Privacy Policy

Last updated: January 2026

Introduction

Qyvanta S.A. ("we", "our", or "us") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website qyvanta.pro or use our services. This policy applies to all data we collect about you, regardless of how it is collected or stored.

Data Controller Information

The data controller responsible for your personal data is Qyvanta S.A., a company registered in Spain with registration number B94563287. Our registered office is located at Calle Real 149, 48703 Bilbao, Basque Country, Spain. If you have any questions about this Privacy Policy or our data practices, please contact us at privacy@qyvanta.pro or +34 942289697.

Data Collection

We collect different types of personal data about you, including data we collect directly from you, data we collect automatically when you use our website, and data we receive from third parties. The personal data we collect includes:

  • Contact information such as name, email address, phone number, and postal address
  • Professional information including company name, job title, and business contact details
  • Communication data including your messages, enquiries, and feedback
  • Technical data such as IP address, browser type, device information, and website usage data
  • Cookie data and tracking information as described in our Cookie Policy
  • Marketing and communications preferences

How We Use Your Information

We use your personal data for various purposes based on different legal grounds under the General Data Protection Regulation (GDPR). We use of your data includes:

  • Providing and improving our behavioural finance services and consultations
  • Responding to your enquiries and providing customer support
  • Processing and fulfilling service requests and contracts
  • Sending you important information about our services and any changes to our terms
  • Marketing our services to you where you have consented or where we have a legitimate interest
  • Complying with legal obligations and regulatory requirements
  • Protecting our business interests and preventing fraud
  • Analysing website usage to improve user experience

Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds: (1) Contract performance when processing is necessary to perform our services; (2) Consent where you have given specific consent for processing; (3) Legitimate interests where processing is necessary for our legitimate business interests; (4) Legal obligation where processing is required by law. You have the right to withdraw consent at any time where consent is the legal basis for processing.

Cookies and Tracking Technologies

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner. For detailed information about our use of cookies, please refer to our Cookie Policy.

Data Sharing and Disclosure

We do not sell, trade, or rent your personal data to third parties. We may share your information with trusted service providers who assist us in operating our website and conducting our business, including cloud hosting providers, email service providers, and analytics services. We may also disclose your data if required by law, to protect our rights, or in connection with a business transfer. All third parties are required to maintain the confidentiality of your personal data and use it only for the purposes we specify.

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected and to comply with legal obligations. Generally, we retain contact and communication data for up to 7 years after our last interaction, technical data for up to 2 years, and marketing data until you withdraw consent. We regularly review our data retention practices and securely delete data when it is no longer needed.

International Data Transfers

As we are based in the European Union, your data is primarily processed within the EU. If we transfer your data outside the EU, we ensure appropriate safeguards are in place, such as adequacy decisions, standard contractual clauses, or other approved mechanisms under GDPR. We will inform you of any international transfers and the safeguards applied.

Your Rights

Under GDPR, you have several rights regarding your personal data. Your rights include:

  • Right of access: You can request a copy of your personal data we hold
  • Right to rectification: You can request correction of inaccurate or incomplete data
  • Right to erasure: You can request deletion of your personal data in certain circumstances
  • Right to restrict processing: You can request limitation of processing in specific situations
  • Right to data portability: You can request transfer of your data to another controller
  • Right to object: You can object to processing based on legitimate interests or for marketing purposes
  • Right to withdraw consent: You can withdraw consent where it is the basis for processing

To exercise any of these rights, please contact us at privacy@qyvanta.pro. We will respond to your request within one month. You also have the right to lodge a complaint with the Spanish Data Protection Authority (AEPD) if you believe we have not handled your data appropriately.

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption, secure servers, access controls, and regular security assessments. However, no method of transmission over the internet or electronic storage is completely secure, so we cannot guarantee absolute security.

Children's Privacy

Our services are not intended for individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16 without parental consent, we will take steps to delete such information promptly.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the updated policy on our website and updating the "Last updated" date. We encourage you to review this policy periodically to stay informed about how we protect your data.

Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us using the following information:

Qyvanta S.A.

Data Protection Officer

Calle Real 149, 48703 Bilbao, Basque Country, Spain

Email: privacy@qyvanta.pro

Phone: +34 942289697

We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If you believe that we have not been able to assist with your complaint or concern, you have the right to make a complaint to the Spanish Data Protection Authority (AEPD) or your local supervisory authority.