Privacy Policy

At MASA Group, we are interested in ensuring that the processing of users’ personal data is carried out in a transparent and secure manner, so that our users know at all times how we process their personal data and how they can exercise their rights and freedoms.

When browsing the website (hereinafter, the “Website”), or when accessing, requesting information or filling in any of its forms, MASA CAPITAL, S.L. collects your personal data as a user (the “User(s)”) in accordance with this privacy policy (the “Privacy Policy”) and any other policy that may replace it in the future.

Any User who does not agree with the Privacy Policy or the Legal Notice should refrain from accessing, requesting information or contracting any of the products or services offered on the Website.

1. Data controller.
2. What personal data do we process?
3. For what purpose and on what grounds do we process Users’ personal data?
4. For how long do we process and keep the User’s personal data?
5. Who can access the User’s personal data?
6. What security measures does the MASA Group apply?
7. What rights can Users exercise?
8. Changes to the Privacy Policy.
9. Contact.

1. Responsible for data processing.

1.1. The party responsible for the collection and processing of your personal data on the Website is MASA CAPITAL, S.L. (“MASA Group”), with tax identification number B-03118767, address at Calle Princesa, 2, 1º – 5, 28008, Madrid, and contact e-mail address Grupo MASA is duly registered in the Mercantile Register of Madrid in Volume 29566, Folio 160, Page 532110, Section 8 and Inscription I/A 1.

2. What personal data do we process?

2.1. The MASA Group collects and processes different information from Users. This information may, on many occasions, constitute Users’ personal data.

This information will be considered personal data when it can directly identify or allow us to identify a natural person, such as name and surname or contact details.

2.2. This personal data may have been directly provided by the User, when interacting on the Website or completing any of the available forms.

2.3. Specifically, the personal data that may be processed by the MASA Group on the Website consists of Users’ contact details, including their name and surname, telephone number and e-mail address.

2.4. Furthermore, Grupo MASA may record the visits you make to the website and its links or when you click on content, interact, or otherwise make use of the website, through cookies and other similar technologies. For more information in this regard, Users can refer to our Cookies Policy.

2.5. We remind Users that they are responsible for ensuring that the personal data they provide is true and accurate, and undertake to notify any changes or modifications. Any loss or damage caused to the Website, the MASA Group or any third party through the communication of erroneous, inaccurate or incomplete information shall be the responsibility of the User.

2.6. In the event of failure to provide the data considered necessary, it may not be possible to proceed with the request for information or, in general, with the management of requests intended by the User.

3. For what purpose and on what grounds do we process Users’ personal data?

3.1. The MASA Group processes the personal data of Users for different purposes depending on the transactions they carry out on the Website. Below, we indicate the specific purposes for which we process Users’ personal data, as well as the legal basis that legitimises their use in each case:

(a) Attention to queries and requests made.

Legal basis: The consent of the User when directing queries to Grupo MASA for the attention of requests through the different contact channels and the legitimate interest of Grupo MASA in processing and managing the User’s queries.

The MASA Group may process the User’s personal data in order to deal with the queries that the User addresses when contacting us through any of the channels available to the User, in relation to the products or services offered or contracted with the MASA Group.

(b) Compliance with legal obligations and requirements of different bodies.

Legal basis: Compliance with legal obligations applicable to the MASA Group.

The MASA Group shall also process the User’s personal data in order to comply with any legal obligations that may be applicable and enforceable, and to meet the requirements of any body, court or public administration.

(c) Management of the Website and analysis of its use.

Legal basis: Legitimate interest in analysing the use of the Website, in order to improve the services provided to Users and offer them greater security.

The MASA Group may also process the User’s personal data in order to carry out analyses, studies, statistics, surveys, usage metrics, study market trends and use the data for the prevention of fraud, either on its own or through third parties. As far as possible, the information used for this purpose shall be aggregated information at a statistical level, without identification of the User.

3.2. The MASA Group shall not make automated decisions based solely on the automated processing of the User’s personal data, without human intervention and which produce legal effects or significantly affect Users, which may fall within the cases provided for in Article 22 of Regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and the free movement of such data, as well as the regulations supplementing or replacing it. Nor does it carry out complex or automated profiling. Any automated decisions or complex profiling shall be subject to the explicit, express and separate consent of the User.

4. How long do we process and keep the User’s personal data?

4.1. The MASA Group will not store the User’s personal data for a longer period than is necessary to fulfil the above-mentioned purposes.

4.2. Subsequently, your data will be kept for the legal periods applicable in each case, taking into account the type of data, as well as the purpose of the processing. On the other hand, once the purposes have been fulfilled, the MASA Group shall keep the personal data duly blocked, to the extent that liabilities may arise for the MASA Group or as otherwise required by the applicable regulations.

5. Who may access the User’s personal data?

5.1. The MASA Group shall not grant access to the User’s personal data to third parties other than those indicated in this Privacy Policy. Specifically, such access will occur in the following cases:

(a) Group of companies.

MASA Group may communicate the personal data of Users to [the entities of its group of companies listed in the following hyperlink:

The purposes of the communication are as follows:

– For internal administrative and group management purposes, based on the legitimate interest of the MASA Group established in the applicable regulations.

– To the extent that any of the requests made refer to other companies in the group, to attend to the User’s request, based on our legitimate interest and the execution of the request made.

– For the provision of ancillary services necessary for the correct execution of the services offered on the Website.

(b) Service providers.

The MASA Group may use other companies to provide certain services under its guidelines, for example, customer service, collection, sales, consulting, auditing, or IT-maintenance.

The MASA Group guarantees that, in such cases, these third parties shall have limited access to the Users’ personal data to the extent necessary to carry out the tasks entrusted to them, they shall sign a processing assignment contract or the commitments that may be necessary in each case in accordance with the regulations in force and shall be obliged not to disclose the information or use it for purposes other than those of providing the corresponding service.

(c) Disclosures required by law.

The MASA Group may disclose the personal data of Users when required to do so by law, in legal proceedings, to investigate suspicious activity, or in any other way to protect its own rights and those of the Users.

5.2. In those cases in which the MASA Group works with service providers located outside the European Economic Area, it shall implement the necessary safeguards and guarantees with said service providers, in accordance with the applicable regulations at all times, prior to carrying out the international transfer of data (e.g., verification of the existence of adequacy decisions, signing of standard contractual clauses, carrying out risk/impact analysis of the transfer).

5.3. You can request a copy of these safeguards and guarantees at any of the addresses indicated in this Privacy Policy.

6. What security measures does the MASA Group apply?

6.1. The MASA Group will adopt the technical and organisational measures necessary to guarantee the confidentiality, integrity and security of personal data, and to avoid its loss, alteration, processing or unauthorised access, taking into account the state of technology and the nature of the data stored. Likewise, the MASA Group periodically monitors its systems to detect possible vulnerabilities and attacks.

6.2. However, Users are aware that Internet security is not impregnable and that there is no guarantee that personal data cannot be accessed, disclosed, altered or destroyed if there is a breach in any of the security measures installed.

7. What rights can Users exercise?

7.1. In accordance with the legislation applicable at any given time, Users may request the exercise of their rights of access to personal data, rectification or deletion, limitation of processing, opposition to processing, as well as the right to the portability of their data, and the right to withdraw the consent given. In particular, Users have the following rights:

Access to data: The User may request access to their personal data and the processing that MASA Group is carrying out at any time, along with a copy of the processed information.

Rectification of data: The User may request the modification of their personal data when it is inaccurate or incomplete.
Deletion of data: The User may request the deletion of his personal data if: (i) they are no longer necessary for the purposes for which they were collected or otherwise processed, (ii) if he withdraws his consent, (iii) when he understands that they have been processed unlawfully or (iv) otherwise legally established.

Limitation of processing: The User may request the limitation of the processing of his personal data in particular while contesting the accuracy of his personal data, when he understands that the processing is unlawful, when his personal data are no longer necessary for the purposes for which they were collected, but are necessary for the formulation, exercise or defence of claims, or in case of opposition while we verify the applicability of his right.

Opposition to processing: The User may oppose the processing of their personal data, for reasons related to their particular situation, when their personal data are processed on the basis of legitimate interest, including profiling. In such a case, MASA Group shall be obliged to stop processing their personal data, unless there are legitimate reasons that prevail or their personal data are necessary for the formulation, exercise or defence of claims.

Portability: The User may request the reception of his/her personal data in a structured, commonly used and machine-readable format, and its transmission to another data controller, when the processing of his/her personal data is based on consent or on the execution of a contract and the processing is carried out by automated means.

Withdrawal of consent: The User may also withdraw the consent given at any time. Withdrawal of consent will not affect the lawfulness of the processing based on the consent prior to its withdrawal.

7.2. The User may exercise these rights, at any time, by means of a communication clearly identifying the right being exercised, by post to the addresses of the MASA Group indicated in this Privacy Policy or via the following e-mail address:

7.3. Should it be necessary for the unequivocal identification of the User, the MASA Group may request a copy of the User’s ID card, passport or other valid document that identifies the User.

7.4. In any case, Users may also file a complaint with the competent supervisory authority which, in the case of Spain, is the Spanish Data Protection Agency (

8. Changes to the Privacy Policy.

8.1. The MASA Group reserves the right to modify this Privacy Policy as a result of new processing of personal data, or the modification of existing data, as well as in accordance with new legislative or regulatory requirements, for security reasons or for the purpose of adapting this policy to the instructions of the data protection control authorities or to new processes.

8.2. Whenever significant changes are made to this Privacy Policy, the MASA Group shall duly inform Users through the Website in order to offer them the possibility of reviewing the changes and, if necessary, accepting them before they become effective.

9. Contact.

9.1. For any doubts or queries regarding this Privacy Policy, please do not hesitate to contact us via the postal address of the MASA Group given in this Policy, the forms on the Website, or you may contact the person responsible for data protection via the following e-mail address: