Privacy policy

1       Data controller

2       Purpose of processing

3       Legitimacy of data processing

4       Transfers

5       Users’ rights

6       Security measures


1          Data controller

Esbelt S.A. (from hereinafter Esbelt), whose tax identification number os A-61557641 and whose business address is Provença 385- 2º, 08025 – Barcelona – Spain, hereby states that:

  1. a) It guarantees the protection of the personal data voluntarily provided by users when communicating with Esbelt:

–  by email;

–  filling in data collection forms;

–  formalising a contractual relationship; or

–  using any other service on the website that involves communicating or accessing data.


  1. b) It processes the collected data in accordance with European General Data Protection Regulation 679/2016, of 27 April, from hereinafter GDPR, and in compliance with this policy, which is published on the principle of proactive responsibility and transparency of information, and which aims to prove that unequivocal consent has been obtained from the data subject.


2          Purpose of processing

The personal data collected and processed by Esbelt from this website, trade shows, contracts, newsletters and other means will be adequate, relevant and limited to what is necessary in relation to the purposes for which they are collected and processed.


– The purpose of processing data obtained from web forms or by other unspecified voluntary means of providing data (giving business cards, sending emails, etc.) is to respond to specific requests, sell products, send catalogues, answer inquiries, manage subscriptions and send out newsletters, manage sales contacts, register at conferences, send documentation and information related to products and all marketing and advertising information.

– The purpose of processing data obtained by signing contracts is to establish and maintain the contractual relationship thereby established, in accordance with the nature and characteristics of the contracted product; for archiving and for carrying out research and development work in this field.


In all cases the personal data will be kept in a form which permits identification of the data subject no longer than is necessary for the purposes for which the personal data are processed. These storage periods will be extended solely when the data are processed for scientific, historical or statistical purposes.


3          Legitimacy of data processing

The lawfulness, or legitimacy, of the data processing carried out by Esbelt depends on the different processing activities, the type of data subject and the purposes of processing. Hence legitimacy is based on:

– Explicit acceptance or consent in the case of data subjects who contact Esbelt to request information, make inquiries, subscribe to the sending of information and newsletters, training, etc. and who voluntarily provide the personal data requested.

– Contract in the case of customers who access Esbelt products and give their consent by signing the contract.

– The legitimate interests of Esbelt or third parties to whom data are disclosed in the case of contact data collected in ways other than those stated in the purpose of processing section (e.g. receiving business cards, email inquiries).

In all cases, the data subject will be responsible for the accuracy of the data provided, and Esbelt reserves the right to exclude all false or illegal data, notwithstanding any other legal actions.

Esbelt warns that, except when there is a legally established representative, no data subject may use the identity of another person or disclose their personal data, hence they should bear in mind that they must disclose to Esbelt personal data corresponding to their own identity which are adequate, relevant, up to date, accurate and true. To this effect, the data subject will be the sole party responsible for any direct and/or indirect damages caused to third parties or Esbelt by the use of personal data of another person, or their own personal data which are false, incorrect, out of date, inadequate or irrelevant.

Furthermore, the party disclosing the personal data of a third party will be liable to the latter with regard to the obligation of information established in the GDPR when personal data have not been collected from the data subject themselves and/or the consequences of not having informed the data subject.

4          Transfers

Transfers: Esbelt transfers personal data to its subsidiaries to provide better customer services and to third parties solely to meet the contractual or legal obligations of the service with regard to suppliers and public or private organisations. The data subject consents to these transfers in such cases and may be informed about them by exercising their rights.

International transfers: Esbelt hereby states that in conducting its business it uses the services of suppliers to whom it discloses data (such as data processors) whose addresses are outside the European Economic Area, thereby carrying out an international data transfer. These suppliers and their privacy policies are given below:

Google, Inc:

Mail chimp:


Zoho Corporation:



Furthermore, we hereby state that in all the suppliers are signatories of the Shield privacy agreement, which can be viewed on the AEPD Guide to the EU-US Privacy Shield.


5          Users’ rights 

Users may at any time exercise their recognised rights with regard to their personal data and withdraw their consent for the aforementioned uses, in writing, including their request or the right they are exercising, to the address of Esbelt or by email to the address, including in both cases a photocopy of their national identity card or other similar identification document.

The recognised rights that may be exercised are the following:

  • Request information on the data we process, the purpose of processing and its lawfulness.
  • Request modification of data if incorrect.
  • Request the data be erased in the legally established cases.
  • Stop data being processed, except when justified.
  • Restriction of processing. Data will only be held by Esbelt to exercise or provide defence in the event of complaints.

Right to data portability. If you would like your data to be processed by another supplier, Esbelt will facilitate the portability of your data to the new processor.

For more information on exercising these rights, you can view the citizens’ guide published by the Spanish Data Protection Agency.


If you think the processing of your personal data is in breach of regulations, you may lodge a complaint:

  • with the Esbelt data protection officer or
  • with the Spanish Data Protection Agency, to their postal address: C/ Jorge Juan, 6, C.P. 28001, Madrid (España).


6          Security measures

The personal data for which Esbelt is the controller are structured into files, automatic or otherwise, and processing activities are logged in accordance with current legislation.

Furthermore, each time data are processed, Esbelt establishes the appropriate technical and organisational measures to ensure the confidentiality, integrity, availability and resilience of the data included in processing and which are necessary for ensuring appropriate security, including protection from unauthorised or unlawful processing and from loss, destruction or accidental damage, which are aimed at:

  1. The pseudonymisation and encryption of personal data.
  2. The ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services.
  3. The ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident.
  4. The process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.