Privacy Policy

Last updated: April 2026

1. Data Controller

The data controller responsible for processing personal data is:

EIVURA, S.L.

NIF: B26588327

Registered address: Tarragona 43005, Spain

Email: contact@eivura.com

Website: https://eivura.com

2. Scope of This Policy

This Privacy Policy applies to:

  • The website eivura.com
  • Any websites, forms, platforms, digital services, or operational systems operated by EIVURA, S.L.
  • Any commercial brands, business initiatives, or ventures owned and operated by EIVURA, S.L., including but not limited to Tammour

For all such services and brands:

EIVURA, S.L. acts as the sole data controller, unless explicitly stated otherwise.

Brand names used by EIVURA, S.L. do not imply the existence of separate data controllers or separate legal entities unless expressly communicated.

3. Personal Data Collected

Depending on the interaction, EIVURA, S.L. may process the following categories of personal data:

a) Data provided directly by the user

  • Name
  • Email address
  • Company name, where provided
  • Inquiry type
  • Message content
  • Any other information voluntarily submitted through forms, email, or communication channels

b) Technical and security data

  • IP address
  • Request date and time
  • Browser and device information
  • Technical request metadata
  • Form interaction metadata
  • Cloudflare Turnstile anti-bot verification token
  • Anti-spam detection fields
  • Security logs necessary to protect the website and services

c) Business relationship data

Where a business relationship is established or being evaluated, EIVURA, S.L. may process:

  • Contact details
  • Business communication history
  • Supplier, partner, or collaborator information
  • Commercial inquiry details
  • Contractual or pre-contractual information
  • Invoicing or administrative information where legally required

4. Purposes of Processing

EIVURA, S.L. processes personal data for the following purposes:

  • Managing and responding to inquiries.
  • Evaluating commercial, supplier, partnership, or collaboration opportunities.
  • Operating and managing EIVURA’s brands, ventures, and business initiatives.
  • Providing services or communications related to EIVURA-operated brands, including but not limited to Tammour.
  • Managing pre-contractual and contractual relationships.
  • Maintaining website functionality, technical operation, and security.
  • Preventing abuse, spam, fraud, automated submissions, and unauthorized access.
  • Improving internal processes, documentation, and operational workflows.
  • Complying with applicable legal, tax, accounting, and administrative obligations.

5. Legal Bases for Processing

The legal bases for processing personal data may include:

a) Consent

For example, when a user submits a contact form or voluntarily provides information through the website.

b) Legitimate interest

For example, to protect the website from spam, bots, fraud, abuse, security threats, or misuse, and to maintain operational integrity.

c) Pre-contractual measures

For example, when a user contacts EIVURA, S.L. regarding a potential business relationship, supplier opportunity, partnership, collaboration, or service request.

d) Contractual necessity

Where a contractual relationship is established with EIVURA, S.L. or with one of its operated brands.

e) Legal obligation

Where processing is necessary to comply with tax, accounting, regulatory, administrative, or legal requirements.

6. Data Sharing and Processors

EIVURA, S.L. does not sell personal data.

Personal data may be processed by trusted service providers strictly where necessary for operational, technical, security, administrative, or communication purposes.

These providers may include:

  • Hosting and deployment providers, such as Vercel.
  • Security and anti-bot providers, such as Cloudflare Turnstile.
  • Email, communication, or workflow tools.
  • Accounting, legal, tax, or administrative service providers where required.
  • Other technical service providers necessary for website or business operation.

Where required by GDPR, such providers act under appropriate data processing agreements and are required to process personal data only according to EIVURA, S.L.’s instructions and applicable law.

7. International Data Transfers

Some service providers may process personal data outside the European Economic Area (EEA).

Where applicable, EIVURA, S.L. ensures that appropriate safeguards are used, including:

  • Adequacy decisions by the European Commission.
  • Standard Contractual Clauses (SCCs).
  • Additional technical and organizational measures where necessary.
  • Other lawful transfer mechanisms recognized under GDPR.

8. Data Retention

Personal data is retained only for as long as necessary for the purposes for which it was collected.

Retention periods may depend on:

  • The nature of the inquiry.
  • The duration of the business relationship.
  • The need to maintain security records.
  • Legal, tax, accounting, or administrative obligations.
  • The establishment, exercise, or defense of legal claims.

Contact form data is generally retained only as long as necessary to manage and respond to the inquiry, unless a contractual, pre-contractual, commercial, legal, or administrative reason requires longer retention.

9. Data Subject Rights

Users may exercise the following rights under GDPR:

  • Right of access.
  • Right of rectification.
  • Right of erasure.
  • Right to object.
  • Right to restrict processing.
  • Right to data portability.
  • Right to withdraw consent at any time, where processing is based on consent.

Requests can be made by contacting:

contact@eivura.com

Users also have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD) if they believe that their personal data has been processed in breach of applicable data protection law.

10. Security Measures

EIVURA, S.L. applies appropriate technical and organizational measures to protect personal data against:

  • Unauthorized access.
  • Loss.
  • Misuse.
  • Alteration.
  • Disclosure.
  • Destruction.
  • Abuse or fraudulent activity.

These measures may include secure hosting, encrypted connections, access controls, anti-spam protections, anti-bot verification, and operational security practices.

However, no internet-connected system can be guaranteed to be completely secure.

11. AI-Assisted Processing

EIVURA, S.L. may use AI-assisted tools and workflows to support internal activities, including:

  • Research.
  • Documentation.
  • Supplier analysis.
  • Market analysis.
  • Content preparation.
  • Communication drafting.
  • Operational support.
  • Internal decision support.

Such AI-assisted processing:

  • Is used as internal support only.
  • Does not replace human oversight.
  • Does not involve automated decision-making that produces legal effects or similarly significant effects on users.
  • Is not used to make final legal, financial, tax, or contractual decisions without human review.

Where personal data is used in connection with AI-assisted tools, EIVURA, S.L. will apply appropriate safeguards and limit processing to what is necessary for the relevant purpose.

12. Cookies and Similar Technologies

The use of cookies, local storage, session storage, and similar technologies is governed by the Cookie Policy available on this website.

13. Policy Updates

EIVURA, S.L. may update this Privacy Policy to reflect:

  • Legal changes.
  • Technical changes.
  • Operational developments.
  • New brands, ventures, or services.
  • Changes in data processing practices.

Users are encouraged to review this Privacy Policy periodically.