1. INTRODUCTION
1.1 Purpose
This Privacy Policy establishes the terms under which Grupo GORLAN processes and protects the personal data of users that may be collected while browsing the Grupo GORLAN Website. It also covers the protection of personal data of those who enter into or manage a contractual relationship with Grupo GORLAN.
1.2 Scope
This Policy applies to all users, customers, stakeholders and other data subjects who maintain a relationship with Grupo GORLAN and whose data are collected through any of the indicated means or channels.

This Policy applies to all companies belonging to the Gorlan Group identified in section 1.1 Purpose and scope of document PL-01 GRL Information Security Policy.
2. DOCUMENT CONTENT
2.1 Basic Information
DATA CONTROLLER GRUPO GORLAN, S.A.U.
PROCESSING PURPOSE Maintenance, management and administration of any contractual relationship established between the Parties.
Satisfaction analysis, audits and service improvement, as well as fraud prevention.
Handling complaints or claims, or any other type of suggestion submitted through the ‘Contact’ section of this website.
Management of recruitment processes.
LEGAL BASIS Consent.
Legitimate interest.
Legal obligation.
RECIPIENT ENTITIES Entities necessary to comply with the Company’s obligations and supplier companies.
RIGHTS Rights of access, rectification, erasure, objection, restriction and portability.
2.2 Identification
GORLAN TEAM, S.L.U (hereinafter, GRUPO GORLAN)
Tax ID (CIF): B-95453122
Address: Parque Empresarial Boroa Parcela 2C-1 48340 Amorebieta, Vizcaya (Spain)
Email: info@gorlan.com
Data Protection Officer (DPO): you may contact our DPO via email at: info@gorlan.com
2.3 Information and Consent
By accepting this Privacy Policy, the user provides free, informed, specific and unequivocal consent for the personal data provided through the website located at https://gorlan.com/ (hereinafter, the “Website”) to be processed by GRUPO GORLAN, as well as data derived from browsing and any other data that may be provided in the future.

The user must carefully read this Privacy Policy, which has been written clearly and simply to facilitate understanding, so that they may freely and voluntarily determine whether they wish to provide their personal data to GRUPO GORLAN.
3. RESPONSIBILITIES
It is the responsibility of the ICT area to distribute and enforce this document.
4. REFERENCES
Organic Law 3/2018, of 5 December, on Personal Data Protection and Guarantee of Digital Rights (LOPDGDD).
ISO/IEC 27002:2013 Information technology – Security techniques – Code of practice for information security management.
ISO/IEC 27001:2022 Information technology – Security techniques – Information security management systems – Requirements.
Royal Decree 311/2022, of 3 May, regulating the National Security Framework.
ISO/IEC 27001:2022 AMD 1:2024 linking organisational security management with climate change.
5. CHANGE CONTROL
Edition.Revision Date Description
00.00 2025-05-26 Policy Creation