Privacy Notice
Last updated: March 20, 2026
At Kalipso Iberia, S.L. (“Kalipso”, “we”, “our” or “us”), we are committed to protecting the privacy of our business contacts, clients, and website visitors. This Privacy Notice explains how we collect, use, disclose, and safeguard your personal data when you interact with us.
This Privacy Notice does not apply to:
- personal data we process on behalf of our clients as a data processor (which is governed by a Data Processing Agreement); or
- personal data of our employees (which is covered by a separate internal privacy policy).
1. Who is responsible for your personal data?
The data controller responsible for your personal data is:
Kalipso Iberia, S.L.Carrer de Rera Palau, 11, Planta 5
08003 Barcelona, Spain
Tax Identification Number (NIF): B21798608
Registered in the Mercantile Register of Barcelona
For any questions regarding this Privacy Notice or the processing of your personal data, please contact us at: contact@kalipso.ai
2. Your data protection rights
Under the General Data Protection Regulation (GDPR) and applicable Spanish data protection laws, you have the following rights in relation to your personal data:
- Right of access:
- You have the right to request confirmation of whether we process personal data about you and, if so, to obtain a copy of such data.
- Right to rectification:
- You have the right to request that we correct inaccurate or incomplete personal data about you.
- Right to erasure:
- In certain circumstances, you have the right to request that we delete your personal data.
- Right to restrict processing:
- In certain circumstances, you have the right to request that we restrict the processing of your personal data.
- Right to data portability:
- Where technically feasible and where the processing is based on consent or contract performance, you have the right to receive your personal data in a structured, commonly used, and machine-readable format.
- Right to object:
- You have the right to object to processing based on legitimate interests, including for direct marketing purposes.
- Right to withdraw consent:
- Where processing is based on consent, you have the right to withdraw that consent at any time.
To exercise any of these rights, please contact us at contact@kalipso.ai. We will respond to your request within one month, unless the request is complex or we receive a large number of requests, in which case the response period may be extended by up to two additional months.
Right to lodge a complaint: If you believe that we have infringed your data protection rights, you have the right to lodge a complaint with the Spanish Data Protection Authority (Agencia Española de Protección de Datos – AEPD) at www.aepd.es or your local data protection authority.
3. What personal data do we collect?
We collect and process the following categories of personal data:
3.1 Contact and identification data
Name, job title/role, company name, business email address, business phone number, and other professional contact information.
3.2 Account and authentication data
Login credentials, account preferences, and authentication information required to access our services.
3.3 Technical and device data
IP address, browser type and version, device identifiers, operating system, time zone settings, and other technical information collected when you access our website or services.
3.4 Usage and log data
Information about how you use our website and services, including access logs, feature usage, error logs, and network traffic information collected for security monitoring purposes.
3.5 Communication data
Records of correspondence and communications with us, including emails, support tickets, and any other inquiries.
3.6 Commercial and contractual data
Information related to the commercial relationship with your organisation, including contract details, billing information, and transaction history.
3.7 Marketing preferences
Your preferences regarding receiving marketing communications from us, including newsletter subscriptions and event invitations.
3.8 Cookie and tracking data
Information collected through cookies and similar tracking technologies on our Website, including unique cookie identifiers, browsing behaviour, referral source, and conversion events. This data is collected for website analytics and advertising conversion measurement purposes. For full details on the cookies we use, please refer to Section 9 below and our separate Cookie Policy.
4. How do we use your personal data and on what legal basis?
We process your personal data for the following purposes:
| Purpose | Types of Data | Legal Basis |
|---|---|---|
| Managing our commercial relationship and communicating with business contacts | Contact and identification data, communication data | Legitimate interest (Art. 6(1)(f) GDPR) |
| Executing and administering business contracts | Contact data, commercial and contractual data, account data | Legitimate interest (Art. 6(1)(f) GDPR) |
| Providing access to our services and customer support | Contact data, account data, usage data, communication data | Legitimate interest (Art. 6(1)(f) GDPR) |
| Ensuring network and information security, fraud prevention, and monitoring service integrity | Technical data, usage and log data, IP address, device information | Legitimate interest (Art. 6(1)(f) GDPR) |
| Protecting our website against malicious traffic, DDoS attacks, and automated abuse (Cloudflare) | IP address, HTTP request headers, TLS connection data, device/browser fingerprint | Legitimate interest (Art. 6(1)(f) GDPR) |
| Protecting against legal claims and safeguarding our legal rights | All relevant data categories as necessary | Legitimate interest (Art. 6(1)(f) GDPR) |
| Sending marketing communications about our products and services | Contact data, marketing preferences | Consent (Art. 6(1)(a) GDPR) |
| Website analytics and improving our services | Technical data, usage data, cookie and tracking data | Consent (Art. 6(1)(a) GDPR) in conjunction with Art. 5(3) ePrivacy Directive |
| Measuring the effectiveness of our advertising campaigns (conversion tracking) | Technical data, cookie and tracking data, IP address (truncated) | Consent (Art. 6(1)(a) GDPR) in conjunction with Art. 5(3) ePrivacy Directive |
| Aggregated measurement of website traffic and advertising effectiveness (cookieless pings) | Pseudonymised technical data (such as truncated IP address, user agent, page URL, timestamp) | Legitimate interest (Art. 6(1)(f) GDPR). Our legitimate interest is understanding aggregate website performance and advertising effectiveness without storing information on the user’s device. |
| Complying with legal and regulatory obligations | Relevant data categories as required by law | Legal obligation (Art. 6(1)(c) GDPR) |
| Producing anonymised statistics and reports for internal analysis | Anonymised data derived from usage and commercial data | Legitimate interest (Art. 6(1)(f) GDPR) |
5. Who do we share your personal data with?
We may share your personal data with the following categories of recipients:
5.1 Service providers and subcontractors
We engage third-party service providers who process personal data on our behalf, including cloud hosting providers, IT support services, analytics providers, advertising service providers, and communication platforms. These providers act as data processors and are contractually bound to process data only in accordance with our instructions and applicable data protection laws.
Where any of our service providers also process personal data as independent controllers for their own purposes (for example, for their own product improvement or benchmarking), such processing is governed by that provider’s own privacy policy. In particular, where data sharing settings are enabled in our analytics and advertising tools, Google Ireland Limited may process aggregated or pseudonymised data as an independent controller. Where this is the case, Google’s processing is governed by its privacy policy at policies.google.com/privacy.
5.2 Professional advisors
We may share personal data with our legal counsel, accountants, auditors, and other professional advisors when necessary for the conduct of our business or to protect our legal interests.
5.3 Authorities
We may disclose personal data to regulatory authorities, law enforcement agencies, or courts when required by law or when necessary to protect our legal rights.
5.4 Business transfers
In the event of a merger, acquisition, reorganisation, or sale of assets, personal data may be transferred to the acquiring entity or successor organisation. We will notify you of any such transfer and any changes to this Privacy Notice.
6. International data transfers
Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). When we transfer personal data outside the EEA, we ensure that appropriate safeguards are in place in accordance with the GDPR, such as:
- Transfers to countries that have been deemed to provide an adequate level of data protection by the European Commission;
- Standard Contractual Clauses approved by the European Commission;
- Other legally recognised transfer mechanisms, such as binding corporate rules or certification under the EU-US Data Privacy Framework where applicable.
For more information about the safeguards we use for international transfers, please contact us at contact@kalipso.ai
7. How long do we retain your personal data?
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law. The retention periods depend on the nature of the data and the purposes of processing:
- Contractual and commercial data: For the duration of the contractual relationship and for 10 years thereafter to comply with legal obligations and to defend against potential legal claims.
- Network security logs: 6 months, unless a longer retention is required for security incident investigation or legal proceedings.
- Marketing data: Until you withdraw your consent or object to receiving marketing communications.
- Accounting and tax records: As required by Spanish law, generally 10 years.
8. How do we protect your personal data?
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. These measures include, but are not limited to:
- Encryption of data in transit and at rest;
- Access controls and authentication mechanisms;
- Regular security assessments and penetration testing;
- Employee training on data protection and security;
- Incident response and business continuity procedures.
9. Cookies and similar technologies
9.1 What are cookies?
Cookies are small text files that are placed on your device (computer, tablet, or mobile phone) when you visit a website. They are widely used to make websites work more efficiently, provide information to website owners, and enhance user experience. Cookies may be “session cookies” (which are deleted when you close your browser) or “persistent cookies” (which remain on your device for a set period or until you delete them).
9.2 Cookies we use
For more details and a full inventory of the cookies we use, refer to section 9.7 and our Cookie Policy. We use the following categories of cookies on our website:
Strictly necessary cookies
These cookies are essential for the operation of our website and services. They enable core functionality such as security, session management, and accessibility. Without these cookies, services you have requested cannot be provided. These cookies do not require your consent under the ePrivacy Directive and may be placed without it.
Analytics cookies
We use analytics cookies to understand how visitors interact with our Website, identify which pages are most visited, and improve our services. These cookies collect information about your browsing behaviour in pseudonymised form.
Advertising and conversion tracking cookies
We use advertising cookies to measure the effectiveness of our online advertising campaigns. These cookies allow us to determine whether you visited our Website after viewing or clicking on one of our advertisements on a third-party platform, and to attribute that visit to a specific campaign. These cookies do not serve you personalised advertisements on our Website.
9.3 How to manage cookies
When you first visit our Website, a cookie consent banner is presented allowing you to accept or reject non-essential cookies. You can change your preferences at any time by clicking the Cookie Settings link in the footer of our Website.
You can also control cookies through your browser settings. Most browsers allow you to refuse or delete cookies. You can find information on how to manage cookies for popular browsers at the following links:
Please note that blocking or deleting strictly necessary cookies may affect the functionality of our Website. Blocking analytics or advertising cookies will not affect your ability to use the Website.
9.4 Third-party cookies
Google Analytics and Google Ads are third-party services provided by Google Ireland Limited. The information collected is used to generate analytics reports and measure advertising conversion effectiveness.
You can learn more about Google’s privacy practices at: policies.google.com/privacy.
Below is more information about how you can share your preferences with Google Ads, these are provided for information purposes only but do not relate to the processing we perform with your consent:
- You can opt out of Google Ads personalised advertising by visiting Google Ads Settings at: adssettings.google.com
- You can also opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on available at: tools.google.com/dlpage/gaoptout
9.5 Google Consent Mode v2
Our Website implements Google Consent Mode v2, a technical framework that adjusts the behaviour of Google tags (Analytics and Ads) based on your consent choices.
When you have not consented to analytics or advertising cookies, Google tags operate in restricted mode: no analytics or advertising cookies are placed on your device, and no personal data is collected for these purposes. Cookieless pings may still be transmitted to Google to support aggregated modelling; these pings contain limited personal data and do not result in cookies being stored on your device.
When you have consented, Google tags operate in full mode and place the analytics and advertising cookies described above.
9.6 Consent under the ePrivacy Directive
The placement of analytics cookies and advertising cookies on your device requires your prior informed consent in accordance with Article 5(3) of the ePrivacy Directive (2002/58/EC), as transposed into Spanish law. We obtain this consent through the cookie consent banner presented on your first visit. You may withdraw your consent at any time through the Cookie Settings link in the footer of our Website.
9.7 Cookie Policy
For a comprehensive inventory of all cookies used on our Website, including their names, providers, purposes, categories, and durations, please refer to our separate Cookie Policy.
10. Automated decision-making
We do not use your personal data for automated decision-making, including profiling, that produces legal effects or similarly significantly affects you.
11. Changes to this Privacy Notice
We may update this Privacy Notice from time to time to reflect changes in our practices or applicable law. When we make material changes, we will notify you by updating the “Last updated” date at the top of this notice. We encourage you to review this Privacy Notice periodically.
12. Contact information
If you have any questions, concerns, or requests regarding this Privacy Notice or the processing of your personal data, please contact us:
Kalipso Iberia, S.L.Carrer de Rera Palau, 11, Planta 5
Ciutat Vella, 08003 Barcelona, Spain
Email: contact@kalipso.ai
Kalipso Iberia, S.L.
Carrer de Rera Palau, 11, Planta 5
08003 Barcelona, Spain
CIF: B21798608 · EU VAT: ESB21798608