Privacy Policy
General Information
This Privacy Policy applies to all personal data that you, as a user (understood as any natural person who accesses the website), provide to GRATO, S. L. when you access https://grato.es, hereinafter the "Website."
The purpose of this Privacy Policy is to inform you about how we process your personal data as a user, as well as to explain the rights you have under the General Data Protection Regulation and other applicable data protection regulations.
Who is responsible?
The entity responsible for processing the personal data collected through the Website is GRATO, S. L., with tax identification number B39580428 and registered office at Calle Josefina de la Maza 4 1ª Santander, Cantabria 39012, Spain.
What do we ask your data for?
| Purpose | Description | Data |
|---|---|---|
| Budget request form | To be able to attend to the request for a personalized budget according to the user's needs. | Name and/or surnames, Email, Phone, Postal address, Country. |
| Newsletter sign-up | Manage the newsletter subscription, including the sending of personalized information about other products and services through those means (SMS, email, etc.) authorized in the registration form. You can unsubscribe from the newsletter at any time. | Email. |
| Receive and manage resumes | Manage the personnel selection process | Name and/or surnames, Email, Phone, Postal address, Country. |
| Contact with the user | Attend to inquiries made through the contact form, complaints, or other customer service channels | - |
Additionally, during your navigation on the Website, we may collect certain personal data through cookies or other similar technologies, as provided in our Cookie Policy.
What is our legal basis for data processing?
Our legal basis for processing personal data is as follows:
- Consent: if you have given your express consent at the time of entering the personal data by checking the corresponding box.
- Performance of a contract: if there is a contractual relationship between you and GRATO, S. L., or if the processing of personal data is necessary for the development of the commercial relationship.
- Compliance with a legal obligation: in cases where GRATO, S. L. has a legal obligation applicable to us as data controllers.
- Legitimate interest: in cases where there is a legitimate interest of our own or third parties related to the operation of the Website or the provision of services to the user, provided that the fundamental rights and freedoms of users do not prevail over the legitimate interest.
How long will we keep your data?
The personal data we collect through the Website will be processed and kept for the time necessary to carry out the purpose for which it was collected.
More specifically, those data we collect for the development and execution of a contract with you will be kept as long as the contractual relationship remains in force, but those personal data we collect based on legitimate interest or with your consent will only be kept for the time necessary to fulfill that purpose.
Once the strictly necessary period for the execution of the purposes described above has elapsed, we will keep the personal data for an additional period, which will be until all actions that could arise from our liability derived from each of the processing activities have expired.
Do we share your data with third parties?
In order to carry out the purposes described above, it is necessary to give access to your personal data to other service providers, who will act as our data processors, such as:
-
Technology and Analytical Service Providers
-
Service providers related to customer care
-
Suppliers and collaborators of services related to marketing and advertising (printing and distribution, social media platforms, media agencies or advertising agencies, data analysis companies, and public relations agencies)
We have entered into an agreement with the companies acting as data processors regulating the management and processing of users' personal data, as well as the adequacy of the security measures adopted.
In cases where we have to make transfers to third parties with headquarters or servers outside the European Union or the European Economic Area (Iceland, Norway, or Liechtenstein), and where such country does not offer a level of protection of personal data equivalent to that of the European Union, we will transfer your personal data always respecting the appropriate guarantees and maintaining security standards, in accordance with applicable regulations.
When such transfers are made from the EU/EEA to a third country for which the European Commission has not issued an Adequacy Decision, or we do not have Binding Corporate Rules, we will comply with the provisions established by the European Commission for these cases to provide you with adequate guarantees, and whenever appropriate, we will enter into the Standard Contractual Clauses and even implement additional protective measures when necessary.
If you want more information about the transfer of personal data that we carry out to countries outside the EU/EEA, you can contact us through the following email address: info@grato.es
What are your rights?
You can exercise the following rights at any time and free of charge:
- Access: to know what data we keep and what we do with it.
- Rectification: to inform us of any inaccurate data.
- Deletion: to have your personal data deleted, as far as possible.
- Objection: to stop processing your personal data for any of the purposes mentioned above, provided there is no legal obligation preventing it.
- Portability: to transfer your personal data to a third party, as far as possible.
- Restriction: to suspend your data when you contest its accuracy, or want us to keep it to exercise some action.
- Not to be subject to decisions based solely on automated processing of your data.
You can exercise any of these rights free of charge by accessing here.
If we do not properly respect these rights as the data controller, we inform you that you can file a complaint with the data protection supervisory authority at Agencia Española de Protección de Datos (AEPD), C/Jorge Juan, 6, 28001 Madrid or at the email address internacional@aepd.es.
Confidentiality and security measures
GRATO, S. L., as the data controller, commits to respecting the confidentiality of users' personal data and to using it according to the purposes for which it was collected.
We have adopted all appropriate technical and organizational security measures according to the nature of the data being processed and as required by data protection regulations.
At https://grato.es we use Google Consent Mode v2 to transmit consents to the different purposes. More information here
Changes to the Privacy Policy
This Privacy Policy was last updated on 03/02/2026, GRATO, S. L. reserves the right to update and modify some aspects of it to adapt it to legislative and jurisprudential developments, so we recommend reviewing it periodically.
