At OREKA INFORMATION TECHNOLOGIES, S.L. (hereinafter OREKA IT). we are committed to your rights and the defense of your privacy.

This policy expresses how we treat and protect the personal information of all those who interact with OREKA IT through our website.


OREKA IT, as Data Controller, informs you that, according to the provisions of Regulation (EU) 2016/679, of April 27, 2016, (RGPD) and Organic Law 3/2018, of December 5, of Protection of Personal Data and guarantee of digital rights (LOPDGDD), we will treat your data as we reflect in this Privacy Policy.

In this Privacy Policy we describe how we collect your personal data and why we collect it, what we do with it, with whom we share it, how we protect it and your options regarding the processing of your personal data.

This Policy applies to the processing of your personal data collected by the company for the provision of its services. If you accept this Policy, you agree that we process your personal data as defined in this Policy.



Trade name: OREKA IT

NIF: B01451756

Address: Avenida de los Olmos 1, Building D IV, Office 243

Vitoria-Gasteiz (01013 Araba / Álava)

Telephone: 945067219

e-mail: rgpd@orekait.com


We are committed to providing our services with the highest degree of quality, which includes treating your data with security and transparency. Our principles are:

Legality: We will only collect your personal data for specific, explicit and legitimate purposes.
Data minimization: We limit the collection of personal data to what is strictly relevant and necessary for the purposes for which it was collected.
Limitation of Purpose: We will only collect your personal data for the stated purposes and only according to your wishes.
Accuracy: We will keep your personal data accurate and up to date.
Data Security: We apply appropriate technical and organizational measures proportional to the risks to ensure that your data does not suffer damage, such as unauthorized disclosure or access, accidental or illegal destruction or accidental loss or alteration and any other form of illicit treatment.
Access and Rectification: We have the means for you to access or rectify your data when you consider it appropriate.
Conservation: We keep your personal data legally and appropriately and only as long as it is necessary for the purposes for which it was collected.
International data transfers will not be made.
Third parties: Access and transfer of personal data to third parties are carried out in accordance with the applicable laws and regulations and with the appropriate contractual guarantees.
Direct Marketing and cookies: We comply with the applicable legislation regarding advertising and cookies


The types of data that can be requested and processed are:

Identifying data.
We also automatically collect data about your visit to our website as described in the cookie policy.

Whenever we request your personal data, we will clearly inform you of what personal data we collect and for what purpose. In general, we collect and process your personal data for the purpose of:


Provide information, services, products, relevant information, news in the sector and sending communications. On behalf of the company, we treat the information you provide us with in order to send you advertising related to our products and services by any means (postal, email or telephone) and invite you to events organized by the company. The data provided will be kept as long as you do not request the cessation of the activity. The data will not be transferred to third parties except in cases where there is a legal obligation.

Participation in Conferences (Webinar, face-to-face …), Training or any type of event in which prior registration is required. We process the information you provide us with in order to proceed with a correct registration. The data provided will be used exclusively for registration in the organized event unless the person concerned accepts the possibility of other uses in the registration forms used. The data will not be transferred to third parties except in cases where there is a legal obligation.

Reception of candidatures. On behalf of the company, we process the information you provide us with in order to keep you informed of the different job vacancies that occur in our organization. The data provided will be kept until the award of a job or until you exercise your right of cancellation or any of the rights indicated in point 7 of this privacy policy. The data will not be transferred to third parties except in cases where there is a legal obligation.
Apart from the data collected on the website, in the normal operations of OREKA IT, we will also process the following data:

Customer / potential customer data: Exclusively the data necessary for the correct provision and offer of services.
Provider data: Exclusively the data necessary for proper maintenance and control of the contractual relationship and the services they provide us.
Personnel data: Exclusively the data necessary for compliance with current regulations on labor matters, risk prevention, Social Security …
Candidate data: Exclusively the data necessary to keep candidates informed of the different vacancies for a job in our organization.
In all these cases, we will treat the data always respecting the principles of legitimacy, which we indicate in the next point.


In accordance with the applicable data protection regulations, your personal data may be processed provided that:

You have given us your consent for the purposes of the treatment. Of course you can withdraw your consent at any time.
By legal requirement.
Because there is a legitimate interest that is not undermined by your privacy rights, such as the sending of commercial information either by subscribing to our newsletter or by being a client.
Because it is necessary for the provision of any of our services through a contractual relationship.


The company will not make any assignment, except by legal obligation.

The data may be communicated to companies related to OREKA IT for the provision of the various services as Treatment Managers.


In relation to the collection and processing of your personal data, you can contact us at any time to:

Access your personal data and any other information indicated in Article 15.1 of the RGPD.
Rectify your personal data that is inaccurate or incomplete in accordance with Article 16 of the RGPD.
Delete your personal data in accordance with Article 17 of the RGPD.
Limit the processing of your personal data in accordance with Article 18 of the RGPD.
Request the portability of your data in accordance with Article 20 of the RGPD.
Oppose the processing of your personal data in accordance with article 21 of the RGPD.
If you have given your consent for a specific purpose, you have the right to withdraw the consent granted at any time, without affecting the legality of the treatment based on the consent prior to its withdrawal.

You can exercise these rights by sending a motivated and accredited communication to rgpd@orekait.com.

You also have the right to file a claim with the competent Control Authority (www.aepd.es) if you consider that the treatment does not comply with current regulations.


In the event that the user who accesses the website is a minor, they must have previously obtained the authorization of their parents or legal guardians, who will be responsible, in any case, for the acts carried out by the minors in their charge. In the event that minors, in breach of the obligations that we have just indicated, provide us with some type of personal data, OREKA IT will not assume any type of responsibility derived from that action.


We treat your personal data with the utmost respect, committing ourselves to the confidentiality and security of the treatment.

To maintain security on our website, we use an SSL certificate so that the transmission of your data is carried out in a complete and secure manner.

Any person authorized to process your data has the obligation, either under a contractual or legal duty, to scrupulously respect the legitimate purpose, the confidentiality of the data processed, as well as the obligation to comply with everything established in the current regulations of Data Protection.

In case of suffering a security incident, in which we consider that your data could be involved, we will notify you as soon as possible, respecting the legally established forms and deadlines.


The requirements of this Policy complement, and do not replace, any other existing requirement under the applicable data protection law, which will prevail, in any case.

This Policy is subject to periodic reviews and the company can modify it at any time. When this occurs, we will notify you of any changes and ask you to re-read the most recent version of our Policy and confirm its acceptance.