Privacy Policy

Co-managers of treatment

ELKARGI, S.G.R., ELKARGI CONSULTORES, S.L.U. and METIX GESTIÓN DE RIESGOS, S.L. (depending on the services requested).
Postal address: Paseo Mikeletegi, 50. 20.009 Donostia-San Sebastián.
E-mail:    Telephone: 943 30 90 90 60

How we have obtained your data

Obtained from the interested party: If you are already a client and/or partner, for example as a beneficiary of a guarantee, a buyer or lessee of a property, a client of our consulting or training services…, you have provided them to us, either off-line or on-line when requesting our services in order to be able to maintain the contractual relationship with you.

When you provide us with personal data, you guarantee that you are authorized to provide this information and that it is true, truthful, accurate and updated, that it is not confidential, that it does not violate any contractual restriction or third party rights and you undertake not to impersonate other Users by using their registration data for the different services and/or contents of the Web Site.

Obtained automatically when visiting our website: If the data has been provided to us through this Website, we collect information, for example, when you access the page, when you fill in any form with personal data, or when you communicate with us directly by e-mail.

Our website has connectors to social networks, when you choose to interact with us through a social network, we can not be responsible for the privacy settings chosen by the user, the social network can report your IP address or what page you are visiting on our website and can set a cookie to allow them to function properly, or for example your name will appear in the “likes” you give or in the comments you make on our page on a social network. If you do not want your personal data associated with those “likes” or comments to appear, configure your privacy to avoid it, pseudonymizing your data for example by putting a nickname or alias that does not reveal your name and surname.

If you log in to one of these social networks during your visit to our website, the social network may add that information to your profile and that information will be transferred to the social network. If you do not want this data transfer to take place, please log out of your session on the social network before entering our websites or mobile applications, as it is not in our power to influence this data collection and transfer through social connectors.

If the user, through our official page on a social network, decides to publish and/or share texts, photos, videos and other types of information and/or content, he/she is solely responsible for the compliance of such content with the corresponding legal regulations.

In any case, we may remove from both this website and our pages on social networks, any content posted by the user when we detect that the user has violated the law, and as indicated in this privacy policy.

Social Networks are not hosted directly on our Services. Your interactions with them are governed by their policies and not ours. Please read the privacy policies of those social networks for detailed information on the collection and transfer of personal data, your rights and privacy settings.

Communication by a third party of the data subject’s data: In the event that it is not the data subject himself/herself but a third party who provides us with his/her data, your data may have been communicated to us by public or private prescribing entities (financial institutions, consultancies or law firms) or collaborators with whom we reach agreements or collaboration agreements of any kind, especially to revalue and/or make contributions to the Technical Provisions Fund to facilitate financing. In the event that it is not the interested party himself but a third party who provides us with data of the former, it is the third party who expressly guarantees that he has the authorization of the interested party for such contribution, exonerating us from any responsibility in case of any claim by the interested party, responsibility that assumes only and exclusively who has communicated the data on behalf or in the interest of the latter.

Third party data

With respect to other people’s data, you must respect their privacy, taking special care when publishing their personal data. We remind you that, as a user, you can only provide and consent to the processing of your personal data, but not those of third parties, and that if you provide us with data of third parties you are making a transfer of personal data, being your responsibility to have the prior and express consent of those third parties to use them and provide them to us, and you are responsible for informing them of the inclusion of their data in our files.

The publication of data of third parties without their consent may infringe, in addition to the regulations on data protection, the right to honor, privacy or self-image of such third parties, rights whose protection is governed by the provisions of Law 1/1982 of 5 May, on civil protection of the right to honor, personal and family privacy and self-image.

Purpose and legitimization

Data processing of:
(a) partners and/or applicants and/or beneficiaries of guarantee operations (both on line and off line) as well as those of guarantors, personal or real guarantors of those, in order to:
– maintain contact and communication with such persons;
– study and analysis of the operation requested, accredit solvency (income, assets and indebtedness of debtors, guarantors and third parties offering real guarantees); management, follow-up and invoicing of the operations and services rendered and of the contractual relationship derived from them; and
to provide the RIC with the information related to the credit risks derived from the guarantees we grant.
b) clients of the consultancy and training activity (both on line and off line) to
– maintain contact and communication
– management, follow-up and invoicing of the operations and services rendered and of the contractual relationship deriving therefrom
c) speakers in our training activities to maintain contact and relationship with them, as well as to inform about their professional resumes and their image in the training activities we organize, being able to publish such data on our website, as well as in paper documentation related to the corresponding training activities

Contractual relationship, compliance with regulations, e.g. consumers and users, money laundering, banking regulations (for the calculation of the rating necessary to assess the viability of the transaction and for the solvency analysis of both beneficiaries and guarantors and guarantors); Law 44/2002, on Financial System Reform Measures, Bank of Spain Circular 1/2013 of May 24, 2013, on the Central Credit Register (CIR).
To send to potential customers, by means of electronic communications, information about our activities, products and/or services similar to those requested.Consent
Installation of non-technical cookies
In the case of providing us with curricular data or sending us a curriculum, contacting the interested party and managing the selection processes that we carry out.
Sending to current partners/customers, through electronic communications, information about our activities, products and/or services similar to those requested. Elaboration of profiles Installation of technical cookies Conducting opinion/satisfaction surveys. In the case of users of our website, or senders or recipients of an email: to manage requests made online, and maintain contact and communication. Communicate your data between ELKARGI, S.G.R., ELKARGI CONSULTORES, S.L.U. and METIX GESTIÓN DE RIESGOS, S.L. to provide the client with a comprehensive or specialized service that requires the intervention of interdisciplinary teams; or for internal administrative purposes.
Legitimate interest

The provision of the requested data is mandatory because it is essential to formalize and / or maintain the contractual or pre-contractual relationship and meet the legal obligations arising therefrom; if you do not provide them, we can not provide the service derived from that relationship.

When the legitimacy is based on consent, you may withdraw such consent at any time by sending us an e-mail to that effect to . Such withdrawal does not condition the processing of your data for the other purposes described.

If it is based on our legitimate interest the indicated treatment of your data we consider that it is proportionate and involves a minimal impact on your privacy, but always prevail over our legitimate interest, your interests, rights or freedoms, so if you do not want us to treat your data for these purposes please send us an e-mail to that effect to and we will do so.

Additionally, the interested parties authorize ELKARGI, S.G.R. to request from third parties (property registries, public administrations, financial institutions, credit and solvency report companies, etc. …) additional economic and patrimonial data that may be necessary to complete the information necessary for the above purposes.

We inform that in the events and activities that we organize may take photographs and / or videos that may be published on our websites, in our profiles on any social networks, as well as on Youtube to report on the event / activity, document it, and be part of the photographic / video memory of the same.

Conservation period

The personal data you provide will be kept by us, in the case of current or potential customers and suppliers, for as long as the contractual or commercial relationship is maintained and, once these are concluded, as long as the interested party does not request their deletion and, even if requested, for the necessary time and limiting their treatment, only to comply with the legal/contractual obligations to which we are subject and/or during the legal periods provided for the prescription of any responsibilities on our part and/or the exercise or defense of claims arising from the relationship maintained with the interested party.

If you are a mere user of the website, we will keep them as long as you do not request their deletion, and, even if requested, we may keep them, limiting their treatment, only for the fulfillment of legal obligations and/or the exercise or defense of claims.

If you are a potential candidate who has sent us your resume, we will keep them until you request their deletion, in order to contact you for selection processes.

In the case of complaints made through the complaints channel, the data of the person making the communication (if provided) and of the employees and/or third parties appearing in the complaint will be kept in the complaints system only for the time necessary to decide on the appropriateness of initiating an investigation into the facts reported. In any case, after three months have elapsed since the data were entered, they will be deleted from the reporting system, unless the purpose of the retention is to leave evidence of the functioning of the model for the prevention of the commission of crimes by the legal person. Complaints that have not been followed up may only be recorded in anonymized form. Once this period of 3 months has elapsed, the data may continue to be processed by the body responsible, in accordance with section 2 of article 24 LOPDGDD, for the investigation of the reported facts, but will not be kept in the internal complaints information system itself.


We inform you that the data you provide may be communicated to third parties for the fulfillment of purposes directly related to the legitimate functions of the transferor and transferee, such as:

  1. Data communications between ELKARGI, S.G.R., ELKARGI CONSULTORES, S.L.U. and METIX GESTIÓN DE RIESGOS, S.L. to provide the client with a comprehensive or specialized service that requires the intervention of interdisciplinary teams and/or for internal administrative and commercial purposes including the processing of personal data of clients or employees.
  2. Notary’s offices for the intervention/legalization of policies and deeds.
  3. Public and private counter-guarantee companies, such as Compañía Española de Reafianzamiento (CERSA), the Basque Government and Sociedad de Desarrollo de Navarra, S.L. (SODENA) for counter-guarantees operations.
  4. Central de Información de Riesgos del Banco de España to communicate the risks contracted with our clients and their guarantors and guarantors.
  5. To the financial institution(s) and/or lender(s) and/or guarantor(s) chosen to assess their participation in the financing requested and the credit quality of the applicant, as well as to the same or other financial institution(s) for the collection of the formalization and guarantee commissions and the amount of the shares in ELKARGI, S. G.R. affected to the guarantee operations, and for the and communication of the constitution of pledges on financial products or for the request, study, processing and granting of financing in consultancy operations such as the purchase and sale of companies, structural modifications, etc.
  6. To the Executive Service of the Commission for the Prevention of Money Laundering and Monetary Infractions to communicate suspicious operations of money laundering, as obliged subjects that we are.

The total or partial non-payment of any amounts derived from the policy/s of guarantee or counter-guarantee regulation and/or opening of guarantee lines, the ineffectiveness of the same or the non-compliance and/or delay in the payment terms established in the same, for any reason whatsoever, may imply, after a request for payment without the debt having been satisfied within the term established for this purpose, the filing of the corresponding legal claim and the communication of the data relating to the non-payment to files relating to the compliance or non-compliance of monetary obligations or on capital and credit solvency.

To the entities or bodies to which there is a legal obligation to communicate data: Bank of Spain, Tax Administration, to public or private entities that make contributions to the company’s technical provisions fund to partially cover the risk assumed by ELKARGI, S.G.R. with the financing of business activities and projects through its guarantee.

  1. To the corresponding Mercantile and/or Property and/or Movable Property Registry in the event of carrying out operations for clients that are susceptible to registration and to the agencies with which we may contract this procedure. Also to any other public registers in which it is necessary or convenient to register or take note of the counter-guarantees constituted in favour of ELKARGI, S.G.R.
  2. To insurance companies that may insure our risks.
  3. To possible investors and/or purchasers in mercantile operations of transfer of companies and/or taking of participation in them.

We will ensure that personal data is always processed and located in the European Economic Area. However, in certain circumstances, we may make international transfers of data, for example, if it is necessary for the conclusion or execution of a contract, in the interest of the data subject, between ELKARGI SGR and another natural or legal person; or if it is necessary for the performance of a contract between the data subject and ELKARGI SGR, for example when using service providers located outside the European Union, who may have access to personal data, for the provision of services ancillary to our business (hosting, housing, SaaS, remote backup, computer support or maintenance services, e-mail managers, sending e-mails and e-mail marketing, file transfer, etc …. ) or for the execution of pre-contractual measures taken at the request of the data subject.

These entities may be different and vary over time, but we will try to choose entities either belonging to countries that have a level of protection equivalent to the European level of data protection, or that have the appropriate guarantees to achieve that level, or on the basis of one of the exceptions provided for in the RGPD.


You can, where appropriate, exercise your rights of access, rectification, deletion, limitation and opposition to their treatment, as well as not to be subject to decisions based solely on the automated processing of your data, at the postal or e-mail address indicated at the beginning of this privacy policy; in both cases by means of a written and signed request attaching a copy of your ID card or passport or other valid document that identifies you. In case of modification of your data you must notify us at the same address, declining this company any responsibility in case of not doing so.

Right of access: You can ask us what personal data we are processing and even request a copy of them.

Right of rectification: You can ask us to rectify inaccurate personal data or to complete incomplete personal data, including by means of an additional declaration.

Right to erasure (right to be forgotten): You can ask us to erase your personal data when: it is no longer necessary for the purposes for which it was collected, you withdraw your consent, there has been unlawful processing of your personal data or in compliance with a legal obligation.

Right to limitation of processing: You can ask us to limit the processing of your data, in which case we will only keep them for the exercise or defense of claims.

Right of opposition: You may oppose the processing of your data if such processing is based on the legitimate interest of the data controller or is for advertising purposes.

Once we receive any of the above requests we will respond within the legally established deadlines. You can complain to the Spanish Data Protection Agency. For more information about the rights you can exercise and to request model forms for exercising your rights, please visit the website of the Spanish Data Protection Agency,

Categories of data

The categories of data we process are: the categories of data we process may be: Identifying data; Personal characteristics; Social circumstances, Academic and professional; Economic, financial and insurance data; Transactions of goods and services, Employment details and even specially protected data relating to the health of the data subject.