1. DATA CONTROLLER INFORMATION


Entity Name: DIVISA IT S.A.U.

Address: Parque Tecnológico de Boecillo, Parc. 129 – 47151 Boecillo (Valladolid), Spain

Phone: +34 983 546 600

Email: lopd@divisait.com


2. DATA PROCESSING THROUGH THE WEBSITE


The data that DIVISA IT S.A.U. may collect through the use or browsing of the website, via our forms, by email, or due to the contractual relationship established with DIVISA IT S.A.U., are considered personal data. When completing any of the forms on our website, there will be required fields marked with an asterisk (*). If these fields are not completed, the purposes described in each form cannot be fulfilled.

In some cases, please note that just by using and browsing our website, DIVISA IT S.A.U. may store data related to:

  • IP address

  • Browser version

  • Operating system

  • Length of visit or website browsing


Such information may be stored through Google Analytics. Therefore, we refer to Google’s Privacy Policy, as it collects and processes this information.

Likewise, our website includes the Google Maps feature, which may access your location (if permitted) in order to provide greater specificity regarding distance and/or directions to our offices. In this regard, we refer to the Privacy Policy used by Google Maps to understand how such data is used and processed.

DIVISA IT S.A.U. reserves the right to modify or adapt this Privacy Policy at any time. We recommend reviewing it each time you access the website.


1. Contact Forms.

  1. Purpose.
    - To respond to your request for information via our contact form
    - To send you communications and information from DIVISA IT S.A.U. through various means, including electronic ones, if you check the corresponding box.
  2. Legal Basis. Data subject’s consent.
  3. Recipients. No data will be transferred to third parties, unless lawfully permitted under applicable data protection regulations.

2. Information provided via emails available on the website.

  1. Purpose: To respond to your request for information
  2. Legal Basis: Your consent granted when you send us the request via email
  3. Recipients: No data will be transferred to third parties, unless lawfully permitted under applicable data protection regulations.

3. "Work with us" Form and Spontaneous Applications.

  1. Purpose: To include you in DIVISA IT S.A.U.'s recruitment processes
  2. Legal Basis: Execution of a contract in which the data subject is a party or pre-contractual measures requested by the data subject
  3. Recipients: No data will be transferred to third parties, unless lawfully permitted under applicable data protection regulations.

4. Advertising / Newsletter Subscription

  1. Purpose: To manage the sending of advertising or newsletters to users who subscribe
  2. Legal Basis: Consent of the data subject by checking the corresponding box
  3. Recipients: No data will be transferred to third parties, unless lawfully permitted under applicable data protection regulations.

5. Exercising GDPR Rights

  1. Purpose: To respond to data protection rights requests
  2. Legal Basis: Art. 6.1.c) GDPR – Processing necessary to comply with a legal obligation
  3. Recipients: No data will be transferred to third parties, unless lawfully permitted under applicable data protection regulations.

6. Security Breach

  1. Purpose: To manage and resolve data protection breaches, including notifying affected individuals
  2. Legal Basis: Art. 6.1.c) GDPR – Processing necessary to comply with a legal obligation
  3. Recipients: No data will be transferred to third parties, unless lawfully permitted under applicable data protection regulations.

3. OTHER DATA PROCESSING ACTIVITIES

7. Professional Contacts Only.

  1. Purpose: To maintain the professional relationship between you and DIVISA IT S.A.U.
  2. Legal Basis: Legitimate interest of the data controller, provided it does not override the fundamental rights and freedoms of the data subject
  3. Recipients: No data will be transferred to third parties, unless lawfully permitted under applicable data protection regulations.

8. Social Media Contacts Only

  1. Purpose:

    • To respond to inquiries, requests, or questions

    • To manage the requested service, respond to your request, or process a petition

    • To establish a user-controller relationship and create a follower community

    Legal Basis: Legitimate interest of the controller and acceptance of a contractual relationship within the corresponding social media platform
    Recipients: No data will be transferred to third parties, unless lawfully permitted under applicable data protection regulations. However, we recommend reviewing the privacy policy of the social networks we use, as they may transfer data to the United States

    .

9. Clients Only.

  • Purpose:

    • Invoices, delivery notes, quotes, and contracts: To manage services derived from the contractual relationship and the associated obligations

    • Advertising: To offer our products, services, events, and workshops

    Legal Basis:

    • Invoices, delivery notes, quotes, and contracts: Execution of a contract and compliance with legal obligations such as:

      • Commercial data retention: 6 years per the Commercial Code

      • Tax data disclosure to the Spanish Tax Agency under Law 58/2003

    • Advertising: Consent of the data subject

    Recipients:

    • Contracts: Internally to relevant departments and, where legally applicable, to third parties:

      • Spanish Tax Agency

      • Relevant banking institutions

      • Labor Inspectorate, if required

    • Advertising: No data will be transferred to third parties, unless lawfully permitted


4. DATA RETENTION PERIODS

DATA COLLECTED VIA THE WEBSITE

Contact Forms

Accepts to receive advertising

Your personal data will be processed until the consent granted for this purpose is revoked.

Does not accept to receive advertising

Your personal data will be processed for the time strictly necessary to respond to your request.

Information provided via the email addresses made available on the website

Once we have responded to your information request, the data will be stored for a maximum of 6 months as evidence in case of possible future claims.

Work with us and unsolicited applications

In accordance with DIVISA IT S.A.U.'s data retention policy, your personal data will be kept for a maximum period of ONE YEAR from the date the curriculum vitae is received.

Advertising and newsletter subscription

Your personal data will be retained until you cancel your subscription to DIVISA IT S.A.U.'s advertising or newsletter .

Exercise of GDPR rights

Your data will be retained for the time necessary to resolve the request and, subsequently, properly minimized and blocked in order to comply with legal obligations regarding data protection.

Breach management

Your data will be retained for the time necessary to manage and resolve the breach and, subsequently, properly minimized and blocked in order to comply with legal obligations regarding data protection.


OTHER DATA PROCESSING ACTIVITIES

Exclusive to professional contacts

Until our professional relationship ends or you decide to cancel or object to the processing of your contact data.

Exclusive to contacts via social media

Your personal data will be retained for as long as necessary to fulfill the purpose for which it was collected.

Exclusive to clients

Invoices, delivery notes, quotes, and contracts

Your personal data will be processed until the contractual relationship ends. Once it has ended, for commercial purposes, your data will be retained for a period of 6 years in compliance with the provisions of the Commercial Code. For tax purposes, your data will be retained for a period of 4 years in compliance with the General Tax Law.

Advertising

Your personal data will be processed until the consent granted for this purpose is revoked.


5. INTERNATIONAL DATA TRANSFERS.

DIVISA IT S.A.U. does not currently intend to make international data transfers. If such transfers become necessary, they will only be made to entities under the EU-US Data Privacy Framework (Adequacy decision: EU-US Data Privacy Framework), or to entities demonstrating adequate protection and compliance as required by current data protection laws, such as the GDPR, or with the legal basis of the data subject's consent. In all cases, data subjects will be informed accordingly

6. WHAT ARE YOUR DATA PROTECTION RIGHTS?

As a data subject, you have the right to:

  • Obtain confirmation of whether your personal data is being processed

  • Access your personal data

  • Request rectification of inaccurate data

  • Request erasure when the data is no longer necessary or consent is withdrawn

  • Request restriction of processing

  • Exercise data portability in a structured, commonly used, machine-readable format

  • Withdraw consent at any time for processing based on consent

To exercise your rights, contact us via email at lopd@divisait.com (This link will open in a new window). We have forms available for all rights; however, you may also use those provided by the Spanish Data Protection Agency.

You have the right to lodge a complaint with the Spanish Data Protection Agency if you believe your rights have not been properly addressed. The maximum response time is one month from receipt of your request.

If any changes to your personal data occur, please notify us in writing to help us keep your data up to date

.



Last updated: July 9, 2025.