Privacy Policy. Protection of Personal Data under the GDPR
Investigación Tecnología y Educación Nuevos Medios, S.L., in application of current regulations regarding the protection of personal data, informs that the personal data collected through the forms on the website: https://itenlearning.com/ are included in the automated files specific to users of the services of Investigación Tecnología y Educación Nuevos Medios, S.L.
The collection and automated processing of personal data aims to maintain the commercial relationship and to perform tasks related to information, training, advice, and other activities inherent to Investigación Tecnología y Educación Nuevos Medios, S.L.
These data will only be shared with entities necessary solely to fulfill the purpose described above.
Investigación Tecnología y Educación Nuevos Medios, S.L. takes the necessary measures to guarantee the security, integrity, and confidentiality of the data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and the free movement of such data, repealing the previous LOPD, and the new Organic Law 3/2018, of December 5, on Data Protection and Guarantee of Digital Rights (LOPDGDD).
The user may at any time exercise the rights of access, opposition, rectification, cancellation, limitation, and portability recognized in the aforementioned Regulation (EU). These rights can be exercised by the user via email at: itenlearning@itenlearning.com or at the address: Avd. De Dolores 11, C.P. 03203 – Elche (Alicante), for which we may request documentation proving their identity if necessary.
Data Protection Officer Contact Information: GRUPO ATICO34 SL LOPD-GDD@ATICO34.COM
The user declares that all data provided by them is true and correct and commits to keeping it updated, communicating any changes to Investigación Tecnología y Educación Nuevos Medios, S.L.
Purpose of the processing of personal data:
For what purpose will we process your personal data?
At Investigación Tecnología y Educación Nuevos Medios, S.L., we will process your personal data collected through the website: https://itenlearning.com/ for the following purposes:
- To comply with the company’s commercial, labor, corporate, and accounting obligations.
- To provide services according to the specific needs of clients in order to fulfill the contracts signed.
- For security or fraud prevention purposes.
- To provide the information requested by the user through any of the contact channels available on the website.
The fields in these records are mandatory; it is impossible to carry out the purposes expressed without providing this data.
How long are the personal data collected retained?
The personal data provided will be retained as long as the commercial relationship exists or until the user requests its deletion, and during the period during which legal liabilities may arise from the services provided. Likewise, we will retain your data as long as you do not object to the processing.
Legal Basis
The processing of your data is carried out on the following legal bases that legitimize it:
- Performance of a contract or adoption of pre-contractual measures for managing the provision of the service, including administrative management.
- Compliance with legal obligations to fulfill the legal, fiscal, accounting, or administrative obligations applicable to Tecnología y Educación Nuevos Medios, S.L.
- For the use of non-essential cookies, prior, free, informed, and explicit consent from the user will be requested. The user may revoke this consent at any time.
- Legitimate interest to address the request and/or inquiry submitted through any of the enabled contact channels, as well as for fraud prevention and website security.
Source of Data and Method of Collection
The personal data we process has been provided directly by you. If you provide data belonging to other people, you guarantee that you have their express consent and have informed them of the contents of this Policy. Likewise, you release us from any liability arising from the failure to comply with this obligation.
Recipients and International Data Transfers
Please note that, as a result of cloud computing services provided by Google, your data may be transferred to service providers located outside the European Economic Area, specifically to Google LLC, located at 1600 Amphitheatre Parkway, Mountain View, California 94043 (USA), which provides web hosting services. Google LLC is subject to the EU-US Data Privacy Framework (information available at: https://www.dataprivacyframework.gov/s/participant-search) and also uses standard contractual clauses adopted by the European Commission.
However, the servers hosting our online software infrastructure are located in Google Cloud (Belgium, Europe).
Data will not be shared with any third party outside Investigación Tecnología y Educación Nuevos Medios, S.L., except when legally required.
Accuracy of Personal Data
If you do not provide your data or provide it incorrectly or incompletely, we will not be able to process your request, making it impossible to provide the requested information or carry out the contracted services.
The data subject guarantees that the provided data is truthful, accurate, complete, and up-to-date. You will inform us of any changes to the provided data through the channels indicated in the header of this policy.
Data Collected by Users of the Services
If the user uploads files containing personal data to shared hosting servers, Investigación Tecnología y Educación Nuevos Medios, S.L. is not responsible for the user’s non-compliance with the GDPR.
Intellectual Property Rights https://itenlearning.com/
Investigación Tecnología y Educación Nuevos Medios, S.L. owns all copyright, intellectual and industrial property, know-how, and all other rights related to the content of the website https://itenlearning.com/ and its offered services, as well as the software required for implementation and related information.
Reproduction, publication, and/or non-strictly private use of the content, in whole or in part, is not permitted without prior written consent.
Intellectual Property of Software
Users must respect third-party programs made available by Investigación Tecnología y Educación Nuevos Medios, S.L., even if they are free or publicly available.
Investigación Tecnología y Educación Nuevos Medios, S.L. holds the exploitation and intellectual property rights of the software.
Users acquire no rights or licenses through the contracted service over the software necessary for service provision, nor over technical information for monitoring the service, except for the rights and licenses necessary to fulfill the contracted services, and only for their duration.
For any actions beyond contract fulfillment, users must obtain written authorization from Investigación Tecnología y Educación Nuevos Medios, S.L., and are prohibited from accessing, modifying, or viewing server configurations, structures, and files, assuming civil and criminal liability for any incidents resulting from negligent or malicious actions.
Intellectual Property of Hosted Content
Use contrary to intellectual property laws regarding services provided by Investigación Tecnología y Educación Nuevos Medios, S.L. is prohibited, particularly:
- Use that violates Spanish law or infringes third-party rights.
- Publication or transmission of content deemed violent, obscene, abusive, illegal, racist, xenophobic, or defamatory.
- Use of cracks, program serial numbers, or any content violating third-party intellectual property rights.
- Collection or use of personal data from other users without express consent or in violation of EU Regulation 2016/679 (GDPR).
- Use of domain email servers for unsolicited mass emailing.
Users are fully responsible for their website content, transmitted or stored information, hyperlinks, third-party claims, and legal actions regarding intellectual property, third-party rights, and child protection. Users are also responsible for compliance with applicable laws, online service regulations, e-commerce rules, copyright, public order, and universal Internet usage principles.
Users will indemnify Investigación Tecnología y Educación Nuevos Medios, S.L. for expenses arising from legal claims attributable to the user, including fees and legal defense costs, even if a judicial decision is not final.
Protection of Hosted Information
Investigación Tecnología y Educación Nuevos Medios, S.L. performs backups of the content hosted on its servers; however, it is not responsible for the loss or accidental deletion of data by users. Likewise, it does not guarantee the full restoration of data deleted by users, as such data may have been removed and/or modified during the period since the last backup.
The services offered, except for specific backup services, do not include the restoration of content stored in the backups performed by Investigation Technology and Education New Media, S.L., when such loss is attributable to the user. In such cases, a fee will be determined according to the complexity and volume of the recovery, always subject to prior acceptance by the user.
Restoration of deleted data is only included in the service price when content loss is due to causes attributable to Investigation Technology and Education New Media, S.L.
Commercial Communications
In accordance with the LSSI, Investigación Tecnología y Educación Nuevos Medios, S.L. will not send advertising or promotional communications by email or any equivalent electronic communication means unless previously requested or expressly authorized by the recipients.
For users with whom there is a prior contractual relationship, Investigación Tecnología y Educación Nuevos Medios, S.L. is authorized to send commercial communications regarding products or services similar to those initially contracted by the client.
In all cases, the user may request not to receive further commercial information, once their identity has been verified, through Customer Service channels.
Data Processing by Investigación Tecnología y Educación Nuevos Medios, S.L. as Data Processor
Personal data managed through the systems and services of Investigación Tecnología y Educación Nuevos Medios, S.L. will be processed by this same entity in the capacity of data processor. The main conditions governing this processing are detailed below.
To provide the contracted services, Investigación Tecnología y Educación Nuevos Medios, S.L. will process personal data on behalf of the client, within the framework of processing activities under its responsibility, in accordance with the provisions of Article 28 of Regulation (EU) 2016/679 (GDPR).
This agreement authorizes Investigación Tecnología y Educación Nuevos Medios, S.L., as data processor, to process on behalf of the client (data controller) the personal data necessary to provide any of the services contracted by the client.
In this regard, the client-responsible data to which Investigación Tecnología y Educación Nuevos Medios, S.L. may have access for the provision of these services are as follows:
- Categories of data subjects: Any category of data subjects that the data controller deems necessary for the correct provision of the service.
- Types of data: Any category of personal data that the data controller considers necessary for the correct provision of the service.
The processing of this data will mainly involve collecting the data provided by the client, recording, storing, accessing, and structuring it, as well as its destruction once the service has been completed. Once destroyed, the data processor, at the request of the data controller, will certify in writing that the data has been destroyed and provide the certificate. In any case, Investigación Tecnología y Educación Nuevos Medios, S.L. may retain a copy, properly blocked, as long as there is a possibility of liabilities arising from the service provided.
Investigación Tecnología y Educación Nuevos Medios, S.L. will only access and process the data to fulfill obligations arising from the contractual relationship, and always following the documented instructions of the client. If any instruction could violate the GDPR or any other applicable data protection regulation, Investigación Tecnología y Educación Nuevos Medios, S.L. will immediately notify the data controller.
Investigación Tecnología y Educación Nuevos Medios, S.L. and its personnel, duly trained in data protection, are obliged to:
- Maintain the confidentiality of the processed information and not disclose it to third parties except with the client’s express authorization or in cases established by law. If an international transfer is required by legal obligation, the client will be informed in advance, unless prohibited by law.
- Implement the necessary measures to ensure the confidentiality, integrity, availability, and resilience of the systems, restore access to data in the event of incidents, evaluate the effectiveness of the measures implemented, and, where appropriate, apply techniques such as pseudonymization and encryption.
- Maintain an up-to-date record of the processing activities carried out by Investigación Tecnología y Educación Nuevos Medios, S.L. on behalf of the data controller.
- Collaborate in managing requests for access, rectification, deletion, objection, portability, restriction of processing, and automated decisions.
- Notify the client of any security breach within a maximum of 36 hours to allow the client to inform, if applicable, the supervisory authority or the data subjects.
- Support the client, where appropriate, in conducting data protection impact assessments and prior consultations with the supervisory authority.
- Provide the client with all necessary information to demonstrate compliance with data protection obligations and allow the client or its authorized auditor to carry out inspections or audits.
For the contracted service, Investigación Tecnología y Educación Nuevos Medios, S.L., in addition to the auxiliary services necessary for the normal operation of the data processor’s services, will subcontract the following services, which may involve international data transfers:
- Web hosting and cloud computing services provided by Google LLC, located at 1600 Amphitheatre Parkway, Mountain View, California 94043 (USA). In this regard, we inform you that Google LLC is covered under the EU-US Data Privacy Framework (information available at: https://www.dataprivacyframework.gov/s/participant-search) and also adheres to standard contractual clauses adopted by the European Commission. Specifically, the following Google services are used:
- Google Workspace
- Google Cloud Platform (GCP)
- Google Cloud Domains
- Google Play Store
- Elastic Cloud: Provides deployment and management of our cloud technologies. Elastic Cloud works with certain support and infrastructure subprocessors to deliver its services. The following list shows the external or internal subprocessors they work with. They may also transfer data outside national borders. To protect data when processed by our subprocessors, they implement appropriate safeguards, including data processing agreements and approved transfer mechanisms (such as SCCs), along with additional measures. They also have robust processes to review privacy and security controls of all subprocessors who access customers’ personal data. More information is available at: https://www.elastic.co/es/trust/faq#security
- Project management tool for technical documentation, provided by Atlassian Pty Ltd (JIRA): Using JIRA may involve transferring data outside the European Economic Area, both to Atlassian group companies and third parties that collaborate for proper service provision. The list of subprocessors can be consulted at: https://www.atlassian.com/es/legal/sub-processors#atlassian-group-sub-processors. Atlassian adheres to the EU–US Data Privacy Framework and applies standard contractual clauses adopted by the European Commission for international data transfers to both group companies and relevant subprocessors. Atlassian has also implemented additional technical measures to ensure adequate protection (details at: https://www.atlassian.com/legal/security-measures#program-management).
- CRM solution HubSpot: Data may be transferred to HubSpot, Inc., located at Two Canal Park, Cambridge, MA 02141, USA, for the provision of the CRM service for customer management. HubSpot adheres to the EU–US Data Privacy Framework (Adequacy Decision July 10, 2023) and applies standard contractual clauses adopted by the European Commission. More information: https://legal.hubspot.com/es/dpa.
- Mailgun Technologies, Inc.: Used for sending, receiving, and tracking transactional emails, Mailgun is a U.S.-based provider offering a cloud-based transactional email platform. This service allows automated email sending via API from our applications and systems, as well as monitoring delivery, openings, or issues. Data processing by Mailgun is regulated under a Data Processing Addendum (DPA). For international transfers outside the EEA, adequate safeguards are applied under Regulation (EU) 2016/679, such as adherence to the EU–US Data Privacy Framework and/or standard contractual clauses approved by the European Commission. More information: https://www.mailgun.com/es/legal/politica-privacidad/
In the event of new subcontracting, the client will be informed at least 10 days in advance, specifying the tasks to be outsourced and the identity of the subcontractor. If the client raises no objections within this period, authorization will be deemed granted.
Any subcontractor, who will also be considered a data processor, is equally obliged to comply with the obligations set forth in this document for the data processor and with the instructions issued by the client (in their capacity as data controller). It is the responsibility of the initial processor to regulate the new relationship so that it is subject to the same conditions (instructions, obligations, security measures, etc.) and the same formal requirements regarding the proper processing of personal data and the guarantee of data subjects’ rights. In the event of non-compliance by the subcontractor, the initial processor will remain fully responsible to the data controller for fulfilling its obligations.
Additionally, it is the responsibility of the client, as the data controller, to:
- Provide the data processor with the necessary data for the provision of the service.
- Conduct, where applicable, a data protection impact assessment of the processing activities to be carried out by the data processor.
- Carry out prior consultations as necessary.
- Ensure the data processor’s compliance with the GDPR before and throughout the entire processing period.
- Supervise the processing, including conducting inspections and audits.
Confidentiality and Data Security
At Investigación Tecnología y Educación Nuevos Medios, S.L., we value and protect the information you entrust to us. Aware of the importance of privacy and the confidentiality of personal data, we have implemented technical and organizational measures aimed at preserving the security, availability, integrity, and resilience of our systems and processing services. These measures have been designed to provide a level of protection in line with the risks associated with handling personal information. However, it is important to note that no security measure on the Internet is completely infallible; therefore, although we continuously work to protect your data, we cannot guarantee the absolute absence of unauthorized access, cyberattacks, loss, or information leaks.
Privacy Policy Updates
Privacy Policy updated in August 2025. We may modify this policy due to legal, judicial, or commercial changes, always publishing the current version at the same address.