1. Data controller
The controller for the processing of the user's personal data through this website is the company DARKDATA, S.L., with registered office at Calle Manuel Ceruelo 9-B 1ºB, 15702 Santiago de Compostela (A Coruña), Spain, with Tax ID (CIF) B67703793.
CIF: B67703793
Postal address: Calle Manuel Ceruelo 9-B 1ºB, 15702 Santiago de Compostela (A Coruña), Spain
Phone: (+34) 91 210 47 98
Email / DPO contact: info@darkdata.es
For any matter relating to the processing of personal data, including the exercise of the rights described below, you may contact the Data Protection Officer of DARKDATA, S.L. via the email address info@darkdata.es.
2. Scope
This Privacy Policy applies to personal data collected through this website, our marketing communications, our forms (including the demo-request form on the home page) and any direct interaction with prospects, customers, partners and visitors.
It does not cover personal data that our customers process within the DarkGuard product on behalf of their own users, employees or endpoints. In that context, the customer is the data controller and DARKDATA acts as data processor under a separate Data Processing Agreement (DPA).
3. Personal data we collect
3.1 Information you provide to us
- Identity and contact data: name, job title, employer, business email, business phone, country.
- Inquiry content: the message and context you provide when you submit a contact form, request a demo, or correspond with us.
- Marketing preferences: subscription choices and consent records.
- Commercial information: details exchanged in the course of evaluating, negotiating, or providing our services, including procurement, due diligence, and contractual information.
3.2 Information we collect automatically
- Technical data: IP address (truncated where feasible), browser and device type, operating system, referring URL, pages viewed, time spent, and approximate location derived from IP.
- Cookies and similar technologies: see our Cookie Policy.
We do not knowingly collect special categories of personal data (such as health, biometric or political data) through this website. Please do not submit such data through our forms.
4. Purposes and legal bases for processing
4.1 Handling your inquiries
The personal data of those requesting information will be processed for the sole purpose of responding to such requests, within the legally provided limits, and to be able to provide the requested information. Such personal data will be kept for the time necessary to manage the request and any potential liabilities arising from it, after which they will be deleted in their entirety.
Legal basis: performance of pre-contractual measures at the request of the data subject (Art. 6(1)(b) GDPR).
4.2 Recruitment processes
The personal data of job applicants and persons participating in selection processes will be processed solely for the selection of candidates and management of applications. The data will be kept for the period legally established, after which they will be deleted.
Legal basis: consent of the data subject (Art. 6(1)(a) GDPR).
4.3 Marketing and business development
Sending newsletters, product updates and event invitations to subscribers and existing business contacts; targeted business outreach to professional contacts whose role suggests interest in AI governance and cybersecurity solutions; managing event participation and follow-up.
Processing of personal data by DARKDATA, S.L. for these purposes will respond to the free consent of the data subject, expressly and explicitly given through the channels enabled. Such consent is revocable at any time. The user undertakes to provide correct, truthful and updated information about their situation.
Legal basis: consent (Art. 6(1)(a) GDPR), or legitimate interest in B2B promotion to professional audiences (Art. 6(1)(f) GDPR).
4.4 Compliance, security and protection of rights
Preventing fraud, abuse and unauthorized access; complying with legal obligations, regulator requests, and tax or accounting requirements; establishing, exercising or defending legal claims.
Legal basis: legal obligation (Art. 6(1)(c) GDPR), legitimate interest, or, where relevant, vital interests.
5. Recipients of the data
We do not sell personal data. We share it only as necessary, with the following categories of recipients:
- Service providers (data processors): hosting, email, CRM, analytics, customer support and similar tools that operate under written agreements requiring confidentiality and adequate safeguards. A current list is available on request.
- Professional advisors: lawyers, auditors, accountants and consultants bound by confidentiality.
- Authorities and regulators: where required by law, court order or regulatory request.
- Successors: in connection with a merger, acquisition, financing or sale of assets, with appropriate protections.
6. International transfers
Some of our service providers may be located outside the European Economic Area, including in the United States. When we transfer personal data to a country that does not provide an equivalent level of protection, we rely on appropriate safeguards such as European Commission adequacy decisions, EU Standard Contractual Clauses (SCCs) and additional technical and organizational measures (encryption, access controls). You may request more information about our transfer safeguards by contacting us at the address in section 1.
7. Data retention
We keep personal data only as long as necessary for the purposes described, or as required by law. Indicative retention periods:
| Category | Retention |
|---|---|
| Inquiries and demo requests | Up to 24 months from the last interaction, unless a commercial relationship is established |
| Customer and contractual records | For the duration of the contract and up to the period required by Spanish commercial and tax law (general rule: 6 years) |
| Marketing data | Until you unsubscribe, with a suppression record kept to honour your opt-out |
| Website analytics | Typically up to 14 months in aggregated or pseudonymised form |
| Security and access logs | Typically up to 12 months, longer in case of investigation |
8. Your rights
You have the right to obtain confirmation as to whether DARKDATA, S.L. is processing your personal data. You also have the right to access your personal data, rectify inaccurate data, request its deletion when the data is no longer necessary for the purposes for which it was collected, request the limitation or restriction of its processing, oppose its processing, request data portability and withdraw any consent previously given without affecting the lawfulness of processing carried out before such withdrawal.
| Right | What it means |
|---|---|
| Access | You can ask whether we hold personal data about you and request a copy. |
| Rectification | You can ask us to correct inaccurate or incomplete information. |
| Erasure | You can ask us to delete your personal data, subject to limited legal exceptions. |
| Restriction | You can ask us to suspend processing while a dispute or correction is resolved. |
| Objection | You can object to processing based on legitimate interests, including marketing. |
| Portability | You can ask to receive your data in a structured, machine-readable format. |
| Withdraw consent | Where we rely on consent, you can withdraw it at any time without affecting prior processing. |
| Complaint | You can lodge a complaint with the Spanish Data Protection Agency (AEPD). |
You may exercise your rights at any time by sending a written communication to the postal address: Calle Manuel Ceruelo 9-B 1ºB, 15702 Santiago de Compostela (A Coruña), Spain, or by email to info@darkdata.es. The communication should indicate the right you wish to exercise, the data or set of personal data that is the subject of your request, and a copy of a valid identity document. If you do not wish to provide an identity document, you may send a digitally signed communication using a valid electronic certificate (DNIe, FNMT, etc.) to the email address indicated above.
For any doubt or complaint regarding the processing of personal data, you may contact the Data Protection Officer of DARKDATA, S.L. through the email address info@darkdata.es.
Lastly, we inform you that you have the right to lodge a complaint with the Spanish Data Protection Agency (Agencia Española de Protección de Datos, AEPD) as the supervisory authority, at www.aepd.es.
9. Security
DARKDATA, S.L. has adopted the technical and organizational measures necessary to ensure the security of personal data and to prevent its alteration, loss, unauthorized treatment or access, taking into account the state of the art, the nature of the data stored and the risks to which they are exposed, in compliance with article 32 of the GDPR.
10. Children
This website and the DarkGuard product are intended for business users and are not directed to children. We do not knowingly collect personal data from minors under 14 years of age. If you believe we have, please contact us so we can delete it.
11. Changes to this Privacy Policy
DARKDATA, S.L. may update this Privacy Policy to reflect changes in our practices or in legal obligations. We will publish the updated version on the website and update the date at the top. Material changes will be signalled prominently or notified directly where appropriate.
© 2026 DARKDATA, S.L. — CIF B67703793. All rights reserved. Phone: +34 91 210 47 98. Email: info@darkdata.es.