Privacy policy | Súmate Marketing Online

Privacy Policy

The following section regulates the Privacy Policy of the website



Data user controller:

Súmate Marketing Online S.L.

C.I.F.: B37531993

Telephone number: (+34) 911239125

Address of our headquarters: C/ Adaja, 10 (Parque Científico de la Universidad de Salamanca – Edificio M3), 37185 (Villamayor, Salamanca), Spain

Email address:

Data use purposes:

Including, but not limited to: contracting services, sending budgets, answering requests, processing requests, maintaining an existing pre-contractual relationship, as well as forwarding commercial information through the telephone or via electronic means.  


Any submitted requests will be accepted under the legal basis of legitimate interest.

In the event the service is engaged, the legal basis will be the contract itself.


To access, rectify, delete, limit data processing, oppose data usage, and transfer data, as is explained in the additional information.

Data provenance:

Data originates from the clients themselves, and also from information collected automatically (cookies).

Additional information:

You can find additional and more detailed information about Data Protection on our website: .


  1. General information, data purpose, exercising rights and consent to data processing

In compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as GDPR), SÚMATE MARKETING ONLINE, S.L. (hereinafter referred to as SÚMATE), communicates that by accepting the present Privacy Policy the user consents in an informed, free, unequivocal and explicit manner to the management of the data provided through the website with the purpose of processing the service or requested information, answering to an application and/or managing requests.

With what purpose do we process your personal data?

In compliance with articles 5 and 12 of the GDPR, we inform the user of the following:

The purpose of data collection will be to fulfil possible user-service provider relationships, particularly, but not limited to contracting services, sending budgets, answering user requests, processing applications, maintaining an existing contractual/pre-contractual relationship, as well as commercial information referrals via electronic means or telephone.

When completing forms, there might be mandatory fields that need to be filled in, which will be those marked with an asterisk (*), since they are considered necessary to achieve the overall purpose. This means leaving any of these fields blank will translate to the impossibility of sending the request.


What rights do users have when they provide us with their data?

In the matter of the interested parties exercising their rights, the GDPR, in its article 15 et seq. states specific conditions about the procedure that should be adopted when attending the interested parties in regards to their rights. Such rights are the following:

The right to request access to the interested party’s personal data: the interested party will have the right to obtain confirmation, from the data controller, of whether their personal information is being processed, and in that case, right to access their personal data. In the same way, users have the right to receive a copy of the personal information that is being processed.

The right to request the data’s rectification or erasure: the interested party will have the right to obtain, without undue delay by the controller, the rectification of inexact personal information. Moreover, the interested party will have the right to request of the controller, without undue delay, the erasure or deletion of the personal data, in which case the controller will be bound to delete the personal data without undue delay.

The right to request the limitation of data processing: if the interested party requests to exercise this right, their personal data will not undergo the processing determined in each case.

The right to object to the processing of their data: the interested party with have the right to object and oppose to the processing of their personal information at any moment.

The right data portability: this means that the copy that is provided to the interested party must be offered in a structured, commonly used and machine-readable format.

The aforementioned rights can be exercised through written communication addressed to C/ Adaja, 10 (Parque Científico de la Universidad de Salamanca – Edificio M3), 37185 (Villamayor, Salamanca), Spain. Alternatively, the can be sent via email to The request must include the name and surname of the interested party, a photocopy of an identification document (passport or ID card), the specific request, the current address in terms of notifications, the date, signature and any supporting documentation for the request. There is further information available at the link below:

In the event that the data controller is contacted through a verifiable medium, and if said controller does not respond before the end of the pre-established time limit, or if the interested party considers the answer has not been the appropriate one, they can reach the Spanish supervisory authorities (Agencia Española de Protección de Datos), or the European Data Protection Supervisor, following the procedure below:

( web/vistas/formNuevaDenuncia/nuevaDenuncia.jsf).

For how long will we keep your information?

Personal data will be stored in the following manner:

Anonymised data will be kept without observing any deletion time limits.

Client information will be kept depending on the contracted service and, in every instance, during the least possible period of time. In any case, and in compliance with the corresponding legislation, data will be kept for the following time limits:

5 years, according to article 1964 of the Spanish Civil Code;

6 years, according article 30 of the Spanish Commercial Code.

The personal information of newsletter subscribers will be kept from the moment the user subscribes, until the time when they unsubscribe.

Personal user data uploaded by SÚMATE to webpages and social media profiles will be kept from the moment the user grants their consent until it is withdrawn. In the event of a job offer, the personal information of any candidates who are not selected for the position will be kept for a maximum period of two years, in order to incorporate them into other job offers in the future, unless the candidate expresses a wish otherwise.

How do we collect personal data?

The personal data we process at SÚMATE is always obtained through three channels: 1) automatically collected data; 2) personal data provided by users voluntarily; and 3) data provided by third parties.

Automatically collected data

This information will consist of:

The information gathered through cookies or similar mechanisms that are stored in the user’s device, always with consent. More information can be obtained at

The information collected will be the IP address from which the connection is made, the type of device user and its features, the operating system’s version, the type of browser, the language, the date, the country, the time of the request, the referrer URL or the used mobile network, among others. Additionally, usage data from the website and possible errors detected during its use, such as not-found pages or erroneous viewing.

Data provided voluntarily

This information will consist of:

Any information contained in messages sent through the contact channels available at the website, or, if it exists, through the subscription to our newsletter. For instance, the user’s email address, name and surname, subject line, contact telephone number, industry or message.

Data provided by third parties

This information will consist of:

Data provided by social media networks or similar services

The purpose of data collection will be to manage the potential relationships that may thrive between the user and the service provider, including, but not limited to: contracting services, sending budgets, answering requests, processing requests, maintaining an existing contractual/pre-contractual relationship, as well as forwarding commercial information through the telephone or via electronic means. Generally, processed data falls into the following categories:

Identification information: name, surnames, telephone number, email address, postal address, occupation.

Therefore, particularly protected data is not processed.

How must consent be obtained?

User consent will be required so that their information may be passed to third parties (as per article 28 of the GDPR). To all intents and purposes, agreeing to the privacy policy will be considered as the user’s express and unequivocal consent (as per article 7 of the GDPR) to the processing of their personal information in the terms specified in the present document. Moreover, if the interested party’s consent has been granted in the context of a written agreement, which also refers to other matters, the consent request will be presented in such a way that each matter is clearly separate and distinguishable, in an understandable way, with easy access and using a clear and simple language.

How do we use the user’s data?

The data provided to SÚMATE will be used to:

Processing requests;

Performing the service, if it is contracted.

Email correspondence and contact forms

The website has an SSL cipher that enables the user to send personal data safely through standard contact forms. The collected personal information will be subject to automated processing. In this sense:

We will receive the user’s IP address, which will be used to check the message’s origin, with the purpose of offering the user better recommendations (for example, sending the requested information in the right language) and to detect possible irregularities (for instance, potential cyber attacks to our service). Also, we will receive data regarding the user’s ISP. Users will also be able to forward their information through telephone, email correspondence and other determined means of communication.

Regarding the used means of communication:

Our email correspondence service provider is Google Inc.

Social media networks

We have profiles in some of the main social media networks on the Internet, being SÚMATE responsible for the processing of any data related with information published on them. This information will be processed in compliance to what each social media network allows regarding corporate profiles. Therefore, we will be allowed to inform our followers, unless the law should forbid it, through any means enabled by the social media network, about its activities or offers, as well as providing a personalised customer service.

Under no circumstances will we collect data from social media networks, unless we obtained occasional and express consent for it from the user. When, because of the very nature of social media networks, the user needs to modify their data to exercise their rights, we will offer our assistance and we will advise the user to best of our ability.

Job offers

SÚMATE will only consider those job or internship applications from candidates who have submitted them through the appropriate channels, indicated in the relevant website, or through internship and job search websites where we have published an offer for a specific position. Any other job applications will be rejected.

The candidate authorises us to review the documents they sent, any information available directly through web browsers, any professional social media network profiles, data obtained from admission tests and other information disclosed during the job interview. All this data will be used with the purpose of assessing their application and, if relevant, offer them employment.

Is the information communicated to third parties?

The data will be communicated, when relevant, to comply with certain legal obligations (Revenue Administration, Social Security, Law Enforcement, Management, etc.). The same principle applies, authorising SÚMATE to outsource a Cloud Computing service, whose performance may entail the following processes: data collection, recording, structuring, alteration, storage, retrieval, consultation, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

  1. Compliance with the applicable legislation

The service provider will comply with the guidelines in the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), and any other current and valid legislation at each moment, guaranteeing a correct usage and processing of the user’s personal data. Moreover, it affords compliance to Spanish legislation, in particular the Ley 34/2002, of the 11th July, on Information Society Services and Electronic Commerce.

  1. Email communication

Email communications will be carried out only when necessary in regards to managing the user’s application, or to respond to any observations. Additionally, the user consents to the processing of their data for the purpose of communicating, by any means, including email correspondence, about products and services offered by SÚMATE.

In every instance, the recipient will be offered the possibility of opposing the processing of their data for promotional reasons, through a simple and free procedure, in compliance with article 21.2 of the Spanish law Ley 34/2002, of the 11th of July, on Information Society Services and Electronic Commerce.

  1. Data provided by third parties

In the event that the application includes personal data provided by persons that are not the holder, the user must, previously to their inclusion, inform said persons about the matters mentioned in the above paragraphs. In this case, the website owners are exempted from any responsibility should this requirement be infringed.

  1. Minors

This website is not addressed to minor persons, which means this website does not authorise providing personal information about minors. The website owners are exempted from any responsibility should this requirement be infringed.

  1. Safety measures

The controllers have implemented the necessary technical security and organisational measures to guarantee the safety of personal information, and prevent its modification, loss and processing and/or unauthorised access, with due regard to the state of the art, implementation costs, and the nature, scope, context and purposes of processing, as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons. In any case, mechanisms will be implemented to:

  1. a) Ensuring the permanent confidentiality, integrity, availability and resilience of processing systems and services.
  2. b) Restoring availability and access to personal data quickly, in the event of a physical or technical incident.
  3. c) Verify, assess and evaluate, regularly, the efficiency of technical and organisational measures implemented to ensure the safety of data processing.
  4. d) Pseudonymising and ciphering personal data, where appropriate.

All of the above in accordance to what is established in article 32 of the GDPR, regarding Whereas Clause 81 of the GDPR

  1. Confidentiality and secrecy obligations

The user can count on the confidentiality and secrecy obligations of the SÚMATE staff, and all those who process data on their behalf. Without prejudice to the above, the user should be forewarned that communication security through the Internet is not invulnerable.

  1. Alterations to the privacy policy

The owner of the website reserves the right to alter or modify the Privacy Policy without notice, following their own criteria, or motivated by a change in regulations, case law or tenet issued by the Agencia Española de Protección de Datos (Spanish Agency for Data Protection). Any alterations to the Privacy Policy will be published a day prior to its effective application.

  1. Cookie policy

Click on the following link to take a look at our Cookie Policy and learn how we use them:

  1. Contact us

If you have any questions about our Privacy Policy, you can always contact us through the following email address: