1. Data controller
In compliance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data ("GDPR"), and with Spanish Organic Law 3/2018, of 5 December, on the Protection of Personal Data and the Guarantee of Digital Rights ("LOPDGDD"), the User is hereby informed that the controller of the processing of personal data collected through the website or through the company's other communication channels is:
| Field | Details |
|---|---|
| Company name | GOBER ARTIFICIAL INTELLIGENCE, S.L. |
| Legal form | Sociedad Limitada (Spanish limited liability company) |
| Tax ID (CIF) | B-21963723 |
| Registered office | Calle Urzaiz, 5, 10º B, 36201 Vigo (Pontevedra), Spain |
info@gober.ai | |
| Activity (CNAE) | 6210 — Computer programming activities |
Gober is not required to appoint a Data Protection Officer (DPO) under Articles 37 GDPR and 34 LOPDGDD. Nevertheless, any matter related to the processing of personal data may be addressed to the email info@gober.ai.
2. Purposes of processing and legal bases
Gober processes the User's personal data for the following purposes and under the following legal bases:
- a) Management of enquiries and communications: to handle enquiries, requests for information, demo requests or any other communications sent by the User via email, enabled forms or other contact channels. Legal basis: consent of the data subject (Art. 6.1.a GDPR) and legitimate interest of the controller in handling the request (Art. 6.1.f GDPR).
- b) Management of commercial, pre-contractual and contractual relationships: to process and manage relationships with clients, suppliers, partners and collaborators, including the negotiation, formalisation, execution and termination of contracts, as well as invoicing, collections and payments. Legal basis: performance of a contract or pre-contractual measures (Art. 6.1.b GDPR) and compliance with legal obligations (Art. 6.1.c GDPR).
- c) Sending commercial and promotional communications: to send the User, by electronic or equivalent means, information about products, services, news, events, editorial content (such as newsletters or Gober's podcast) and other initiatives that may be of interest. Legal basis: express consent of the data subject (Art. 6.1.a GDPR) or, where applicable, Gober's legitimate interest in informing existing clients about products or services similar to those previously contracted, pursuant to Article 21.2 LSSI-CE.
- d) Management of recruitment processes: to process applications submitted by individuals interested in joining Gober, including the assessment of the professional profile and communication with the candidate. Legal basis: consent of the data subject (Art. 6.1.a GDPR).
- e) Compliance with legal obligations: to respond to requirements made by administrative, judicial, tax or other competent authorities. Legal basis: compliance with a legal obligation applicable to the controller (Art. 6.1.c GDPR).
3. Categories of data processed
Depending on the purpose of the processing and the collection channel, Gober may process the following categories of personal data:
- Identification data: first name, surname(s), national ID number (NIF/NIE) or equivalent document.
- Contact data: email address, telephone number, postal address.
- Professional data: job title, department, company or organisation that the User represents, area of activity.
- Commercial and financial data: information necessary for the provision or contracting of services and, where applicable, billing and bank account details.
- Curriculum data: in the case of applications to recruitment processes, the data contained in the curriculum vitae or other documents voluntarily provided by the candidate.
- Communication-derived data: content of messages and communications exchanged with Gober.
Gober does not process special categories of personal data (data relating to health, ideology, religion, trade union membership, biometric data, etc.) within the scope of the above purposes, unless the User voluntarily provides them and their processing is necessary, in which case express consent will be requested in accordance with Article 9 GDPR.
4. Retention periods
Personal data will be retained for the time strictly necessary for the purpose for which it was collected and, subsequently, for the applicable legal periods to address potential liabilities. By way of guidance, the retention periods are as follows:
| Type of processing | Retention period |
|---|---|
| One-off enquiries and communications | Until the enquiry is resolved and, subsequently, 1 year for follow-up purposes. |
| Contractual relationship with clients and suppliers | For the duration of the relationship and, once terminated, for the applicable legal periods (generally up to 6 years pursuant to Art. 30 of the Spanish Commercial Code and tax regulations). |
| Commercial communications and newsletter | Until the User withdraws consent or exercises the right to object. |
| Recruitment processes | Up to 1 year from receipt of the application, unless express consent for additional retention is given. |
| Compliance with legal obligations | Periods established by applicable tax, commercial, labour and administrative regulations in each case. |
Once these periods have elapsed, personal data will be blocked for the time necessary to address potential liabilities and, once these are extinguished, definitively deleted in accordance with the provisions of Article 32 LOPDGDD.
5. Recipients and disclosures of data
As a general rule, Gober does not communicate personal data to third parties, except in the following cases:
- Data processors: service providers that support Gober and that may access personal data for the provision of such services (web hosting, email, business management tools, labour, accounting and tax advisory, legal services, artificial intelligence tools). With all of them, the corresponding data processing agreements have been signed in accordance with Article 28 GDPR.
- Public administrations and competent authorities: when there is a legal obligation to communicate, including, among others, tax, labour and judicial authorities and state security forces.
- Banking and financial institutions: for the management of collections, payments and other necessary financial operations.
Gober does not transfer data to third parties for commercial or advertising purposes without the prior and express consent of the User.
6. International data transfers
Some of Gober's service providers (in particular, certain cloud service providers, email tools and artificial intelligence platforms) are based in or process personal data in the United States or other countries outside the European Economic Area (EEA).
In such cases, international data transfers are carried out under one of the following safeguards provided for in Articles 44 et seq. GDPR:
- Adequacy decisions adopted by the European Commission, including, for the United States, Commission Implementing Decision (EU) 2023/1795, of 10 July 2023, on the EU-U.S. Data Privacy Framework.
- Standard Contractual Clauses (SCC) approved by the European Commission in accordance with Article 46.2 GDPR.
- Any other appropriate safeguard accepted by applicable regulations.
The User may request additional information about the international transfers carried out and the safeguards applied by writing to info@gober.ai.
7. Rights of the data subject
The User may exercise at any time the following rights recognised by the GDPR and the LOPDGDD:
- Right of access: to obtain confirmation as to whether or not personal data concerning them is being processed and, where applicable, to access such data.
- Right of rectification: to request the correction of inaccurate or incomplete personal data.
- Right of erasure ("right to be forgotten"): to request the deletion of data when, among other reasons, it is no longer necessary for the purposes for which it was collected.
- Right to object: to object to the processing of data for reasons related to the particular situation of the data subject, as well as, without need for justification, against processing for direct marketing purposes.
- Right to restriction: to request the restriction of processing, in which case the data will only be retained for the exercise or defence of claims.
- Right to portability: to receive personal data in a structured, commonly used and machine-readable format, and to transmit it to another controller.
- Right not to be subject to automated individual decisions: including profiling, that produce legal effects or significantly affect the data subject.
- Right to withdraw consent given at any time, without this affecting the lawfulness of the processing carried out previously.
These rights may be exercised by written request addressed to the email info@gober.ai, or by postal mail to Gober's registered office, duly proving the requester's identity by means of a copy of an official document. Gober will resolve the request within one (1) month of receipt, extendable by two (2) additional months depending on the complexity and number of requests.
Likewise, the User has the right to lodge a complaint with the Spanish Data Protection Agency (www.aepd.es, C/ Jorge Juan, 6, 28001 Madrid), in particular when they have not obtained satisfaction in the exercise of their rights.
8. Security measures
Gober has adopted the appropriate technical and organisational measures pursuant to Article 32 GDPR, taking into account the state of the art, implementation costs, nature, scope, context and purposes of the processing, as well as the risks to the rights and freedoms of data subjects, in order to ensure a level of security appropriate to the risk of the processing.
Such measures include, among others, encryption of data in transit and at rest where applicable, access control systems based on the principle of least privilege, periodic backups, ongoing staff training on data protection and information security, as well as periodic evaluation of the effectiveness of the implemented measures.
9. Automated decisions and profiling
Gober does not make automated individual decisions, including profiling, that produce legal effects on the User or significantly affect them in a similar manner, within the meaning of Article 22 GDPR.
10. Truthfulness of data
The User warrants the truthfulness, accuracy, authenticity and currency of the personal data provided to Gober and undertakes to communicate any modifications that occur therein. The User will be liable for damages and losses that may arise, both to Gober and to third parties, from the provision of false, inaccurate, incomplete or outdated data.
When the User provides personal data of third parties, they must have previously informed those third parties of the content of this Privacy Policy and obtained their consent for the communication of their data to Gober.
11. Modifications to the Privacy Policy
Gober reserves the right to modify this Privacy Policy to adapt it to legislative or jurisprudential developments, criteria and guidelines issued by the Spanish Data Protection Agency, or technical or operational changes. Any substantial modification will be communicated to the User by the usual means with reasonable advance notice of its entry into force.