Privacy Policy

Grfusion informs that, within the scope of the collection and processing of data necessary for the performance of tasks carried out in the public interest or in the exercise of official authority, and in accordance with the provisions of the General Data Protection Regulation, has adopted this Privacy and Data Protection Policy:

Data Controller

The data controller is Grfusion, which will collect, store, and process personal data necessary to comply with legal obligations.

Collection and Processing of Data

The collection of personal data provided by the data subject at the time of service—whether in person or through digital platforms made available by Grfusion, such as applications, petitions, complaints, forms, and other means of communication—will result in its internal processing and possible external use, always in strict compliance with legal obligations.

Purpose of Data Processing

We use personal data, namely, for the following purposes:


  • Marketing – to share news that may be of interest;
  • Website user management;
  • Compliance with legal obligations, including those related to our shareholders;
  • Recruitment of employees for Grfusion;
  • Fulfillment of obligations arising from contracts established with our partners.

Grfusion ensures that personal data is processed solely for the purposes for which it was collected, and does not disclose or share it for other purposes, particularly for commercial or advertising purposes.

Recipients of Personal Data

Grfusion may communicate or share personal data with other entities in certain cases, as part of the services they provide or due to contractual obligations. In such cases, we require each entity to which we disclose data to have appropriate security measures in place to protect personal data. When required by law, we may also have to disclose personal data to authorities or third parties, in which case our control over how the data is protected is limited.

Data Retention Period

Personal data is retained for the minimum period defined by law for the archiving and retention of administrative documents, without prejudice to the rights held by the data subject during the validity period.

Rights of Data Subjects

Data subjects have the right to:


  • Request Grfusion for access to their personal data, as well as its rectification or erasure, restriction of processing, or object to the processing, as well as the right to data portability, in cases legally permitted;
  • If the data processing is based on consent, data subjects have the right to withdraw their consent at any time, without affecting the lawfulness of processing carried out under such consent before its withdrawal;
  • Lodge a complaint with a supervisory authority, without prejudice to any other form of administrative or extrajudicial recourse, as well as the right to judicial remedy.

Security Measures

Grfusion is committed to ensuring the protection and security of the personal data provided to it, applying the necessary technical and organizational measures to ensure an appropriate level of security against risks such as destruction, loss, alteration, dissemination, unauthorized access, or any other form of accidental or unlawful processing, in accordance with applicable legislation.

In the event of a personal data breach, Grfusion will notify the National Data Protection Commission in accordance with the terms and deadlines set forth in current legislation.

Changes to the Privacy Policy

Grfusion reserves the right to modify this Privacy and Data Protection Policy at any time, with changes taking effect from the date they are published.

Final Provisions

For any matters not addressed in this document, the applicable legislation shall prevail, particularly the General Data Protection Regulation, adopted by Regulation (EU) 2016/679 of the European Parliament and of the Council.

Last updated: October 27, 2024