Privacy Policy

We collect data for various purposes: • Contact Form: To manage inquiries about our products and services • Newsletter Subscription: To send information about our products, services, activities, events, and new blog content • Blog: To manage and publish your comments • "Work with Us" Form: To manage participation in our recruitment processes • Exam and Training Registration: To manage your enrollment and participation in our training activities and marketing events • Alumni Program Registration: To manage your membership and keep you informed about relevant activities • Event Registration: For management, control, and statistics of event participants • Social Media: To interact with you, provide customer service, and share information about our products and services • Students: For administrative and academic management • Training Clients: For administrative and academic management of their students • Consulting Clients: For contracted service delivery • Consulting Users: For service delivery to our client's users • Potential Clients: For lead generation • Employees: For work contract compliance, workplace safety, and payroll management • Suppliers: For contract and tender management • Video Surveillance: For facility monitoring • Access Records: For facility entry control

Our legitimacy comes from two main sources: 1. Your acceptance of our privacy policy when providing your data through any of our forms or interactions 2. For business clients, our legitimacy stems from the service contract signed with our client This provides us with the legal basis for processing your information in accordance with data protection regulations.

In general, only authorized staff members across our group companies can access the data you provide. We may also share your personal data with: • Third-party service providers when necessary to deliver our services • Banking entities when processing payments • Public or private entities when legally required • Partner organizations for jointly organized events All data sharing is conducted in compliance with applicable data protection regulations.

We maintain different retention periods depending on the type of data: • Contact Forms: Until query resolution • Newsletter Subscriptions: Until you unsubscribe • Blog Comments: Until deletion is requested • Job Applications: Four years after employment ends • Exam/Training Records: Until activity completion plus legal retention period • Social Media Interactions: As per social network policies • Student/Client Data: Six years after relationship ends • Employee Records: Four years after contract termination • Supplier/Client Records: Six years after contract termination • Video Surveillance: One month • Access Records: One month

We maintain contact information including: • Names • Email addresses • Phone numbers • Physical addresses • Other relevant details specific to your interaction with us All data is stored securely and in accordance with our data protection policies.

No international data transfers are planned, except those required by social media platform policies. When such transfers occur, they are conducted under appropriate safeguards and in compliance with applicable data protection regulations.

We implement comprehensive security measures including: • Standards compliance with UNE-ISO/IEC 27001 and UNE-EN ISO/IEC 27701 for information security and privacy management • Additional security measures required by our clients • Platform-specific security requirements for social media interactions • Regular security audits and updates • Staff training on data protection and security

You have the right to: • Access your personal data • Request corrections to inaccurate data • Request deletion of your data • Object to certain processing • Request data portability • Withdraw consent To exercise these rights, please send us a written request with a copy of your ID to verify your identity. For more information about your data protection rights, visit www.aepd.es

Yes, you can withdraw your consent at any time if you change your mind about how we can use your data. For example, if you previously opted to receive marketing communications but no longer wish to, you can inform us by writing to: protecciondedatos@puedata.com Withdrawing consent will not affect the lawfulness of processing based on consent before its withdrawal.

We have appointed a Data Protection Officer (DPO) who can address all your complaints, questions, and suggestions about the use of your personal information. Contact our DPO at: protecciondedatos@puedata.com We hope this guide helps you understand our policies better. If you have any questions, please don't hesitate to contact us. Thank you for trusting PUE!