SEPI Sociedad Estatal de Participaciones Industriales

Privacy and protection data policy 


  • Introduction
  • Person in charge of the processing and the DPO
  • Personal data collected
  • Means for data collection
  • Limitations on data processing
  • Addressees
  • Retention period
  • Images
  • Security measures
  • Rights


The processing of personal data carried out through this website of Sociedad Estatal de Participaciones Industriales (SEPI) is regulated according to that stipulated in the European regulation on data protection - Regulation (UE) 2016/679 – General Data Protection Regulation (GDPR) – , Organic Law 3/2018, on December 5th, on Personal Data Protection and Digital Rights Guarantee, and the remaining regulations on data protection issues which might apply, with the aim of guaranteeing at any time the fundamental right to data protection of the users of the above mentioned website.

Through the reading of this Privacy Policy, the user is informed about the way SEPI collects, processes and protects the personal data obtained through this website. The user must carefully read this Privacy Policy, which has been drafted in a clear and simple way, with the aim of facilitating its being understood, thus being able to determine freely and willingly whether he wishes to provide to SEPI his personal data, through the different ways available to that end.

This Privacy Policy has as its goal to provide information about the rights which assist you as a result of the GDPR. Were you to have any doubt regarding the processing of your personal data, you can get into contact

Person in charge of the processing and the Data Protection Officer

The person in charge of processing the data obtained in this website is Sociedad Estatal de Participaciones Industriales (SEPI), with Tax Identification Number: Q-28 20015-B and address at C/ Velázquez, 134. Bloque V 28006 Madrid (Spain), the holder of the website which you are visiting, as well as the person in charge of the processing of the data obtained through this website.

Furthermore, we inform you that SEPI has a Data Protection Officer, with whom you may get into contact through the following address: or through a writing submitted to the attention of the ‘delegado de Protección de Datos’ (Data Protection Officer)

Personal data collected

SEPI collects personal data with the following purposes:

Mean of collection


Legal basis


Retention periods

Contact forms:

To handle the requests made by our users through the different means available Consent of the interested parties(section 6.1 a) of the GDPR The data will not be transferred to third parties, unless a legal obligation exists The data are kept while the user’s request is processed and the company’s obligations do not prescribe.

Mean of data collection

The means used by SEPI for collecting and the later processing of the personal data are as follows:

  • emails: The email addresses in SEPI’s website will be regarded as potential means for collecting personal data. Duty of disclosure emails . Deber información-correo electrónico 
  • Cookies: SEPI may use technical cookies (small information files which the server sends to the computer of the person which gains access to the website) in order to perform certain functions which are regarded as indispensable for the correct working and visualization of this website, as well as for measuring the activity, uses and access to the website’s content. The information about the processing carried out by the person in charge of the personal data collected through the email is available at: : Cookies Policy.
  • Forms: Through the different forms made available to you in the website, SEPI collects and processes data of a personal nature. The information regarding how we process the data can be found at the bottom of the page of each form.

The data requested on this website are generally of an obligatory nature – unless in the space required the opposite is stated –for fulfilling the stipulated purposes. When the user makes use of other means for submitting data to SEPI, the user must supply only that information which might be required in each case.

In this sense, the user will assume the potential responsibilities resulting from the excess of data, or their inadequacy, which he voluntarily provides to SEPI through the data collection means made available. Furthermore, he will be responsible of the truthfulness and accuracy of the personal data supplied. In the case of being any change in the user’s data, those changes must be communicated to SEPI for the purpose of keeping them updated.

Restrictions on the processing

SEPI does not authorize those less than 14 years old to supply their personal data through the means available at this website –Filling out the web forms provided for the request of contact services, or through the sending of emails. Thus, the persons who make use of those means for providing personal data formally declare that they are older than 14 years of age, being SEPI exempt from any responsibility for the failure to comply with this requirement. In those cases in which the services offered by SEPI are aimed at those less than 14 years of age, it will make available the means for obtaining the authorization from the minor’s parents or legal tutors.


Neither communication of data to third parties, nor transfers to third countries or to international organizations are envisaged, except for the fulfillment of a legal obligation or at the request of a public entity, or by a court.

Retention period

SEPI stores your personal data during the time which is indispensable and necessary for each processing purpose, without prejudice to that of your being able to revoke your consent at any. The retention period, in general, will be determined by the fulfillment of a legal obligation which might appear in each processing, or for the submission of potential claims by the users.


SEPI, through its website and its profiles in social networks supplies information regarding the entity’s activity. On some occasions, the information provided includes images or videos showing identified or identifiable people. In the case that you were to recognize yourself in any of these photographs and/or videos and you have no wish to appear in them, we ask you to communicate it to us through the email address: In the case of those less than 14 years of age, the request must be made by the parents or the legal representatives.

Security measures

SEPI takes the adequate security measures in keeping with that envisaged in the data protection regulation in force, with the goal of guaranteeing the fundamental right to data protection of the users of this website.


The rights of those affected are as follows:

  • To obtain confirmation whether SEPI is processing your personal data.
  • To have access to your personal data, as well as to request the rectification of inexact data, or, when appropriate, to request their removal when, among other reasons, the data are no longer needed for the requirements for which they were collected.
  • ­To request under certain conditions:
    • ­The limitation in the processing of your data, in which case SEPI would keep them only for submitting or defending claims.
    • ­The right to object to the use of your data, in which case, SEPI will stop processing the data, except in the case of imperative and legitimate reasons, or for the exercise or the defense of potential claims, including the processing of your data for automated individual decisions.
    • ­The portability of the data, so that they can be given to the affected person or transferred to other person in charge, in an structured format, of joint use and mechanical reading.

Equally, when the processing of the data is based on the consent, you have the right to revoke it in accordance with the terms and conditions stipulated in the data protection regulation in force.

The affected persons may exercise the rights against SEPI, at the address C/ Velázquez, 134. Bloque V 28006 Madrid, (Spain), stating on the issue: Ref. Protección de Datos or through the email:

In the case that you feel that your rights regarding the protection of your personal data have been breached, especially when you have not received satisfaction in the exercise of your rights, you can submit a claim to the corresponding control authoritiy in charge of Data Protection, the Agencia Española de Protección de Datos - Address: C/ Jorge Juan, 6 – 28001 Madrid (Spain) – website:

Prior to that, you can get into contact with the Data Protection Officer:

Publication date: February 24th, 2022.