1. DOMAIN OWNERSHIP

The domain veroveoequestrian.com and the associated website are the exclusive property of the company VEROVEO GROUP, S.L., with CIF B44557825 and registered address at Calle José Antonio Cañete Juárez, 8, 2-2, 03202, Elche (Alicante), Spain.

We appreciate your interest in our company. Ensuring the confidentiality and security of personal data is a top priority for the management of VEROVEO GROUP, S.L. The website veroveoequestrian.com can be used without the need to provide personal information. However, if you wish to access certain services offered by the company through the website, the processing of your personal data may be required. In the absence of a corresponding legal basis, such data processing will only take place after obtaining your explicit consent.

The processing of personal data—such as name, postal address, email address or telephone number—is carried out in strict accordance with the provisions of the General Data Protection Regulation (GDPR) and the applicable national legislation governing VEROVEO GROUP, S.L. This Privacy Notice aims to clearly inform data subjects about the nature of the personal data we collect, the purposes for which it is used, and the manner in which it is processed. In addition, this document outlines the rights of data subjects in relation to their data.

As the data controller, VEROVEO GROUP, S.L. has implemented a wide range of technical and organizational measures designed to ensure a high level of security for the personal data processed through this website. Nonetheless, it should be noted that data transmission over the Internet may involve certain risks, and complete data security cannot be fully guaranteed. For this reason, each data subject has the option of providing their personal data to us through alternative means, such as by telephone.

2. DATA CONTROLLER INFORMATION

Company name: VEROVEO GROUP, S.L. (hereinafter referred to as the “Controller” or the “Company”)
CIF: B44557825
Address: Calle José Antonio Cañete Juárez 8, 2-2, 03202, Elche (Alicante), Spain
Phone: +34 644950578
Email for data protection inquiries: contact@veroveoequestrian.com

3. APPLICABLE LEGISLATION

This Privacy Policy has been drafted in accordance with the European Union’s General Data Protection Regulation (EU Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 – GDPR), as well as Organic Law 3/2018 of December 5 on the Protection of Personal Data and the Guarantee of Digital Rights.

By providing us with your personal data, you acknowledge that you have read and understood this Privacy Policy and that you give your explicit and unequivocal consent for the processing of your personal data for the purposes and under the conditions described herein.

The Company reserves the right to amend this Privacy Policy in response to legal changes, judicial developments, or interpretative criteria issued by the Spanish Data Protection Agency. These privacy terms may be supplemented by the Legal Notice, Cookie Policy, or General Terms and Conditions, if access to specific products or services involves particular data protection considerations.

4. DATA PROTECTION OFFICER

Juan Carlos Rodríguez Núñez
CIF: 09744806M
Address: Calle Historiador Juan Torres Fontes, 11, 6º D, 30011, Murcia
Phone: +34 600 908 202
Email: dpd@consultoriacdc.es

5. DEFINITIONS

The following terms, among others, are used in this Privacy Policy:

a) Personal Data
Personal data refers to any information relating to an identified or identifiable natural person (data subject). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to a name, an identification number, location data, an online identifier, or to one or more factors specific to that person’s physical, physiological, genetic, mental, economic, cultural, or social identity.

b) Data Subject
A data subject is any natural person who is identified or identifiable, and whose personal data is held and processed by the Company (as the controller).

c) Processing
Processing means any operation or set of operations performed on personal data, whether by automated or manual means. This includes, but is not limited to, collecting, recording, organizing, structuring, storing, altering, retrieving, consulting, using, transmitting, disclosing, making available, aligning, combining, restricting, deleting, or destroying data.

d) Restriction of Processing
Restriction of processing refers to the marking of stored personal data with the aim of limiting their future processing.

e) Profiling
Profiling means any form of automated processing of personal data where such data is used to evaluate or predict specific aspects relating to a natural person, such as performance at work, financial situation, health, personal preferences, interests, reliability, behavior, location, or movements.

f) Pseudonymisation
Pseudonymisation is the processing of personal data in such a way that the data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is protected by technical and organizational measures to ensure that the data cannot be traced back to an identifiable person.

g) Data Controller
A data controller is a natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

h) Data Processor
A data processor is a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.

i) Recipient
A recipient is a natural or legal person, public authority, agency, or another body to whom personal data is disclosed, whether or not it is a third party. However, public authorities that may receive personal data in the context of a specific investigation under EU or Member State law are not regarded as recipients in this context.

j) Third Party
A third party is any natural or legal person, public authority, agency, or body other than the data subject, the controller, or the processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

k) Consent
Consent of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of their personal data.

6. PURPOSE OF PERSONAL DATA PROCESSING

The processing of your personal data is carried out for the following purposes:

• To provide information about the products and services offered by our company and featured on this website.
• To enter into a service agreement upon acceptance of a commercial offer/order and/or upon signing a business contract.
• To send, by email or regular mail, news and updates regarding our company’s activities, including information about our products and services.

7. LEGITIMATE INTERESTS PURSUED BY THE CONTROLLER OR A THIRD PARTY

The legitimate interest pursued is the conduct of business in the interest of the well-being of all our employees and shareholders.

8. LAWFULNESS OF PROCESSING AND DATA COLLECTED

The legal basis for processing is your explicit consent, provided by a positive action (such as filling in a form and ticking the checkbox to accept the privacy policy).

Consent to Data Processing
By filling out the forms, checking the box “I accept the Privacy Policy,” and clicking the submit button, or by sending emails to the company’s designated addresses, the data subject confirms that they have read and accepted the Privacy Policy and gives their clear and unambiguous consent to the processing of their personal data for the purposes mentioned above.

Categories of Data Collected
The data collected includes identifying information such as: full name, telephone number, mailing address, company name, email address, and the IP address from which the form is accessed.

9. SECURITY MEASURES

As part of our commitment to ensuring the security and confidentiality of your personal data, we inform you that the necessary technical and organizational measures have been implemented to protect the data from alteration, loss, unauthorized access, or processing, taking into account the state of technology, the nature of the stored information, and the potential risks, in accordance with Article 32 of the GDPR.

10. DATA TRANSFER

The transfer of your data to third parties or outside the EU is not foreseen, except in cases authorized by tax, commercial, or telecommunications laws, or in response to a request from a judicial authority.

11. DATA RETENTION PERIOD

Your personal data will be retained from the moment you provide consent until you revoke it or request a restriction of processing. In the event of revocation, we will block your data for the legally established retention period.

12. COOKIES

The website veroveoequestrian.com uses cookies, which are small text files stored on your device via your browser.

Cookies are widely used across websites and servers. Many cookies contain a unique identifier known as a cookie ID, which is a string of characters that allows websites and servers to recognize the specific browser in which the cookie was stored. This enables websites to distinguish one browser from another and to identify the data subject upon return visits.

The use of cookies enables the company to improve the usability and quality of its services by providing a more personalized and efficient user experience, which would not be possible without them.

Cookies also help tailor the website’s content and offerings to the preferences of the data subject. For example, they allow login credentials to be remembered so that users don’t have to re-enter them each time they visit, or they store items placed in a virtual shopping cart.

The data subject can disable the storage of cookies at any time by adjusting the appropriate settings in their browser. Already stored cookies can also be deleted manually via the browser or with the help of specific software tools. However, please note that disabling cookies may limit the full functionality of some parts of the website.

13. COLLECTION OF GENERAL DATA AND INFORMATION

When a data subject or an automated system accesses the website veroveoequestrian.com, a range of technical and general information is automatically collected. This information is stored in server log files. It may include:

1. The types and versions of browsers used,
2. The operating system of the device accessing the website,
3. The referring website (referrer) that led the user to our site,
4. The specific subpages visited,
5. The date and time of access,
6. The IP address,
7. The name of the internet service provider used by the data subject,
8. And other technical information that may assist in preventing or analyzing unauthorized access or cyberattacks.

VEROVEO GROUP S.L. does not use this information to identify the data subject. The data is collected for the following purposes:

1. To ensure the proper display and loading of website content,
2. To improve the website’s performance and marketing content,
3. To ensure stable and secure operation of our IT systems,
4. To provide law enforcement authorities with information in the event of cybersecurity incidents.

The analysis of this data is carried out anonymously and exclusively for statistical purposes—to enhance data protection, strengthen infrastructure security, and ensure reliable handling of data subjects’ personal information.

14. REGISTRATION ON OUR WEBSITE

Data subjects may register on the website veroveoequestrian.com by providing their personal data. The amount and type of data collected depend on the specific registration form used. The information provided is used exclusively for internal company operations and is stored for that purpose only. If necessary, the company may share the data with subcontractors (e.g., logistics or courier services), who will process the data strictly in connection with company interests.

During registration, the IP address assigned by the data subject’s internet service provider, along with the date and time of registration, is automatically saved. This helps prevent misuse of our services and enables the investigation of any incidents if necessary. Retaining such information also helps protect the interests of the company. The data will not be transferred to third parties unless legally required or under a legal obligation.

Registration is voluntary but necessary to access certain features or materials on the website available only to registered users. Registered users can update or delete their personal information from the company’s database at any time.

The company is obligated, upon request, to inform the data subject about the stored personal data and, when legally justified, to update or delete it. Data subjects may contact any company representative for matters related to their personal data.

15. SUBSCRIPTION TO OUR NEWSLETTER

In accordance with Law 34/2002 of July 11 on Information Society Services and Electronic Commerce, by filling out the subscription form and ticking the box “I agree to receive electronic communications,” you give explicit consent to receive information about the company via email, phone, fax, or other electronic channels.

On the website veroveoequestrian.com, data subjects may subscribe to the company’s newsletter. The subscription form specifies the personal data required and the moment at which it is transmitted to the controller.

The company regularly sends emails to clients and business partners with news, offers, and product updates. Only individuals who:

1. Provide a valid email address, and
2. Confirm their wish to subscribe by completing the subscription process
   will receive these communications.

As part of the double opt-in process, a confirmation email is sent to the provided address to verify that the email owner has given consent to receive the newsletter.

When subscribing, the IP address assigned by the internet provider, as well as the date and time of registration, is also recorded. This serves to prevent the misuse of email addresses and provides a legal basis for proof of consent.

All personal data collected through the subscription process is used exclusively for sending the newsletter. In some cases, additional emails may be sent if related to technical updates or changes in the service conditions. The personal data collected for this purpose is not shared with third parties.

The data subject may unsubscribe from the newsletter at any time. Consent to store and process data for this purpose can be withdrawn via the unsubscribe link in each email, directly on the website, or by contacting a company representative.

16. NEWSLETTER TRACKING

The company’s newsletters may contain what are known as tracking pixels—small graphic elements embedded in HTML-formatted emails. These pixels allow for the recording and analysis of certain user actions in server log files. This technology enables the company to evaluate the effectiveness of its digital marketing campaigns.

Through such elements, the company can determine whether a recipient opened the email, at what time it was opened, and which links within the message were clicked.

The data collected through these tracking pixels is analyzed by the company to improve the quality of the newsletter and to better tailor its content to the interests of subscribers. This data is not shared with third parties.

The data subject may revoke their consent to the use of such technologies at any time, as granted through the double opt-in procedure. If consent is withdrawn, all related personal data will be deleted. Unsubscribing from the newsletter is automatically treated by the company as a withdrawal of consent.

17. CONTACT VIA THE WEBSITE

The website veroveoequestrian.com provides contact information that enables data subjects to quickly establish electronic communication with the company, including through a general email address.

If a data subject contacts the controller via email or through the contact form on the website, the personal data provided will be stored automatically.

This information is provided voluntarily and is used exclusively for the purpose of processing the request, responding to inquiries, or establishing communication with the sender. This data is not transferred to third parties.

18. ROUTINE DELETION AND RESTRICTION OF ACCESS TO PERSONAL DATA

The data controller stores personal data only for as long as necessary to fulfill the stated purpose of processing, or for the period required by applicable European or national legislation.

Once the data is no longer needed or the legally prescribed retention period has expired, the personal data will be blocked or deleted in accordance with the applicable legal provisions.

19. PROVISION OF PERSONAL DATA: LEGAL OR CONTRACTUAL REQUIREMENT; NECESSITY FOR CONTRACT CONCLUSION; POSSIBLE CONSEQUENCES OF NON-PROVISION

It should be noted that, in certain cases, the provision of personal data may be required by law (for example, tax regulations) or stipulated in a contract (such as information concerning a contractual partner).

In some situations, prior to the conclusion of a contract, the data subject may be required to provide specific information necessary for the execution of the agreement.

For example, if the company intends to enter into a contract with an individual, that person is obliged to provide their personal data. Failure to do so would make it impossible to conclude the agreement.

Before providing such data, the data subject has the right to contact a company representative to clarify whether the provision of the data is mandatory, whether it is legally or contractually required, whether it is necessary for contract execution, and what consequences may arise from refusing to provide it.

20. USE OF AUTOMATED DECISION-MAKING

As a responsible and trustworthy company, we do not use automated decision-making systems, including profiling, in relation to the personal data of data subjects.

21. RIGHTS OF THE DATA SUBJECT

a) Right to Request Confirmation
Every data subject has the right to obtain confirmation from the company as to whether or not their personal data is being processed. To exercise this right, they may contact any company representative.

b) Right of Access
The data subject has the right to request information at any time about which of their personal data is stored by the company and to obtain a copy of that data. Additionally, the data subject may obtain the following information:
• The purposes of the processing;
• The categories of personal data concerned;
• The recipients or categories of recipients to whom the personal data has been or will be disclosed;
• The intended storage period or the criteria used to determine it;
• The rights of the data subject — to rectification, erasure, restriction of processing, or objection to processing;
• The right to lodge a complaint with a supervisory authority;
• Where the data was not obtained from the data subject — any available information as to its source;
• Whether automated decision-making, including profiling, is being used and, if so, the logic involved and the envisaged consequences.

The data subject also has the right to be informed about any transfer of personal data to a third country or international organization and about the appropriate safeguards in place.

c) Right to Rectification
The data subject may request that the company promptly rectify any inaccurate or outdated personal data. They may also request that incomplete data be completed where appropriate.

d) Right to Erasure (“Right to Be Forgotten”)
The data subject may request the deletion of their personal data if:
• The data is no longer necessary for the purposes for which it was collected;
• The data subject withdraws their consent, and there is no other legal basis for processing;
• The data subject objects to processing, and there are no overriding legitimate grounds;
• The data has been unlawfully processed;
• The erasure is necessary to comply with a legal obligation;
• The data was collected in connection with the offer of services via the digital environment.
If any of these conditions apply, the data subject may submit a request to a company representative.

e) Right to Restrict Processing
The data subject may request restriction of processing in the following cases:
• They contest the accuracy of the data — for a period enabling verification;
• The processing is unlawful, but the data subject opposes erasure;
• The company no longer needs the data, but the data subject requires it for legal claims;
• The data subject has objected to processing, and a decision is pending on the legitimate interests of both parties.

f) Right to Data Portability
The data subject may request their personal data in a structured, commonly used, and machine-readable format and has the right to transmit that data to another controller if:
• The processing is based on consent or a contract;
• The processing is carried out by automated means.
A direct transfer between controllers is also possible where technically feasible and where it does not adversely affect the rights of others.

g) Right to Object
The data subject may object at any time to the processing of their personal data for reasons related to their specific situation, especially if the processing is based on Articles 6(1)(e) or 6(1)(f) GDPR, including profiling. Processing will cease unless compelling legitimate grounds are demonstrated.

If the data is being used for direct marketing, the data subject may object at any time, and the processing for such purposes will immediately stop.
They may also object to processing for scientific, historical, or statistical purposes, unless it is necessary for a task carried out in the public interest.

h) Right Not to Be Subject to Automated Decision-Making
The data subject has the right not to be subject to a decision based solely on automated processing (including profiling) if:
• It is not necessary for entering into or performing a contract;
• It is not authorized by EU or Member State law;
• It is not based on the data subject’s explicit consent.
In such cases, the company shall ensure human intervention, the opportunity to express a point of view, and the right to challenge the decision.

i) Right to Withdraw Consent
The data subject may withdraw their consent to the processing of their personal data at any time by contacting a company representative.

You also have the right to:
• Data portability;
• Withdraw consent at any time;
• File a complaint with the Spanish Data Protection Agency.

22. HOW TO EXERCISE YOUR RIGHTS

To exercise your rights, you may request the appropriate form from the Data Protection Officer. You may also contact the relevant supervisory authority for further information about your rights.

Please remember to attach a copy of a document that verifies your identity.