Privacy Policy
1. Purpose
This Privacy Policy explains to individuals (hereinafter, "users" or "data subjects") who visit our Website how we collect, process and protect the personal data they provide to us by any means (forms, e-mails, telephone, contracts, etc.) and, after reading it, they may freely decide whether they wish us to process such data. This policy complements the information previously provided to data subjects in the privacy notices at the point of data collection.
This policy is intended to comply with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data ("GDPR") and Spanish Organic Law 3/2018 of 5 December on the Protection of Personal Data and guarantee of digital rights ("LOPDGDD").
2. Who is the Data Controller?
| Entity: | EUREKA FERTILITY S.L. |
| Tax ID: | B16978264 |
| Postal address: | Calle Safor 12, pt 106, 46015, Valencia (Spain) |
| Phone: | +34 963 498 949 |
| E-mail: | info@eurekafertility.com |
| Corporate purpose: | Online assisted reproduction project |
| Website: | https://www.eurekafertility.com/ |
| Registry details: | Registered in the Mercantile Registry of Valencia, T 11064, L 8342, F 7, S 8, H V 200845 |
3. How to contact the Data Protection Officer
Our entity has appointed a Data Protection Officer registered with the Spanish Data Protection Authority. Data subjects may direct complaints or queries about how we process their personal data to the DPO in writing at:
BUSINESS ADAPTER, S.L.
Ronda Guglielmo Marconi, 11, 26, (Business Park) 46980 Paterna (Valencia).
E-mail: info@businessadapter.es (ref. eureka) or via the
data subject contact form.
4. Legal basis for processing
We process personal data on one or more of the following legal bases:
Article 6.1 (a) GDPR:
When you give us your explicit, free, informed and unambiguous consent to process your data for one or more specific purposes (for example, by ticking checkboxes on our web forms, providing verbal consent or signing information clauses).
Article 6.1 (b) GDPR:
Where processing is necessary for the performance of a contract.
Article 6.1 (c) GDPR:
Where processing is necessary to comply with a legal obligation.
Article 6.1 (d) GDPR:
Where processing is necessary to protect vital interests of a person.
Article 6.1 (e) GDPR:
Where processing is necessary for the performance of a task carried out in the public interest.
Article 6.1 (f) GDPR:
Where processing is necessary for the purposes of the legitimate interests pursued by our entity or by a third party, provided that those interests do not override the rights and freedoms of the data subject. We carry out balancing tests to ensure legitimate interests are respected.
If the user is under 14 years of age, parental or guardian consent is required for processing their personal data. The user is responsible for the accuracy of the data provided.
5. What personal data do we process and how do we obtain it?
Personal data may be collected electronically, on paper or via in-person or telephone conversations and will always be processed lawfully, fairly and transparently.
The categories of personal data we may process include:
- Identification data: name, identity document, image, voice and signature.
- Contact data: telephone, e-mail, postal address.
- Commercial data: quotes, purchase terms, service history and contact outcomes.
- Accounting data: income and expense records, invoicing data.
- Banking data: accounts and card information.
- Curriculum data: academic records, professional experience.
- Transaction data: transfers, direct debits, amounts and descriptions.
We do not generally collect special categories of personal data (e.g. health data, ethnic origin, political opinions, religious beliefs); if such data were necessary we would inform you and request explicit consent.
Data is provided by the data subject or their legal representative. In some cases, we may delegate collection to authorised processors who will collect data on our behalf under contractual obligations.
If the data subject does not provide the requested data or provides incomplete or inaccurate data, we may be unable to provide the requested services or maintain the relationship.
Categories of data depend on the relationship with the entity:
1. Enquirers
Identification, contact and commercial data used to answer queries and provide quotes. Legal basis: Article 6.1 (a) and (f) GDPR.
2. Clients
Identification, contact, commercial, accounting, banking and transactional data necessary for contracting, service delivery, invoicing, customer support and legal obligations. Legal basis: Articles 6.1 (a), (b), (c) and (f) GDPR.
3. Suppliers
Identification, contact, commercial and financial data for managing the commercial relationship. Legal basis: Articles 6.1 (a), (b), (c) and (f) GDPR.
4. Job applicants
Curriculum, identification and contact data for recruitment and selection processes. Legal basis: Articles 6.1 (a), (b) and (f) GDPR.
5. Complainants
Identification and contact data plus any information provided about the complaint. Legal basis: Articles 6.1 (a), (c) and (f) GDPR.
6. Website users
We only use technical first-party session cookies to enable navigation. For more information see our Cookies Policy.
7. More information for data subjects
Expanded information will be provided in the corresponding privacy notices at the point of data collection.
6. For what purposes will we process your data?
In general, personal data is processed to fulfil and maintain the relationship with the various stakeholders described above. The specific purposes include:
Enquirers
To respond to information requests, identify the requester, prepare and send quotes and commercial information and perform follow-up communications.
Clients
To identify clients, execute and manage contracts and pre-contractual measures, send commercial communications (where permitted), provide services, manage billing, handle incidents and complaints, and exercise legal obligations and legitimate interests.
Job applicants
To include candidates in selection processes, coordinate interviews and notify about vacancies.
Suppliers
To manage procurement, contracts, billing and related commercial activities.
Complainants
To manage and resolve complaints and to comply with legal obligations.
Website users
Only technical session cookies are used to enable browsing and site functionality. See our Cookies Policy.
More information
Detailed purposes for each processing activity are recorded in our records of processing activities.
7. Data retention
Personal data will be retained while the relationship is maintained and as long as necessary to fulfil the purposes for which they were collected. When no longer required, data will be securely deleted or anonymised, except where legal obligations require retention.
| Subjects | Area | Legal basis | Retention period |
|---|---|---|---|
| Clients / Suppliers | Accounting | Art. 30.1 R.D. Commercial Code | 6 years from last entry |
| Clients / Suppliers | Tax | Art. 66 General Tax Law 58/2003 | General: 4 years. In case of losses: 10 years. Invoices: 5 years |
| Any person | General | Art. 1964.2 Civil Code | 5 years (limitation period for personal claims) |
| Job applicants | Employment | Labour relations guidance (AEPD) | 1 year |
| Enquirers | Commercial | Art. 20.1 a and d) Spanish Constitution | As short as possible or as provided by law |
| Clients | ISP provider logs | Art. 5 Law 25/2007 | 12 months (subject to operator rules; ranges may vary) |
When data are no longer necessary, we will securely delete them.
8. Automated decision-making and profiling
We do not carry out profiling or automated decision-making that has legal or similarly significant effects. If we do so in the future we will inform users and obtain prior consent where required.
9. Data sharing
We do not generally disclose personal data to third parties without prior consent, except when required by law or necessary to provide services (e.g. banks, tax authorities, service providers acting as processors under contract).
10. International transfers
If we transfer data to countries outside the European Economic Area we will inform users and obtain prior explicit consent where required by law.
11. Security measures
We have implemented appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access.
12. Your rights
As data subject you may exercise your rights of access, rectification, erasure, restriction, portability, objection and not to be subject to automated decisions. You may exercise these rights by writing to EUREKA FERTILITY S.L. at the postal address above or by email to info@eurekafertility.com.
If you act on behalf of another person you must prove your representation. We may ask for additional information to confirm identity. You also have the right to lodge a complaint with the Spanish Data Protection Authority (AEPD) at www.aepd.es.
13. Data protection commitment
We adhere to GDPR and LOPDGDD requirements and maintain an active compliance program which includes maintaining records of processing activities, carrying out impact assessments where necessary, training staff, and engaging external consultants to audit and advise.
14. Updates to this policy
We reserve the right to update this policy. Please review it each time you visit our website.
Text updated on September 30, 2025.