Skip to content
GESI
Company Solutions Careers News Contact
ES EN
Legal

Privacy policy

GESI privacy policy: personal data processing in accordance with the European General Data Protection Regulation.

On this page
  1. Purpose
  2. Data retention
  3. Legal basis
  4. Recipients
  5. International data transfers
  6. Automated decision-making
  7. Source of data
  8. Rights

Privacy policy

Information to comply with the European General Data Protection Regulation.

Purpose

At GESI we process information provided by interested parties for the purpose of:

  • Managing and monitoring the client portfolio.
  • Maintaining the client relationship for invoicing and payment.
  • Managing the sending of information requested.
  • Providing interested parties with offers of products and services of interest, as well as upcoming events or relevant news.

Non-acceptance of this purpose means we will be unable to inform you of our latest developments and events.

GESI undertakes to fulfil its obligation concerning the confidentiality of personal data and its obligation to protect it, and to adopt the necessary technical and organisational measures to maintain the required level of security with regard to the personal data processed. It is likewise equipped with the necessary mechanisms at its disposal to prevent, as far as possible, unauthorised access, unlawful withdrawal and modification, and data loss, always taking into account the state of technology and in accordance with applicable legislation. GESI accepts no responsibility for unlawful withdrawal, modification or loss of data.

The user is solely responsible for the accuracy and correctness of the data provided to GESI, which accepts no responsibility for any inaccuracy or incorrectness of such data.

Data retention

Data for client relationship management and invoicing and payment for services shall be retained for as long as the contract remains in force. Once such relationship has ended, where applicable, data may be retained for the period required by applicable legislation and until any potential liabilities arising from the contract have expired.

Data for sending commercial communications about our products or services will be retained indefinitely until you indicate to us your wish to have it deleted.

We will not retain your personal data for any purpose longer than necessary and will only retain the personal data required in relation to that purpose. Moreover, we must maintain certain information in accordance with the law or for as long as is reasonably necessary to comply with regulatory requirements, resolve disputes, prevent fraud and abuse or enforce our terms and conditions.

Legal basis

The legal basis for processing your data is the performance of the corresponding service provision.

The prospective offer of products and services to customers is based on the satisfaction of the legitimate business interest consisting of being able to offer our clients the contracting of other products or services and thereby achieve their loyalty. This legitimate interest is recognised by applicable legislation (General Data Protection Regulation), which expressly permits the processing of personal data on this legal basis for direct marketing purposes.

The basis for sending commercial communications to non-client users is the consent that has been requested, and may be withdrawn at any time. Withdrawal of that consent will not affect the performance of the contract in any way, but the processing of data for that purpose carried out prior to withdrawal will not lose its validity by the fact that consent has been withdrawn.

However, we remind you that you have the right to object to this processing of your data, and you may do so through any of the means described in this Policy.

Recipients

Data will be communicated to the following entities:

  • To financial institutions through which the management of collections and payments is carried out.
  • To the competent public administrations, in cases provided for by law and for the purposes defined therein.

International data transfers

None are carried out.

Automated decision-making

We will not create a 'commercial profile' based on the information provided. No automated decisions will be made based on that profile.

Source of data

We inform you that we only collect your data and do not obtain it from other sources.

Rights

Any person has the right to obtain confirmation as to whether GESI is processing personal data concerning them, and to the following information: the purposes of the processing; the categories of data being processed; the recipients or categories of recipients to whom the data have been or will be communicated; where possible, the expected period for which the personal data will be retained or, if not possible, the criteria used to determine this period.

Data subjects have the right to access their personal data, as well as to request the rectification of inaccurate data or, where applicable, request its deletion when, among other reasons, the data are no longer necessary for the purposes for which it was collected.

Data subjects may request deletion of personal data concerning them when one of the following circumstances applies: the data are not necessary in relation to the purposes for which it was collected or processed; you withdraw consent and the processing is not based on another legal basis; you object to the processing and there are no other legitimate reasons for the processing; the data has been processed unlawfully.

In certain circumstances, data subjects may request the restriction of processing of their data, in which case we will retain it solely for the exercise or defence of claims.

In certain circumstances and for reasons related to their particular situation, data subjects may object to the processing of their data. GESI will cease processing the data, except for compelling legitimate reasons or the exercise or defence of possible claims.

Data subjects have the right to data portability, which means that the personal data of the data subject is transmitted directly from one controller to another, without the need for it to be transmitted to the data subject first, provided this is technically feasible.

Data subjects have the right to withdraw consent given at any time.

Exercise of rights: The exercise of rights must be carried out in writing, to the email address rgpd@gesi.es or in writing to: GESI SL, Avenida República Argentina, 24 Planta 2, 41011 - Sevilla.

Right to lodge a complaint with the supervisory authority: If your rights have not been respected, you may lodge a complaint by writing to the Spanish Data Protection Authority, located at Calle Jorge Juan, 6, 28001 - Madrid, or use the electronic headquarters: https://sedeagpd.gob.es. In both cases, you must provide the relevant documentation.

You can also find information on the Spanish Data Protection Authority website: https://www.aepd.es.

Certified text ENS Alto + ISO 27001 · version v1

© 2026 GESI
Legal notice Privacy Security policy

English version machine-translated; the Spanish original prevails. — Versión inglesa traducida automáticamente; prevalece el original en español.