Privacy policy



Registered Office: C/ SERRANO, 57, 5º, 28006 – MADRID.

CIF: A-81604118

Telephone: +34 91 781 2800

Email for communications regarding Data Protection:

1.1.Applicable regulations

Our Privacy Policy has been designed in accordance with the EU General Data Protection Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), and Organic Law 3/2018 of 5 December, on the Protection of Personal Data and Guarantee of Digital Rights.Al facilitarnos sus datos, Usted declara haber leído y conocer la presente Política de Privacidad, prestando su consentimiento inequívoco y expreso al tratamiento de sus datos personales de acuerdo a las finalidades y términos aquí expresados.

The Company may modify this Privacy Policy to adapt it to new legislation, jurisprudence or interpretation of the Spanish Data Protection Agency. These privacy conditions may be supplemented by the Legal Notice, Cookies Policy and General Conditions, if any, are collected for certain products or services, if such access involves any specialty in the protection of personal data. 


CORPFIN CAPITAL ASESORES, S.A. SGEIC will process your personal data collected through the Website: for the following purposes:

– To respond to the user’s requests for information through the website, providing the information requested by the user through the contact form.

– Execute a contract signed with the user.

– To comply with the professional, corporate and accounting obligations of the company.

The fields of these records are mandatory, being impossible to perform the purposes expressed if these data are not provided.

2.1. Data Retention Period

We will retain your personal data from the time you give us your consent until you revoke it or request the limitation of processing. In such cases, we will keep your data blocked for the legally required periods.

In the case of contracting our services, the data will be kept for the time necessary to manage and monitor them and to be able to invoice and carry out accounting and tax obligations. Subsequently, the data will be kept for the statute of limitations to which the Responsible is legally obliged.


The legitimacy for the processing of your data is the express consent given by a positive and affirmative act (filling in the corresponding form and ticking the acceptance box of this policy) at the time of providing us with your personal data.

3.1. Consent to process your data

By filling in the forms, checking the box “I accept the Privacy Policy” and clicking to send the data, or by sending e-mails to the Company through the accounts provided for this purpose, the User declares to have read and expressly accepted this privacy policy, and gives his unequivocal and express consent to the processing of his personal data in accordance with the purposes indicated.

3.2. Data categories

The data collected refers to the category of identification data, such as: Name and Surname and E-mail.

In case of contracting our services it will be necessary to process other types of data in order to be able to provide such Service

3.3. Restricted access area policy for customers

In order to enter the restricted access areas, users must have the corresponding access codes. CORPFIN CAPITAL ASESORES, S.A. SGEIC reserves the right to freely accept or reject the registration request of any user. The data entered by users must be accurate, current, truthful and will be processed and treated in compliance with current legislation on personal data protection.

Users shall be responsible in all cases for the safekeeping of their access codes, and therefore shall be solely responsible for any damages that may arise from the improper use of the same, as well as their loss or any other circumstance that may entail a risk of access or use by unauthorized third parties. Users must immediately notify CORPFIN CAPITAL ASESORES, S.A. SGEIC so that it can proceed to block and replace it.


As part of our commitment to ensure the security and confidentiality of your personal data, we inform you that the necessary technical and organizational measures have been adopted to ensure the security of personal data and prevent its alteration, loss, unauthorized processing or access, given the state of technology, the nature of the data stored and the risks to which they are exposed, according to Art. 32 of the RGPD EU 679/2016.


The only transfers envisaged are those necessary to carry out the necessary services requested by the interested part

If the communication of data is essential for the provision of such services, outside the actual execution of the contract (investments, for example), the corresponding data processing contracts will always be signed on behalf of third parties, in accordance with the provisions of Article 28 of the GDP

There may be other suppliers who have the status of data processors, with whom the contracts required by the regulations are also signed, in accordance with Article 28 of the RGPD.

Apart from this, no data transfers or international transfers of your data are foreseen, except for those authorized by tax, commercial and telecommunications legislation, as well as in those cases in which a judicial authority requires us to do so.


Any interested party has the right to obtain confirmation as to whether or not we are processing personal data concerning him/her. Interested parties have the right to access their personal data, as well as to request the rectification of inaccurate data or, where appropriate, to request its deletion when, among other reasons, the data is no longer necessary for the purposes for which it was collected. In certain circumstances, the interested parties may request the limitation of the processing of their data, in which case we will only keep them for the exercise or defense of claims. For reasons related to their particular situation, data subjects may object to the processing of their data. The Data Controller will stop processing the data, except for compelling legitimate reasons, or the exercise or defense of possible claims.

We also remind you that, if you are a customer, you may revoke your consent or object to the sending of commercial communications by any means and at any time by sending an e-mail to the address

If you believe that your request has not been properly addressed or your data is not being treated properly, you can address your claims to the Spanish Data Protection Agency, the controlling body of the matter in Spain.

Below, we provide you with further information on the aforementioned rights, with direct access to their exercise using the links of the Spanish Data Protection Agency:


Article 15 of the General Data Protection Regulation recognizes the right of the data subject to know whether or not his or her personal data are being processed and the purposes of the processing, the categories of data, the recipients, the origin of the data, the storage period and the criteria for determining the storage period. Thus, the data controller will provide a copy of the personal data being processed in electronic format upon request.Igualmente podrán solicitar al responsable: la rectificación, supresión o limitación de datos y de tratamiento.

In order to facilitate the user the exercise of this right we provide through the following link the form to be completed for your request:


Articles 16 and 17 of the General Data Protection Regulation establish that the client or user may request the rectification of his personal data if he considers them to be inaccurate or that they be completed or deleted because they are not necessary for the purposes for which they were collected and processed.

In order to facilitate the user the exercise of this right we provide through the following link the form to be completed for your request:


The data subject has the right to obtain from the controller the restriction of data processing if he/she contests the accuracy of the personal data. In other words, the data may only be processed, with the exception of their retention, with the consent of the data subject, for the purposes of the exercise or defence of claims, the protection of the rights of another natural or legal person or for reasons of public interest of the Union or of a specific Member State. Furthermore, the data subject shall be informed by the controller prior to the lifting of such restriction.

In order to facilitate the user the exercise of this right we provide through the following link the form to be completed for your request:


Article 20 of the General Data Protection Regulation recognizes the right of the data subject to receive personal data relating to him/her, i.e. transmitted directly from controller to controller whenever technically possible, in a structured, commonly used and machine-readable format without being prevented from doing so by the controller to whom he/she has provided it, where consent has been expressly externalized or by contract.A fin de facilitarle al usuario el ejercicio de dicho derecho le proporcionamos a través del siguiente link el formulario que deberá cumplimentar para su solicitud:


The personal data that may be collected will be treated with absolute confidentiality, and the Company undertakes to keep them secret and guarantee the duty to store them by adopting all necessary measures to prevent their alteration, loss and unauthorized access or treatment, in accordance with the provisions of the applicable legislation.

To this end, the Controller guarantees that it will keep the corresponding confidentiality commitments signed with any person who may intervene in any phase of the processing of the personal data collected.


An International Data Transfer is understood as the communication of your personal data to countries located outside the European Union, and more specifically outside the European Economic Area (EEA). There are exceptions of countries outside this European space that are not considered an international transfer as the recipients are countries that the European Data Protection Commission considers appropriate to comply with European standards on data protection.

In the event that the Company transfers personal information outside the EEA, either because the data storage is hosted on a server outside the EEA borders, or for any other reason, it ensures that the contractual clauses regulating such international transfer will be maintained, ensuring that the provider that may host or process personal information complies with the minimum security standards and principles set out in the GDPR.