Privacy policy

1. Data Controller
THE BOTARGAS SECRET S.L.
Registered Address: Calle Villa de Marín 21, Esc 2, 2C, 28029 Madrid, Spain
Tax ID (CIF): B19917517
Email: hola@thebotarga.com

2. Data We Collect
We may collect the following categories of personal data:

  • Identification and contact details (name, email address, phone number, institution/company).

  • Professional information provided voluntarily (role, project details, collaboration proposals).

  • Technical information collected automatically by Squarespace (IP address, browser, device, aggregated analytics).

3. Purpose of Processing
We process your data for the following purposes:

  • Responding to contact requests sent via the website forms.

  • Managing leads, collaborators, and client relationships.

  • Preparing quotations or proposals upon request.

  • Sending information of potential interest related to our services (legitimate interest in B2B context).

  • Administrative and accounting purposes related to service provision.

4. Legal Basis

  • Consent: when you explicitly provide your data through a form or Google Form.

  • Performance of a contract or pre-contractual steps: when you request quotations or services.

  • Legitimate interest (B2B): when contacting professionals or institutions whose activity is related to our services.

5. Data Retention

  • Contact/lead data: 5 years from the last interaction, unless you request deletion.

  • Accounting and billing records: as required by Spanish law (6 years).

6. Data Sharing and International Transfers
We use third-party providers as data processors:

  • Squarespace (website hosting) – USA/EU.

  • Google Workspace (email, Drive, Forms, Sheets) – USA/EU (Standard Contractual Clauses in place).

  • Hubspot (CRM, free plan) – USA/EU (GDPR compliant).

We do not sell personal data.

7. Data Subject Rights
You may exercise your rights of:

  • Access

  • Rectification

  • Erasure

  • Restriction of processing

  • Data portability

  • Objection to processing (including for direct marketing purposes)

To exercise your rights, send a request to hola@thebotarga.com with a copy of your ID.

8. Security Measures
We implement appropriate technical and organizational measures: encrypted communication (SSL), restricted access to databases, two-factor authentication in Google accounts, and limited sharing of Drive folders.

9. Confidentiality of Client Materials

When you submit research proposals, evaluation reports, or project-related documents for our review services, we treat them with strict confidentiality:

  • Anonymization: Applicant identity is anonymized before sharing with evaluators. Supervisor and host institution names may remain visible when essential for evaluation, but are never shared beyond the assigned evaluator.

  • NDA Requirement: All evaluators sign Non-Disclosure Agreements before receiving any client materials. They are contractually prohibited from using, sharing, or retaining any content beyond the scope of their review.

  • Limited Access: Only the assigned evaluator and GrantLever's service coordinator have access to your materials. Documents are never shared with third parties or used for any purpose beyond providing the contracted service.

  • Secure Deletion: After service completion, all client files (proposals, reports, forms) are permanently deleted from our systems within 30 days, except where retention is required by law (invoices, contracts).

  • No Data Mining: We do not use client research content for training purposes, publication, or aggregated analysis. Your intellectual property remains yours.

If you have specific confidentiality requirements (e.g., patent-pending technology, unpublished methods), please contact us to discuss additional safeguards.

10. Complaints
If you consider that your rights have not been respected, you may file a complaint with the Spanish Data Protection Agency (AEPD).