This Privacy Policy describes how Alertia Risk (hereinafter, "Alertia Risk", "we", "us" or "our") collects, uses and protects the personal data of users who access and use the website www.alertiarisk.com and the associated platform (the "Service"). Alertia Risk provides a SaaS service for real-time global risk monitoring and is committed to processing personal data in accordance with: Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016, relating to the protection of natural persons with regard to the processing of personal data and the free movement of such data (General Data Protection Regulation – GDPR) Organic Law 3/2018, of 5 December, on the Protection of Personal Data and guarantee of digital rights (LOPDGDD) Law 34/2002, of 11 July, on Information Society Services and Electronic Commerce (LSSI-CE)
Privacy Policy
Effective date: February 16, 2026
Last updated: February 16, 2026
1. Data controller
Trade name: Alertia Risk Owner: Alertia Intelligence, S.L. Business address: AV. de la Cdad. de Soria, 8, 50003 Zaragoza Contact email: carlota@alertiarisk.com Official website: www.alertiarisk.com Data Protection Officer (DPO): Given the current size of the company, a DPO has not been appointed. For any queries related to data protection, you can contact the Controller directly at carlota@alertiarisk.com
2. Personal data we collect
We may collect and process the following categories of personal data:
a) Identification and contact data
- First and last name - Professional email address - Phone number - Company, position or professional role - Country of residence Purpose: manage queries, commercial communications, newsletter, support and user relationship. Legal basis: - Active users: During the term of the contractual relationship + 6 years (tax obligations) - Commercial contacts without conversion: 24 months from last contact - Newsletter subscribers: Until they request unsubscribe
b) Account and service usage data
- Access credentials (email and encrypted password) - Geographic alert settings and preferences - Countries, categories and locations monitored - Activity logs within the platform - Feature usage and service consumption - Date and time of accesses Purpose: provide the Service, manage the free trial, subscription, technical support, guarantee account security and improve the platform. Legal basis: execution of a contract (art. 6.1.b GDPR) and legitimate interest. Retention period: During the term of the account + 6 years (legal obligations)
c) Billing and transactional data
- Name or company name - Tax ID number - Fiscal address - Payment information (processed by third parties, see section 5) - Subscription and transaction history Purpose: manage payments, billing, accounting, commercial and tax obligations. Legal basis: execution of a contract and compliance with legal obligations. Retention period: 6 years from the last transaction (General Tax Law, art. 70)
d) Technical and browsing data
- IP address (anonymised when possible) - Browser type and version - Operating system - Device identifiers - Pages visited and browsing times - Referrer (origin page) - Approximate geolocation (country/city based on IP) Purpose: guarantee security, prevent fraud, detect misuse of the platform, statistical analysis and user experience improvement, maintain proper functioning of the Service and comply with legal log retention obligations. Legal basis: - Legitimate interest (art. 6.1.f GDPR) for security and fraud prevention - Compliance with legal obligations (art. 6.1.c GDPR) - Consent (art. 6.1.a GDPR) for non-essential analytics, managed through cookies Retention period: - Security logs: 12 months (LSSI-CE) - Analytics data: 26 months
e) Communication data
- Content of emails, support chats or contact forms - Date, time and type of query Purpose: Attend queries, provide technical support, manage incidents. Legal basis: - Execution of a contract (art. 6.1.b GDPR) - Legitimate interest (art. 6.1.f GDPR) to improve customer service Retention period: 5 years from the resolution of the query or end of the contractual relationship
3. How we collect data
We collect personal data through: - Direct interaction: when the user fills out contact forms, creates an account, activates a free trial, hires a plan, subscribes to the newsletter or communicates with us via email, phone, social media, etc. - Use of the Service: data generated during use of the Alertia Risk platform. - Automated technologies: cookies and similar technologies, in accordance with our Cookie Policy. - Third parties: analytics, infrastructure, email or billing service providers.
4. Data retention
Personal data will be retained: - As long as there is a contractual or Service usage relationship. - As long as the user maintains an active account. - During the periods required by applicable tax, accounting or legal regulations. - Commercial contact data that does not convert into customers will be retained for a maximum period of 24 months.
5. Recipients and data sharing
Alertia Risk may share personal data with third-party service providers who act as data processors under contracts that guarantee the confidentiality and security of the data: - Technology service providers: cloud hosting, infrastructure, email tools, analytics, CRM or billing. - Payment providers: to manage subscriptions and collections. - Public authorities: when there is a legal obligation. All providers act under contracts that guarantee the confidentiality and security of the data. Under no circumstances do we sell, rent or transfer personal data to third parties for advertising purposes without explicit consent.
6. International data transfers
In the event of transferring data outside the European Economic Area (EEA), Alertia Risk will adopt appropriate safeguards, such as standard contractual clauses approved by the European Commission or other recognised legal mechanisms. Some of our providers are located outside the European Economic Area (EEA). In these cases, Alertia Risk adopts the following appropriate safeguards pursuant to art. 46 GDPR: - Standard Contractual Clauses (SCC) approved by the European Commission (Decision 2021/914) - Adequacy decisions of the European Commission (where applicable) - Certifications such as the EU-US Data Privacy Framework If you would like more information about the safeguards applied to a specific international transfer, you can contact us at carlota@alertiarisk.com
7. User rights
The user may exercise the following rights at any time: - Access to their personal data - Rectification of inaccurate data - Erasure of the data - Restriction of processing - Objection to processing - Data portability - Withdrawal of consent at any time To exercise these rights, you can write to carlota@alertiarisk.com You also have the right to lodge a complaint with the competent supervisory authority.
8. How to exercise your rights
To exercise any of these rights, you can: - Send an email to: carlota@alertiarisk.com - Indicate: - Your full name and account email - Right you wish to exercise - Copy of your ID/NIE or equivalent identification document (to verify identity) Response time: 1 month from receipt of the request (extendable by 2 additional months in complex cases, with prior notification). Right to complain to the supervisory authority: If you consider that the processing of your personal data violates the regulations, you have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD): Website: https://www.aepd.es Electronic office: https://sedeagpd.gob.es
9. Data security
Alertia Risk adopts reasonable technical and organisational measures to protect personal data against unauthorised access, loss, alteration or improper disclosure. Data encryption: - Communications via HTTPS/TLS - Passwords stored with secure hash algorithms (bcrypt) Access controls: - Two-factor authentication (2FA) available - Role-based permissions (RBAC) for enterprise users Audits and logs: - Recording of accesses and critical activities - Periodic review of security logs Backups: - Automatic daily backups - Storage in geographically redundant locations Staff training: - All employees and collaborators sign confidentiality agreements - Continuous training in data protection and cybersecurity Secure infrastructure: - Servers hosted on Google Cloud Platform (ISO 27001, SOC 2 certified) - Firewall, intrusion detection and 24/7 monitoring Important: No data transmission over the Internet is 100% secure. Alertia Risk implements reasonable measures, but cannot guarantee the absolute security of transmitted data.
10. Cookie policy
Alertia Risk uses cookies and similar technologies on its website. For detailed information about what cookies we use, their purpose and how to manage them, please see our Cookie Policy.
11. Minors
Alertia Risk is a B2B service exclusively aimed at professionals and companies. We do not intentionally collect data from minors under 18 years of age. If a parent, guardian or legal representative detects that a minor has provided personal data without consent, they must contact us immediately at carlota@alertiarisk.com to proceed with its deletion.
12. Links to third-party websites
The Alertia Risk website and platform may contain links to third-party websites (providers, partners, social networks). Alertia Risk is NOT responsible for the privacy practices of such sites. We recommend reviewing their privacy policies before providing them with personal information.
13. Changes to the privacy policy
Alertia Risk may modify this Privacy Policy at any time. Changes will be published on this page indicating the update date. If you have any questions about this Privacy Policy or the processing of your personal data, you can contact us at carlota@alertiarisk.com