Technology Clinical Data Investors Team Get Access
Legal

Privacy Policy

Last updated: 16 May 2026 • Version 1.0

AblaView S.L. (“AblaView”, “we”, “us”) takes the privacy of every visitor, clinical partner, and investor seriously. This policy explains what personal data we collect through ablaview.com, why we collect it, how long we keep it, who else may receive it, and the rights you have under the EU General Data Protection Regulation 2016/679 (“GDPR”) and Spanish Organic Law 3/2018 on Personal Data Protection (“LOPDGDD”).

1. Data Controller

The data controller for personal data processed through ablaview.com is:

  • AblaView S.L.
  • Registered office: [Registered office address — to be confirmed]
  • Spanish tax identification (CIF): [B–XXXXXXXX — to be confirmed]
  • Mercantile registry: [Registro Mercantil — to be confirmed]
  • General contact: info@ablaview.com
  • Privacy and data protection: privacy@ablaview.com

2. Data we collect

We process the following categories of personal data:

  • Contact data you submit voluntarily. When you complete the investor relations form on /investors or send us an email, we receive your name, work email, and organisation. We process this to respond to your enquiry.
  • Technical and connection data. Our content delivery network (Amazon CloudFront) and origin (Amazon S3) record standard request metadata, including IP address, user-agent string, requested URL, response status, and timestamp. We use this data exclusively for security, abuse prevention, and aggregate traffic analysis.
  • Browser storage. We use one technical localStorage entry (theme) to remember your light or dark colour preference, and one technical localStorage entry (ablaview-consent) to remember your cookie banner choice. These are not transmitted to our servers. See our Cookie Policy.

We do not knowingly collect or process special categories of personal data (Article 9 GDPR) through this website. The website is not a medical service: any clinical data discussed here is published, peer-reviewed, and properly anonymised.

3. Purposes and lawful basis

PurposeLawful basis (Article 6 GDPR)
Replying to investor, clinical, and press enquiriesPre-contractual measures and legitimate interest (Art. 6(1)(b) and 6(1)(f))
Operating, securing, and improving the websiteLegitimate interest in maintaining a functional and secure service (Art. 6(1)(f))
Compliance with statutory record-keeping obligationsLegal obligation (Art. 6(1)(c))
Sending optional follow-up communications you explicitly requestConsent (Art. 6(1)(a))

4. Recipients and processors

We share personal data only with carefully selected processors that act on documented instructions and under contractual safeguards required by Article 28 GDPR:

  • Amazon Web Services EMEA SARL (Luxembourg) operates our hosting, storage, and content delivery infrastructure. Primary data residency is the AWS eu-west-1 region (Ireland). Edge nodes that serve cached static content are located globally.

Where international transfers occur (for example to AWS regions outside the European Economic Area when content is served from an edge node), they are protected by the EU–US Data Privacy Framework and by Standard Contractual Clauses approved by the European Commission (Decision 2021/914).

5. Retention

  • Contact-form and email correspondence: up to 24 months after the last interaction, then deleted or anonymised, unless a longer retention is required to comply with a legal obligation or to defend a legal claim.
  • Server logs: up to 90 days for operational and security analysis, then deleted.
  • Browser localStorage entries: stored on your device until you clear them or until they reach the lifetime stated in our Cookie Policy.

6. Your rights

You have the following rights under GDPR and LOPDGDD:

  • Right of access (Art. 15) to confirm whether we process your data and to receive a copy.
  • Right to rectification (Art. 16) of inaccurate or incomplete data.
  • Right to erasure (Art. 17), where applicable.
  • Right to restriction of processing (Art. 18).
  • Right to data portability (Art. 20) for data you have provided.
  • Right to object (Art. 21) to processing based on legitimate interest.
  • Right to withdraw consent (Art. 7(3)) at any time, without affecting prior lawful processing.
  • Right not to be subject to automated individual decision-making (Art. 22). We do not conduct such processing on this website.

To exercise any of these rights, write to privacy@ablaview.com. We will respond within one calendar month from receipt. We may request reasonable proof of identity before disclosing personal data.

If you believe your rights have been infringed, you may lodge a complaint with the Spanish data protection authority, the Agencia Española de Protección de Datos (AEPD), at www.aepd.es, or with any other supervisory authority in the EU Member State of your residence.

7. Security

We apply technical and organisational measures appropriate to the risk of processing, including end-to-end TLS in transit, encrypted storage at rest, principle of least privilege, role-based access controls, audit logging, regular security testing, and an incident response procedure. Vulnerability reports may be sent to /.well-known/security.txt.

8. Children

This website is intended for qualified healthcare professionals, investors, research partners, and other adult professional audiences. It is not directed at children, and we do not knowingly collect personal data from anyone under the age of 14.

9. Updates

We may update this policy to reflect changes in our processing activities, the law, or industry guidance. The “Last updated” date at the top of this page indicates when the current version took effect. We recommend reviewing this page periodically. Material changes will be announced on the website.

If any provision of this Privacy Policy is found unenforceable, the remaining provisions remain in full force. This policy is governed by Spanish law. Disputes are subject to the exclusive jurisdiction of the courts of Madrid, Spain, without prejudice to any mandatory consumer or data-subject forum rules.