This Privacy and Data Protection Policy governs the processing of personal data of users and visitors to the website of Fundación eAtlantic Fundazioa (hereinafter, the “Foundation”), as well as that of any natural person whose data may be processed as a result of accessing or using the website and the services provided through it. This policy reflects the Foundation’s commitment to privacy, confidentiality, and data security, and ensures full compliance at all times with the applicable legislation on personal data protection—specifically, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation – GDPR), Organic Law 3/2018 of 5 December on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD), and any other applicable legislation in force in Spain.

The data controller responsible for the processing of personal data is:

Name: Fundación eAtlantic Fundazioa

Registered address: Henao 7, 7th floor, Office 8; 48009 Bilbao, Spain

Tax ID (CIF): G21653316

Telephone: +34 946 011 468 / 69

Email: info@eatlantic.eu

The Foundation will collect only the personal data strictly necessary for the development of its activities. This may include, among others: full name, postal address, email address, telephone number, and, where applicable, information relating to the user’s relationship with or interest in the Foundation (such as submitting information requests, making donations, or participating in events or activities, etc.). Personal data may be obtained through electronic communications with the Foundation or via any other legitimate channel expressly authorised by the user.

The personal data collected shall be processed for the following purposes, depending on the activities and services provided by the Foundation:

The legal basis for processing shall be the data subject’s explicit consent, the necessity of processing for the performance of a requested contract or service, or compliance with legal obligations applicable to the Foundation as a non-profit entity.

These principles reflect the concepts of accountability and privacy by design and by default, which require the Foundation to carry out risk assessments and implement appropriate safeguards.

Personal data shall be retained only for the period strictly necessary to fulfil the purposes for which they were collected; for as long as a contractual or pre-contractual relationship exists between the user and the Foundation; for the legally established timeframes required to comply with legal obligations or to exercise or defend potential claims; or until the data subject withdraws their consent, where applicable. In all cases, the Foundation shall establish regular review periods for stored data and shall proceed, where appropriate, to anonymise or delete such data when processing is no longer necessary for the purpose for which it was originally collected.

Personal data shall not be disclosed to third parties, except where there is a legal obligation, a judicial requirement, the express authorisation of the data subject, or where such disclosure is necessary for the provision of the requested service and the fulfilment of the Foundation’s purposes. No international transfers of data outside the European Economic Area (EEA) are envisaged, except in strict compliance with the safeguards and requirements established under applicable legislation. Should such a transfer become necessary, the user will be informed in advance of the transfer and the safeguards in place.

Data subjects may exercise their rights of access, rectification, erasure, objection, restriction of processing, data portability, and the right not to be subject to automated individual decision-making, in accordance with Articles 15 to 22 of the General Data Protection Regulation (GDPR) and the relevant provisions of Organic Law 3/2018 (LOPDGDD). To exercise these rights, data subjects may contact the Foundation in writing at its registered address or via the email address provided, enclosing a copy of their national identity document (DNI) or other valid proof of identity. Furthermore, data subjects have the right to lodge a complaint with the Spanish Data Protection Agency (www.aepd.es) if they consider that their rights have not been duly respected.

The Foundation undertakes to adopt and implement all appropriate and legally required technical and organisational measures, in accordance with the circumstances and the state of the art, to ensure the confidentiality, integrity, availability, and resilience of personal data, as well as to promptly restore availability and access to data in the event of a physical or technical incident. Where applicable, the Foundation shall also carry out data protection impact assessments and risk analyses in line with the requirements of the GDPR and the LOPDGDD, in accordance with the principle of proactive accountability.

In accordance with applicable legislation, only individuals aged fourteen (14) or older may provide personal data through the website. If the Foundation becomes aware that it has received personal data from a person under the age of 14 without the prior consent of their parents, legal guardians, or representatives, such data shall be deleted immediately. In the case of activities or events intended for minors, the Foundation shall obtain the consent of their legal representatives, where appropriate.

The Foundation reserves the right to amend this Privacy Policy in order to adapt it to future legislative, judicial, or technical developments that may affect its compliance or the services provided. Any such amendments will be duly communicated on this page and shall take effect upon publication; users are therefore advised to consult this Privacy Policy periodically.

For any matters related to the protection of your personal data, as well as for exercising the rights mentioned above, you may contact the Foundation at:

Address: Henao 7, 7th floor, Office 8; 48009 Bilbao, Spain

Email: info@eatlantic.eu

Telephone: +34 946 011 468 / 69

In the event that services or activities requiring a specific data protection policy are offered through the website—such as internal reporting channels, whistleblowing procedures, staff recruitment processes, or participation in international projects—the Foundation will expressly inform users by means of a specific notice and, where applicable, obtain their consent.