Legal
Privacy Policy
This Privacy Policy ("Privacy Policy") describes how European Equity Research Partners, S.L. (the "Company" or "EERP") collects, uses, stores and protects the personal data of users of the website www.europeanequityresearch.com and related services, in compliance with Regulation (EU) 2016/679 (GDPR), Organic Law 3/2018 on Data Protection and Guarantee of Digital Rights (LOPDGDD), and applicable Spanish and European legislation.
1. Data controller
The data controller responsible for the processing of personal data is:
European Equity Research Partners, S.L. — Tax ID number B88666292 — registered office at Plaza General Santes, 4, bajo 2, 46160 Llíria (Valencia), Spain — privacy@europeanequityresearch.com.
EERP is not required to appoint a Data Protection Officer (DPO) under Article 37 GDPR, as the Company does not engage in large-scale processing of special categories of data nor systematic monitoring of data subjects. The contact email privacy@europeanequityresearch.com is the designated channel for any privacy-related queries or requests.
2. Personal data we collect
EERP collects only the personal data strictly necessary to provide its services and comply with its legal obligations. The categories of data collected depend on the user's interaction with the Company:
| Channel | Data collected |
|---|---|
| Contact form | Name, email address, company (optional), message content |
| For-issuers form | Company name, contact person, role, email, sector, listing venue, message |
| For-exchanges form | Exchange name, contact person, role, email, message |
| Research newsletter | Name, email, company, professional role |
| Career applications | Name, email, CV, cover letter, professional and academic background |
| Direct email correspondence | Identification and content data voluntarily provided by the sender |
| Website analytics | Aggregated and anonymised usage data via Squarespace Analytics first-party cookies (see Cookie Policy) |
EERP does not collect special categories of personal data (Article 9 GDPR), nor data relating to criminal convictions or offences (Article 10 GDPR).
3. Purposes and legal bases
EERP processes personal data for the following purposes and on the following legal bases under Article 6 GDPR:
| Purpose | Legal basis |
|---|---|
| Responding to contact form enquiries | Consent of the data subject (Art. 6.1.a GDPR) and pre-contractual measures at the request of the data subject (Art. 6.1.b) |
| Managing coverage requests from issuers and exchanges | Pre-contractual measures and execution of contractual relationship (Art. 6.1.b GDPR) |
| Sending research notes and updates to subscribers | Express consent of the data subject (Art. 6.1.a GDPR) |
| Managing career applications and recruitment processes | Pre-contractual measures (Art. 6.1.b GDPR) and consent (Art. 6.1.a) for retention beyond the specific process |
| Maintaining professional relationships with investor relations contacts at covered issuers and institutional investors | Legitimate interest in B2B financial communications (Art. 6.1.f GDPR) |
| Complying with legal, fiscal and accounting obligations | Legal obligation (Art. 6.1.c GDPR) |
| Website analytics and improvement | Consent of the data subject through cookie banner (Art. 6.1.a GDPR) |
4. Data retention periods
EERP retains personal data only for the period strictly necessary to fulfil the purposes for which they were collected and to comply with applicable legal obligations:
| Data category | Retention period |
|---|---|
| Contact form enquiries (no contractual outcome) | 1 year from last interaction |
| Issuer and exchange coverage relationships | Duration of the contractual relationship + 6 years post-termination (Spanish Commercial Code Art. 30 and General Tax Law) |
| Accounting and tax records | 6 years (Spanish Commercial Code) or longer if required by tax authorities |
| Newsletter subscribers | Until withdrawal of consent by the user |
| Career applications (non-selected candidates) | 1 year from completion of the selection process |
| Career applications (selected candidates) | Duration of employment relationship + 4 years post-termination (labour and social security regulations) |
| Analytical cookies | Up to 24 months (see Cookie Policy) |
5. Data recipients and processors
EERP does not transfer personal data to third parties except where strictly necessary to provide its services, to comply with legal obligations, or with the express consent of the data subject. The Company relies on the following data processors under Article 28 GDPR, each of whom has signed appropriate data processing agreements:
| Processor | Purpose |
|---|---|
| Squarespace, Inc. (United States) | Website hosting, contact and registration forms, native analytics. Adhered to the EU-US Data Privacy Framework. |
| Microsoft Ireland Operations Limited | Email (Outlook), document storage (OneDrive, SharePoint), Teams collaboration, calendar. Primarily EU-based infrastructure. Microsoft is adhered to the EU-US Data Privacy Framework. |
Additionally, personal data may be communicated to public authorities, courts, regulators (including the Spanish CNMV, ESMA, and the Spanish Data Protection Agency) where required by law.
6. International data transfers
The processors listed in Section 5 may transfer personal data to the United States. Both Squarespace, Inc. and Microsoft Corporation are certified under the EU-US Data Privacy Framework, which has been deemed adequate by the European Commission Decision of 10 July 2023 (Article 45 GDPR). No additional safeguards are required for these transfers.
Where additional processors are added in the future, EERP will ensure appropriate safeguards under the GDPR: adequacy decisions (Art. 45), standard contractual clauses (Art. 46), or any other legally admissible mechanism.
7. Data subject rights
Under the GDPR and LOPDGDD, data subjects have the following rights regarding their personal data:
To obtain confirmation as to whether personal data are being processed and to access such data and information about the processing.
To request correction of inaccurate or incomplete personal data.
To request deletion of personal data when no longer necessary for the purposes for which they were collected, or when consent is withdrawn.
To request limitation of processing in specific circumstances foreseen by the GDPR.
To receive personal data in a structured, commonly used, machine-readable format, and to transmit them to another controller.
To object to processing based on legitimate interest, including profiling, at any time.
To withdraw consent at any time without affecting the lawfulness of processing based on consent prior to withdrawal.
To exercise any of these rights, data subjects may contact EERP at privacy@europeanequityresearch.com, providing sufficient information to identify themselves and specify the right they wish to exercise. EERP will respond within one month of receipt of the request, extendable by two additional months in cases of particular complexity.
Data subjects also have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD), the supervisory authority in Spain, via www.aepd.es, if they consider that the processing of their personal data infringes applicable regulations.
8. Security measures
EERP applies appropriate technical and organisational measures to ensure a level of security appropriate to the risk, in accordance with Article 32 GDPR. These measures include:
- Multi-factor authentication on all corporate email accounts and platforms.
- Encryption of data in transit and at rest where supported by the processor.
- Access controls limited to authorised personnel on a need-to-know basis.
- Regular review of access permissions.
- Confidentiality obligations binding on all partners, employees and contractors.
- Procedures for the detection, reporting and management of personal data breaches.
In the event of a personal data breach likely to result in a risk to the rights and freedoms of natural persons, EERP will notify the AEPD within 72 hours of becoming aware of the breach, and will inform affected data subjects where the breach is likely to result in a high risk.
9. Automated decisions and profiling
EERP does not carry out automated decision-making, including profiling, that produces legal effects on data subjects or significantly affects them in a similar manner.
10. Personal data of minors
EERP's services are directed at professional and institutional users. The Company does not knowingly collect personal data of minors under 14 years of age. If EERP becomes aware that personal data of a minor have been collected without the consent of the parents or legal guardians, such data will be deleted as soon as possible.
11. Modifications to this Privacy Policy
EERP reserves the right to modify this Privacy Policy to reflect legal, jurisprudential, organisational or sectoral changes. Material modifications will be communicated through the corporate website. The current version is always available on the Website.
12. Applicable law
This Privacy Policy is governed by Regulation (EU) 2016/679 (GDPR), Organic Law 3/2018 on Data Protection (LOPDGDD), and Spanish law. Any dispute arising from the processing of personal data shall be submitted to the Courts and Tribunals of Valencia (Spain), without prejudice to the right of data subjects to lodge a complaint with the AEPD.
13. Contact
For any queries or requests relating to this Privacy Policy, please contact:
European Equity Research Partners, S.L. Privacy contact: privacy@europeanequityresearch.com General enquiries: info@europeanequityresearch.com