Privacy Policy

1.- General Information

This “Privacy Policy and Data Protection” aims to inform you about the conditions that govern the collection and processing of your personal data by our entity or corporate group to safeguard fundamental rights, your honor, and freedoms, all in compliance with current regulations governing the Protection of Personal Data according to the European Union and the Spanish Member State.

In accordance with these regulations, we need your authorization and consent for the collection and processing of your personal data. Therefore, we will provide you with all the details of interest regarding how we carry out these processes, for what purposes, which other entities may have access to your data, and what your rights are.

Considering the above, once you have reviewed and read our Data Protection Policy, it is essential that you accept it as proof of your conformity and consent.

2.- Data Controller

Who collects and processes your data?

The Data Controller is the natural or legal person, public or private entity, or administrative body that alone or jointly with others determines the purposes and means of the personal data processing. This applies when the purposes and means of processing are determined by the Law of the European Union or the Spanish Member State.

In this case, our identifying data as the Data Controller are as follows:


How can you contact us?

Our office address:


Mailing address:


¿Quién puede ayudarte con nuestra Política de Protección de Datos?

Disponemos de una persona o entidad especializada en protección de datos, que es la encargada de velar por el correcto cumplimiento en nuestra entidad de la legislación y normativas vigentes. Ésta persona recibe el nombre de Delegado de Protección de Datos (DPO) o Responsable de Protección de Datos y, si lo necesita, puede contactar con él de la siguiente forma:


3.- Security Measures

How do we guarantee the privacy of your data?

Our entity or corporate group adopts the necessary organizational and technical measures to guarantee the security and privacy of your data, prevent its alteration, loss, processing, or unauthorized access, depending on the state of technology, the nature of the stored data, and the risks they are exposed to.

Among others, the following measures stand out:

  • Ensuring permanent confidentiality, integrity, availability, and resilience of the processing systems and services.
  • Restoring the availability and access to personal data quickly in case of a physical or technical incident.
  • Regularly verifying, assessing, and evaluating the effectiveness of the technical and organizational measures implemented to ensure processing security.
  • Pseudonymizing and encrypting personal data, particularly sensitive data.

4.- Purpose of Processing

Why do we want to process your data?

We need your authorization and consent to collect and process your personal data. Therefore, we detail below the planned uses and purposes. However, we will only carry out those that you have authorized us through the “Consent Authorization Form” for data processing.

We need your data to provide you with the best service and offer you the best products.

How long do we keep your data?

We use your data for the strictly necessary time to fulfill the previously stated purposes. Unless there is a legal obligation or requirement, the planned retention periods are:

Your personal data will be kept for the time necessary to fulfill the purpose for which they were collected. If your data is used for various purposes that require us to keep them for different periods, we will apply the longest retention period.

In any case, we limit access to your data only to those who need to use it for the performance of their duties.

Our data retention periods are based on business needs. Therefore, concerning personal data that is no longer necessary, access to it will either be restricted to the fulfillment of strictly legal obligations, or it will be securely destroyed.

5.- Legitimacy of Processing

Why do we process your data?

The collection and processing of your data are always based on one or several legal bases, detailed below:

The use of your data under the previously described conditions is permitted by European and Spanish data protection regulations in accordance with the following legal bases:

  • You have given your consent (a consent form has been provided for you to authorize the processing of your data for certain purposes; you can revoke this consent at any time)
  • The processing of your data is necessary for the management and maintenance of a contract signed with you
  • The processing of your data is necessary to comply with our legal obligations
  • We use your data to pursue a legitimate interest, and our reasons for doing so outweigh the potential harm to your data protection rights
  • There may be purposes permitted under other legal bases; in such cases, we will do our best to identify the legal basis in question and inform you as soon as we become aware of its existence.

6.- Recipients of Your Data

To whom do we transfer your data within the European Union?

On occasion, to fulfill our legal obligations and our contractual commitment to you, we may be obliged to transfer some of your data to certain categories of recipients, which we specify below (they will only appear if transfers are made):

It may be necessary, due to legal requirement, judicial proceedings, litigation, and/or request from authorities and public bodies within or outside your country of residence, for us to disclose your personal data to the corresponding public administrations or bodies. We may also disclose your personal data if we are required to do so for reasons of public order, law enforcement, and other matters of public relevance, to the extent that disclosure is necessary and appropriate and as required by the competent authorities. Where legally permitted, and to the extent possible, we will inform you before such disclosure. If we determine in good faith that disclosure is reasonably necessary to protect our rights, enforce our terms and conditions, investigate fraud, or protect our operations or users, we may also disclose your personal data to the relevant supervisory authorities.

In addition to the categories of recipients to whom data are transferred, we may also transfer them to the following organizations (they will only appear if data is transferred to other organizations):
Not applicable

Do we make International Transfers of your data outside the European Union?

In the processes of processing your data carried out by our entity, we may need to hire external services that could involve your data being stored and/or processed by organizations established or operating from outside the European Union, which would imply that we make international transfers of your data.

Below, we provide you with all the details of these international transfers (they will only appear if transfers are made):
Not applicable

7.- Origin and Types of Processed Data

Where have we obtained your data from?

Each time you directly contact us, for example, through customer service phone lines or through the website, to request information about our products and services, you provide it yourself.

In this regard, we will only collect and process your personal data if you are at least 14 years old.

NAJARRO PROYECTOS S.L. reserves the right to verify the age of individuals providing personal data. Any data of a person under 14 years old will be deleted.

We would appreciate your help in keeping your personal data updated by informing us of any changes to your contact details or preferences.

What types of data have we collected and processed from you?

Through the different services and contact channels described in this Privacy Policy, the following types of data about you may be collected:

Contact Information: Name, address, phone numbers, email.
Preferences: Information you provide us about your preferences.

8.- Rights of the Data Subjects

What rights protect you?

Current data protection regulations protect you with a series of rights regarding the use we give to your data. All of your rights are personal and non-transferable, meaning that they can only be exercised by the data subject after verifying their identity.

Below, we indicate the rights that are available to you:

  • Request ACCESS to your personal data
  • Request the RECTIFICATION of your data
  • Request the DELETION or removal of your data (right to be forgotten)
  • LIMIT or OBJECT to the use we give to your data
  • Right to PORTABILITY of your data in cases of telecommunications or internet services
  • Right to WITHDRAW your consent at any time
  • Right to file a COMPLAINT regarding data protection with the Control Authority: Spanish Data Protection Agency

How can you exercise your rights regarding your data?

To exercise your rights of access, rectification, deletion, limitation or opposition, portability, and withdrawal of your consent, you can do so in the following way:


How can you file a complaint?

In addition to your rights, if you believe that your data is not being collected or processed in accordance with current Data Protection regulations, you may file a complaint with the Control Authority, whose contact details we indicate below:

Spanish Data Protection Agency
Calle Jorge Juan, 6, 28001 Madrid
Teléfono: 901 100 099 – 912 663 517

9.- Consent and Acceptance

Acceptance of this document indicates that you understand and accept all clauses of our privacy policy, authorizing the collection and processing of your personal data under these terms. This acceptance is made through the signature of the “Consent Authorization Form for data processing”.

Financiado por la Unión Europea-Next Generation EU

Abrir chat
¿En qué podemos ayudarte?