PR.01
Scope
This policy applies to grunuss.com and to correspondence directed to institutional addresses listed on this site. It does not cover unaffiliated third-party services.
Legal / Privacy
v1.0 · 2026
Data, used
sparingly.
The institution collects the minimum data necessary to operate the site and answer correspondence. No advertising trackers, no profiling, no resale.
§ 01 / Summary
GS-2026 / SECT_01
At a glance.
- Controller
- Grunuss Holdings S.L.
- Jurisdiction
- Spain · EU (GDPR)
- Effective
- 2026 · 06 · 01
- Contact
- privacy@grunuss.com
§ 02 / Policy
GS-2026 / SECT_02
Full policy.
PR.02
Data we process
Server logs (IP address, user agent, requested URL, timestamp) collected for security and operational integrity. Information you voluntarily submit through correspondence or forms. No advertising trackers and no cross-site profiling are deployed.
PR.03
Purpose and lawful basis
Operational integrity and security (legitimate interest). Handling of correspondence and applications (performance of pre-contractual measures or legitimate interest). Compliance with legal obligations where applicable.
PR.04
Cookies and analytics
Strictly necessary cookies only. Aggregated, anonymised traffic measurement may be used. Where any non-essential cookie is introduced, prior consent will be requested.
PR.05
Retention
Server logs are retained for the minimum period required for security review and then rotated. Correspondence is retained for as long as the underlying matter remains open, plus any statutory retention period.
PR.06
Recipients
Data is processed by Grunuss personnel and a limited set of infrastructure providers acting as processors under written agreement. No data is sold or shared for marketing purposes.
PR.07
International transfers
Where data is processed outside the European Economic Area, transfers are made under appropriate safeguards (Standard Contractual Clauses or equivalent).
PR.08
Your rights
Subject to applicable law, you have the right to access, rectify, erase, restrict, or object to processing, and to data portability. You may also lodge a complaint with the supervisory authority — in Spain, the Agencia Española de Protección de Datos (AEPD) at aepd.es.
PR.09
Security
Reasonable technical and organisational measures are maintained to protect personal data against unauthorised access, alteration, disclosure, or destruction.
PR.10
Updates
This policy may be revised. Material changes are reflected in the effective date above; substantive changes are noted on the institutional record.
For requests concerning your data, write to privacy@grunuss.com.
§ 03 / Continue
GS-2026 / SECT_03