Contents
The data controller responsible for processing your personal data is VALUE UP AI, S.L., a company duly incorporated and registered in Spain.
For any query related to the processing of your personal data, you can reach out to us through the email indicated above. We are committed to responding within a maximum of one month from the receipt of your request.
We process your personal data for the following purposes, always within the limits of what is strictly necessary for each of them:
Contact form and proposal request
Purpose: to handle your query, request for information or quote request. Legal basis: explicit consent (art. 6.1.a GDPR) and legitimate interest (art. 6.1.f GDPR and art. 19.1 LOPDGDD).
Project execution and service delivery
Purpose: to manage the contractual relationship and invoice the services provided. Legal basis: performance of a contract (art. 6.1.b GDPR) and compliance with legal obligations (art. 6.1.c GDPR).
Commercial communications and newsletter
Purpose: to send you information about our services if you have agreed to receive it. Legal basis: explicit consent (art. 6.1.a GDPR). You can withdraw this consent at any time.
Applications and selection processes
Purpose: to assess your profile to join our team or for future projects. Legal basis: explicit consent (art. 6.1.a GDPR) and pre-contractual measures (art. 6.1.b GDPR).
Web analytics and site improvement
Purpose: to understand how users interact with our website. Legal basis: explicit consent obtained through the cookie banner (art. 6.1.a GDPR).
Under no circumstances do we use your data for purposes other than those described, nor do we subject it to automated decisions with legal or significant effects on you.
We keep your data for the time strictly necessary to fulfil the purpose for which it was collected and to meet the applicable legal obligations:
Once these periods have elapsed, the data will be deleted or irreversibly anonymised.
The General Data Protection Regulation (GDPR) grants you the following rights in relation to the processing of your personal data:
You can ask us to confirm whether we process your data and obtain a copy of it.
You have the right to have us correct inaccurate or incomplete data we hold about you.
You can request that we delete your data when it is no longer necessary or you withdraw consent.
In certain cases, you can ask us to suspend the use of your data while a dispute is resolved.
You can receive your data in a structured format to transmit it to another controller.
You can object to processing based on legitimate interest or to its use for marketing purposes.
To exercise any of these rights, contact privacy@valueupai.com attaching a copy of your identity document. If you believe we have not properly handled your request, you can file a complaint with the AEPD — www.aepd.es.
Value Up AI does not sell or transfer your personal data to third parties for their own commercial purposes. To deliver our services we rely on technology providers that act as data processors in accordance with article 28 of the GDPR:
Web analytics (Google Analytics), email and collaboration (Google Workspace) and cloud storage (GCP). Certified under the EU–U.S. Data Privacy Framework.
Cloud infrastructure (Azure) and productivity tools (Microsoft 365). Certified under the EU–U.S. Data Privacy Framework.
Cloud computing and storage services (AWS) used in client projects. Certified under the EU–U.S. Data Privacy Framework.
Language model API integrated into automation and AI projects. Data sent to the API is not used to train models under the signed DPA.
Hosting platform for the corporate website valueupai.com.
Some of our technology providers are based in or process data outside the European Economic Area (EEA), mainly in the United States. In all these cases, we ensure that the transfer is covered by the appropriate safeguards required by the GDPR.
Providers based in the U.S. (Google, Microsoft, AWS, OpenAI) are certified under the EU–U.S. Data Privacy Framework (DPF), recognised by the European Commission through the Adequacy Decision of July 2023. In addition, we have signed the Standard Contractual Clauses (SCC) approved by the European Commission as an additional safeguard.
If you wish to obtain more information about the specific safeguards, you can request it from us at privacy@valueupai.com.
Technical measures
Encryption in transit (TLS 1.2+) and at rest; role-based access control (RBAC) with the principle of least privilege; multi-factor authentication (MFA) across all corporate services; regular backups with integrity verification; and continuous monitoring of access and anomalies.
Organisational measures
Confidentiality agreements with all team members and collaborators; an internal security incident management procedure; periodic access reviews; and ongoing training in cybersecurity and privacy.
In the event of a security breach, we will notify the AEPD within 72 hours of its detection and inform the affected individuals directly if the risk is high, in accordance with article 34 of the GDPR.
Strictly necessary cookies
Essential for the basic functioning of the site (session, preferences, security). They do not require consent and cannot be disabled.
Analytics cookies
We use Google Analytics to measure traffic in aggregate form. They are only activated if you accept analytics cookies in the banner. You can reject them or install the Google Analytics opt-out add-on.
Marketing cookies
When enabled (subject to acceptance), they allow relevant content to be displayed on other platforms. You can reject them at any time from the cookie preferences panel on our website.
Data entered into AI models
When, in the course of developing a project, we enter data into a third-party AI API, we do so solely under the client's explicit instruction, based on the current service agreement and, where applicable, a DPA with that client.
We do not use your data to train models
We have signed the data processing agreements of our AI providers that guarantee that data sent through the API is not used to train, improve or fine-tune their models in a generalised way.
Impact assessment (DPIA)
When a project involves the large-scale processing of personal data through AI, we carry out a Data Protection Impact Assessment (DPIA) prior to the start of the processing, in accordance with article 35 of the GDPR.
Automated decisions
We do not make decisions about individuals based solely on automated processing that produces legal effects or significantly affects them, without human intervention or an explicit legal basis.
This policy may be amended to adapt it to legislative or case-law changes or to the evolution of our services. The current version will always be available at https://valueupai.com/privacidad indicating the date of the last update.
If we introduce substantial changes, we will notify you by email (if we have it) or through a prominent notice on our website with sufficient advance notice.
Have any questions about your data?
Write to us at privacy@valueupai.com and we will respond within a maximum of one month. You can also exercise your GDPR rights directly from that same email by attaching your identity documentation.
Contact us about privacy