Privacy Policy
Last updated: 03/03/2026
At CoverData, we are committed to protecting your personal data and ensuring transparency in how we collect, use, and safeguard information, in accordance with the General Data Protection Regulation (GDPR) and applicable privacy laws.
1. Data Controller
Cover Data S.L.
Madrid, Spain
info@cover-data.com
2. Data We Process
- Identification data: name, email, phone number.
- Technical data: IP address, browser, operating system.
- Usage data: pages visited, interactions, navigation time.
- Marketing data: preferences when subscribing to communications.
3. How We Collect Data
- Contact forms.
- Newsletter subscriptions.
- Website browsing (technical and analytics cookies).
4. Purposes and Legal Basis
| Purpose | Legal basis |
|---|---|
| Responding to enquiries | Consent / Legitimate interest |
| Providing services | Contract performance |
| Improving the website | Legitimate interest |
| Marketing communications | Consent |
| Legal compliance | Legal obligation |
5. Data Sharing
We do not sell personal data. Information may be shared with service providers (hosting, email, analytics) acting as data processors under GDPR‑compliant agreements.
6. International Transfers
If data is transferred outside the EEA, we apply appropriate safeguards such as Standard Contractual Clauses (SCCs).
7. Data Retention
- Enquiries: up to 12 months.
- Marketing: until consent is withdrawn.
- Legal obligations: as required by law.
8. Your Rights
You may exercise your rights of access, rectification, erasure, restriction, objection, portability, and withdrawal of consent by contacting info@cover-data.com.
9. Cookies
We use technical and analytics cookies. You can manage them through your browser or our cookie settings panel.
10. Security
We implement technical and organisational measures to protect your data from unauthorised access or misuse.
11. Changes to This Policy
We may update this policy to reflect legal or operational changes.
12. Record of Processing Activities (Art. 30 GDPR)
CoverData maintains a Record of Processing Activities in accordance with the GDPR and, where applicable, the EU Artificial Intelligence Act.
| Processing activity | Purpose | Legal basis | Data categories | Data subjects | Recipients | Transfers | Retention |
|---|---|---|---|---|---|---|---|
| Client management | Service delivery, support, invoicing | Contract performance | Identification, contact, service usage | Clients | Cloud providers, tax authorities | None | 6 years |
| Marketing | Newsletters and communications | Consent | Identification, contact | Subscribers | Email marketing platforms | Possible (US) with safeguards | Until withdrawal |
| Supplier management | Contractual and fiscal management | Contract performance | Identification, financial | Suppliers | Tax authorities | None | 6 years |
| Security | Access control, logs, incident detection | Legitimate interest | IPs, logs, technical identifiers | Users and visitors | Technology providers | None | 12 months |
| Regulatory compliance | DPIAs, audits, rights management | Legal obligation | Identification, legal documentation | Users and clients | Supervisory authorities | None | As required by law |
| Web analytics | Traffic and performance measurement | Consent | Online identifiers, navigation data | Visitors | Analytics tools | Possible (US) with safeguards | 24 months |