PRIVACY NOTICE

1. Identity and Contact Details of the Controller

Controller:
BEYOND TECHNOLOGY EUROPE S.L. ("BEYOND"), acting as Data Controller in accordance with Regulation (EU) 2016/679 (the GDPR) and Organic Law 3/2018, of 5 December, on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD).

Address: Calle Roger de LlĆŗria, No. 22, 2nd Floor, 08010 Barcelona
Contact e-mail: finanzas@beyondtechnology.net

About this Privacy Notice

This Privacy Notice regulates and explains the processing of personal data carried out by BEYOND in the performance of its activities. BEYOND is responsible for ensuring that personal data is used in accordance with applicable data protection and privacy legislation.

2. Information We Collect

All products and services offered by BEYOND, as well as its internal activities and its website, include contact forms, comment forms, and registration forms for users, clients, collaborators, suppliers and/or purchase orders. Prior consent from users, clients and suppliers is always required to process their personal data for the purposes indicated. You have the right to withdraw your consent at any time.

"Personal data" or "personal information" refers to any information relating to an identified or identifiable natural person. This does not include data where identity has been removed (anonymous data). We collect several types of data regarding our clients, collaborators, and visitors to the BEYOND website and any websites belonging to the group.

Embedded Content from Other Websites

BEYOND's websites may include embedded content (e.g., videos, images, articles). Embedded content behaves in the same way as if the visitor had accessed the originating website directly. Such websites may collect data about you, use cookies, embed third-party tracking, and monitor your interaction with the embedded content, including your interaction if you are logged into an account on that website.

Other Services

Certain services offered through BEYOND's website may contain specific terms and conditions with particular data-protection provisions. You must read and accept those terms prior to requesting the corresponding service.

2. Purposes of Processing

Personal data collected is processed for the following purposes:

Clients and Prospective Clients

  • Document review, financial analysis and credit history verification.
  • Identity, address and banking information verification.
  • Registration in internal systems, preparation of files, contracts, purchase orders, invoicing and collection.
  • Commercial contact, service offerings and promotions; fulfilment of contractual and tax obligations.
  • Compliance with applicable laws, rules and regulations, as well as internal policies and procedures, including assessments of compliance.
  • Sending advertising communications and informational materials about BEYOND's products, services, promotions, technological innovations, events or activities, by electronic or equivalent means, subject to the data subject's express consent, in accordance with Article 21 GDPR and Article 48 LOPDGDD.

Suppliers and Prospective Suppliers

  • Document review, financial analysis and credit history verification. Identity, address and banking information verification.
  • Registration in internal systems, payment management, contracts, purchase orders, quotation requests and operational contact.
  • Compliance with applicable legal, regulatory and internal-policy obligations.

Collaborators

  • Recruitment processes, registration, payroll processing, training, legal compliance and employment-relationship management.

Users and/or Visitors of Our Websites

  • Collecting traffic metrics, analysing trends, and optimising content and functionalities of BEYOND's websites and digital platforms.
  • Processing browsing data, IP address, cookies and device identifiers for statistical, technical or service-improvement purposes.
  • Sending advertising communications and informational materials by electronic or equivalent means, subject to prior express consent of the data subject.

BEYOND undertakes not to process personal data for purposes other than those stated unless the data subject provides express authorisation or a legal mandate exists.

3. Legal Basis for Processing

Processing is carried out pursuant to the following legal bases:

  • Performance of a contract or pre-contractual measures (Art. 6.1.b GDPR).
  • Compliance with legal obligations (Art. 6.1.c GDPR).
  • Legitimate interest of the controller (Art. 6.1.f GDPR), for administrative purposes or service improvement.
  • Consent of the data subject (Art. 6.1.a GDPR), particularly regarding the use of cookies or processing of browsing data.

4. Applicable Principles

BEYOND guarantees adherence to the following principles:

  • lawfulness
  • fairness
  • transparency
  • purpose limitation
  • data minimisation
  • accuracy
  • storage limitation
  • integrity and confidentiality
  • accountability

as set forth in Article 5 GDPR and Article 4 LOPDGDD.

5. Categories of Personal Data

Data processed includes, among others:

  • Identification data: name, surname, date and place of birth, nationality, age, marital status.
  • Contact data: address, telephone number, e-mail.
  • Professional data: job title, company, experience, academic background.
  • Financial and banking data (for clients or suppliers).
  • Browsing data: IP address, cookies, device identifiers, approximate location.

BEYOND does not collect any special categories of personal data, such as racial or ethnic origin, religious or philosophical beliefs, sexual life, sexual orientation, political opinions, trade-union membership, or medical, genetic or biometric data. Nor do we collect data regarding criminal convictions or offences.

If you choose not to share certain personal data or decline specific processing, we may be unable to provide certain requested products or services.

6. International Data Transfers

We may share your personal data with BEYOND-related entities located outside Spain, including BEYOND's related entity in Mexico, for the purposes described above.

We may also share personal data with third parties, as permitted by law, including:

  • commercial partners subject to appropriate data-protection obligations;
  • representatives, agents, custodians, administrators, intermediaries and/or other third-party product providers designated by the client or prospective client (such as accountants, auditors and professional advisers);
  • external agents and contractors providing services to us or to our clients (e.g., accounting professionals, IT and communications providers, background-checking services, BEYOND credit-assessment agencies), subject to data-protection obligations;
  • public authorities, regulators and tax agencies, where required by law or regulation, or for the establishment, exercise or defence of legal claims.

7. Automated Decision-Making and Profiling

BEYOND does not make decisions producing legal effects on the data subject based solely on automated processing, including profiling. However, automated analysis and segmentation may be used for statistical purposes, operational efficiency or service improvements, without legal effects or significant personal impact on the data subject.

8. Retention Period

Personal data is retained for as long as necessary or permitted in light of the purposes for which it was collected. Retention-period criteria include:

  • duration of the contractual relationship and provision of related services;
  • a maximum of 12 to 24 months for browsing or direct-marketing data;
  • minimum retention periods required by applicable laws or regulations.

9. Data Security

BEYOND implements technical, administrative and physical security measures to protect personal data from loss, misuse, unauthorised access, alteration or destruction, ensuring the confidentiality, integrity and availability of the information.

10. Rights of Data Subjects

Data subjects may exercise, at any time and free of charge, the following rights:

  • access, rectification, erasure, restriction of processing, portability and objection (ARSOPOL);
  • withdrawal of consent at any time, without affecting the lawfulness of prior processing.

Requests must be submitted to finanzas@beyondtechnology.net, indicating "Exercise of Data Protection Rights" in the subject line.

To verify your identity, we may request matching of certain previously provided data, and in some cases a signed declaration under penalty of perjury confirming that you are the consumer whose personal information is the subject of the request. Any additional information collected for verification will be used solely for that purpose and deleted as soon as possible once the request is answered. For highly sensitive requests, additional proof of identity may be required. If the request is submitted through an authorised agent, we will require written proof of such authorisation.

11. Complaints Before the Supervisory Authority

If a data subject believes that their personal data is being processed in breach of applicable law, they may lodge a complaint with a supervisory authority, particularly in the State of their habitual residence, place of work or place of the alleged infringement. In Spain, the supervisory authority is the Spanish Data Protection Agency (Agencia EspaƱola de ProtecciĆ³n de Datos).

12. Changes to This Notice

BEYOND may amend this Privacy Notice at any time to reflect regulatory or operational changes. Any modification will be published on the official website and updated as of the date indicated at the beginning of this document.

For any questions regarding this notice, please contact finanzas@beyondtechnology.net

Last updated: 12 November 2025

Logos footer
Logo DistintivoESR blanco

Regions

Mexico
Colombia
USA
Europe
MEA

Blog
Contact
Partners

Follow Us

Privacy Policy | Privacy Policy Europe | Ā© Copyright Beyond Technology LLC 2025