Corporate | Group | Privacy Policy

At the Powens Group, we consider transparency in the processing of your personal data to be a fundamental value and the foundation of the trust you place in us.

By using our services, you entrust us with important information, and we assume, with the utmost rigor, our responsibility to protect it and ensure its confidentiality, all in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR) and any other applicable local regulations in force regarding personal data protection, depending on the relevant jurisdiction.

The purpose of this Privacy Policy is to clearly and accessibly explain what we do with your information. In this document, you will find direct answers about:

What data we collect: the exact information we process in order to provide our services or respond to your requests.
Why we use it: the specific purposes and legal bases that justify the use of your data.
How we protect it: our ongoing commitment to implementing the necessary measures to improve security and prevent any unauthorized access to your personal information.
Your rights: the tools available to you to access, rectify, or delete your data, maintaining full control over it at all times.

1. Who is responsible for processing your data?

The Powens Group is composed of several entities whose details you can consult via the relevant link. Depending on the service you use or your interaction with us, one entity or another within the Group will be responsible for protecting your data.

Do not worry: in every form or section where we request your data, we will always clearly and expressly indicate which specific Powens Group company will act as the data controller of your information.

2. What personal data do we collect about you?

We collect different types of data, always limited to what we genuinely need:

  • Identification data: first name, last name, phone number, ID card/foreigner ID/passport, postal address, email address.
  • Professional data: first name, last name, job title, company, and corporate contact information.
  • Financial data: bank details, transaction history, and other financial information.
  • Authentication data: information for account access and authentication.
  • Application data: identification data, CVs, experience, education, and salary expectations.
  • Technical data: IP addresses, operating system, and cookies.
  • Usage data: website preferences and browsing patterns.
  • Marketing and communication data: preferences regarding receipt of marketing materials and communications.
  • Other data: any other personal data you voluntarily provide or that is necessary to provide our services.

We always obtain your data directly from you for one of the following reasons:

  • You have visited our website.
  • You have completed a contact form on our website.
  • You have interacted with our chatbot or one of our advisors.
  • You have sent a commercial inquiry.
  • You have provided your details during a business meeting or event organized by us.
  • You have subscribed to our newsletter.
  • You have created a user account on our console.
  • You have contracted one of our products or services.
  • You have sent us your CV as part of a job application.

We may also obtain your data indirectly through:

  • Public contact data obtained from open-access databases.
  • Referrals from third parties or partners.
  • Information from your browser regarding the operating system used.
  • Cookies.

3. What are the purposes and legal bases for processing your data?

We process your information based on different legal grounds for the following purposes:

1. Website access, navigation, and security

  • Enable navigation and access to content (blog, FAQs, videos, chatbot, white paper downloads).
  • Ensure the proper functioning, availability, resilience, and security of the website and information systems.
  • Produce usage statistics and aggregated analysis.
  • Detect security incidents and prevent unauthorized access.

Legal basis: legitimate interest in ensuring the security, integrity, and continuous improvement of the service, as well as compliance with legal obligations and website terms of use.

2. Management of requests and user relationships

  • Respond to information or contact requests.
  • Manage complaints.
  • Organize meetings or demonstrations.
  • Manage customer support services.

Legal basis: pre-contractual measures, contractual performance, and legitimate interest in properly assisting users.

3. Commercial management, marketing, and prospecting

  • Carry out commercial prospecting activities.
  • Send commercial communications regarding products, services, events, or updates by post and/or electronic means.
  • Customer loyalty programs.
  • Prospect new potential clients.
  • Manage newsletter subscriptions.
  • Manage online advertising campaigns.
  • Conduct satisfaction surveys.
  • Manage corporate social media accounts.
  • Manage webinars and other events organized by the Group.

Legal basis: consent where required by law and legitimate interest in customer loyalty and business development. In all cases, you may object at any time to receiving commercial communications.

4. Contractual management and business relationships

  • Carry out pre-contractual actions.
  • Formalize, execute, and manage contracts.
  • Manage relationships with clients, partners, and suppliers.
  • Manage invoicing and unpaid amounts.
  • Administer the Group’s client and collaborator database.
  • Manage inquiries, complaints, and claims handled by Customer Service.

Legal basis: contractual performance, compliance with legal accounting and tax obligations, and legitimate interest in efficient business management.

5. Management of events and technical content

  • Manage registration and participation in webinars and events organized by the Group.
  • Enable the download of technical documentation.
  • Manage participation in external events.

Legal basis: legitimate interest in promoting services and pre-contractual measures where applicable.

6. Recruitment processes

  • Manage job applications and recruitment processes.
  • Evaluate professional profiles.
  • Contact candidates.

Legal basis: pre-contractual measures, legitimate interest in talent acquisition, and consent when required for CV retention.

7. Financial regulatory compliance and risk prevention

  • Compliance with legal obligations.
  • Fraud prevention.
  • Anti-money laundering and counter-terrorist financing (AML/CFT).
  • Operational risk management.
  • Cooperation with competent and supervisory authorities.

Legal basis: compliance with legal obligations and legitimate interest.

8. Security, quality, and continuous improvement

  • Monitor systems and services.
  • Manage security incidents.
  • Conduct internal audits.
  • Ensure appropriate technical and organizational security levels.
  • Improve service quality and resilience.
  • Improve and ensure website security.

Legal basis: legal obligations and legitimate interest in ensuring operational continuity and security.

9. Whistleblowing channel and internal information system

  • Processing of communications regarding legal or ethical infractions.
  • Verification of the accuracy of the reported facts.
  • Adoption of corrective, disciplinary, or legal responses.
  • Protection of the whistleblower and involved third parties.

Legal basis: fulfillment of a legal obligation.

4. How long do we retain your data?

We will retain your personal data only for as long as strictly necessary to fulfill the purposes for which it was collected, including compliance with any legal, tax, accounting, or regulatory obligations.

As a general rule, your data will be stored until the purpose of its processing has been fulfilled, unless specific laws (such as anti-money laundering regulations or tax legislation) require us to retain it for a different period.

In any case, commercial data used for advertising campaigns or marketing activities will be retained for a maximum of three (3) years from our last contact with you.

Candidate data will be kept for the duration of the recruitment process and for two (2) years from our last contact with you.

In addition, connection data such as logs, IP addresses, etc., will be stored for one (1) year, and cookies are generally retained for a maximum of thirteen (13) months.

Once the applicable retention periods have expired, the deletion of your personal data will be irreversible and we will no longer be able to provide it to you. At most, we may retain anonymized data for statistical purposes.

Please also note that, in the event of litigation, we are required to retain all personal data relating to you for the duration of the case, even after the expiration of the retention periods described above.

5. What happens if you do not provide your information?

We require most of the information we collect from you in order to provide the requested and, where applicable, contracted services, as well as to comply with our legal obligations. This means that if you do not provide the information we request, it is highly likely that we will not be able to deliver our services properly.

6. Who are the recipients of your data?

Your personal data may be shared with:

  • Other entities within the Powens Group, in order to optimize internal and administrative management, as well as to analyze and improve the quality of the services provided.
  • Authorized employees, within the scope of their respective duties.
  • Service providers and subcontractors who assist us with web hosting, email communications, or customer management. In this regard, we ensure that they comply with the same level of rigor and data protection standards as we do.
  • Public authorities, when required to do so in accordance with applicable legal and regulatory obligations.

7. Do your data leave Europe?

Your data is hosted on servers located within the European Union. If at any time we need to use a technology provider located outside the European Economic Area, we ensure that we enter into the “Standard Contractual Clauses” approved by the European Commission, so that your information remains equally protected.

8. What security measures do we apply?

We take security very seriously. We implement technical and organizational measures (such as secure storage, data encryption, and strict access controls) to prevent your information from being lost, altered, or accessed by unauthorized parties. Should a security incident ever occur, we would promptly notify you and the relevant authorities.

9. What are your rights?

You may exercise the following rights at any time and free of charge:

  • Access: Confirm whether we are processing your data and obtain a copy of it.
  • Rectification: Correct inaccurate or incomplete data.
  • Erasure (Right to be forgotten): Request the deletion of your data when it is no longer necessary.
  • Objection: Object to the processing of your data, particularly for marketing purposes.
  • Restriction: Request the restriction of the use of your data in the event of a dispute regarding its lawfulness.
  • Portability: Receive your data in a structured format in order to transmit it to another data controller.

All requests must be clear and, if we have any doubts regarding your identity, we may request a copy of your identification document. We will respond as soon as possible and always within the time limits established by the applicable data protection regulations.

To exercise these rights, you may contact the relevant data controller within the Powens Group directly by post or via the email address provided in this privacy policy or in the relevant section of the website, where you can find the contact details of the entities that form part of the Powens Group.

10. What are the contact details of the Powens Group?

If you have any questions or wish to exercise your rights before the relevant data controller within the Powens Group, you may contact the corresponding Data Protection Officer (DPO) directly.

In the case of Powens SAS, you may contact: dpo@powens.com.

For Unnax Regulatory Services EDE, S.L.U. and Unnax Payment Systems S.L.U., you may contact: dpo@unnax.com.

11. What are the supervisory authorities?

If you believe that your rights have been infringed, you have the right to lodge a complaint with the competent supervisory authority, depending on the jurisdiction in which the relevant Powens Group entity is located:

  • In Spain: Spanish Data Protection Agency (AEPD) (www.aepd.es).
  • In France: National Commission on Informatics and Liberty (CNIL) (www.cnil.fr).

12. Do we use cookies?

Our website uses cookies when you browse it. For more information, please refer to our Cookie Policy, which you can find on our website.