Privacy Policy - EOS in Spain

Privacy Policy

1. Name and contact details of the data controller ('controller')

The Privacy Policy applies to data processing carried out, as data controller, by:

Company name: EOS Spain S.L.U., B-64102072
Postal address: C/ Manuel Guzmán, 1 Esc.1, Planta 1, 15008 A Coruña. Spain.
Contact details: Phone: +34 981 079 955
Fax: +34 981 281-931

Any of the following companies with which you have a contractual relationship.

Company name: Atram Asset I S.L., B-88455845
Postal address: C/ Manuel Guzmán, 1 Esc.1, Planta 1, 15008 A Coruña. Spain.
Contact details: Phone: +34 981 079 957
Fax: +34 981 281 931

Company name: Atram Asset II, S.L., B-88644307
Postal address: C/ Manuel Guzmán, 1 Esc.1, Planta 1, 15008 A Coruña. Spain.
Contact details: Phone: +34 981 079 957
Fax: +34 981 281 931

2. Scope

This Privacy Policy applies to the collection of personal data on our website and the subsequent processing of these data by us.

This Privacy Policy serves towards the provision of information pursuant to Articles 13 and 14 of the GDPR for the data processing outside the scope of collection established herein. As such we will provide you with separate privacy policies for specific data processing activities on a case by case basis.

3. Privacy Policies of other EOS Group companies

This Privacy Policy does not apply to data processed by other EOS Group companies. This is also the case if these other companies of EOS Group along with their contacts are mentioned and/or their services are shown on our website.

The other companies of EOS Group will provide you with separate privacy policies for specific data processing activities on a case-by-case basis.

4. Collection and storage of personal data, nature and purpose for their processing

a. When visiting the website

When visiting our website the browser used on your device automatically sends information to our website’s server. This information is temporarily stored in a log file. The following information is collected without your intervention and is stored until it is automatically deleted after seven (7) days:

  • IP address of retrieving computer
  • Date and time of access
  • Name and URL of retrieved file
  • Website from which access occurred (referrer URL)
  • Website retrieved from our website
  • Your computer’s browser and possible the operating system, as well as the name of your access provider.

The aforementioned data are processed by us for the following purposes:

  • To ensure trouble-free connection establishment to the website
  • To ensure a comfortable use of our website
  • To analyze the system’s security and stability
The legal basis for the processing of data is Article 6 (1) (f) of the GDPR. Our legitimate interest complies with the purposes for the data collection listed above. Under no circumstances do we use the data collected for the purpose of drawing conclusions about you.

Furthermore, we use cookies and analysis services when visiting our website. For further information on this matter, please refer to Sections 6 and 7 of this Privacy Policy.

b. When you contact us by email, via web forms or when you provide a phone number to be used by our call center to contact you (Click to call)

You can contact us with any questions you may have via the provided email address or through the form available in our website where you can also provide a phone number to be used by our contact center to contact you in order to provide the information you may request; in such a case you are required to provide just your phone number for the provision of the service, however you may be asked to provide your name and surname as a reference so that we can contact you in a personalized manner. Performing your information request enables us to process your data for this purpose.

You may also contact us through the form available at where you can submit any query you may have about your file, being able to choose to be contacted by phone or email. When using this function, you will be required to provide your identification details and payment reference. You may also use this form for updating your contact address.

If you do so, the personal data sent by email, via web forms or via the phone contact request shall be stored. The legal basis for the processing is the need to contact you pursuant to Article 6 (1) (f) of the GDPR. If we contact you in relation to a contract, the additional legal basis for processing is Article 6 (1) (b) of the GDPR.

We delete the personal data collected after processing your query as long as we are not legally entitled or forced to process them any further.

c. When using the payment function

Our website also offers you the opportunity to make payments. In order to make a payment, it is necessary that the required payment information is forwarded to the payment service provider of your choice (e.g. to the credit card institute when selecting the payment method “credit card”).

Data processing for the purpose of payment is carried out in accordance with Article 6 (1) point b) GDPR or, if the payment is intended for the claim of a third party, in accordance with Article 6 (1) f) GDPR.

The personal data required for the execution of a payment will be deleted after fulfillment of the purpose, unless we are legally entitled or obliged for further processing.

5. Transfer of data

We shall only transfer your personal data to other EOS Group companies or other third parties (recipients: credit service companies, service providers, third parties, courts, bailiffs, lawyers, attorneys, debt management companies and/or credit files) if:

  • You have provided you explicit consent for one or more specific purposes pursuant to Article 6 (1) (a) of the GDPR.
  • Disclosure pursuant Article 6 (1) (f) of the GDPR is necessary for the establishment, exercising or defense of legal claims and there is no reason to assume that you have an interest worth of a primary protection so as to not having them disclosed.
  • There is a legal obligation for disclosure pursuant to Article 6 (1) (c) of the GDPR.
  • It is legally permissible and necessary for meeting the contractual obligations pursuant to Article 6 (1) (b) of the GDPR.
  • We have the data processed on our behalf pursuant Article 28 of the GDPR by a processor.

Transfer of your personal data for purposes other than those listed above shall not occur.

7. Analysis tools

The tracking measures listed below and used by us are carried out on the basis of Article 6 (1) (f) of the GDPR. We use these tracking measures to ensure that our website is designed according to requirements and optimized on an ongoing basis. We also use the tracking measures to collect statistics on the use of our website and analyze them in order to optimize our offering for you. These interests are to be considered as legitimate in the sense given in the aforementioned regulation.

The respective purposes for data processing and data categories can be found in the corresponding tracking tools in this section.

Usage of Siteimprove Analytics

This website uses Siteimprove Analytics, a web analytics service provided by Siteimprove. Siteimprove Analytics uses “cookies“, which are text files placed on your computer, to help EOS Spain analyze how visitors use the site. The information generated by the cookies about the visitors’ use of the website will be stored and processed by Siteimprove on servers in Denmark.

IP addresses are anonymised irreversibly before data is made available in the Siteimprove Analytics or Intelligence Suite for EOS.

8. Social media

a. Social sharing solution

We use share buttons from social networks Facebook, Twitter, Google+, LinkedIn, Xing on our website. The buttons are simple HTML links. The procedure we use is within the framework of the Shariff solution. With the Shariff solution a script retrieves the number of times, e.g., the share button on a page has been clicked on: for this the script contacts the social network via the programming interfaces and retrieves the numbers. None of your personal data are transmitted in the process. Rather than your IP address, only our server address is transmitted to Facebook, Google and Twitter. You only become directly connected to Facebook, Google or Twitter if you perform an action. Before that, the social media cannot collect any data about you. As long as you do not click on a link to share content, you remain invisible to the social media. If you click on a link, the obligation to provide information about data collection and processing no longer rests with us, but rather with the operator of the social network.

b. YouTube videos

Our website contains links to videos from YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. If you visit a website on our website that contains such a video, a direct connection is established between your browser and the YouTube server after you have activated the video. 

YouTube receives the information that you have visited our website with your IP address. If you click on the link to the video, your IP address will be forwarded to YouTube. We would like to point out that, as the provider of our website, we have no knowledge of the content of the transmitted data or of its use by YouTube. For more information, please check YouTube's privacy policy (

9. Rights of the data subjects

What are your data protection rights?

Right of Access: you have the right to request information about your personal data, those that are processed by us, specifically: purpose, types of data (identification, contact ...), categories of recipients, existence of rights, possibility of filing a complaint with the AEPD, origin of your data (if we have not collected them) and automated decisions or profiling.

Right to Rectification: you have the right to have your personal data rectified if it is inaccurate or to have incomplete personal data completed. In these cases, you will have to indicate the data that is erroneous and the correction that must be made or provide the necessary information to complete your data.

Right to erasure (“right to be forgotten”): you have the  right to have your personal data deleted in a series of cases assessed by the regulations on data protection:

  • If they are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
  • If you withdraw the consent on which the processing is based and there is no other legal basis for processing your data.
  • If you have objected to the processing of your data and no other legitimate grounds for the processing prevail, or you have objected on the basis of direct marketing, including profiling.
  • If your personal data has been processed unlawfully.
  • If your personal data has to be erased to comply with a legal obligation under Union or Member State law that applies to us.
  • If your personal data has been obtained in relation to the offer of services of the information society.
Right to object:  If our processing of your personal data is based on legitimate interest, you have the right to object to the processing of your personal data provided that there are grounds related to your personal situation or the objection is based on direct marketing, including profiling. In this sense, the treatment that EOS Spain carries out of your data is not intended for direct marketing, nor is it the elaboration of profiles.

Right to limitation: You have the right to a limitation in the processing of your personal data:

  • If the processing is unlawful and you have refused to delete your data.
  • If we no longer need your data with respect to the purposes for which they were collected and processed, but you need them for the formulation, exercise, or defense of claims.
  • If you have exercised the right of opposition of which we have spoken previously.
Right to data portability: you have the right to receive your personal data from us in a structured, commonly used, and machine-readable format, as well as to request that we transmit them to the controller you designate, provided that:

  • The processing is based on your consent or a contract.
  • Be an automated processing.
Finally,  you have the right to withdraw the consent you have previously given us at any time when the data processing is based on Consent. This has the consequence that we will not be able to continue the processing of data whose basis of legitimacy is this consent in the future.

How can you exercise your rights?

If you wish to exercise your Data Protection rights, you can contact EOS Spain, S.L.U., at any time and free of charge sending a written request under ref. “Data Protection”:

  • via email at, or
  • by post mail to the following address, depending on the data controller you want to contact:

    EOS Spain, S.L., Sociedad Unipersonal
    C/ Manuel Guzmán, 1, Esc. 1, Planta 1.
    15008, A Coruña (A CORUÑA)

    Atram Asset I S.L.
    C/ Manuel Guzmán, 1, Esc. 1,Planta 1
    15008 A Coruña (A CORUÑA)

    Atram Asset II S.L.
    C/ Manuel Guzmán, 1, Esc. 1, Planta 1
    15008 A Coruña (A CORUÑA)
Please note that the application letter must include:

  • request addressed to EOS Spain.
  • Your identification data (name, surname, and ID), in order to prove your identity.

The data controller, in case of reasonable doubt about your identity, may require a copy of your ID or assimilated document for the purposes of identifying you. The use of the electronic signature for identification purposes is valid.

  • In the event that the right is exercised through a representative expressly designated by the applicant for the exercise of the right, the document conferring the representation must be signed by both parties and accompanied by a copy of the ID card or equivalent document on both sides of the representative and the represented; for the purpose of accrediting the express authorization granted for the exercise of the right indicated. Also, the electronic signature of the authorisation by the authorised party and the authorising party is valid.

If the representative is a legal entity, the authorization must be signed with the digital certificate of the legal entity's representative or, in handwritten form, signed by the legal representative of the entity together with the entity's seal.

  • Request in which the request is specified (access, rectification, deletion, limitation, opposition, or portability ...).
  • Address for notification purposes, date, and signature. If you do not provide an address, we will respond to you by the same means by which we received the request.
  • Documents accrediting the request made, if necessary.
However, there are a number of cases in which we may reject the request you send us:

  • If the application is submitted by a legal person.
  • If the applicant is not you or your representative.
  • If the request is manifestly unfounded or excessive because it is repetitive.
  • In the case of the right of rectification, if you do not indicate the data that is erroneous and the correction that must be made or do not provide the necessary information to complete your data.
  • If they are generic requests.
EOS Spain has a Data Protection Officer with whom you can contact, via email, about all matters relating to the processing of your personal data and the exercise of your rights under the GDPR.

We inform you that you have the right to file a claim with the Spanish Data Protection Authority if you consider that an infringement of data protection legislation has been committed regarding the processing of your personal data (  

10. Payments

The required payment information (amount, currency, country code, claim number, payment reference) will be processed exclusively for the purpose of payment processing if you pay a claim via Depending on your chosen payment method to execute the payment, we forward the required payment information to the payment service provider of the method you have chosen; i.e, payment method: credit card (Mastercard, Visa) to your respective credit card provider.

11. Data security

Within the website visit we use the widespread SSL (secure socket layer) method in conjunction with the highest level of encryption supported by your browser. In general this is a 256-bit encryption. If your browser does not support 256-bit encryption, we fall back on 128-bit v3 technology instead. You can recognize that an individual webpage in our internet presence is being transmitted in encrypted form by the closed key or padlock icon in the bottom status bar of your browser.

We also take suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorized access by third parties. Our security measures are being improved continuously according to technological developments.

12. Update and amendment of this Privacy Policy

This Privacy Policy is currently valid and was last updated in November 2023.

It may be necessary to change this Privacy Policy due to improvements and offerings on our website or due to legal or official changes. The current Privacy Policy can be reviewed on our website and can be printed out at any time.