Who is responsible for your data?

  • Owner: I-GRAPE LABORATORY SL (hereinafter I-Grape).
  • Registered office: Edificio Emprendia, Campus Vida, no number. Santiago de Compostela, A Coruña
  • Tax Code: B70421797.
  • Phone number: (+34) 661 54 65 85
  • E-mail:
  • Data protection officer’s email:


Why will we process your personal data?

I-grape will process user data for the the following purposes:

  1. Answering to queries, petitions or suggestions made through the contact form and corporate e-mail accounts.
  2. Manage orders made through the online shop.
  3. Manage contracting, invoicing and guarantee contracted products.
  4. To send electronic communications about news and updates on contracted products and/or services, unless otherwise indicated or unless the user opposes or revokes their consent.
  5. To periodically send commercial information (newsletter) about services and news related to our professional activity, provided that the interested party grants us their consent to do so and maintaining at their disposal the possibility of revoking the aforementioned consent.
  6. In case you send us your CV or you register for the different job offers that we may publish, we will process your data in order to evaluate and manage your job application and to carry out the necessary actions for the selection and recruitment of staff, in order to offer you positions that match your profile. Unless otherwise indicated, the provision of the required data is necessary, and failure to provide it will prevent the selection process from continuing.
  7. To comply with legally established obligations, as well as to verify compliance with contractual obligations, including fraud prevention.

Which data categories do we process?

In accordance with the aforementioned purposes, I-grape differs the following categories of data:

  • Identifying data: name, surname, postal address, e-mail address, postcode, phone number.
  • Academic and professional data: training/qualifications, professional experience, membership of professional schools or associations, in case of selection processes.
  • Electronic communications metadata.
  • Commercial information data.
  • Economic, financial or banking data.

In some cases, personal data requested are obligatory, so refusing to provide them will make it impossible to provide the contracted services. These cases shall be indicated by the person in charge.

The user guarantees that the provided data is true, exact, complete and updated, and is responsible for any direct or indirect damage or harm that may be caused as a result of non-compliance with this obligation. In case the user provides data of third parties, they declare to have their consent and undertakes to provide them with the information contained in this clause, exempting I-GRAPE from any liability in this regard. However, I-GRAPE may verify this fact, adopting the appropriate due diligence measures, in accordance with data protection regulations.

What is the legitimacy for the processing of your data?

  1. The legitimacy for the processing of data collected from queries, requests or suggestions made through the contact form and/or through corporate emails, lies in our own legitimate interest in responding to a potential client and in the consent, clear affirmative action of the user who, by making the query, is authorising us to process their data solely and exclusively for the purpose of responding to the same.
  2. For the management of the contracting of services, payment, invoicing and corresponding deliveries, the legitimacy lies in the execution of the contract itself.
  3. For sending electronic communications of news and updates of contracted products and/or services, the legitimisation of the processing lies in the legitimate interest of Herrero & Asociados to carry out procedures in accordance with current legislation.
  4. To periodically send commercial information (newsletter) about services and news related to our professional activity, the legitimacy lies in the consent of the user.
  5. The legitimacy for the processing of data in relation to the sending of CVs and registrations for professional offers that we may publish is based on the consent of the user who sends their data.
  6. Finally, the processing of data to comply with legally established obligations, as well as to verify compliance with contractual obligations, including fraud prevention, finds its legitimacy as the description of its purpose indicates in the fulfilment of a legal obligation.

How long do we save your data?

I-GRAPE will keep users’ personal data for the time necessary to carry out the purposes for which they were collected and as long as they do not revoke the consents granted. Subsequently, if necessary, the information will be kept blocked for the legally established periods of time.

In the case of data you provide in connection with job offers to which you wish to subscribe, they will be retained for one year from the date of the last update. Once this period is over without the data having been updated, the data will be deleted, unless you tell us otherwise.

What security measures do we put in place to take care of your data?

I-GRAPE is committed to the protection of personal data, user privacy and cybersecurity, so in order to protect the different types of data reflected in this privacy policy it will carry out the necessary technical and organisational security measures to prevent their loss, manipulation, dissemination or alteration, such as encryption of communications between the user’s device and I-GRAPE servers, perimeter security systems or proactive IDS/IPS systems among others


To which recipients will your data be communicated?

The controller contracts with third-party processors in order to be able to provide its services. With the exception of these entities, your data will not be disclosed to other third parties. In case it is necessary to communicate these data to third parties, you will be informed in advance and, where appropriate, your consent will be requested and the purposes of the communication and the identity of the third party to whom the data will be communicated will be specified.

Always, with the exception of cases in which a legal requirement makes it necessary to communicate such data to a third party


What rights does the interested party have?

Persons who provide us with their data have the following rights in relation to such data:

  1. Right of access
  2. Right of rectification or erasure
  3. Right to restriction of processing
  4. Right to portability
  5. Right to object
  6. Right to withdraw consent

If you would like to know more information about your rights, we suggest you visit the website of the Spanish Data Protection Agency.

The exercise of these rights may be made by sending a letter, accompanied by a copy of an official document that identifies you, addressed to I-GRAPE, Cedaceros street 1 (corner with Alcalá street 26), 28014, Madrid, to the attention of the data protection delegate. You can also contact us for this purpose thorough

In addition, we inform you about the possibility of lodging a complaint with the competent supervisory authority, in this case, the Spanish Data Protection Agency, especially in the event that you have not obtained satisfaction in the exercise of your rights. You can contact the Spanish Data Protection Agency by telephone on 901 100 099 and 912 663 517 or by visiting them at their address Jorge Juan street, 6. 28001 – Madrid.


All data collected originate from the data subject.