Privacy Policy

Last updated: [2026-03-03]

1. Who we are (Controller)

Controller: Experiens AI SL
Tax ID (NIF): B10628618
Registered address: Torrent d’en Vidalet 46, 2-1, 08012 Barcelona, Spain
Email: privacy@experiens.ai
Website: https://experiens.ai

2. What personal data we collect

  • Contact data (name, email, message) when you use our contact forms or email us.
  • Usage/technical data (IP address, device identifiers, browser type, pages visited, approximate location) when you browse the site.
  • Customer/prospect data (billing details) if you purchase services or request a quote.

We do not intentionally collect special categories of data (e.g., health, biometric, political opinions) unless you choose to share them in free text fields.

3. Why we use your data (Purposes)

We process personal data to:

  1. Respond to inquiries and communicate with you.
  2. Provide and manage our services, including onboarding, delivery, and support (if applicable).
  3. Operate, secure, and improve the website (e.g., preventing abuse, debugging, performance).
  4. Marketing communications (only if you subscribe or consent; you can opt out anytime).
  5. Legal compliance (e.g., accounting, tax, responding to lawful requests).

4. Legal bases (GDPR)

We rely on one or more of the following legal bases, depending on the context:

  • Consent (newsletter subscription; non-essential cookies).
  • Contract or steps prior to a contract (e.g., handling service requests).
  • Legitimate interests (basic website security, preventing fraud; minimal analytics where lawful).
  • Legal obligation (tax/accounting retention).

5. Who we share your data with (Recipients / Processors)

We may disclose personal data in the following cases:

a) Legal and procedural obligations

We may disclose personal data to Courts and Tribunals, competent public administrations and authorities, Notaries and Public Registries, and Law Enforcement Authorities, where required or permitted by applicable law.

b) Service providers (Data Processors)

We engage trusted third-party service providers who process personal data on our behalf for the provision of the following services:

Invoicing and payment gateway servicess.

Website hosting and maintenance

Email and office productivity services

Website/portal management

IT security and technical support

Electronic signature and videoconferencing services

All such providers act strictly in accordance with our instructions and under a data processing agreement executed in compliance with Article 28 of the General Data Protection Regulation (GDPR).

6. International transfers

If any provider is located outside the European Economic Area, we ensure appropriate safeguards (e.g., adequacy decision or Standard Contractual Clauses) before transferring personal data.

7. How long we keep your data (Retention)

We retain personal data for the periods indicated below, depending on the purpose of processing. In all cases, data may be retained for longer where necessary to comply with legal obligations or for the establishment, exercise, or defence of legal claims.

a) Handling inquiries and information requests (contact form/email/phone)
Data are retained for up to 12 months from the closure of the inquiry.

b) Management of professional relationships (clients and suppliers)
Including file opening, advisory services, related communications, invoicing, and collections:
Data are retained for the duration of the relationship and, thereafter:

  • 6 years for commercial/accounting purposes;
  • Up to 10 years where anti-money laundering regulations apply.

c) Newsletter and informational communications
Data are retained until you unsubscribe or object to receiving communications.

d) Website security and maintenance
Including fraud prevention, detection of anomalous access, and service continuity:
Data (e.g., IP address, device identifiers, technical logs) are retained for up to 12 months, or longer where required by applicable technical or legal obligations.

e) Recruitment processes (if you submit your CV)
CV and related contact data are retained for up to 24 months, or for the duration of the recruitment process, whichever is longer.

8. Your rights

You can request:

  • Access to your data
  • Rectification
  • Erasure
  • Restriction
  • Objection
  • Data portability (where applicable)
  • Withdraw consent at any time (where processing is based on consent)

To exercise rights, contact: privacy@experiens.ai.

9. Complaints

If you believe your data protection rights have been infringed, you may lodge a complaint with the Spanish Data Protection Authority (AEPD).

10. Security

We use appropriate technical and organisational measures designed to protect personal data (e.g., access controls, encryption where appropriate, backups, monitoring). No system is 100% secure, but we work to minimise risks.

11. Changes to this policy

We may update this Privacy Policy from time to time. The newest version will be published on this page with an updated “Last updated” date.