Request a Mandate

Last updated: May 2026

Privacy Policy

SecureFound is committed to protecting personal data in accordance with Regulation (EU) 2016/679 (GDPR) and Spanish Organic Law 3/2018 on Personal Data Protection (LOPDGDD).

Data Controller

SecureFound (the "Controller") — established in Spain. Contact for data protection enquiries: regulatory@securefound.com.

What data we collect

  • Contact data — name, work email, company, role, country — submitted via our enquiry form.
  • Mandate data — technical documentation, EU Declaration of Conformity, conformity certificates, and other documentation provided by clients in the course of the Authorised Representative mandate.
  • Technical data — IP address, browser type, device information, pages visited (only when strictly necessary for site operation and security).

Legal basis for processing

  • Consent (Art. 6(1)(a) GDPR) — for enquiries submitted via the contact form.
  • Contract performance (Art. 6(1)(b) GDPR) — for clients who appoint SecureFound as their Authorised Representative.
  • Legal obligation (Art. 6(1)(c) GDPR) — for documentation custody required by Articles 22 and 54 of Regulation (EU) 2024/1689 (10-year retention).
  • Legitimate interest (Art. 6(1)(f) GDPR) — for site security, fraud prevention, and direct B2B communication with prospective clients.

How long we retain data

Enquiry data: up to 24 months from last contact. Mandate documentation: 10 years from market placement of the AI system or GPAI model, as required by Articles 22 and 54 of the EU AI Act. Technical/log data: maximum 12 months.

Data residency & transfers

All personal data is stored on infrastructure located within the European Economic Area. SecureFound does not transfer personal data outside the EEA without appropriate safeguards (Standard Contractual Clauses or adequacy decisions).

Your rights under the GDPR

  • Right of access (Art. 15)
  • Right to rectification (Art. 16)
  • Right to erasure (Art. 17)
  • Right to restriction of processing (Art. 18)
  • Right to data portability (Art. 20)
  • Right to object (Art. 21)
  • Right to lodge a complaint with the Spanish Data Protection Authority (AEPD): www.aepd.es

To exercise any of these rights, contact regulatory@securefound.com.

Security

SecureFound implements technical and organisational measures appropriate to the risk, including encryption in transit (TLS 1.3+), encryption at rest, access controls, audit logging, and regular security reviews.

Updates to this policy

This Privacy Policy may be updated from time to time. The most recent version will always be published at this URL with the "Last updated" date.