Clients Access

Privacy policy

SUARDIAZ | Last updated: June 2026

Data Controller

In compliance with Regulation (EU) 2016/679 (GDPR) and Organic Law 3/2018 (LOPDGDD), we inform you that the controller of your personal data is:

Personal Data We Collect

Through our website and the channels provided for this purpose, we may collect the following categories of personal data:

2.1 Data provided directly by the user:

2.2 Data collected automatically:

Purposes and Legal Bases for Processing

Your personal data is processed for the following purposes, based on the corresponding legal grounds:

3.1 Commercial relationship management and service provision

Legal basis: performance of a contract or pre-contractual measures (Art. 6.1(b) GDPR).
Your information is necessary to manage our business relationship, process orders and quotes, and handle any services contracted with SUARDIAZ.

3.2 Management of enquiries and information requests

Legal basis: legitimate interest and/or consent (Art. 6.1(a) and 6.1(f) GDPR).
We process your data to respond to inquiries, requests, or requests for information that you submit to us through the channels available on our website.

3.3 Marketing communications

Legal basis: consent (Art. 6.1(a) GDPR). With your express consent, we may send you information about our products, services, news, and special offers. You may withdraw your consent at any time.

3.4 Internal management through CRM

Legal basis: legitimate interest and contract performance (Art. 6.1(b) and 6.1(f) GDPR). SUARDIAZ uses the CRM platform as a technological tool for managing, organizing, and tracking data on customers, contacts, and sales opportunities.

The CRM platform is used to:

The data stored on the CRM platform is processed exclusively by authorized SUARDIAZ personnel and, where applicable, by the platform provider acting as a data processor, with the appropriate contractual and security safeguards required by current regulations.

3.5 Compliance with legal obligations

Legal basis: compliance with legal obligations (Art. 6.1(c) GDPR). In certain cases, data processing is necessary to comply with legal obligations applicable to SUARDIAZ, such as tax, commercial, or labor regulations.

4. Technological Tools and Data Processors

SUARDIAZ uses technological platforms and service providers acting as data processors under Article 28 GDPR.

4.1 CRM Platform

SUARDIAZ uses a Customer Relationship Management (CRM) platform to centralize and manage contact information, customer data, and business activity. This tool processes personal data on behalf of SUARDIAZ exclusively for the purposes described in section 3.4 of this policy.
The CRM provider acts as a data processor and is required to:

4.2 Other Support Tools

SUARDIAZ may also use other platforms and technological services (web hosting, email, analytics tools, etc.), which are also processed in accordance with the data processing terms established by the GDPR. For more information, please contact us using the contact details provided in Section 1.

5. Data Retention Periods

Personal data will be retained for as long as is strictly necessary for the purpose for which it was collected and, in any case, for the periods established by law:

6. Recipients and International Transfers

As a general rule, SUARDIAZ will not disclose personal data to third parties except:

Where international transfers outside the EEA occur, SUARDIAZ will ensure appropriate safeguards under the GDPR.

7. Data Subject Rights

You may exercise the following rights:

To exercise any of these rights, you may submit a written request to SUARDIAZ via the following email address: dpo@suardiaz.com, specifying the right you wish to exercise, your full name, and a document proving your identity.
Likewise, if you believe that the processing of your data does not comply with current regulations, you have the right to file a complaint with the Spanish Data Protection Agency (AEPD) through its website at www.aepd.es.

8. Security Measures

SUARDIAZ has implemented the necessary technical and organizational measures to ensure the security and integrity of the personal data it processes, and to prevent its alteration, loss, or unauthorized processing or access, taking into account the state of technology, the nature of the data stored, and the risks to which it is exposed. These measures include:

The CRM platform also has its own technical and organizational security measures, which have been assessed by SUARDIAZ under the data processing agreement entered into.

9. Cookie Policy

Our website may use cookies and similar technologies to enhance your browsing experience and analyze site usage. For detailed information about the cookies we use, their purposes, and how to manage them, please see our Cookie Policy available at Cookie Policy.

10. Minors

Our services are not directed at children under 14 years of age. SUARDIAZ does not knowingly collect personal data from minors without the consent of parents or legal guardians. If I become aware that a minor’s personal information has been provided without the appropriate consent, I will delete it immediately.

11. Amendments to this Privacy Policy

SUARDIAZ reserves the right to update or modify this Privacy Policy at any time in order to adapt it to changes in legislation, case law, or business practices. Any changes will be posted on this page, along with the date of the last update. We recommend that you review this Policy periodically to stay informed about how we protect your data.

This version was updated in May 2026 to include information regarding the use of the CRM platform for managing customer and contact data.

12. Contact

For any questions regarding the processing of your personal data or the exercise of your rights, please contact: