top of page

Privacy Policy

The present Privacy Policy applies to all personal data processing carried out by GDH Sostenibilidad y Tecnología, S.L., or any of the companies in its corporate group (hereinafter, “GreenAIDataHub” and the “Policy”, respectively).

 

This Policy is intended to apply globally, although it may be supplemented by specific local provisions regarding data processing carried out by GreenAIDataHub group companies domiciled or operating in certain countries.

 

The purpose of the Policy is to address any questions you may have regarding the processing of your personal data as a data subject. However, if you need additional information, you can contact: info@greenaidatahub.com.

 

We recommend that you read this Policy carefully, as it contains relevant information to help you make informed decisions when providing us with your personal data.

 
Definitions

  • Personal data: Any information that identifies or can identify a natural person, such as name, address, email, telephone, IP address, etc.

  • User: A natural person who accesses and uses this website.

  • Data controller: A natural or legal person who determines the purposes and means of the processing of personal data.

  • Data processor: A natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.

  • DPO (Data Protection Officer): A professional responsible for supervising and ensuring compliance with data protection regulations within the organization.

  • Consent: A freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they agree to the processing of their personal data.

  • Processing: Any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organization, storage, consultation, use, disclosure by transmission, dissemination, restriction, erasure, or destruction.

  • Data disclosure: Any disclosure of personal data to a natural or legal person, public authority, agency, or other body, whether or not a third party.

  • Recipient: A natural or legal person, public authority, agency, or other body to whom personal data are disclosed, whether or not a third party.

  • Third party: Any natural or legal person, public authority, agency, or body other than the data subject, the controller, the processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

  • International transfers: Processing of personal data that involves the transmission of such data outside the European Economic Area.

  • Standard Contractual Clauses: A legal mechanism approved by the European Commission that allows international transfers of personal data by means of a contract based on official templates.

  • Binding Corporate Rules: Internal data protection policies adopted by a controller or processor established in the European Union for transfers of personal data to entities within the same corporate group located in third countries.

  • Anonymization: A set of techniques aimed at eliminating the possibility of associating data with an identified or identifiable natural person through reasonable effort, considering both objective factors (time, technical means) and contextual factors (population density, nature and volume of the data).

  • Pseudonymization: Processing of personal data in such a way that they can no longer be attributed to a specific data subject without the use of additional information, which is kept separately and is subject to technical and organizational measures to ensure that the data are not attributed to an identified or identifiable person.

  • Profiling: Any form of automated processing of personal data consisting of using such data to evaluate certain personal aspects of a natural person, in particular to analyze or predict aspects concerning their professional performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

  • Geolocation: Any data processed in an electronic communications network indicating the geographic position of the terminal equipment of a data subject.

  • Cookies: Small files or devices installed in the user’s browser to store, retrieve, or update information. They allow the website publisher to know the user’s preferences and personalize the browsing experience. More information is available in GreenAIDataHub’s Cookie Policy.

  • Online Services: Includes any website, digital environment, channel, application, promotion, or platform managed by GreenAIDataHub.

  • Activities, Products and/or Services: Refers to invitations to commercial, informational, sports, recreational or leisure events; information about promotions, contests, sweepstakes, and commercial communications relating to sectors such as technology solutions, mobility, automotive, insurance, finance, leisure, travel, home, sports, gastronomy, loyalty programs, media and payment services, or third-party telecommunications, through various channels.

  • Social network data: Personal information provided or shared by users on GreenAIDataHub’s official profiles, pages, or channels on social networks, subject to each platform’s privacy policies.

  • GreenAIDataHub Unique User: User registered in GreenAIDataHub’s unified system to access the Online Services of any group entity, whose content is integrated into the corresponding user account.

  • GreenAIDataHub group companies with commercial activity as transferees of Personal Data: Those GreenAIDataHub group companies included in the official list, to which the transfer of clients’ personal data is limited.

  • GreenAIDataHub Group: Set of companies linked to GreenAIDataHub, for the purposes of Article 42 of the Spanish Commercial Code. More information available at www.greenaidatahub.com/estructura.

 
Data Controller and Contact Details

The data controller for personal data collected through this website is GDH Sostenibilidad y Tecnología, S.L., with registered office at C/ Hermosilla 48, 1-Dcha – 28001, NIF/CIF B-19449560, registered in the Madrid Mercantile Registry, Volume 0, Page 0, Sheet M-831.938, and contact email:

The data controller and their email address is: info@greenaidatahub.com

Personal Data Subject to Processing and Source

The processing of personal data in Spain and the European Union is regulated by a robust and harmonized legal framework, whose main objective is to guarantee the fundamental rights of natural persons regarding data protection and the free movement of such data. The main applicable regulations are detailed below:

  1. Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation - GDPR)

  2. Organic Law 3/2018, of December 5, on the Protection of Personal Data and guarantee of digital rights (LOPDGDD)

  3. Sectoral and complementary regulations

    • Law 34/2002, of July 11, on information society services and electronic commerce (LSSI-CE)

    • Binding corporate rules, standard contractual clauses, and other international mechanisms

    • Directive (EU) 2016/680: on the protection of personal data processed for the purposes of prevention, detection, investigation, and prosecution of criminal offenses or the execution of criminal penalties

  4. Supervision and compliance

    • The Spanish Data Protection Agency (AEPD) is the national authority responsible for ensuring compliance with data protection regulations in Spain, together with the regional authorities within their areas of competence.

 

The following personal data are collected and processed:

  • Identification data: name, surname, email, telephone, company, job position, country, etc.

  • Browsing data: IP address, browser type, operating system, language, date and time of access, referring URL, information collected through cookies and similar technologies.

  • Data provided directly by the user through forms, inquiries, subscriptions, or requests.

 

The source of the data is:

  • Directly from the user via web forms.

  • Automatically, through cookies and tracking technologies.

 
Purpose and Legal Basis of Processing

 

Personal data will be processed for the following purposes:

  • Managing user registration and access to the website.

  • Responding to inquiries, requests, or information demands.

  • Sending commercial communications, provided that consent has been given.

  • Improving the browsing experience and analyzing site usage.

 

The legal basis for processing will be:

  • The explicit consent of the user.

  • The performance of a contract or the application of pre-contractual measures.

  • Compliance with legal obligations.

  • The legitimate interest of the controller, provided that the rights and freedoms of the user do not prevail.

 
Recipients and Data Sharing

 

Personal data may be disclosed to:

  • Technology and support service providers, acting as data processors, under contracts that guarantee the confidentiality and security of the information.

  • Authorities and public bodies, in compliance with legal obligations.

No data transfers to third parties for purposes other than those indicated here are foreseen.

 
International Transfers

 

If international data transfers are made outside the European Economic Area, an adequate level of protection will be ensured through:

  • European Commission adequacy decisions.

  • Standard contractual clauses approved by the European Commission.

  • Explicit user consent, where applicable.

 
Duration of Processing

 

Personal data will be retained for as long as necessary to fulfill the purpose for which they were collected and, subsequently, for the legally required periods to address any liabilities arising from the processing.

 
Data Subject Rights

 

The user may exercise the following rights regarding their personal data at any time:

  • Access: Allows the data subject to know whether the controller is processing their personal data and, if so, to access such data and obtain information about their origin, the purposes of processing, the categories of data processed, recipients, retention periods, and the rights available to them.

  • Rectification: Allows the data subject to request the correction of inaccurate or incomplete personal data. The controller must rectify without undue delay, and the data subject may provide documentation to justify the inaccuracy or incompleteness of the data.

  • Erasure (Right to be Forgotten): Allows the data subject to request the deletion of personal data when, among other cases, they are no longer necessary for the purpose for which they were collected, consent is withdrawn, the right to object has been exercised, the data have been processed unlawfully, or must be erased to comply with a legal obligation. If the data have been made public, the controller must inform other controllers to erase any link, copy, or replication thereof.

  • Objection: Allows the data subject to object to the processing of their personal data for reasons related to their particular situation, especially when processing is based on the public or legitimate interest of the controller, including profiling. It may also be exercised at any time to prevent processing for direct marketing purposes. After exercising this right, the controller must cease processing unless there are compelling legitimate grounds or for the establishment, exercise, or defense of claims.

  • Restriction of processing: Consists of requesting that the processing of personal data be restricted in certain circumstances, such as when the accuracy of the data is contested (while it is being verified), when the processing is unlawful and the data subject opts for restriction rather than erasure, when the controller no longer needs the data but the data subject requires them for the establishment, exercise, or defense of claims, or when the right to object has been exercised (while it is being verified whether the controller’s grounds prevail).

  • Portability: Allows the data subject to receive the personal data provided to a controller, in a structured, commonly used, and machine-readable format, and to transmit them to another controller, provided that processing is based on consent or a contract and is carried out by automated means.

  • Withdrawal of consent: The data subject may withdraw the consent given for the processing of their data at any time, without affecting the lawfulness of processing based on consent prior to its withdrawal. After withdrawal, the controller must cease processing the data for that specific purpose.

  • Not to be subject to automated decisions, including profiling: Grants the data subject the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects or similarly significantly affects them. There are exceptions, such as when the decision is necessary for the conclusion or performance of a contract, is authorized by applicable law, or is based on the explicit consent of the data subject. In these cases, the controller must guarantee the right to obtain human intervention, to express their point of view, and to contest the decision.

 

To exercise these rights, the user may contact the data controller or the DPO using the contact details provided.

 
Children’s Data Protection

 

No personal data of children under 14 years of age will be collected or processed without the prior and verifiable consent of their parents or legal guardians, in accordance with current legislation. Parents or guardians are advised to supervise minors’ use of the internet.

 
Data on Social Networks

 

The processing of personal data on social networks will be governed by the privacy policies of each platform. The website controller will not be responsible for the use or processing of personal data carried out by third parties on such platforms.

 
User Responsibility

 

The user guarantees that the personal data provided are truthful, accurate, complete, and up to date, being responsible for any direct or indirect damage or harm that may result from failure to comply with this obligation.

 
Changes to Our Policy

 

GreenAIDataHub reserves the right to modify this Privacy Policy at any time. In the event of significant changes, users will be duly informed via the corresponding notice. Minor updates will be reflected with the new effective date indicated in the document. The processing of your personal data will be governed by the version of the Policy in force as of its effective date. It is recommended to review this document periodically.

Last modified: 21/04/2025

bottom of page