Privacy Policy

How we protect and handle your personal data

(Version 1.0 – Date: May 1, 2025)

1. Introduction

Welcome to the Privacy Policy of TRIA STRATEGY PARTNERS SL ("TRIA", "we", "our"). At TRIA, we respect your privacy and are committed to protecting your personal data. This privacy policy will inform you about how we take care of your personal data when you visit our website (regardless of where you visit it from) and tell you about your privacy rights and how the law protects you.

This policy complements other notices and privacy policies and is not intended to override them.

2. Who is the Data Controller?

Identity: TRIA STRATEGY PARTNERS SL

VAT Number: B75754531

Postal Address: Calle Gran Via de les Corts Catalanes, 672, Door 2, 08010 Barcelona, Spain.

General Contact Email: info@triastrategy.com

Data Protection Officer (DPO): We have appointed a DPO whom you can contact for any issues related to the processing of your personal data or the exercise of your rights.

DPO Contact: dpo@triastrategy.com

3. What Personal Data Do We Collect and What Do We Use It For?

Personal data means any information about an identified or identifiable natural person. This does not include data where the identity has been removed (anonymous data).

We collect and process the following categories of data for the purposes and with the legal bases indicated below:

a) Contact and Inquiry Data:

Data Processed: Name, surname, email address, phone number (if you provide it voluntarily), company (if applicable), and any other information you include in the body of your message when you contact us through our contact email (info@triastrategy.com or dpo@triastrategy.com) or future web form.

Purpose: To manage and respond to your inquiries, information requests, comments or proposals. To maintain professional contact if applicable.

Legal Basis:

  • Your consent (Art. 6.1.a GDPR) by voluntarily sending us the inquiry (for future web form, clear action will be required, such as a checkbox).
  • The application of pre-contractual measures (Art. 6.1.b GDPR) if your inquiry is related to the possible contracting of our services.
  • Our legitimate interest (Art. 6.1.f GDPR) in attending to requests and maintaining appropriate professional relationships.

b) Navigation and Cookies Data:

Data Processed: IP address (may be anonymized), browser and device type, operating system, approximate online identifiers, pages visited on our website, time spent, clicks, etc.

Purpose:

  • Allow the technical operation of the website (technical/necessary cookies).
  • Analyze website usage to understand how visitors interact and improve their experience and our content (analytical cookies, e.g. Google Analytics).
  • (If applicable in the future) Personalize advertising or content (advertising/marketing cookies).

Legal Basis:

  • Our legitimate interest (Art. 6.1.f GDPR) for cookies strictly necessary for the technical operation of the web.
  • Your consent (Art. 6.1.a GDPR and LSSI-CE) for the use of analytical, advertising or any other non-strictly necessary cookies, obtained through our banner or cookie configuration panel.

More Information: Please consult our Cookie Policy for detailed information about the cookies we use, their specific purposes, duration and how to manage them.

c) (Future) Data for Communication Subscription:

Data Processed: Email address, name (optional).

Purpose: Send you newsletters, updates or commercial communications about TRIA and its services, if you expressly request it.

Legal Basis: Your explicit consent (Art. 6.1.a GDPR) obtained through a specific subscription form (with an unchecked checkbox).

Important: We do not proactively collect special categories of personal data (health, ethnic origin, political opinions, etc.) through our website. Please do not send us this type of information through these channels.

4. How Long Do We Keep Your Data?

We will only retain your personal data for as long as strictly necessary to fulfill the purposes for which it was collected, including compliance with legal, tax or contractual obligations.

Contact and Inquiry Data: Will be kept for the time necessary to manage and respond to your request and, subsequently, will be blocked during the applicable legal prescription periods in case responsibilities arise.

Navigation Data (Cookies): The duration of each cookie is specified in our Cookie Policy. Aggregate analytics data may be kept for longer periods, but in a way that does not allow your identification.

(Future) Subscription Data: Will be kept as long as you do not revoke your consent. We will perform periodic purges of inactive subscribers.

5. Who Do We Share Your Data With?

TRIA does not sell or rent your personal data to third parties. We only share your data with the following categories of recipients when strictly necessary for the purposes described:

Service Providers (Data Processors): Companies that provide us with necessary services for our operations and that need to process your data on our behalf and under our instructions. We have signed the corresponding data processing agreements (DPA) with them

6. Do We Perform International Data Transfers?

Some of the service providers mentioned in the previous point may be located outside the European Economic Area (EEA), which could imply an international transfer of your data.

Google LLC (USA): For the Google Analytics service. TRIA will ensure that these transfers are made under an appropriate guarantee mechanism recognized by European regulations (currently, the Standard Contractual Clauses adopted by the European Commission, complemented with a transfer impact assessment and additional measures if necessary).

TRIA is committed to ensuring that any international transfer of personal data is carried out with adequate safeguards to ensure a level of protection equivalent to that required by the GDPR. You can request more information about these guarantees by contacting our DPO.

7. What Are Your Data Protection Rights?

You have the following rights in relation to your personal data:

Access: Request access to the personal data we have about you.

Rectification: Request the correction of personal data that is inaccurate or incomplete.

Erasure: Request the deletion of your personal data when, among other reasons, it is no longer necessary for the purposes for which it was collected.

Restriction: Request the restriction of the processing of your data in certain circumstances, in which case we will only keep them for the exercise or defense of claims.

Portability: Receive your personal data in a structured, commonly used and machine-readable format, and transmit it to another controller, when the processing is based on consent or a contract and is carried out by automated means.

Objection: Object to the processing of your data based on our legitimate interest, for reasons related to your particular situation. You can also object at any time to the processing of your data for direct marketing purposes.

Withdrawal of Consent: Withdraw consent given at any time, without affecting the lawfulness of processing based on consent prior to its withdrawal (applicable to processing based on consent, such as non-necessary cookies or newsletters).

Not to be subject to automated decisions: Right not to be subject to a decision based solely on automated processing that produces legal effects on you or significantly affects you in a similar manner (we currently do not make this type of decision through the web).

8. How Can You Exercise Your Rights?

You can exercise your rights free of charge by sending a written request to our Data Protection Officer (DPO):

By email: dpo@triastrategy.com

By mail: Indicating "Data Protection" to the address: Calle Gran Via de les Corts Catalanes, 672, Door 2, 08010 Barcelona, Spain.

You must attach a copy of your ID or equivalent identification document to verify your identity. We will respond to you within a maximum period of one month.

If you consider that we have not adequately attended to your rights, you have the right to file a complaint with the Spanish Data Protection Agency (AEPD - www.aepd.es).

9. What Security Measures Do We Apply?

TRIA has adopted the appropriate technical and organizational measures to ensure an adequate level of security for the risk, to protect your personal data against destruction, loss or accidental or unlawful alteration, and against unauthorized communication or access. These measures are detailed in our internal Security Document and are reviewed periodically. Our website uses an SSL certificate to ensure that communication is encrypted.

10. Cookie Policy

Our website uses cookies. For detailed information about the cookies we use, their purposes and how you can manage them, please consult our Cookie Policy.

11. Changes to this Privacy Policy

We may update this Privacy Policy occasionally. We will notify you of any substantial changes by posting the new policy on our website and updating the "last revision" date at the top. We recommend that you review this policy periodically.

12. Contact

If you have any questions about this Privacy Policy or about how we process your personal data, do not hesitate to contact our DPO at dpo@triastrategy.com.