Privacy Policy

  1. Inicio
  2. |
  3. Privacy Policy

Euro-Funding Advisory Group, S.L. (hereinafter Euro-Funding), registered office at Plaza de la Independencia 8, 2nd floor, 28001 Madrid (Spain), registered in the Madrid Mercantile Registry (Spain) under Volume 26,920, Section 8, Page 160, Sheet M-485130, with the email address info@euro-funding.com, hereby informs about its privacy and personal data protection policy to provide information on the personal data processing carried out by Euro-Funding in accordance with the provisions of data protection and online privacy legislation:

  • GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016, on the protection of natural persons regarding to the processing of personal data and on the free movement of such data (General Data Protection Regulation).
  • LOPD: Organic Law 3/2018, of 5 December, on personal data protection and digital rights guarantee.
  • LSSI: Law 34/2002, of 11 July, on information society services and electronic commerce.

1. SCOPE OF APPLICATION

This policy applies to the personal data processing indicated below, carried out by the following companies (hereinafter, EURO-FUNDING):

  • Euro-Funding Advisory Group, S.L. with NIF B85727188
  • Euro-Funding Environmental, S.L. with NIF B97228639
  • Euro-Funding Multilateral Projects, S.L. with NIF 87994596
  • Euro-Funding Local & Indirect Taxes, S.L. with NIF B85997625
  • Euro-Funding EU Projects, S.L. with NIF B84460252
  • Euro-Funding International, S.L. with NIF B84460252
  • Blue Innovation Investments, S.L. with NIF B87514063
  • Euro-Funding Poland, Spółka Z.O.O. with NIP 1080012306
  • Euro-Funding México S.A.P.I. de C.V. with R.F.C. EAG130520BB9

2. PERSONAL DATA PROCESSING

Through the website, EURO-FUNDING performs the following personal data processing:

2.1 Browsing User (IP Address)

  1. Purpose of Processing: Manage access to the web server.
  2. Recipients: Competent authorities in case of a security incident.
  3. Processing Period: The time technically necessary to manage your access. Subsequently, they are blocked and kept available to the authorities.
  4. Legitimacy: The legal basis for this processing is the necessity for providing the web server access service.

2.2 Browsing User (Cookies)

  1. Purpose of Processing: The purposes stated in the notice below.
  2. Recipients: Euro-Funding Group companies.
  3. Processing Period: A maximum of 2 years.
  4. Legitimacy: The legal basis for this processing is the consent given through the cookie notice.

At Euro-Funding, we use cookies to provide a better service and enhance your browsing experience. We aim to inform you clearly and precisely about the cookies we use, detailing what a cookie is, what it is used for, the types of cookies we use, their purpose, and how you can configure or disable them if you wish.

A cookie is a small text file that a website saves on your computer or mobile device when you visit that site. Cookies are often used to make websites work or work more efficiently, as well as to provide information to the site owners. A cookie does not identify a person, but rather a combination of device-browser-user, and this information is anonymous and encrypted in our case. Cookies help us recognize your devices each time you visit the website.

By using cookies, it is possible for the server where the website is located to recognize the web browser used by the user to make browsing easier, allowing, for example, users who have previously registered to access areas and services reserved exclusively for them without having to register on each visit. They are also used to measure the audience and traffic parameters, control the progress and number of visits, etc.

Cookies can be deleted, accepted, or blocked as desired; you only need to configure your web browser appropriately, as explained below.

The cookies used on this website are, in any case, temporary with the sole purpose of making your browsing more efficient.

In no case are they used to collect personal information.

You can learn more about cookies at this link: http://www.aboutcookies.org

Each user generally manages their cookie preferences by adjusting their browser to reject or delete certain cookies, with the possibility of always revoking consent by deleting cookies and reconfiguring their browser.

Restricting or blocking cookies on this website may result in some functionalities not being available.

The cookies on our website are associated only with an anonymous user and their computer. They do not provide or collect data that allows for the user’s personal information.

Euro-funding uses the following types of cookies:

– Technical Cookies of the website.

– Cookies associated with social media widgets or video players.

– Twitter cookies for managing the social network widget, as indicated in the social network’s cookie policy: https://x.com/es/privacy

– Google Analytics cookies, as indicated in Google’s privacy policy: https://policies.google.com/privacy.

These cookies, along with our server log files, allow us to know the total number of users visiting the website and which parts are most popular. This information helps us improve navigation and provide better service to users and clients.

Additionally, with your consent, we will use functional cookies that allow us to obtain more information about your preferences and personalize the website according to your individual interests.

Para desactivar las cookies, el usuario podrá, en cualquier momento, elegir cuáles quiere que funcionen en este sitio web mediante:

  • la configuración del navegador; por ejemplo:
  • Firefox, desde http://support.mozilla.org/es/kb/habilitar-y-deshabilitar-cookies-que-los-sitios-web
  • Chrome, desde http://support.google.com/chrome/bin/answer.py?hl=es&answer=95647
  • Explorer, desde https://support.microsoft.com/es-es/help/17442/windows-internet-explorer-delete-manage-cookies
  • Safari, desde http://support.apple.com/kb/ph5042
  • los sistemas de opt-out específicos indicados en la tabla anterior respecto de la cookie de que se trate (estos sistemas pueden conllevar que se instale en su equipo una cookie “de rechazo” para que funcione su elección de desactivación)
  • otras herramientas de terceros, disponibles online, que permiten a los usuarios detectar las cookies en cada sitio web que visita y gestionar su desactivación (por ejemplo, Ghostery: https://www.ghostery.com/our-solutions/ghostery-privacy/for-your-ads/, https://www.ghostery.com/support/faq/).

La utilización de la presente página web por su parte implica que usted presta su consentimiento expreso e inequívoco a la utilización de cookies, en los términos y condiciones previstos en esta Política de Cookies, sin perjuicio de las medidas de desactivación y eliminación de las cookies que usted pueda adoptar, y que se mencionan en el apartado anterior.

Es posible que actualicemos la Política de Cookies de la página web, por ello le recomendamos revisar esta política cada vez que acceda a nuestra página web, con el objetivo de estar adecuadamente informado sobre cómo y para qué usamos las cookies

Si tuviera alguna duda, comentario o sugerencia sobre la Política de Cookies, por favor escriba a: info@eurofunding.com

2.3 Contact Form or Mailboxes

  1. Purpose of Processing: Manage your contact request and respond to the issues raised.
  2. Recipients: The relevant companies within the Euro-Funding Group, according to the nature and content of your request.
  3. Processing Period: As long as necessary to respond to your request. Subsequently, they will be retained for 5 years to address potential claims.
  4. Legitimacy: The legal basis for this processing is your consent, given when requesting contact.

2.4 Newsletter Subscription and Commercial Communications

  1. Purpose of Processing: Manage your subscription request to the newsletter and send you commercial communications via email about services, initiatives, events, seminars, publications, news, activities, and calls for the consulting sector in procurement, tax, international cooperation, energy efficiency, real estate taxation, international taxation, sustainability, European funds, research, development, and innovation. Commercial communications are sent using a specific tool that includes links and tiny, transparent images associated with your email address. Thus, when one of these images is downloaded or the links contained in the email are accessed, Euro-Funding can know for statistical purposes if the email has been opened or if any link has been accessed from said email. You can prevent these uses by configuring your email manager or program to prevent the automatic download of images, as well as by not accessing the links included in the emails you receive.
  2. Recipients: Euro-Funding Group companies.
  3. Processing Period: Indefinitely until you withdraw your consent, oppose future communications, or request the deletion of your data.
  4. Legitimacy: The legal basis for this processing is your consent, given when subscribing to these communications.

2.5 Event Registration

  1. Purpose of Processing: Manage your registration, attendance, and participation in the various events you sign up for, and, unless you oppose it, offer you commercial information from the Euro-Funding Group.
  2. Recipients: Euro-Funding Group companies involved in the event. Additionally, your data may be communicated to third parties for managing your attendance at the event, such as entities managing the physical or virtual space for access control, which may be located in the United States or other countries that do not guarantee an adequate level of data protection, which will be informed during the registration process. Occasionally, other third parties such as sponsors or collaborating entities may request the transfer of your data; in this case, it will be expressly indicated during the registration process.
  3. Processing Period: As long as necessary for the event management and the invitation to receive commercial information from the Euro-Funding Group. Subsequently, the data will be retained, duly blocked, for a period of 5 years after the event’s conclusion to address potential claims.
  4. Legitimacy: The legal basis for this event-related processing is your consent, given when registering for the event. Regarding the offering of commercial information from the Euro-Funding Group, the legal basis is the legitimate interest, as well as the existing prior relationship.

2.6 Social Media Users

Purpose of Processing: Manage relationships and contacts through social media.

  1. Recipients: Your data will be co-managed by the social network’s managing company and the Euro-Funding Group companies involved in social media management. The social network managing companies may be in the United States or other countries that do not guarantee an adequate level of data protection, which is accepted by social media users.
  2. Processing Period: Indefinitely until you decide to cancel the relationship with Euro-Funding through the respective social network. Euro-Funding does not extract data from social media unless necessary for other specified and informed processing activities (e.g., selection processes).
  3. Legitimacy: The legal basis for this processing is your consent, given when subscribing to the social network. Regarding offering commercial information from the Euro-Funding Group, the legal basis is the legitimate interest, as well as the existing prior relationship.

2.7 Satisfaction Surveys

  1. Purpose of Processing: Conduct satisfaction surveys.
  2. Recipients: Euro-Funding Group companies involved in providing the services subject to the survey.
  3. Processing Period: As long as necessary to manage the survey. Subsequently, the data will be retained, duly blocked, for 5 years to address potential claims.
  4. Legitimacy: When you proactively participate in satisfaction surveys, the legal basis for this processing is your consent. When you receive satisfaction surveys from the Euro-Funding Group for having received a service from the Group, the legal basis is the legitimate interest to know your satisfaction.

2.8 Representatives of Clients, Suppliers, Potential Collaborators, and Other Commercial Contacts

  1. Purpose of Processing: Manage the commercial and professional relationship. Your identification and professional contact data may come from third-party entities, such as the company where you work, online professional contact platforms, or commercial information directories about companies. The personal data provided for billing the services contracted with our company will be used to manage the billing process in accordance with the provisions of Law 58/2003, of December 17, General Tax Law, which mandates the issuance of invoices for the delivery of goods and provision of services. The data will be stored in our database from their issuance until the legally established period.
  2. Contact Agenda: The personal data provided by suppliers and clients are used to process the commercial management with EURO-FUNDING. We do not transfer data to third parties except by legal requirement. Your data is in our database if the commercial relationship is maintained or during the necessary period to comply with legal obligations. Unless you object, EURO-FUNDING uses the contact data provided to keep you informed, by any means, including electronic ones, about products, services, promotions, news, or events related to your sector of activity that may be of interest. In each communication you receive, you can object to receiving this type of information through the contact means indicated to process your request. The legal basis for this processing is EURO-FUNDING’s legitimate interest and/or the existence of a prior commercial relationship, with communications about products or services like those originally contracted by its CLIENTS.
  3. Recipients: Euro-Funding Group companies involved in the commercial relationship.
  4. Processing Period: As long as necessary for commercial management. Subsequently, the data will be retained, duly blocked, for 15 years to address potential liabilities, including criminal ones, arising from the processing.
  5. Legitimacy: When you proactively participate in satisfaction surveys, the legal basis for this processing is your consent. When you receive satisfaction surveys from the Euro-Funding Group for having received a service from the Group, the legal basis is the legitimate interest to know your satisfaction.

2.9 Employee Selection Processes

  1. Purpose of Processing: Manage your participation in current and future employee selection processes for Euro-Funding and the companies that make up the Euro-Funding Group. Your identification and curriculum data may come from third-party entities, such as online job platforms, recruitment agencies, or temporary employment agencies.
  2. Recipients: Euro-Funding Group companies. Occasionally, depending on the position, it may be necessary to communicate your data to clients or potential clients for project acceptance.
  3. Processing Period: 2 years, during which you may be contacted to update your data and renew your consent.
  4. Legitimacy: The legal basis for this processing is your consent given when signing up for a selection process.

2.10 Selection Processes for External Collaborators, Experts, and Freelancers

  1. Purpose of Processing: Manage your participation in current and future selection processes for external collaborators, experts, and freelancers for Euro-Funding projects and the companies that make up the Euro-Funding Group in any country in the world. Your identification and curriculum data may come from third-party entities, such as online professional contact platforms.
  2. Recipients: Euro-Funding Group companies. Occasionally, depending on the position, it may be necessary to communicate your data to European entities and organizations, as well as clients or potential clients in any country in the world for project acceptance.
  3. Processing Period: 7 years due to European organization requirements.
  4. Legitimacy: The legal basis for this processing is your consent given when signing up for a selection process.

2.11 Data of Minors

Euro-Funding does not collect data from minors (under 18 years) without the authorization of their parent or legal guardian. If a minor completes the contact form or any form on the website without this authorization, the request will be destroyed without being addressed.

3. DATA QUALITY

The user must keep their data permanently updated and, if online updating is not possible, must inform Euro-Funding as the data controller of the relevant changes at any time.

Euro-Funding cancels, deletes, and/or blocks data when they are inaccurate, incomplete, or no longer necessary or relevant for their purpose, in accordance with the provisions of data protection legislation and once the appropriate legal periods for their processing have expired.

4. SECURITY, TRANSPARENCY, AND LAWFULNESS OF PROCESSING

Euro-Funding is clear about the data it collects and/or processes and explains why it uses them and for what purposes. We do not process personal data in an unexpected, obscure, or abusive way. We do not collect personal data unlawfully or opaquely.

Euro-Funding adopts all technical and organizational security measures according to the nature of the data to ensure the security of personal data and prevent its alteration, loss, unauthorized processing, or access.

If you provide Euro-Funding with personal data about third parties, you must inform the data owner of this fact, as well as the provisions of this Privacy Policy.

We consider sensitive data to be data relating to health, sexuality, genetics, racial or ethnic origin, political opinions, religious beliefs, trade union membership, and biometric data aimed at identifying an individual.

This privacy policy only applies to the website www.euro-funding.com. Euro-Funding does not guarantee privacy on third-party sites that link to this website or that are linked from it.

Euro-Funding may modify this Policy at any time to keep it adapted to current security and data protection legislation.

5. RIGHTS OF THE DATA SUBJECTS

Data protection legislation guarantees Users the following rights:

  1. Access: Allows the User to know what information is held, where it was obtained from, to whom it has been provided, and what uses have been made of it.
  2. Rectification: Allows the User to correct any erroneous or outdated data.
  3. Deletion: Allows the User to stop their data from being processed.
  4. Opposition: Allows the User to stop their data from being used for a specific purpose.
  5. Restriction: Allows the User to restrict the processing of their data, but they can be retained for a subsequent purpose.
  6. Portability: Allows the User to obtain a copy of their data in electronic format and, in certain circumstances, request that they be communicated to another service provider. It only applies to computerized processing carried out with the User’s consent or to fulfil a contract.

These rights can be exercised before Euro-Funding, as well as revoke any consents given, by postal mail to Plaza de la Independencia 8, 2nd floor, 28001 Madrid, Spain, or by email to prodatos@euro-funding.com.

If we do not respond to your request in a timely manner, you can complain to the Spanish Data Protection Agency as the supervisory authority (www.aepd.es).

6. PERSONAL DATA PROCESSING IN CONSULTING CONTRACTS

This section regulates the Data Processor’s access to the personal data under the responsibility of the Data Controller in a Service provision, in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 (hereinafter “GDPR”).

For the purposes of this document, the Data Controller is the data controller, and the Data Processor is the data processor as established in Articles 28 and 29 of the GDPR.

The personal data processing entrusted to the Data Processor involves collecting, structuring, storing, and consulting the personal data under the Data Controller’s responsibility.

For the execution of the contracted services, the Data Processor may process the following types of personal data:

  • Identification and contact data.
  • Employment details, professional data.
  • Commercial information.
  • Economic, financial data.
  • Other data specified in the Offer.

6.1 Definitions

Specific terms related to data protection are interpreted according to Article 4 of the GDPR.

6.2 Duty of Confidentiality

The Data Processor undertakes to keep confidential any information classified as confidential provided by the Data Controller in connection with the provision of services.

Confidential information is any information that the Data Processor accesses by virtue of the Service, especially the information and personal data under the Data Controller’s responsibility to which it has had or will have access during the execution of this agreement.

Information or data that are public domain and in the possession of the Data Processor prior to the commencement of the services, obtained by lawful means according to the legislation, are not considered confidential.

The Data Processor is responsible for ensuring that its personnel, collaborators, managers, and, in general, all persons under its responsibility who have access to confidential information and personal data under the Data Controller’s responsibility, respect the confidentiality of the information and comply with the obligations related to personal data processing, even after the relationship with the Data Processor has ended. Therefore, the Data Processor will make as many warnings and sign as many documents as necessary with these individuals to ensure compliance with such obligations.

The Data Processor keeps documentation proving compliance with the obligation established in the previous paragraph available to the Data Controller.

6.3 Data Processor Obligations

The Data Processor take up the following obligations:

  • Access the personal data under the Data Controller’s responsibility only when it is essential for the proper development of the services for which it has been contracted.
  • Process the data according to the instructions received from the Data Controller.
  • If the processing involves collecting personal data on behalf and by order of the Data Controller, the Data Processor must follow the procedures and instructions received from the Data Controller, especially regarding the duty of information and, if applicable, obtaining the consent of the data subjects.
  • If the Data Processor considers that any of the Data Controller’s instructions violate the GDPR or any other data protection provision of the Union or Member States, it will immediately inform the Data Controller.
  • Not use, apply, or utilize the personal data under the Data Controller’s responsibility for purposes other than those indicated in this contract or in any way that constitutes a breach of the Data Controller’s instructions.
  • Assume the role of data controller if it uses the data for a different purpose than the one indicated in the contract, communicates them, or uses them in breach of the contract stipulations or legal obligations, being personally liable for the infringements incurred.
  • Not allow access to personal data under the Data Controller’s responsibility to any employee under its responsibility who does not need to know them for the provision of the contracted services.
  • Not disclose, transfer, assign, or otherwise communicate the personal data under the Data Controller’s responsibility, either verbally or in writing, by electronic means, paper, or computer access, not even for storage, to any third party unless there is prior authorization or instruction from the Data Controller.
  • If required by Article 30 of the GDPR, the Data Processor will keep a record of all categories of processing activities carried out on behalf of the Data Controller, containing the information required by Article 30.2 of the GDPR.
  • Guarantee the necessary training on personal data protection for the persons authorized to process personal data.
  • Support the Data Controller in carrying out data protection impact assessments when appropriate.
  • Support the Data Controller in conducting prior consultations with the Supervisory Authority when appropriate.
  • Make available to the Data Controller all the information necessary to demonstrate compliance with its obligations and for audits or inspections carried out by the Data Controller or another auditor authorized by it.
  • Adopt and apply the security measures stipulated in this contract, in accordance with Article 32 of the GDPR, to ensure the security of the personal data under the Data Controller’s responsibility and prevent their alteration, loss, unauthorized processing, or access, considering the state of technology, the nature of the data stored, and the risks to which they are exposed, whether from human action or the physical or natural environment.
  • If required by Article 37.1 of the GDPR, designate a data protection officer and communicate their identity and contact details to the Data Controller, and comply with all provisions in Articles 37, 38, and 39 of the GDPR.
  • Respect all obligations that may correspond to it as a data processor under the GDPR or any other supplementary provisions or regulations that may also apply.
  • If the Data Processor needs to transfer or allow access to personal data under the Data Controller’s responsibility to a third party by virtue of Union or Member State law applicable to it, it must inform the Data Controller of this legal requirement in advance, unless prohibited for reasons of public interest.

6.4 Data Controller Obligations

The Data Controller declares and makes it known, for legal purposes, that:

  • If the processing includes collecting personal data on behalf and by order of the Data Controller, it must establish the corresponding procedures for data collection, especially regarding the duty of information and, if applicable, obtaining the consent of the data subjects, ensuring that these instructions comply with all legal and regulatory requirements demanded by the current data protection regulations.
  • If the processing does not include collecting personal data on behalf and by order of the Data Controller, the personal data accessed by the Data Processor under the Offer have been obtained and processed in compliance with all legal and regulatory requirements demanded by the current data protection regulations.
  • It complies with all its obligations as a data controller and is aware that the terms of this Agreement do not alter or replace the obligations and responsibilities attributable to the Data Controller as the data controller.
  • It supervises the processing and compliance with data protection regulations by the Data Processor.

6.5 Security Measures and Security Breach

Considering the state of technology, the costs of implementation, and the nature, scope, context, and purposes of the processing, as well as risks of varying likelihood and severity for the rights and freedoms of natural persons, the Data Processor can apply appropriate technical and organizational measures to ensure a level of security appropriate to the risk, which may include, among others:

  1. Pseudonymization and encryption of personal data.
  2. The ability to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services, as well as the availability and access to personal data quickly in case of a physical or technical incident.
  3. A process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures to ensure processing security.
  4. A recognized security measures catalogue in information security standards or regulations that develop the following information security domains to the extent applicable:
  5. Information security policies
  6. Organization of information security
  7. Security related to human resources
  8. Asset management
  9. Access control
  10. Cryptography
  11. Physical and environmental security
  12. Operations security
  13. Communications security
  14. Acquisition, development, and maintenance of information systems
  15. Supplier relationships
  16. Information security incident management
  17. Information security aspects for business continuity management
  18. Compliance

When assessing the adequacy of the security level, the Data Processor considers the risks presented by data processing, particularly from accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access to personal data transmitted, stored, or otherwise processed.

The Data Processor allows and contributes to audits, including inspections, conducted by the Data Controller or another auditor authorized by it.

Additionally, in case of amendments to the applicable data protection legislation or other related regulations, the Data Processor guarantees the implementation and maintenance of any additional security measures that may be required without altering the terms of this Agreement.

In case of a security breach affecting personal data in the information systems used by the Data Processor to provide the services under this Agreement, the Data Processor must notify the Data Controller without undue delay, and in any event within a maximum of 24 hours, of any data security breaches, providing all relevant information for documenting and communicating the incident according to Article 33.

In such a case, it is the responsibility of the DATA CONTROLLER to communicate data security breaches to the Data Protection Authority and/or the data subjects in accordance with the applicable regulations.

6.6 Data Handling Upon Termination of the Contractual Relationship

Once the contractual relationship agreed between the DATA CONTROLLER and the DATA PROCESSOR has been fulfilled or resolved, the DATA PROCESSOR must request precise instructions from the DATA CONTROLLER regarding the disposition of personal data under its responsibility. The DATA CONTROLLER may choose between returning the data, transferring it to another service provider, or fully destroying it, provided there is no legal requirement to retain the data, in which case they cannot be destroyed.

The DATA PROCESSOR may retain the personal data under the DATA CONTROLLER’s responsibility, duly blocked, if responsibilities arising from its relationship with the DATA CONTROLLER may arise.

6.7 Exercise of Rights Before the Data Processor

The DATA PROCESSOR must forward any request to exercise the right of access, rectification, deletion, opposition, restriction of processing, data portability, and not being subject to automated individual decisions, made by an affected party whose data has been processed by the DATA PROCESSOR in fulfilment of this contract, to the DATA CONTROLLER to resolve it within the deadlines established by the current law.

The request must be forwarded to the DATA CONTROLLER as quickly as possible and in any case no later than the next working day after receiving the request, along with any other relevant information for resolving the request.

Furthermore, the DATA PROCESSOR must process any instruction regarding rights of access, rectification, deletion, opposition, restriction of processing, data portability, and not being subject to automated individual decisions received from the DATA CONTROLLER as quickly as possible, and always within a maximum of two (2) working days from receiving the instruction, confirming in writing both the receipt of the instruction and the execution of the task.

6.8 Mutual Information Duty

The Parties inform the representatives that their personal data are included in files under the responsibility of each party, whose purpose is to maintain their contractual relationships. Therefore, it is essential to provide their identification data, representation capacity, DNI number or equivalent document, and their signature.

Moreover, the Parties guarantee compliance with the duty of information regarding their employees whose personal data are communicated between the parties to maintain and fulfill the contractual relationship.

The legal basis that legitimizes the processing of the data subjects’ data is the necessity for the conclusion and execution of the service.

The representatives and contacts of each party are informed that their personal data will be processed by the parties to manage the commercial and contractual relationship between them. The legal basis for processing is the necessity for the contract, as well as the legitimate interest of the parties to communicate with the relevant professional contacts. The data will be processed during the validity of the Contract. Subsequently, they will be blocked for 15 years to address potential liabilities, including criminal ones, arising from the processing.

The affected parties may exercise their rights of access, rectification, cancellation/deletion, opposition, restriction, and portability before the corresponding party by written communication to the registered office at the beginning of this document, providing a copy of their DNI or equivalent document and identifying the requested right. Furthermore, if they consider their right to personal data protection to be violated, they may file a complaint with the Spanish Data Protection Agency (www.aepd.es).

6.9 Subcontracting

The DATA PROCESSOR may not subcontract any services involving the processing of personal data, except for auxiliary services necessary for the normal functioning of the services, including the participation of other EURO-FUNDING entities. However, the DATA CONTROLLER authorizes subcontracting to all the following entities:

  • EURO-FUNDING ADVISORY GROUP, S.L.
  • EURO-FUNDING LOCAL & INDIRECT TAXES, S.L.
  • EURO-FUNDING ENVIRONMENTAL, S.L.
  • EURO-FUNDING INTERNATIONAL, S.L.
  • EURO-FUNDING EU PROJECTS, S.L.
  • BLUE INNOVATION INVESTMENTS, S.L.
  • EURO-FUNDING MULTILATERAL PROJECTS, S.L.

Notwithstanding the above, if the DATA PROCESSOR needs to subcontract all or part of the services provided by the DATA CONTROLLER involving personal data processing, it must notify the DATA CONTROLLER in advance and in writing, with one month’s notice, indicating the processing to be subcontracted and clearly identifying the subcontractor company and its contact details. Subcontracting may proceed if the DATA CONTROLLER does not object within the established period.

The subcontractor, who also has the status of a data processor, is equally obligated to comply with the obligations established in this document for the DATA PROCESSOR and the instructions issued by the DATA CONTROLLER.

It is the responsibility of the DATA PROCESSOR to contractually require the subcontractor to comply with the same obligations assumed by the DATA PROCESSOR through this document.

The DATA PROCESSOR remains fully responsible to the DATA CONTROLLER for the fulfilment of the obligations.

The DATA PROCESSOR must inform the DATA CONTROLLER of any changes in the incorporation or replacement of other subcontractors one month in advance, giving the DATA CONTROLLER the opportunity to object to such changes.