Home

Privacidade

1. Controller

The controller responsible for the processing of personal data collected through this website (hereinafter, the "Website") is:

Registered name Cropenta S.L.
Tax identification number NIF/CIF ESB22544761
Registered address Calle Del Cerro - Los Pinos, n.º 3, Bloque 9, PBJ, Puerta 1, 29679 Benahavís, Málaga (España)
Email address info@cropenta.com
Website https://www.cropenta.com – English

The nature, scope and purposes of the processing activities carried out through this Website do not oblige Cropenta S.L. to designate a Data Protection Officer (DPO) pursuant to the criteria set out in Article 37 GDPR and Article 34 of the Spanish Organic Law on Data Protection and Guarantee of Digital Rights (Ley Orgánica de Protección de Datos y Garantía de los Derechos Digitales - LOPDGDD).



2. Source of the data

Personal data processed through the Website originates, as a general rule, from the data subject themselves, when they make contact via the contact form or by email. Additionally, in certain cases, technical data is generated automatically in connection with browsing activity and the security of the Website (for example, IP addresses and access logs).

Completion of the contact form is voluntary. However, fields marked as mandatory are necessary in order to process the request, and failure to complete them may prevent the enquiry from being handled.



3. Categories of personal data processed

Depending on how the user interacts with the Website, the Controller may process the following categories of personal data:

  • Identification and contact data (including professional data): company name, full name, email address and telephone number, provided voluntarily by the user via the contact form.
  • Communication content data: the text of the message or enquiry submitted.
  • Technical and security data: IP address, browser and device identifiers, date and time of access, and security logs, collected automatically in order to ensure the correct operation and integrity of the Website.
  • Data associated with third-party functionalities: data processed by third parties in the context of anti-spam or technical verification tools (for example, Google reCAPTCHA v3) and/or embedded multimedia content (for example, YouTube), where the user activates or interacts with such functionalities.

This Website is not designed for the creation of user accounts and does not, as a general rule, involve the collection of special categories of personal data within the meaning of Article 9 GDPR. Users are kindly requested not to include such information in the contact form.



4. Purposes of processing

Personal data is processed exclusively for the following purposes:

  • To handle and manage enquiries and requests received through the contact form or by email.
  • To manage, where applicable, pre-contractual measures at the request of the data subject; for example, to provide information about Cropenta's products, activities or solutions.
  • To prevent abusive use of the form, spam, and fraud, by means of technical verification and security measures (Google reCAPTCHA v3).
  • To enable the display of third-party embedded multimedia content (for example, YouTube videos), exclusively where the user expressly activates it via the click-to-load mechanism provided for that purpose, the content remaining blocked by default until such activation.
  • To manage the exercise of data protection rights and to handle complaints.
  • To comply with the legal obligations applicable to the Controller.

The Controller does not make automated decisions, nor does it carry out profiling that produces legal effects or similarly significantly affects the data subject (Article 22 GDPR).



5. Legal basis for processing

The table below sets out the legal basis relied upon for each processing purpose (Article 6 GDPR):

Purpose Legal basis (Article 6 GDPR)
Handling enquiries and pre-contractual measures Article 6(1)(b) GDPR, where processing is necessary for the performance of pre-contractual measures taken at the request of the data subject; and/or Article 6(1)(f) GDPR, legitimate interest in the proper management of commercial and professional relationships.
Prevention of spam and fraud, and ensuring the security of the Website Article 6(1)(f) GDPR, legitimate interest of the Controller in the security, integrity and correct functioning of the Website and its systems.
Loading third-party multimedia content (YouTube) exclusively following the user's express activation Article 6(1)(a) GDPR (consent of the data subject, given by expressly activating the embedded content via the click-to-load mechanism provided for that purpose).
Strictly necessary cookies and technologies Strictly necessary technologies are exempt from the consent requirement pursuant to Article 22.2 of the LSSI-CE and are grounded in the legitimate interest of the Controller (Article 6(1)(f) GDPR) or in the provision of the service requested (Article 6(1)(b) GDPR).
Compliance with legal obligations Article 6(1)(c) GDPR (legal obligation applicable to the Controller).
Handling rights requests and defending against claims Article 6(1)(c) GDPR (legal obligation) and/or Article 6(1)(f) GDPR (legitimate interest in the establishment, exercise or defence of legal claims).

Where processing is based on the legitimate interest of the Controller, the data subject may object in accordance with the procedure described in Section 10.



6. Recipients of the data

As a general rule, personal data will not be disclosed to third parties, unless there is a legal obligation to do so or it is strictly necessary for the provision of the Website's services.

The following categories of recipients may have access to personal data, to the extent strictly necessary for the performance of their respective functions:

  • Bookerz B.V. (web platform and hosting): provider of the technological platform on which the Website operates and of the hosting service, with servers located in the Netherlands (European Union). It acts as a data processor under contract with the Controller, in accordance with Article 28 GDPR.
  • Google LLC – Google Workspace (corporate email): provider of the corporate email service used by the Controller, through which communications submitted via the Website's contact form are received. It acts as a data processor under Google's Data Processing Agreement (DPA), in accordance with Article 28 GDPR. For further information: https://workspace.google.com/terms/dpa_terms.html
  • Other technology service providers: acting as data processors under contract with the Controller, in accordance with Article 28 GDPR.
  • Google LLC - Google reCAPTCHA v3: acts as an independent data controller in respect of the data it generates in the context of its anti-spam service. The use of reCAPTCHA is governed by Google's Privacy Policy (https://policies.google.com/privacy) and its Terms of Service. The Controller does not control that processing.
  • Google LLC - YouTube: where the user expressly activates the display of an embedded video via the click-to-load mechanism provided on the Website, YouTube may collect browsing data in accordance with its own privacy policy (https://policies.google.com/privacy). Until the user activates the video, the content remains blocked by default and no connection is made to YouTube's servers.
  • Public authorities, competent authorities or courts: where a legal obligation or legal request so requires.


7. International transfers of data

The use of certain third-party tools or services integrated into the Website, in particular, services provided by Google and/or its affiliated entities, such as reCAPTCHA or YouTube, may involve international transfers of data outside the European Economic Area.

Where such transfers occur, they will be carried out in accordance with the safeguards provided for under Chapter V of the GDPR, in conformity with the mechanisms and policies maintained by the provider from time to time.

Cropenta S.L. may review and update this information if the contractual, regulatory or technical conditions applicable to such providers change.

For further information on the processing carried out by those third parties, users may consult the respective privacy policies available on their own websites. Google's privacy details may be consulted here: https://policies.google.com/privacy



8. Retention periods

Personal data will be retained for no longer than is strictly necessary to fulfil the purpose for which it was collected and, once that purpose has been fulfilled, for the periods necessary to address potential legal liability and for the establishment, exercise or defence of legal claims. By way of guidance:

Category of data Indicative retention period
Contact form data and enquiries For the duration of the handling of the request and, thereafter, for the applicable limitation periods (generally up to 5 years under Spanish civil and commercial law), unless retention is required by a legal obligation or for the establishment, exercise or defence of legal claims.
Technical and security logs For the period strictly necessary to ensure the security and integrity of the Website, generally not exceeding 12 months, unless a legal obligation requires otherwise or retention is necessary for the defence of legal claims.
Data relating to the exercise of rights and complaints For the duration of the handling of the request or complaint and, thereafter, for the limitation periods applicable to data protection liability under the relevant legislation.

Upon expiry of the applicable retention periods, personal data will be securely deleted or anonymised, unless a statutory provision requires a longer period of retention.



9. Cookies and similar technologies

This Website uses cookies and similar technologies. The Website currently operates exclusively with technical, security and technical preference technologies, as well as third-party embedded content that is only loaded following the user's express activation, in accordance with Article 22.2 of the Spanish Law on Information Society Services and Electronic Commerce (LSSI-CE) and the criteria of the Spanish Data Protection Agency (Agencia Española de Protección de Datos - AEPD).

Accordingly, this Website does not currently provide a cookie preference panel or banner.

Should non-exempt technologies be activated in the future, such as analytical, advertising or marketing cookies, the corresponding information and consent mechanism will be implemented prior to such activation, through which the user will be able to accept, reject or configure their preferences, as well as withdraw them at any time.

For further information on the technologies used, their purpose, duration and management options, please refer to the Website's Cookies Policy.



10. Rights of data subjects

Data subjects may exercise, within the terms and limits provided for under applicable legislation, the following rights:

  • Access: to know what personal data is being processed and to obtain a copy thereof.
  • Rectification: to request the correction of inaccurate or incomplete data.
  • Erasure ("right to be forgotten"): to request the deletion of data where, amongst other grounds, it is no longer necessary for the purpose for which it was collected.
  • Objection: to object to processing based on legitimate interest where there are grounds relating to the data subject's particular situation.
  • Restriction of processing: to request the restriction of processing in the circumstances provided for under applicable law.
  • Portability: to receive data in a structured, commonly used and machine-readable format, where processing is based on consent or on the performance of a contract and is carried out by automated means.
  • Withdrawal of consent: to withdraw, at any time, consent previously given (for example, in relation to the activation of embedded multimedia content), without affecting the lawfulness of processing carried out prior to its withdrawal (Article 7(3) GDPR).

Requests may be addressed to the Controller by any of the following means:

  • Email: info@cropenta.com
  • Post: Cropenta S.L., Calle Del Cerro – Los Pinos, no. 3, Block 9, PBJ, Door 1, 29679 Benahavís, Málaga (Spain)

The Controller may request additional information to verify the identity of the applicant where there are reasonable grounds for doubt. Requests will be addressed within one month of receipt, extendable by a further two months where necessary, having regard to the complexity or number of requests received.

If the data subject considers that processing does not comply with applicable law, they may lodge a complaint with the Spanish Data Protection Agency (AEPD) at www.aepd.es.



11. Third-party data provided by the user

Where the user provides personal data relating to third parties through the Website, for example, in the body of a message submitted via the contact form, the user represents and warrants that they have sufficient authorisation to do so and that they have previously informed those third parties of the content of this Privacy Policy.

The Controller accepts no liability for the user's failure to comply with this obligation.



12. Minors

This Website is corporate and informational in nature and is not directed at persons under the age of 14. In accordance with Article 7 LOPDGDD, consent to the processing of personal data of minors under the age of 14 requires the authorisation of their parents or legal guardians.

Should the Controller become aware that personal data of a child under the age of 14 has been collected without the requisite authorisation, it will proceed to delete such data as promptly as possible.



13. Data security

The Controller applies appropriate technical and organisational measures to ensure a level of security commensurate with the risk, in accordance with Article 32 GDPR, protecting personal data against loss, alteration, unauthorised disclosure or access.

Such measures are reviewed and updated periodically, having regard to the state of the art, the costs of implementation, and the nature, scope, context and risks of processing. Notwithstanding the foregoing, the Controller cannot guarantee the absolute security of communications transmitted over open networks such as the internet.



14. Amendments to this Privacy Policy

The Controller may update this Privacy Policy in order to reflect regulatory, judicial or technical changes that so require. The "Last updated" date appearing in the header of this document always reflects the version currently in force.

Users are advised to review this section periodically. Where amendments are materially significant to data subjects, the Controller will endeavour to communicate them in an appropriate manner through the Website.

Last updated: 15th March 2026.