1. Data controller
In compliance with Regulation (EU) 2016/679 (GDPR) and Spanish Organic Law 3/2018 on Personal Data Protection and Digital Rights (LOPDGDD), you are informed that personal data provided through this Website will be processed by:
- Controller
- San Rode Investments SL
- VAT
- B22663694
- Address
- Plaza Honduras 26, ground floor left, 46022 Valencia, Spain
- business@sanrode.es
2. Purpose of processing
We process your personal data for the following purposes:
- Respond to inquiries submitted through the contact form or by email.
- Manage the professional relationship arising from investment, co-investment or collaboration opportunities.
- Send communications related to inquiries received or information you have expressly requested.
- Comply with legal obligations applicable to the holding company's activity.
- Aggregate web analytics, only if you have given consent through the cookie banner (see section 6 and the Cookies Policy).
3. Legal basis for processing
The legal basis for processing your data is:
- Consent of the data subject (art. 6.1.a GDPR) for communications arising from the contact form and for web analytics via cookies.
- Performance of a contract or implementation of pre-contractual measures (art. 6.1.b GDPR) where a professional relationship exists or steps are taken at the User's request.
- Legitimate interest (art. 6.1.f GDPR) for the internal management of inquiries and the security of the Website.
- Compliance with a legal obligation (art. 6.1.c GDPR) where accounting, tax or anti-money-laundering regulations apply.
4. Retention periods
Personal data will be retained for as long as necessary to fulfil the purpose for which they were collected and, in any case, for the legally established periods. As a general criterion:
- Inquiry data that does not result in a professional relationship: up to 12 months from the last contact.
- Data arising from a professional relationship: throughout the relationship and thereafter for the periods required by tax, commercial and accounting regulations (minimum 6 years).
- Web analytics data: up to 14 months (default GA4 configuration).
5. Recipients of data
Personal data may be disclosed to:
- Technology providers acting as data processors for the Controller under a processing agreement (web hosting, transactional email, web analytics).
- Competent public authorities when required by law.
Some of these providers may be located outside the European Economic Area. In such cases, the Controller ensures that appropriate safeguards are in place under GDPR (standard contractual clauses, adequacy decision, etc.).
6. Cookies
This Website uses technical cookies (strictly necessary for operation) and analytics cookies (Google Analytics 4) that are only activated if the User gives express consent through the banner. For more information, please consult our Cookies Policy.
7. Data subject rights
Under GDPR, you are entitled to the following rights:
- Access to your personal data.
- Rectification of inaccurate data.
- Erasure ("right to be forgotten") where one of the legal grounds applies.
- Restriction of processing in certain cases.
- Portability of data in a structured, commonly used format.
- Objection to processing, including profiling.
- Withdraw consent at any time, without affecting the lawfulness of prior processing.
To exercise these rights, please write to business@sanrode.es indicating "Data Protection" in the subject line. You must verify your identity by providing a copy of your ID, passport or equivalent document.
8. Complaint to the supervisory authority
If you consider that the processing of your personal data does not comply with regulations, you may file a complaint with the Spanish Data Protection Agency (AEPD), C/ Jorge Juan 6, 28001 Madrid, or through its electronic site www.aepd.es.
9. Security measures
The Controller applies appropriate technical and organisational measures to ensure a level of security appropriate to the risk, in accordance with article 32 GDPR, including encryption of communications, access control and training of personnel with access to personal data.
10. Modifications
The Controller reserves the right to modify this Privacy Policy to adapt it to legislative or case-law developments or to the entity's standard practice. In such cases, changes will be announced on the Website with reasonable notice.