accordance with Articles 28 and 29 of the GDPR, requiring such providers to process personal data only on documented instructions from the Company and to implement adequate technical and organisational security measures.
If, for the provision of certain services, personal data must be transferred to recipients located outside the European Economic Area (EEA), such transfers will only take place where adequate safeguards are in place, in accordance with Articles 44 to 49 of the GDPR. These safeguards may include an adequacy decision by the European Commission, the use of Standard Contractual Clauses, binding corporate rules, or other mechanisms recognised by applicable legislation; in such cases, the data subjects will be duly informed of the transfer and the safeguards applied.
For reasons of technical security, service quality, and to ensure the proper functioning of the website, the Company and/or its hosting providers may automatically collect and temporarily store certain information in server log files. This information may include, among others, the IP address of the device used, date and time of access, pages visited, the URL of the referring website, and information about the browser and operating system; such data are processed on the basis of the Company's legitimate interest in maintaining a secure and functional website and are kept only for the period strictly necessary to detect incidents, ensure security, and compile anonymous statistics.
Where technically feasible and appropriate, the Company will use encryption technologies (such as SSL/TLS) to protect the transmission of personal data through its website and electronic channels. Notwithstanding the foregoing, users are reminded that no method of transmission over the Internet or method of electronic storage is completely secure; the Company therefore cannot guarantee absolute security, although it undertakes to apply measures in line with the state of the art and proportional to the risks identified.
Effective date: September 20, 2025
Last updated: November 28, 2025
This Cookie Policy explains what cookies are, how we use them, the types of cookies we use (i.e., the information we collect using cookies and how that information is used), and how to manage your cookie settings.
Cookies are small text files that store pieces of information. They are stored on your device when a website loads in your browser. These cookies help ensure that the website functions properly, enhance security, provide a better user experience, and analyse performance to identify what works and where improvements are needed.
Like most online services, our website uses both first-party and third-party cookies for various purposes. First-party cookies are necessary for the website to function properly and do not collect any personally identifiable data. The third-party cookies used on our website primarily help us understand how the website performs, track how you interact with it, keep our services secure, deliver relevant advertisements, and enhance your overall user experience, while also improving the speed of your future interactions with our website.
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
We don't serve any cookies at the moment
In addition to the necessary cookies described above, the website may, in future, use other categories of cookies—such as preference, analytics, or advertising cookies—always subject to the user's prior consent through the cookie banner or settings panel. Should such cookies be implemented, detailed information on their name, provider, duration, and purpose will be added to this policy and reflected in the consent tool so that users can make an informed choice.
Analytics cookies, where used and consented to, help us understand how visitors interact with the website by collecting information such as pages visited, time spent on each page, interactions with content, and possible error messages. The information collected is aggregated and used solely to improve the functioning, usability, and relevance of the website and services, without seeking to identify users individually.
If in future the website displays third-party content, social media integrations, or personalised advertising, advertising or personalisation cookies may be used—always with the user's prior consent. These cookies may help measure the effectiveness of campaigns, avoid repeated display of the same content, and tailor information or offers to the user's browsing profile; users may accept or reject these cookies at any time through the cookie settings.
You can modify your cookie settings at any time by clicking the "Consent Preferences" button above. This allows you to revisit the cookie consent banner and update your preferences or withdraw your consent immediately.
Different browsers provide various methods to block and delete cookies used by websites. Below are links to official support pages on how to manage and delete cookies in the most common browsers:
If you are using a different web browser, please refer to its official support documentation.
This Cookie Policy may be updated from time to time to reflect changes in the cookies used on the website, in the services offered, or in applicable legislation. Any change will be published on this page, and, where required by law, we will request users' consent again; users are therefore encouraged to review this policy periodically.
The Company hereby expressly states that all materials, works, and audiovisual or multimedia content published, incorporated, hosted, or made accessible through the Company's website—including, but not limited to, reports, studies, memoranda, articles, literary texts, databases, photographs, graphic or visual artworks, infographics, designs, illustrations, videos, audio recordings, podcasts, presentations, recordings, interactive resources, and any other elements protected by intellectual or industrial property rights—are the exclusive property of the Company, unless expressly stated otherwise. All rights recognised under national and international intellectual and industrial property law are expressly reserved. This ownership applies both to original content created directly by the Company and to content lawfully acquired, licensed, or assigned to it.
Accordingly, the Company holds the exclusive exploitation rights to such materials, including, but not limited to, the rights of reproduction, distribution, public communication, making available, transformation, translation, adaptation, digitisation, electronic storage, and any other form of use or exploitation, in any current or future format or medium. Any use, reproduction (in whole or in part), copying, distribution, transmission, publication, exhibition, making available, public communication, transformation, or any other act of exploitation—whether total or partial—by users of the website is expressly prohibited without the Company's prior, express, and written authorisation, except where otherwise permitted by law. Any infringement of the Company's rights may give rise to appropriate legal action to defend its interests and enforce its rights.