Privacy Policy
Last updated: November 20, 2025
Who we are
The data controller is ASYD Solutions, S.L., with Tax ID number , and registered office at .
In order to ensure the highest level of protection for data subjects and in full compliance with applicable legislation, the data controller has appointed a Data Protection Officer (DPO). You may contact the DPO with any inquiries regarding the processing of personal data via the following email address: .
In order to ensure the highest level of protection for data subjects and in full compliance with applicable legislation, the data controller has appointed a Data Protection Officer (DPO). You may contact the DPO with any inquiries regarding the processing of personal data via the following email address: .
What personal data do we collect and why?
The data processed do not include special categories of data (such as ideology, health, racial or ethnic origin, etc.). In order to carry out the activities described below, we collect identifying data, contact details, commercial information, website traffic and digital location data, and financial or banking data.
This data may be collected:
- When filling out a form (digital or paper) with the requested information.
- When registering for any of the data controller's activities.
- When subscribing to any of the controller's newsletters.
- When sending an email with questions or inquiries to the controller.
- When submitting a résumé to the controller for employment or collaboration purposes.
- When browsing our sites.
The purposes of processing may include:
- Provision of services requested by the data subject.
- Management of a potential employment or professional collaboration relationship.
- Responding to inquiries from the data subject.
- Managing proposals submitted by the data subject within the scope of the controller's activities.
- Performing analytics on website visits.
- Sending communications, whether commercial or not, related to the above.
Processing includes data storage, communication to relevant departments within the organization, and even the sharing of data between entities that form part of the same group.
It is necessary for the data subject to provide their data in order to receive the requested services. Failure to provide such data will make it impossible for the controller to carry out those services.
We will also analyze our users' browsing habits. This analysis does not involve live monitoring of browsing activity, but rather includes separate (non-real-time) information about pages visited, links clicked, and files and content viewed. The data is not processed anonymously, but may be associated with a specific user; however it is only used for the purpose of improving the content and performance of the website, and the quality and presentation of our services, as well as for statistical purposes of site usage.
This data may be collected:
- When filling out a form (digital or paper) with the requested information.
- When registering for any of the data controller's activities.
- When subscribing to any of the controller's newsletters.
- When sending an email with questions or inquiries to the controller.
- When submitting a résumé to the controller for employment or collaboration purposes.
- When browsing our sites.
The purposes of processing may include:
- Provision of services requested by the data subject.
- Management of a potential employment or professional collaboration relationship.
- Responding to inquiries from the data subject.
- Managing proposals submitted by the data subject within the scope of the controller's activities.
- Performing analytics on website visits.
- Sending communications, whether commercial or not, related to the above.
Processing includes data storage, communication to relevant departments within the organization, and even the sharing of data between entities that form part of the same group.
It is necessary for the data subject to provide their data in order to receive the requested services. Failure to provide such data will make it impossible for the controller to carry out those services.
We will also analyze our users' browsing habits. This analysis does not involve live monitoring of browsing activity, but rather includes separate (non-real-time) information about pages visited, links clicked, and files and content viewed. The data is not processed anonymously, but may be associated with a specific user; however it is only used for the purpose of improving the content and performance of the website, and the quality and presentation of our services, as well as for statistical purposes of site usage.
What is the legal basis for data processing?
The legal bases for processing are:
- Performance of a contract (Article 6.1.b of the GDPR): This legal basis applies to processing related to the provision of services requested by the data subject.
- Consent of the data subject (Article 6.1.a of the GDPR): This applies to processing not directly related to service provision but explicitly accepted by the data subject through other means.
- Compliance with legal obligations (Article 6.1.c of the GDPR): This applies to processing the controller is legally required to carry out (e.g., for tax administration or employment law).
- Legitimate interests of the controller (Article 6.1.f of the GDPR): This applies to processing where no overriding interest or right of the data subject exists, and which benefits the legitimate interests of the controller (e.g., fraud prevention, network security, or direct marketing).
- Performance of a contract (Article 6.1.b of the GDPR): This legal basis applies to processing related to the provision of services requested by the data subject.
- Consent of the data subject (Article 6.1.a of the GDPR): This applies to processing not directly related to service provision but explicitly accepted by the data subject through other means.
- Compliance with legal obligations (Article 6.1.c of the GDPR): This applies to processing the controller is legally required to carry out (e.g., for tax administration or employment law).
- Legitimate interests of the controller (Article 6.1.f of the GDPR): This applies to processing where no overriding interest or right of the data subject exists, and which benefits the legitimate interests of the controller (e.g., fraud prevention, network security, or direct marketing).
Who may access the data?
Data may be shared, if necessary, with data processors or the financial institution providing payment services in the context of payment processing. Likewise, data may be disclosed to competent authorities in the event of an investigation or judicial/extra-judicial claim. Website visitor comments may be reviewed by an automated spam detection service.
Data processors contracted by the controller are contractually obliged to process the data with the same diligence as the controller.
It is expected that ownership of this service and the data it processes will be transferred in the future to another data controller. The future new data controller will commit, by written agreement, to respect this privacy policy in all its terms, including the guarantees, security measures, and rights of data subjects. If the future new data controller wishes to process the data for a new purpose that is incompatible with the current ones, it will request the corresponding consent of the data subjects. By accepting this privacy policy, the data subject also agrees to this future transfer of their data.
Additionally, the controller may use various tools to manage the data. These tools are essential to the controller's operations and fall within the purposes and legal bases described above. However, as third-party services, each tool may have its own privacy policy.
The tools currently used are:
1. Web Platform: Hetzner GmbH, based in Germany.
2. CDN: Cloudflare, Inc., based in California.
3. E-mail Marketing and Communications: Zoho Corporation B.V., based in The Netherlands; Proton AG, based in Switzerland; Mailjet Emailing SL, based in Spain.
Embedded content from other websites:
Articles on the controller's website may include embedded content (e.g., videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor had visited the other website directly. These external sites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with the embedded content, including tracking your interaction if you have an account and are logged in to that site.
Data processors contracted by the controller are contractually obliged to process the data with the same diligence as the controller.
It is expected that ownership of this service and the data it processes will be transferred in the future to another data controller. The future new data controller will commit, by written agreement, to respect this privacy policy in all its terms, including the guarantees, security measures, and rights of data subjects. If the future new data controller wishes to process the data for a new purpose that is incompatible with the current ones, it will request the corresponding consent of the data subjects. By accepting this privacy policy, the data subject also agrees to this future transfer of their data.
Additionally, the controller may use various tools to manage the data. These tools are essential to the controller's operations and fall within the purposes and legal bases described above. However, as third-party services, each tool may have its own privacy policy.
The tools currently used are:
1. Web Platform: Hetzner GmbH, based in Germany.
2. CDN: Cloudflare, Inc., based in California.
3. E-mail Marketing and Communications: Zoho Corporation B.V., based in The Netherlands; Proton AG, based in Switzerland; Mailjet Emailing SL, based in Spain.
Embedded content from other websites:
Articles on the controller's website may include embedded content (e.g., videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor had visited the other website directly. These external sites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with the embedded content, including tracking your interaction if you have an account and are logged in to that site.
How long do we retain your data?
Personal data you provide will be deleted once the legally mandated period for fulfilling our obligations has expired, unless you have explicitly authorized continued use of the data.
What rights do you have regarding your data?
You have the right to request access to your personal data, as well as to request rectification, deletion, restriction of processing, to object to processing, or to request the portability of any data processed automatically. To exercise any of these rights, you must contact the data controller and include a copy of your ID to verify your identity.
In the event of a dispute, you may contact the Spanish Data Protection Agency (Agencia Española de Protección de Datos) or any other competent supervisory authority.
You may withdraw your consent at any time without affecting the lawfulness of the processing carried out based on prior consent.
Your data will not be used for automated individual decision-making.
In the event of a dispute, you may contact the Spanish Data Protection Agency (Agencia Española de Protección de Datos) or any other competent supervisory authority.
You may withdraw your consent at any time without affecting the lawfulness of the processing carried out based on prior consent.
Your data will not be used for automated individual decision-making.
Security measures
The controller has implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk of each processing activity, including, where applicable:
a) Pseudonymization and encryption of personal data;
b) The ability to ensure ongoing confidentiality, integrity, availability, and resilience of processing systems and services;
c) The ability to restore availability and access to personal data quickly in the event of a physical or technical incident;
d) A process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring data security.
Additionally, as noted above, the controller has appointed a Data Protection Officer (DPO) despite not being legally obligated to do so. The DPO is responsible, among other duties, for verifying that personal data is processed appropriately, ensuring the application of security measures and the confidentiality of the data.
a) Pseudonymization and encryption of personal data;
b) The ability to ensure ongoing confidentiality, integrity, availability, and resilience of processing systems and services;
c) The ability to restore availability and access to personal data quickly in the event of a physical or technical incident;
d) A process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring data security.
Additionally, as noted above, the controller has appointed a Data Protection Officer (DPO) despite not being legally obligated to do so. The DPO is responsible, among other duties, for verifying that personal data is processed appropriately, ensuring the application of security measures and the confidentiality of the data.