ZABALA group formed by ZABALA INNOVATION CONSULTING, S.A., located at Paseo Santxiki, 3 bis – E-31192 Mutilva (Navarre), ZABALA BRUSSELS SPRL, located at rue Belliard, 20 -4ème – B-1040 Bruxelles, and GBA ZABALA conseil en innovation SAS, located at 35 rue d’Artois – F-75008 Paris- hereinafter JOINT CONTROLLERS, are, as stated in article 26 of Regulation (EU) 2016/679 of April 27, 2016 (GDPR) on the protection of natural persons with regard to the processing of personal data and the free circulation of this data, jointly responsible for the personnel data processing of the User and informs that this data will be treated in accordance with the provisions of GDPR, for which the following treatment information is provided:

Contact details of the joint controllers: ZABALA INNOVATION CONSULTING, S.A., paseo Santxiki, 3 bis – E-31192 Mutilva (Navarra). NIF: A31419773. Phone: +34 948 198 000 Email: ZABALA BRUSSELS SPRL, rue Belliard, 20 -4ème – B-1040 Bruxelles. NIF: BE0692797754. Teléfono: +32 2 5138122 Email: GBA ZABALA conseil en innovation SAS, 35 rue d’Artois F-75008 Paris. NIF: SIRET 818 995 649 00022 – Nº TVA FR45818995649. Teléfono: +33 01 53 53 09 27 Email:

Purpose of the treatment: sending newsletters/mail, digital or on paper, informing about the progress, events or activities of the EU funded project Energetic, Sending communications regarding initiatives, conferences, events (national and international) and ZABALA group services as well as publications, R&D&i activities, R&D&i calls and other news from the sector. Processing requests or any type of request that is made by the user through any of the contact forms that are available. The legal basis is based on the consent to the processing of your personal data for one or several specific purposes and based on the legitimate interest between the parties.

When you interact with our website, we collect and utilize your personal data, based on both your consent and our legitimate interest:

  • With your consent, we process personal data provided via the contact form such as your name, email, and organization as well as personal data provided for signing up to the ‘Energetic Community of Practice’ such as your name, country of residence,  organisation, and occupation.  
  • When you use our website or communicate with us via phone, e-mail, or other digital communication channels, we will collect and use your personal data to:
    • enable the communication between you and us, for which we rely on our legitimate interest to be able to respond to requests, questions, or remarks or to contact you proactively for inquiries of whatever kind;
    • improve the website’s content and the overall experience, for which we rely on our own legitimate interest to offer our visitors an interesting online space;
    • detect and prevent malware, illegal content and behaviour, and other types of misuse, for which we rely on our legitimate interest to keep our online presence safe.

Data preservation criteria: the legal provision that obliges to keep them for tax and accounting requirements and the necessary time for the described purposes, unless there is opposition to the treatment or data cancellation.

International transfer of data: No transfers or international transfer of data are planned, except for legal provisions.

Processor: although it is not foreseen, the providers will be able to access to the data, with whom the obligations and responsibilities assumed in the treatment of the data will be formalised, in the capacity of Processor. Access to the processed data will be granted to members of the consortium and/or governmental/judicial authorities, in accordance with the GDPR.

Legitimation: The data subject consents to the processing of his/her personal data provided in the contact forms such as name, email and organisation for one or more specific purposes and based on the legitimate interest between the parties.

User rights: you have the right to withdraw the consent at any time, as well as exercise the rights of access, rectification, portability and deletion of their data and the limitation or opposition to their treatment.

You have a number of rights, which you can exercise at any time. In particular, you have the:

  • Right to be informed: You have the right to be informed about the collection and use of your personal information, including the purpose for which we are processing this information, the period that we will retain it and with whom we will share it.
  • Right of access: You have the right to ask from us to confirm whether we are processing personal information concerning you. Where that is the case, you can access your personal information that we are processing and relevant supplementary information.
  • Right to rectification: You have the right to request from us modifications to your personal information in case you believe that it is not up to date, complete or accurate.
  • Right to erasure (“right to be forgotten”): You have the right to ask us to erase your personal information that we are processing.
  • Right to restrict processing: You have the right to request from us to restrict the processing of your personal information, with a view to limiting the way that we use this information.
  • Right to data portability: You have the right to ask for your personal information to be provided back to you or transferred to a third party.
  • Right to object: You have the right to object to us processing your personal information at any time for reasons related to your particular situation.
  • Right not to be subject to a decision based solely on automated processing (including profiling), which produces legal effects concerning you or similarly significantly affects you.”

Claim possibility: Right to file a claim with the control authority ( if you consider that the treatment does not comply with current regulations. AGPD – Phone. +34 901 100 099 | +34 C/Jorge Juan,6 28001-Madrid.

Children: We do not knowingly collect, use, or disclose information from children under the age of 16. If we learn that we have collected the personal information of a child under 16 we will take steps to delete the information as soon as possible. Please immediately contact us if you become aware that a child under 16 has provided us with personal information.

Third-Party Websites: Our website may contain links to or the ability for you to access third-party websites. We are not responsible for the privacy practices employed by those third parties, nor are we responsible for the information or content their websites contain. This Privacy Policy applies solely to information collected by us.  We encourage you to read the privacy policies of any third parties before proceeding to use their websites.

Language: We reserve the right to update or change our Privacy Policy at any time and with that in mind, users should periodically review this Privacy Policy.

Contact information to exercise your rights: to exercise the rights send an email to any of the above-mentioned joint controllers. You must specify which of these rights you wish to be addressed and, in turn, it must be accompanied by an ID card photocopy or equivalent identification document. If you act by proxy, legal or voluntary, you must also provide a document proving the representation and identification document thereof. If you want to have a model for which you can: Use an official model of the Agency: See AGPD.

Link to the complete list of all national data protection authorities within the EU ( and for the competent authority within the UK (


The users, by marking the corresponding boxes and entering data in the fields, in the different forms of the website, freely and unequivocally accept that their data are necessary to meet their request by the provider, being voluntary the inclusion of data in the remaining fields. The user guarantees that the personal data provided to the JOINT CONTROLLERS are true and is responsible for communicating any modification thereof.

The JOINT CONTROLLERS expressly inform and warrant users that their personal data will not be transferred in any case to third parties, and that whenever they will make any kind of transfer of personal data, the prior consent of the users will be unequivocally requested.

We use MailChimp, entity certified under the Privacy Shield, as a marketing automation platform. By clicking to submit a form, you understand that the information you provide will be transferred to MailChimp for processing in accordance with its Privacy and Terms of Policy.


In accordance with the provisions of current regulations on personal data protection, the JOINT CONTROLLERS are complying with all the provisions of the GDPR for the treatment of personal data of their responsibility, and manifestly with the principles described in article 5 of the GDPR, for which they are treated in a lawful, loyal and transparent manner in relation to the interested party and adequate, relevant and limited to what is necessary in relation to the purposes for which they are treated.

The JOINT CONTROLLERS guarantee they have implemented appropriate technical and organizational policies to apply the security measures established by the GDPR in order to protect the rights and freedoms of the Users and have communicated the appropriate information so that they can exercise them.

For more information:

Scroll to Top