This Privacy Policy explains how New Eureka SL (“we”, “us”, or “our”) collects, uses, and protects personal data in accordance with EU law (in particular Regulation (EU) 2016/679, the GDPR). New Eureka SL, NIF B22610398, with registered address CL GALICIA, 3 45215 VISO DE SAN JUAN, TOLEDO, SPAIN, is the data controller. Our contact details are email contact@neweureka.ai and phone +34 613 83 49 18. By using our website (https://neweureka.ai) and submitting information via our web forms, you agree to the practices in this policy.

Information We Collect

• Contact Information: We collect personal details you provide when contacting us. This includes your name, email address, and any additional information in the message content.

• Enquiry Details: If you submit an inquiry or request (via contact form), we collect the contents of your message. We use this to respond to your request and, only with your consent, to send marketing communications (for example, newsletters or promotional offers).

• Usage Data: We automatically collect technical data about your visit to our website. This may include your IP address, browser type and version, operating system, pages viewed, time spent on pages, and referring website. We collect this “usage data” to analyze and improve our website’s performance. For instance, we use analytics tools that log page visits and device details. The legal basis for this processing is our legitimate interest in managing and enhancing our website.

• Cookies and Tracking Technologies: We use cookies (small data files stored by your browser) and similar technologies for essential site functions and analytics. Some cookies are strictly necessary for our site to work (e.g. to retain your form entries or site preferences). Other cookies (e.g. analytics or advertising cookies) require your consent. Cookies that can identify you may be considered personal data under the GDPR. We explain our cookie use and obtain consent in accordance with EU requirements (see “Cookies” below).

We do not collect any special sensitive data (e.g. health, race, religion) via our website, nor do we track telephone calls or CRM usage. Please do not submit any personal data about others to us unless asked.

How We Use Your Personal Data

• To Respond and Provide Services: We use your name, email, and message content to respond to your inquiries and provide the requested information or services (for example, answering questions or fulfilling a quote). This processing is necessary for our performance of any contract or pre-contractual actions you request, and also reflects our legitimate interest in maintaining communication with you.

• Marketing Communications: With your explicit consent, we may send you newsletters, updates, or promotional offers by email. You can withdraw consent at any time (see “Your Rights” below). We will only send marketing if you have opted in to receive it.

• Improving Our Website: We analyze usage data to understand how visitors use our site (e.g. which pages are most visited). This helps us to enhance site functionality and user experience. We do so based on our legitimate interests in improving our website.

• Compliance and Safety: We use personal data as needed to comply with legal obligations (e.g. record-keeping requirements) or to protect the security of our systems and users. For example, if required by law enforcement or court order, we may disclose information. We also use data to prevent fraud or abuse and to defend our legal rights.

Lawful Basis for Processing

We process personal data only when we have a valid legal basis under GDPR Article 6. Depending on the situation, our lawful basis may include:

• Consent: Where you have given clear consent (e.g. to receive marketing emails). You can withdraw consent at any time by contacting us (it will not affect the lawfulness of prior processing).

• Contract: When processing is necessary to perform a contract with you, or to take steps you request before entering into a contract. For instance, using your contact info to fulfill a service you ordered.

• Legal Obligation: When we must process data to comply with EU or national law (e.g. accounting or tax laws).

• Legitimate Interests: When processing is necessary for our legitimate business interests and does not unduly affect your rights. This covers tasks like marketing analysis, network security, site improvements, and communications with you. In each case, we balance our interests against your privacy rights.

Disclosure of Personal Data

We do not sell or trade your personal information. We may disclose personal data in the following limited ways:

• Service Providers: We may share data with third-party vendors who perform services on our behalf. For example, we use email delivery services for newsletters, web hosting providers for our site, and analytics providers to analyze usage. These providers are contractually obligated to protect your data and only use it as we instruct. For payment processing (if applicable), we share only the necessary transaction information with our payment provider.

• Business Transfers: If New Eureka SL is sold or merged with another company, or undergoes a business reorganization, personal data may be transferred to the new entity, under confidentiality constraints.

• Legal and Safety: We may disclose data if required by law or regulation, or if necessary to protect someone’s life or safety. For example, we would release information to comply with a court order or to prevent fraudulent activity.

• Affiliates and Advisors: We may share data internally within our group (if applicable) and with our professional advisers (e.g. lawyers, accountants, insurers) when reasonably needed for legal or risk-management reasons.

If we share your personal data with any other third party, we will only do so in compliance with data protection law and typically under a written agreement (unless the third party is another controller). Any third party controllers (e.g. marketing partners) will provide their own privacy policy regarding their use of your data.

Data Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, or disclosure. For example, we use industry-standard encryption on our servers and secure networks. Access to your personal data is limited to authorized personnel and contractors. While no security system is perfect, we continuously review our security practices and comply with GDPR’s “integrity and confidentiality” principle. If you have questions about security, please contact us.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes described above or to meet legal requirements. Once data is no longer needed, we will securely delete or anonymize it. In particular, we follow the GDPR principle that personal data must be “kept in a form which permits identification of data subjects for no longer than is necessary”. For example, if you contacted us and our correspondence is complete, we may keep your name and email on file for a limited time (e.g. to address any follow-up or legal claims). When we no longer have a legitimate need, your data will be erased.

Your Rights

Under the GDPR, you have the following rights regarding your personal data:

• Right of Access: You can request a copy of the personal data we hold about you, and information about how we use it.

• Right to Rectification: You can ask us to correct or update any inaccurate or incomplete personal data.

• Right to Erasure (“Right to be Forgotten”): You can ask us to delete your personal data when it is no longer needed or if you withdraw consent. We will comply unless we have a valid legal reason to retain it (e.g. to comply with law).

• Right to Restrict Processing: You can request that we suspend processing of your data (for example, if you contest its accuracy or if processing is unlawful but you oppose erasure).

• Right to Data Portability: You can request that we provide your data in a machine-readable format so you can transfer it to another controller.

• Right to Object: You can object to our processing of your personal data for certain purposes, especially for direct marketing or when the basis is our legitimate interests. If you object to direct marketing, we will stop immediately. If you object for other reasons, we will only continue if we have compelling legitimate grounds.

• Right to Withdraw Consent: If our processing is based on consent, you have the right to withdraw that consent at any time. We will then cease that processing (e.g. stop sending newsletters).

• Right to Lodge a Complaint: You have the right to complain to a data protection authority about our handling of your data. In Spain, the supervisory authority is the Agencia Española de Protección de Datos (AEPD). We will of course try to address any concerns you have; for more information, see www.aepd.es.

If you wish to exercise any of these rights, please contact us using the details below. We will respond to your request without undue delay and within the one-month period required by the GDPR. If your request is complex, we may extend the time by two more months (but will notify you).

Cookies and Tracking

Like most websites, we use cookies to collect data about website activity and to improve functionality. Cookies are small text files stored on your device. We use two types of cookies:

• Strictly necessary cookies: required for our site to function (e.g. for keeping your session active or storing preferences). These are exempt from consent.

• Optional cookies: include analytics and marketing cookies. For these, we will obtain your prior consent before setting the cookies. For example, we use cookies to count visits and to show relevant content. All non-essential cookies are described in our cookie banner or cookie policy, and we will only use them if you agree.

You can change or withdraw your cookie consent at any time by adjusting your browser settings or through our cookie consent tool. You can also delete cookies via your browser; be aware this may affect website functionality. We conduct cookie processing in compliance with the ePrivacy Directive and GDPR. As GDPR makes clear, cookies that identify you are considered personal data and require a lawful basis (usually consent).

Changes to This Policy

We may update this Privacy Policy from time to time (for example, if laws change or we update our services). The “Last updated” date at the top will indicate when the policy was last revised. We encourage you to review this page periodically to stay informed. Material changes to how we use personal data will be notified by posting the new policy on our website.

Contact Information

For questions or to exercise your rights, contact our Data Protection Officer: New Eureka SL, C/ Galicia 3, 45215 El Viso de San Juan, Toledo, Spain; email: contact@neweureka.ai; phone: +34 613 83 49 18. You can also send inquiries via the contact form on our website. We will address your request or question promptly.

If you believe we have not handled your personal data properly, you can escalate the matter to the Spanish Data Protection Agency (AEPD). We are committed to complying with all applicable EU data protection laws and ensuring the privacy of our users.

Sources: Information based on EU data protection law (GDPR) and official guidance. These sections serve to ensure full compliance with the GDPR and related EU regulations.