Aurea Capital Partners, S.L., founded in 2013, is a firm dedicated to investment and project management with a focus on sustainability.

In compliance with these principles, our data protection policy is constructed and communicated in accordance with the applicable regulations, most especially in relation to Regulation EU 2016/679 of the European Parliament and of the Council, regarding the protection of natural persons in regarding the treatment of personal data and the free circulation of these data, and which repeals Directive 95/46 / EC (hereinafter RGPD) and Law 3/2018, of December 5, on Data Protection and Digital Rights Guarantee.

The Company has also adopted the technical and organizational measures necessary to guarantee the confidentiality, security and proper treatment of personal data, avoiding its alteration, loss, treatment or unauthorized access in accordance with the provisions of the applicable regulations, taking effective measures and attending, in any case, with the level of security appropriate to the level of the data processed. This work is carried out continuously, attending to legislative or corporate developments.

This policy may be amended from time to time due to possible legislative changes or other reasons for managing the activity. Every time a change occurs, it will be immediately reflected on the website, and appropriate communications will be made, where appropriate.

The Company manages personal data in the performance of a professional position or function, as well as personal data in the private sphere. The entity can act as DATA CONTROLLER or DATA PROCESSOR. This  privacy policy addresses and covers both types of actions.



Aurea Capital Partners, S.L., with registered office at Edificio Nuestra Señora del Pilar, Modulo A, 2º floor, Calle de Las Norias 92, 28221, Majadahonda, with VAT B-86922648. Telephone +34 91 012 00 16, e-mail



Aurea Capital Partners, S.L.. E-mail:



The Company processes the information provided for the following purposes:

  1. PURPOSES OF A CONTRACTUAL NATURE: to facilitate the management of the agreed service provision, to maintain the commercial relationship and for any other services contracted at a later date.
  2. CONSENT-BASED PURPOSES: for marketing, distribution of notifications related to our activity.
  3. FOR REGULATORY PURPOSES: for the compliance of legal and regulatory obligations, such as those established by the CNMV regulations, money laundering, terrorism funding and taw law.
  4. PURPOSES BASED ON LEGITIMATE INTEREST, under the scope of that established in Article 19 of the Spanish LOPDGDD (Organic Law 3/2018 of 5 December) and Article 6.1.f of Regulation EU 2016/679.

PERSONAL DATA is used as DATA CONTROLLER when the Company collects and use the data.

PERSONAL DATA is used as DATA PROCESSOR when the Company use personal data to provide services to a third party who is the DATA CONTROLLER.



The provided personal data shall be kept:

  1. During the time required for compliance with the purpose for which it was collected, or the time required for the trade relationship, including the time required, in accordance with applicable regulations, to comply with the relevant obligations that may arise from it.
  2. Until the interested requests that it be suppressed.

It shall be blocked when either of the two aforementioned events occurs, whichever occurs first.

From that moment on, it shall be available exclusively to Judges and Courts, the Public Prosecutor and the competent Public Administrations, particularly the data protection authorities, in order to address any possible liabilities arising from its processing, during the limitation period. After said period has expired, the data shall be suppressed.

No profiles are created.



As DATA CONTROLLER, the legal basis for our processing of your data is based on:

  1. Our contractual relationship and the execution of the contract you signed with us.
  2. Your express and written consent.
  3. Regulatory purposes.
  4. Legitimate interest according to Art 19 of the LOPDGDD.

As DATA PROCESSOR the company acting as DATA CONTROLLER is the one to establish the legal basis and process of data.



The data is sent to our collaborators who carry out services, including subcontractors, collaborating legal firms and/or those responsible for data processing.



Regarding any transfer of your personal data to countries outside of the EEA, the Company will implement the specific measures needed to guarantee an appropriate level of protection of said personal data.



  1. All persons have the right to obtain confirmation about whether the Company is processing personal data which may or may not concern them.
  2. Interested parties have the right to access their personal data, to request the rectification of incorrect data and, if applicable, to request its suppression when, among other reasons, the data is not required for the purposes for which it was gathered.
  3. In certain circumstances established in Article 18 of the GDPR, interested parties can request the limitation of the processing of their data. In this case, we would only keep the data for the filing or defence of grievances.
  4. Interested parties can object to the processing of their data for marketing purposes, including the creation of profiles. The Company will stop processing said data, unless there are compelling legitimate grounds or in the exercise or defense of possible grievances.
  5. By virtue of the right to portability, interested parties have the right to obtain the personal data which concerns them (it will be supplied in a structured, commonly used, machine-readable format) and to transfer it to another data processor.



By writing to the Company at the addresses indicated above.



In the event that you believe that the Company has not fulfilled your request correctly, you can request protection from the Spanish Data Protection Agency, the details of which can be consulted at



What categories of data do we process?

  1. Identification data.
  2. Data about your professional function or activity
  3. Family and economic data

Special categories of Articles 9 and 10 of the GDPR may be process. In the event of exceptional processing, the Company will comply with the requirements of Article 9 and 10, and explicit consent will be obtained.


Personal data is processed confidentially in accordance with the privacy and security policies established by the Company.

The data we receive or gather is that required for fulfilling the indicated purposes.



As DATA CONTROLLER, the personal data we process comes from the information you provide us when requesting services or resources, accessing our website or establishing any type of relationship with us, either directly or indirectly.

As DATA PROCESSOR, the personal data is received from the DATA CONTROLLER, or they are collected during the provision of the services entrusted by the DATA CONTROLLER.