Data Privacy Notice

This page exists for two reasons:

  1. We want to inform you about how we protect your information because we want you to feel secure dealing with us.
  2. Transparency regarding data protection, data privacy and cookie use is now obligatory.

This privacy notice is written to comply with the General Data Protection Regulation (GDPR).

The GDPR protects your fundamental rights and freedoms regarding the protection of your personal data.

Data Controller

  • Name: EBC y Asociados Idiomas Internacional S.L.
  • Phone: (+34) 915 553 975
  • Contact us
  • Address: Calle Orense 16, 2E, 28020 Madrid, Spain

Data Protection Officer

  • Name: Jim Ashton
  • Phone: (+34) 915 553 975
  • Contact us
  • Address: Calle Orense 16, 2E, 28020 Madrid, Spain

Purposes of processing your personal data

We process your personal data for two reasons:

  1. To collect the contact details you give us to maintain correspondence with you.
  2. To periodically send you information that may be of interest to you or the company you work for.

Legitimate interests for processing your personal data

We class the following as legitimate interest purposes:

  1. Communicating with you after you have expressed an interest in our product and services or you have contacted us regarding other matters.

Recipients of your personal data

We are the only recipients of your personal data.

Transferring your personal data

  1. We store your personal data in secure servers in the France.
  2. Connection to this web site and the secure servers in the Netherlands uses TLS encrypted communication.
  3. We do not transfer your personal data outside our organisation.

We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so.

Your rights over your personal data given to us

You have the following rights that we respect:

  • get access to a copy of your personal data;
  • object to processing that is likely to cause or is causing you damage or distress;
  • opt-out of receiving direct marketing material;
  • opt-out of decisions being taken by automated means;
  • have your personal data rectified, blocked, erased or destroyed;
  • lodge a complaint with the regulator;
  • claim compensation for damages caused by a breach of the GDPR.

Why we need to use your personal data

We need your personal data to communicate with you, draw up contracts and honour contractual obligations. We may also use your personal data to improve our products and services or send relevant material which we think you may find interesting.

Automated profiling using your personal data

We do not undertake any automated profiling.

The personal data we collect

We initially collect the following information:

  • your name
  • the company you represent
  • your email address
  • your phone number

We may need to collect more information at a later stage as our relationship evolves. If more information is needed, you will be informed.

Cookies : small files placed on your computer

This site uses two types of cookie both of which are stored on your device.

  1. Cookies that the site needs in order to work. These cannot be turned off and only exist to enable you to use the site.
  2. Cookies used by Google Analytics to anonymously track visitors to this site. We only use Google Analytics cookies to identify which pages are being used. This is done anonymously and it helps us analyse data about web page traffic and improve our web sites in order to tailor it to customer needs. We only use this information for statistical analysis purposes. We receive technical data (standard internet log information and details of visitor behaviour) from Google Analytics about visitors to this web site. This information does not identify anyone. To opt out of being tracked by Google Analytics across all web sites visit: You may also use our cookie control by clicking the gear icon shown in the bottom, left corner of the page.

Overall, cookies help us provide you with better web sites, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

NOTE: Google Analytics cookies are switched off by default. We do not use marketing cookies.

Links to other web sites

Our web site may contain links to other web sites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over other web site. We are not responsible for the protection and privacy of any information which you provide whilst visiting these sites and these sites are not governed by our privacy statement. You should always exercise caution and look at the data privacy statement applicable to the web site in question.

Data Protection Management Software as a Service (DPMSaaS)

  1. DPMSaaS is hosted in France by OVHCloud - certifications (ISO 27001, SOC 1 Type II, SOC 2 Type II)
  2. DPMSaaS uses TLS encryption for data transmission
  3. DPMSaaS makes use of database level and field level encryption for data at rest
  4. DPMSaaS incorporates strict session hi-jack controls
  5. DPMSaaS incorporates methods and measures against SQL injection
  6. DPMSaaS does not use marketing or tracking cookies
  7. DPMSaaS uses Detectify to perform weekly security tests including OWASP Top 10, CORS, Amazon S3 Bucket and DNS misconfigurations.
  8. Each DPMSaaS has its own dedicated field level encryption keys
  9. Each DPMSaaS uses different database level encryption keys
  10. Each DPMSaaS account has its own dedicated database

When your organisation is set up to use DPMSaaS, you will be in control of its data content. With regard to all your data content, you will determine what goes in, what goes out and how it is used.


EBC y Asociados Idiomas Internacional S.L. data security is Cyber Essentials certified. Cyber Essentials is a UK government information assurance scheme operated by the National Cyber Security Centre that encourages organisations to adopt good practice in information security.