Home / Privacy policy

Privacy policy

Confidentiality and Data Protection Policy

FUNDACIÓN MADRID POR LA COMPETITIVIDAD (hereinafter, the Entity) will process the information provided to us by interested persons for the following purposes:

Below is detailed information on the confidentiality and personal data protection policy in compliance with the provisions of article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council, of April 27, 2016. , relating to the protection of natural persons with regard to the processing of personal data and the free circulation of this data (General Data Protection Regulationor RGPD) and Article 11 of Organic Law 3/2018, on the Protection of Personal Data and Guarantee of Digital Rights (LOPD GDD).

Data of the Data Controller and contact information of the Data Protection Officer (DPO):

Purposes of processing

The Entity will process the information provided by interested parties for the following purposes:

  • Managing the provision and execution of our professional services, accompanying companies in their investment project in Madrid, before investing, during their opening and installation, and subsequent expansion:
    • Information about applicable regulatory framework and administrative procedures to follow.
    • Identification of potential sources of funding.
    • Single investor window before the Public Administration.
    • Contact with local stakeholders.
    • Advice on grants and incentives.
    • Search for offices and industrial spaces.
    • Connection with professional service companies.
    • Support in obtaining visas, accommodation, and personnel selection.
    • Other services aimed at promoting and attracting foreign investment in the Community of Madrid.
  • Managing requests and files from companies applying for the “Madrid Excelente” seal, as well as requests and files related to other activities of the Entity (Madrid Excellent Customer Trust Awards, among others).
  • Managing the online registration of investors and partners on the Invest In Madrid platform, with the aim of facilitating direct contact for foreign companies with local service providers.
  • Managing your attention, visit, and meeting at our facilities.
  • Managing any type of request, suggestion, or inquiry regarding our professional services made by interested parties.
  • Informational and commercial communications: processing your data to inform you about activities, articles of interest, and general information related to our services via email.
  • Invitations to events and seminars to allow attendance at events and seminars organized by the Entity.
  • Dissemination on social networks of events and seminars to publicize the content of events and seminars organized by the Entity. Such dissemination includes both static and dynamic images.
  • Managing data provided by job applicants through the Curriculum Vitae (CV) or other means for the purpose of selection and recruitment process.
  • Ensuring the security of offices, facilities, and individuals through access controls, video surveillance systems, and other access control/identification systems.
  • Compliance with legal provisions applicable to the Entity and its activities in terms of health, equality, and occupational risk prevention.
  • Managing and controlling the operation of internal mechanisms, policies, and protocols established by the Entity for regulatory compliance purposes.
  • Managing and addressing communications submitted by informants through the Internal Information System, in accordance with Law 2/2023, of February 20, regulating the protection of individuals reporting regulatory infringements and combating corruption.
  • All treatments applicable to ensure compliance with regulations and official / sectoral requirements to which our activity is subject.

For the successful completion and development of your attention and management of the aforementioned purposes, the processing of your data for the corresponding purposes mentioned above will be carried out in strict compliance with Data Protection regulations and the Policy detailed to you. You may exercise your rights at any time (see specific section).

Data retention criteria

  • Management of the professional services provided by the Entity: the personal data provided by investors, partners, users and third parties related to the Entity, as well as those of other people whose intervention is necessary, will be kept for as long as the relationship derived from the management of our professional services is in force. At the end of the relationship, personal data will be kept in cases where responsibilities may arise with the Entity and/or in compliance with other regulatory frameworks that apply to the Entity or a rule with the status of law that requires to the conservation of these. Personal data will be maintained in a way that allows the identification and exercise of the Rights of those affected and, under the technical legal and organizational measures that are necessary to guarantee their confidentiality and integrity.
  • Curriculum Vitae Management: the Entity, as a rule, keeps its Curriculum Vitae for a maximum period of one year; Once this period has expired, it will be automatically destroyed, in compliance with the principle of data quality.
  • Management of Employment Contracts: Personal data will be kept, in any case, for as long as the employment relationship is in force and, at its end, in the cases that could be derive responsibilities between the parties and when required by a norm with the force of law.
  • Commercial communications: Interested persons may unsubscribe from these communications at the following email address: protecciondatos@fundacionmadrid.org
  • Others: The rest of the data and information provided by the user by any means will be kept for as long as necessary to fulfill the purpose for which they were collected.


The legal basis that enables the Entity to process the personal data of interested persons under the following titles:

  • The consent of the interested parties for the processing and management of any request for information or query about our professional services.
  • The consent of the users of the Invest In Madrid platform to put investors in contact with local partners.
  • The consent given by job candidates for selection and recruitment purposes.
  • The framework for providing our professional services.
  • The legitimate interest to send you informative and commercial communications related to the activity of the Entity and its services, via email or any other means.
  • Compliance with legal obligations and internal procedures for regulatory compliance and management of the information received.
  • The legitimate interest to guarantee the security of offices, facilities and people.


No personal data is transferred to third parties, except as provided by law. There are also no international data transfers to third countries.


Personal data is obtained directly from the interested parties and our collaborators. The categories of personal data that you provide us are the following:

  • Identification and contact information.
  • Postal or electronic addresses.
  • Data provided and/or consented to by the related interested parties themselves and necessary for the management and performance of the requested services.


Right of Access, Rectification and Deletion: Interested persons have the right to obtain confirmation as to whether the Entity is processing personal data that concerns them, or not. Interested parties have the right to access their personal data, as well as to request the rectification of inaccurate data or request its deletion when, among other reasons, the data is no longer necessary for the purposes for which it was collected.

Right to Limitation and Opposition: In certain circumstances, interested parties may request the limitation of the processing of their data, in which case we will only keep them for the exercise or defense of claims. In certain circumstances and, for reasons related to their particular situation, interested parties may object to the processing of their data. The Entity will stop processing the data in this case, except for compelling legitimate reasons, or for the exercise or defense of possible claims.

Right to revoke the consent given: the interested parties have the right to withdraw their consent at any time, except in the case of personal data processing provided for in the Data Protection regulations or necessary for the provision of the contracted service. , which do not require such consent. However, this withdrawal does not have retroactive effects, so it will not affect the legality of the treatment based on previously granted consent.

These rights may be exercised in our Data Protection Channel, whose access data is detailed at the beginning of this Policy.

Security and Control Measures


In compliance with data protection regulations, the Entity will process personal data applying appropriate technical, legal, organizational and security measures, in order to guarantee the confidentiality and integrity of the information it manages in accordance with the provisions of the current regulations.

We appreciate that you inform the Data Protection Officer through the contact details / Channel established in this Privacy Policy, of any security risk, of which you have indications or knowledge, that may compromise the integrity and confidentiality of the data. personal data and/or confidential information, in order to be able to adopt the necessary measures to avoid unauthorized processing, loss, destruction or accidental damage.


As a specific and complementary concept to the above, the Entity applies cybersecurity measures to prevent and manage possible attacks and fraud by cybercriminals that threaten the privacy and protection of the data that our Entity processes and accesses in the scope of its activities. and operations.

In this sense, we want to warn that in the event of possible risk situations due to communications whose content and/or format raise doubts about authenticity, we recommend omitting them and contacting the Data Protection Officer through the contact information indicated in this Privacy Policy. Privacy.

Likewise, any request you receive from our Entity regarding changes to payment methods, request for data or contact persons or confidential (non-public) information, bank and/or credit card data and/or other official data, It should not be attended to without direct confirmation from our Entity by another alternative means. We appreciate and need your collaboration for your communication and reporting any notification about this type of requests and other possible risk situations of cyber attacks in which our Entity may be used, as well as for any possible security risk that you may be aware of.

Internal Information System (IIS)

The Entity has implemented an Internal Information System (IIS), which is configured as a fundamental axis for supervision, control and prevention in the field of regulatory compliance, contemplating the highest commitment, rigor and professionalism in matters of security, confidentiality, data protection, experience, independence and knowledge in the processing of communications received.

The internal information channels integrated into the System have been implemented through technical tools, which contemplate all the necessary requirements to provide and guarantee our previous commitments. Likewise, the SIIF guarantees the basic principles of anonymity, adequate registration, conservation and non-alteration, prevention of conflicts of interest, protection of the informant and prevention of retaliation.

Through this System, every informant must communicate in good faith any indication, suspicion or evidence of possible regulatory breaches, crimes, unethical behavior and, in general, non-compliance with protocols, standards and codes of conduct of the Entity.

Access to the SIIF has been enabled in a separate section of our website.

Control authority

In the event of disagreements with the Entity in relation to the processing of your data, you have the right to file a claim with the corresponding Data Protection Control Authority. In Spain, said Authority is the Spanish Data Protection Agency (www.aepd.es).


Interested persons may communicate to the Entity any questions about the processing of their personal data or interpretation of our Policy, by contacting the Data Protection Officer (RPD) at the address indicated at the beginning of this Policy.

Updates and modifications

The Entity reserves the right to modify and/or update the information on Data Protection, when necessary for correct compliance with current regulations. If any modification occurs, the new text will be published on this page, where you can access the current Policy. In each case, the relationship with users will be governed by the rules established at the precise moment in which the website is accessed.
Contact with Invest In Madrid
I have read and accept the Terms and conditions