Privacy policy

1. Privacy and Security Policy

1.1. The following information about our Privacy Policy reflects the commitment of KLEO HUB, S.L., Tax ID (CIF) B44785962 (hereinafter, KLEO), as data controller, to maintain and ensure secure business relationships by protecting personal data and safeguarding the right to privacy of every user of our services.
1.2. The services and features of the KLEO platform are intended exclusively for legal entities and professionals acting in the course of their business or professional activity. Any personal data collected will relate to natural persons who are points of contact, legal representatives, or professional users of such entities.
1.3. KLEO may collect and process information provided by users through forms, interviews, questionnaires, conversations, or by uploading documents to the platform, for the purpose of assessing a company’s eligibility, offering funding recommendations, or using KLEO’s Smart Matching system.
KLEO may also access, consult, and verify business or economic information available in official, public, or private registers and databases, always within legally permitted limits and solely to analyze the company’s situation and provide the informational and diagnostic services offered by the platform.
All information collected will be processed confidentially, applying appropriate technical and organizational measures to ensure its security, and in accordance with this Privacy Policy and the applicable data protection regulations.

2. Definitions

2.1. Personal data: any information relating to an identified or identifiable natural person. This includes, among others, first and last name, postal and email address, and telephone number.
2.2. Confidential Information: any information, data, or document that one Party discloses to the other in writing, verbally, digitally, or by any means, including—without limitation—technical, commercial, corporate, legal, tax, accounting, labor, financial or strategic information, as well as information provided via forms, interviews, questionnaires, or document uploads to the platform, and information KLEO may obtain from official registers or authorized sources. Confidential Information shall not include information that:

• Is in the public domain at the time of disclosure or becomes public without breach of this Agreement.
• Was lawfully in the receiving Party’s possession prior to disclosure.
• Is disclosed by a third party without a duty of confidentiality.
• Is required to be disclosed by law or by administrative or judicial order, with prior notice to the disclosing Party where legally possible.
  2.2. Authorized Recipients: natural or legal persons who, acting on behalf of or under the instructions of either Party (directors, employees, advisors, subcontractors, certification bodies, financial institutions, investors, or technology partners), need to know the Confidential Information to fulfill the purpose of this Agreement and are subject to the same confidentiality obligations.

3. Processing activities and purposes

3.1 Personal data provided through KLEO’s various forms and channels will be processed under the legal bases set out in Article 6.1 of Regulation (EU) 2016/679 (GDPR):

• The data subject’s consent.
• The performance of a contract or the application of pre-contractual measures.
• Compliance with legal obligations applicable to KLEO HUB, S.L.
• Legitimate interest in maintaining business relationships with customers and professional users.
  3.2 Any personal data you provide when visiting our website will be processed in accordance with data protection rules and collected, processed, and used only for lawful, legitimate, and informed purposes. In particular, KLEO undertakes to:
• Use the Confidential Information exclusively for analysis, verification, and funding application processing purposes.
• Not disclose or transfer it to third parties, except to Authorized Recipients who need to know it.
• Ensure such Recipients assume equivalent obligations and be liable for their acts.
• Adopt appropriate technical and organizational measures in accordance with Article 32 GDPR.
• Destroy or return the information at the end of the relationship, unless there is a legal duty to retain it or a temporary blocking obligation.
  3.3. KLEO will process personal data that the user provides via the website or by electronic means for the following purposes:
• Managing inquiries and contact forms: to handle information requests, resolve questions, or respond to user queries.
• Subscription to communications or newsletters: to send newsletters, updates, or commercial communications related to Kleo’s services, where the user has expressly authorized this.
• User registration on the platform: to manage account creation and access to the private area, and to maintain the resulting commercial or contractual relationship.
• Service contracting: to manage the contracting process, service delivery, and billing, including communicating data to banks for payment processing.The legal basis for these processing activities is the performance of pre-contractual or contractual measures, compliance with legal obligations, and, where applicable, the user’s express consent.Data will be retained for the time necessary to fulfill the stated purposes and resulting legal obligations, and thereafter for the limitation periods applicable under commercial and tax regulations. KLEO will inform all users when certain personal data fields are not mandatory, except where otherwise indicated. However, failure to provide such data may prevent KLEO from delivering those Services linked to the data, and KLEO shall bear no liability for non-provision or incomplete provision of such Services. The user is responsible for providing accurate data and keeping it up to date. KLEO reserves the right to exclude from the services and cancel service for any user who has provided false data, without prejudice to any other actions available in law. Your personal data will not be disclosed to third parties except where there is a legal obligation or the user’s express consent. However, certain technology and service providers acting as KLEO’s processors may access your personal data, such as banks for payment processing, web hosting, email, CRM, technical support, or internal management tools. All such providers operate under contracts pursuant to Article 28 of Regulation (EU) 2016/679 (GDPR), ensuring confidentiality, security, and use of the data solely in accordance with KLEO’s instructions. KLEO may carry out automated processing of data, including profiling, to offer personalized recommendations on funding lines or available services, based on the information provided by the user. In no case will such decisions produce legal effects without human involvement. KLEO may send informational or commercial communications related to services similar to those initially contracted, based on its legitimate interest or the user’s consent, as appropriate. The user may object to receiving such communications at any time. KLEO may access, consult, and verify information relating to users’ business or professional activity in public or private bodies and registers, such as the Spanish Tax Agency (AEAT), the Social Security Treasury (TGSS), the Commercial Registry, or any other database or official source containing information relevant to analyzing, validating, or processing potential funding options or financial diagnostics. Access to, use of, or participation in KLEO’s analysis, diagnostic, or funding recommendation services does not in any case imply the formation of a contractual relationship nor does it guarantee the granting or approval of any funding.KLEO acts as a technology platform for financial diagnostics and advisory services and assumes no responsibility for the accuracy or completeness of information provided by users or for decisions users make based on the information, recommendations, or results generated by the platform.

4. Security of your personal data

4.1 KLEO is especially committed to ensuring the security of your personal data. Your data are stored in our information systems, where we have adopted and implemented technical and organizational security measures to prevent any loss or unauthorized use by third parties. For example, our web portals use HTTPS data-encryption protocols.
4.2 Certain KLEO technology providers may carry out international data transfers to countries outside the European Economic Area, relying on European Commission adequacy decisions or on Standard Contractual Clauses approved by the Commission, thereby ensuring an adequate level of protection for personal data in all cases.

5. Information about the use of cookies

5.1 Merely visiting this website or using KLEO’s services does not automatically register any personal data that identify a User. However, we inform you that “cookies” are used while browsing the Website—small data files generated on the user’s device—which allow us to obtain the following analytical information:

• The date and time of access to the Website, enabling us to identify peak hours and make the necessary adjustments to avoid congestion during peak times.
• The daily number of visitors in each section, allowing us to identify the most successful areas and enhance and improve their content so users obtain a more satisfactory result and to improve content design.
• The date and time of the user’s last visit to the Website, in order to carry out analytical and statistical studies on website usage.
• Security elements involved in controlling access to restricted areas.
  For more information, please visit our cookies policy.

6. Users’ rights

6.1 All users may exercise any of the rights granted by data protection regulations—such as the rights of access, rectification, restriction of processing, erasure, data portability, and objection—by writing to [email protected]. If they deem it appropriate, they may also lodge a complaint with the Spanish Data Protection Agency (AEPD).
6.2 To exercise the above rights, the user must verify their identity by providing a copy of an official document or any equivalent means that allows verification.

7. Do you not wish to receive information from us or wish to withdraw your consent?

7.1 Any user may object to the use of their information for advertising purposes, market research, or satisfaction surveys, as well as withdraw their consent at any time (without retroactive effect). To do so, they must send an email to [email protected]. When receiving advertising by email, they may also object directly from that email by clicking the link included therein and following the provided instructions.

8. Changes to the Privacy Policy

8.1 Our Privacy Policy may be updated due to legal changes and needs, as well as due to improvements and changes in how we offer and provide our services. Therefore, we recommend that you visit and access our Privacy Policy periodically to review the latest changes that may have been incorporated. If such changes relate to consent previously provided by the user, a separate and independent notification will be sent to obtain consent again.
8.2 If you have any questions or concerns about our Privacy Policy while reading it, or if you wish to exercise any right or take any action regarding your personal data, please contact us at [email protected]