Skip to Content
Privacy PolicyWho are we?What data do we collect?¿Con qué finalidad tratamos sus datos?What is the legal basis for the processing?How long do we keep the data?
What rights do I have over my data?How would we notify and declare a breach?To whom do we communicate your data?¿Se realizan transferencias internacionales?Do we segment and/or profile your data?¿Tratamos datos de menores de edad?What is our commitment to the secrecy and security of your data?¿Cómo actualizamos esta política?Contacto

Privacy Policy

Última actualización: 29 de octubre de 2025

This policy explains how we handle and protect the personal data of individuals who interact with GRC SOLUTIONS and SOLVEIT through this website and other channels. We recommend reading the Legal Notice and the Cookie Policy before using the website..

In accordance with Regulation (EU) 2016/679 (GDPR) and Organic Law 3/2018 (LOPDGDD), GRC SOLUTIONS and SOLVEIT inform you that, by accepting this Privacy Policy, you give your express, informed, free, and unequivocal consent for the data you provide, which are subject to the technical and organisational security measures established in current legislation, to be processed by GRC SOLUTIONS and SOLVEIT, as the data controller.

Who are we?

Data controller: SOLER SOLUTIONS, S.L., operating under the trade names “SOLVEIT” and “GRC SOLUTIONS” (hereinafter, The Company).

  • NIF: B13742580

  • Address: Plaza Pablo Ruiz Picasso 1, 28020 Madrid (España)

  • Contact email: info@solveit.es

What data do we collect?

The Company may collect and process the following categories of personal data:

  • Identification and contact: name, surname, email, telephone.

  • Professional data: position, department, company.

  • Contractual and billing data: Tax Identification Number, registered address, contracted products/services, financial transactions, and payment details.

  • Browsing and technical data: IP, device identifiers, browser type, access domain, activity logs, and cookies (see Cookie Policy).

  • Data derived from the use of SaaS services: created users, accesses, activity logs, and the information that the Client enters into the platform of the contracted service.

  • Internal management data: necessary information about employees, collaborators, and suppliers within the framework of the Company's activity.

What is the purpose of processing your data?

We process personal data for the following purposes:

  • Commercial and contractual management: handling requests, preparing proposals, contracting, invoicing, and administration.
  • Consultancy and software licensing: implementation, training, and support for third-party solutions marketed by The Company.
  • Provision of services in SaaS mode (e.g., Eramba SaaS): hosting, updates, backups, integrations, and technical support. In this context, The Company acts as the Data Processor and the Client as the Data Controller for the data they input into the platform.
  • Web hosting services: provision of hosting and maintenance services for websites for Clients. These services may be provided directly by the Company or through infrastructure providers.

    • Assistance through AI tools: we use AI services to transcribe, summarise, and analyse meetings, assist in drafting (e.g., proposals, emails, documentation), and improve operational efficiency (e.g., classification of internal communications). These tools do not make decisions with legal or significant effects autonomously; there is human intervention in the review and validation of results.

  • Corporate internal management: through third-party platforms for accounting, CRM, sales, marketing, collaboration, cloud, and email.
  • Commercial communications and marketing: sending information by electronic means (email, messaging) when consent is given.
  • Compliance with legal obligations, especially those arising from tax, accounting, commercial, and data protection regulations.
  • Security and abuse prevention: protection against fraud and reinforcement of network and service security.

What is the legal basis for the processing?

We process your data in accordance with:

  • Execution of a contract (art. 6.1.b GDPR): consultancy, SaaS, licences and billing.

  • Consent (art. 6.1.a GDPR): contact forms, subscriptions, commercial communications and use of non-technical cookies.

  • Compliance with legal obligations (art. 6.1.c GDPR): tax, accounting, commercial and data protection.

  • Legitimate interest (art. 6.1.f GDPR): security, prevention of abuse, and improvement of internal processes, weighed against the rights of the data subjects.

How long do we keep the data?

  • Clients: during the contractual relationship and, afterwards, during the applicable legal periods (tax, accounting, commercial or anti-money laundering).

  • Potential clients: up to 2 years from the last contact or until you request deletion.

  • SaaS Users: during the term of the contract and until the return or deletion of the data as established in the DPA (Data Processing Agreement).

What rights do I have over my data?

You can exercise your rights of access, rectification, erasure, objection, restriction, portability, and withdrawal of consent by writing to info@solveit.es

Please attach proof of identity; if acting by representation, provide evidence of representation.

If you believe your request has not been properly handled, you may lodge a complaint with the Spanish Data Protection Authority (AEPD): www.aepd.es.

How would we notify and declare a breach?

If an incident affecting personal data occurs, the Company will notify the Client without undue delay, providing timely information about the incident and the measures taken to mitigate its effects.

To whom do we communicate your data?

We only share data with providers necessary to deliver our services, always under contract and in compliance with the GDPR:

  • Manufacturers/suppliers of solutions: to manage the purchase of licences when the Client requests it.
  • External services: payment, orders, marketing, analytics, email, web.
  • Internal platforms: Odoo, Google Workspace/Cloud and Microsoft 365/Azure.
  • Cloud infrastructure for SaaS (EU): AWS, Azure, Google Cloud or Contabo.
  • Web hosting providers: AWS, Azure, Google Cloud, Ionos, Contabo or Odoo, to provide web hosting services.
  • AI Providers: Google, Microsoft, OpenAI, Read.ai, as data processors and with appropriate security measures.
  • Integrations and automation (EU): Make.com in SaaS services that require it.
  • Development/hosting of the corporate website: providers with limited access and low confidentiality.

Are international data transfers carried out?

No international transfers outside the European Economic Area are envisaged. If they become necessary, we will apply GDPR safeguards (Standard Contractual Clauses, adequacy decisions or equivalent measures).

Do we segment and/or profile your data?

We can carry out segmentations using browsing and web usage data for statistical and marketing purposes, employing aggregated and non-identifiable information. In the case of using AI, we do not adopt automated measures, with human supervision always in place.

We do not create commercial profiles with the data entered by Clients in the managed services.

Do we process children’s data?

Our services are not directed at children under 14 years of age. If we detect data of minors without valid consent, we will delete it.

What is our commitment to the secrecy and security of your data?

The Company undertakes to treat your data confidentially and to apply appropriate technical and organisational measures to ensure its confidentiality, integrity, availability and resilience, in accordance with Article 32 GDPR and the LOPDGDD. Only authorised personnel and providers will access the information, always under confidentiality obligations and least-privilege principles.

Medidas de seguridad (entre otras, de forma enunciativa y no limitativa):

  • Encryption of information in transit (TLS) and at rest where applicable.

  • Role-based access control, strong authentication/MFA, and credential rotation.

  • Regular backups and restoration tests.

  • Monitoring, recording, and traceability of access and relevant security events.

  • Segregation of environments (development, testing, production) and the principle of least privilege.

  • Vulnerability and patch management, with review and correction within reasonable timeframes according to criticality.

  • Privacy by design and by default (data minimisation, purpose limitation, and retention).

  • Training and awareness of personnel with access to data.

  • The AI tools are configured under enhanced privacy parameters, so they do not store or use customer or employee data to train models. The Company periodically reviews the policies and settings of each provider to ensure compliance with the GDPR.

SaaS and Infrastructure/Hosting: when we provide services in SaaS or web hosting mode, we can rely on infrastructure providers in the EU such as Ionos, AWS, Google Cloud, Microsoft Azure, Contabo, or Odoo Hosting. In all cases:

  • They act as managers/deputy managers under contract in accordance with the GDPR and with equivalent or superior security measures.

  • We limit the processing to what is necessary to provide the service, and we do not authorise different uses.

  • We avoid international transfers; if they are exceptionally necessary, we will apply appropriate safeguards (standard contractual clauses, adequacy decisions, or other equivalent measures).

Security incidents/breaches: if we detect an incident affecting personal data, we will notify the Client without undue delay and provide timely information regarding the scope, the measures taken, and recommendations to mitigate the effects.

Although we apply controls aligned with best practices, no system is 100% infallible on the Internet. Therefore, we maintain a process of continuous improvement and can update or supplement measures to ensure an appropriate level of security relative to the risk.

How do we update this policy?

We may modify this policy to adapt it to regulatory changes or service provision. We will publish the current version indicating the date of the last update.

Contact

For any questions regarding this policy or the handling of your data: info@solveit.es