Legal information
Privacy Policy
At ITNOVE we take the protection of your personal data very seriously. This policy explains what data we collect, for what purpose, for how long we keep it, who we share it with, and how you can exercise your rights, in accordance with Regulation (EU) 2016/679 (the General Data Protection Regulation, "GDPR") and Spanish Organic Law 3/2018 (LOPDGDD, the Spanish Data Protection Act).
1. Data controller
2. Data we process and its purpose
We only collect the data necessary for the following processing activities:
| Processing activity | Data | Purpose | Legal basis |
|---|---|---|---|
| Contact form | Name, company, corporate email, message | Handle your request and send you a commercial reply. | Consent (art. 6.1.a GDPR). |
| Course enrollment | First name, last name, email, phone, billing details, tax ID, attendees | Process the enrollment, issue an invoice, grant access to course resources and invite you to the event. | Performance of a contract (art. 6.1.b GDPR) and legal obligation (art. 6.1.c) for invoicing. |
| Card payment | Processed by Stripe; ITNOVE does not store card data | Charge the course fee. | Performance of a contract (art. 6.1.b GDPR). |
| Training communications | Student's email | Send you reminders, materials and communications about the course you enrolled in. | Performance of a contract (art. 6.1.b GDPR). |
| Newsletter / marketing | Send you content, news and offers related to our services. | Consent (art. 6.1.a GDPR), revocable at any time. |
3. Retention periods
- Contact form: 1 year from the last contact, unless an earlier deletion request is made.
- Enrollments and invoicing: 6 years, in accordance with article 30 of the Spanish Commercial Code.
- Newsletter: until you unsubscribe.
- Technical server logs: 30 days.
4. Data recipients
We do not disclose your data to third parties, except where required by law or strictly necessary to provide the service you have contracted. For this we rely on duly selected data processors, all of them bound by contracts that meet the requirements of article 28 of the GDPR and that offer adequate guarantees of security and confidentiality.
The categories of processors that may process data on ITNOVE's behalf are:
- Website hosting and technical infrastructure providers.
- Payment processing providers.
- Invoicing and accounting providers.
- Email communication providers.
- Training management and delivery platform providers.
- Security and anti-fraud / anti-bot protection providers.
If you would like to know the up-to-date list of data processors, you can request it by writing to info@itnove.com.
5. International transfers
Some data processors may be located outside the European Economic Area. In all such cases, ITNOVE has put in place the appropriate safeguards provided for in Chapter V of the GDPR — mainly the Standard Contractual Clauses approved by the European Commission — to ensure a level of protection equivalent to that required by European regulations.
6. User rights
You can exercise your rights at any time to:
- Access — know what data we hold about you.
- Rectification — correct inaccurate data.
- Erasure ("right to be forgotten") — delete your data when it is no longer necessary.
- Restriction of processing.
- Objection to processing.
- Portability — receive your data in a structured format.
- Withdraw consent — at any time, without affecting the lawfulness of prior processing.
To exercise any of these rights, write to us at info@itnove.com indicating the right you wish to exercise and attaching a copy of your ID document or equivalent.
You also have the right to lodge a complaint with the Spanish Data Protection Agency (Agencia Española de Protección de Datos, AEPD), especially if you consider that we have not properly handled your request (www.aepd.es).
7. Security
We apply appropriate technical and organizational measures to protect your data: encryption in transit (HTTPS), access control, backups, activity logging and confidentiality agreements with all data processors.
8. Minors
Our services are aimed at professionals and companies. We do not knowingly collect data from minors under 14 years of age. If you become aware that a minor has provided us with data without consent, please write to us so we can delete it.
9. Changes to this policy
We may update this policy to reflect legal changes or changes to our services. The date of the last update appears at the top of the document. We recommend you review it periodically.