Privacy

About this Privacy Policy

Allegro 234 is committed to protecting and respecting your privacy.

This Privacy Policy explains how we collect, use, disclose, store, and protect personal data when you:

Visit or use the Allegro 234 website;
Contact us or submit an enquiry;
Subscribe to our newsletter or other communications;
Apply to work with us;
Participate in a survey, assessment, event, or other initiative;
Become, or consider becoming, a client, supplier, collaborator, or business partner; or
Otherwise interact with Allegro 234.

It also explains your privacy rights and how you may exercise them.

This Policy should be read together with our Cookies Policy, Copyright Policy, Imprint and any additional privacy information provided when we collect personal data for a particular purpose.

Who is responsible for your personal data?

The website is owned and operated by Allegro 234 brand.

For the purposes of applicable data-protection legislation, Allegro 234 is the controller of the personal data described in this Policy, unless we expressly state otherwise.

Contact address:

Allegro 234
Gran Vía de Hortaleza, 62
28043 Madrid
Spain
Email: hello@allegro234.net

Where a particular project or service is provided jointly with another organisation, additional information may be supplied identifying the relevant controller or controllers.

Legislation and principles

We process personal data in accordance with the legislation applicable to our activities, including, where relevant:

Regulation (EU) 2016/679, the General Data Protection Regulation or GDPR;
Spanish Organic Law 3/2018 on Personal Data Protection and the Guarantee of Digital Rights;
Spanish Law 34/2002 on Information Society Services and Electronic Commerce;
The EU rules on privacy and electronic communications;
The UK GDPR and Data Protection Act 2018, where applicable;
Applicable Swiss data-protection legislation; and
Other national or regional privacy laws that apply to a particular person or processing activity.

We seek to process personal data lawfully, fairly, and transparently; to collect only what is appropriate for specified purposes; to keep it accurate and secure; and not to retain it for longer than necessary.

Personal data we collect

Depending on how you interact with us, we may collect the following categories of personal data.

Information you provide directly

This may include:

Your name and surname;
Job title, organisation, and professional profile;
Postal address, email address, and telephone number;
The content of enquiries, messages, and correspondence;
Information supplied through contact, subscription, assessment, or registration forms;
Preferences concerning communications and events;
Curriculum vitae, employment history, and other recruitment information;
Contractual, invoicing and payment-related information;
Opinions, responses, or other information supplied through research, workshops, surveys, or assessments; and
Any other information you choose to provide.

Please do not send us sensitive personal data unless it is genuinely necessary and we have asked you to provide it through an appropriate and secure process.

Information collected automatically

When you visit the website, we or authorised service providers may collect:

IP address;
Browser and device type;
Operating system;
Language and approximate location;
Pages visited and actions performed;
Date, time and duration of visits;
Referring website or source;
Cookie and consent identifiers; and
Technical, diagnostic and security information.

Some of this information is collected through cookies or similar technologies. Further information is available in our Cookies Policy.

Information obtained from other sources

We may receive professional or business-related information from:

Your employer or organisation;
Professional networking platforms;
Event organisers or business partners;
Publicly available websites and directories;
Referrals and professional contacts;
Service providers acting on our behalf; and
Other lawful sources.

When required, we will provide any additional information concerning the source and use of such data.

Why we use personal data and our legal bases

We may process personal data for the following purposes.

Responding to enquiries

We use your contact details and the information contained in your message to respond to requests, questions, or proposals.

Our legal basis is taking steps at your request before entering into a contract, performing a contract, or our legitimate interest in managing professional and business communications.

Providing consultancy and other services

We use relevant business, contact, project and administrative information to plan, deliver and manage our services.

Our legal basis is the performance of a contract, taking pre-contractual steps, compliance with legal obligations and, where appropriate, our legitimate interests in operating and protecting our business.

Managing client, supplier, and collaborator relationships

We process contact, contractual, financial, and professional information to manage relationships, projects, payments, administration, and communications.

Our legal basis is contractual necessity, legal obligation, and our legitimate interest in managing professional relationships efficiently.

Sending newsletters and marketing communications

Where permitted by law, we may send information about Allegro 234, our thinking, services, events, publications, or other relevant initiatives.

We rely on your consent where consent is required. In certain existing professional or client relationships, we may rely on a legally permitted legitimate interest, subject to your right to object.

You may unsubscribe at any time by using the link included in the communication or by contacting us.

Organising events, workshops, and assessments

We process registration details, professional information, preferences, and participation information to organise and administer events, workshops, research, surveys, and assessments.

Our legal basis may be consent, contractual necessity or our legitimate interest in organising and improving these activities.

Recruitment

We use information supplied by candidates to evaluate applications, communicate with candidates, conduct interviews, and manage recruitment.

Our legal basis is taking steps at the candidate’s request before entering into a contract, compliance with legal obligations and our legitimate interest in selecting suitable collaborators or employees.

Where we wish to retain an unsuccessful candidate’s information for future opportunities, we will rely on consent or another lawful basis permitted in the relevant jurisdiction.

Operating, analysing, and improving the website

We use technical and usage information to operate, secure, troubleshoot, understand, and improve the website and its content.

Strictly necessary processing is based on our legitimate interest in providing a secure and functional website. Analytics, advertising, or other non-essential technologies are used only with consent where required.

Protecting our organisation and legal rights

We may process information to prevent misuse, fraud, security incidents, or unlawful activity; establish or defend legal claims; comply with audits; and enforce contractual or legal rights.

Our legal basis is compliance with legal obligations and our legitimate interest in protecting our organisation, users and third parties.

Complying with legal and regulatory obligations

We may process and disclose information where necessary to comply with tax, accounting, judicial, regulatory, law-enforcement or other legal requirements.

Our legal basis is compliance with a legal obligation or, where applicable, the performance of a task in the public interest.

Other purposes

Where we wish to use personal data for a new purpose that is not compatible with the purpose for which it was originally collected, we will provide the information required by law and obtain consent where necessary.

Legitimate interests

Where we rely on legitimate interests, we consider whether the processing is necessary and balance our interests against your rights, interests, and reasonable expectations.

Our legitimate interests may include:

Managing and developing our business;
Communicating with clients, contacts, and professional audiences;
Delivering and improving our services and content;
Maintaining the security and integrity of our systems;
Understanding the effectiveness of our website and communications;
Protecting our legal and commercial interests; and
Establishing, exercising, or defending legal claims.

You may object to processing based on legitimate interests as explained below.

When providing information is mandatory

Some personal data is required by law or needed to enter into or perform a contract. Where information is mandatory, we will normally indicate this when collecting it.

If you do not provide required information, we may be unable to respond to a request, enter into a relationship, or provide the relevant service.

Who receives personal data?

We do not sell personal data.

We may disclose personal data, where necessary and subject to appropriate safeguards, to:

Members of the Allegro 234 team and authorised collaborators;
Hosting, website, IT, cybersecurity, and technical-support providers;
Email, newsletter, communications, and customer-relationship platforms;
Analytics and consent-management providers;
Cloud-storage and document-management providers;
Professional advisers, including lawyers, accountants, auditors, and insurers;
Event, research, and project partners;
Payment, banking, and administrative service providers;
Public authorities, courts, regulators, or law-enforcement bodies where legally required;
Prospective purchasers, investors, or advisers in connection with a merger, restructuring, acquisition, or transfer of business; and
Other parties where you have authorised the disclosure or the law otherwise permits it.

Service providers acting as processors may use personal data only on our documented instructions and must implement appropriate security and confidentiality measures.

Certain third-party services may act as independent controllers. Their own privacy policies will govern their processing.

International transfers

Some recipients or service providers may be located outside the European Economic Area, the United Kingdom, Switzerland, or the country in which you are located.

Where personal data is transferred internationally, we use an appropriate legal mechanism where required, which may include:

A decision recognising that the destination provides an adequate level of protection;
The European commission’s standard contractual clauses;
The UK international data transfer agreement or UK addendum;
Binding corporate rules;
Another legally recognised safeguard; or
An applicable statutory derogation in limited circumstances.

Where relevant, we assess whether supplementary contractual, organisational, or technical measures are needed.

You may contact us for further information about the safeguards applicable to a particular transfer.

How long we retain personal data

We retain personal data only for as long as reasonably necessary for the purpose for which it was collected, including to meet legal, accounting, tax, contractual or reporting requirements and to establish or defend legal claims.

Retention periods depend on the nature of the information and the relationship concerned. In general:

Enquiries are retained for the time needed to respond and manage any resulting relationship;
Client, supplier, and contractual records are retained for the duration of the relationship and applicable statutory limitation and record-keeping periods;
Invoicing, tax, and accounting records are retained for the legally required period;
Marketing information is retained until you unsubscribe, withdraw consent or object, subject to a limited suppression record that prevents further communications;
Recruitment information is normally deleted after the recruitment process unless retention for future opportunities has been authorised;
Cookie and consent information is retained for the periods described in the cookies policy; and
Security and technical logs are retained for a proportionate period consistent with their purpose.

Information may be retained for longer where required by law, necessary for legal proceedings or subject to a valid preservation obligation.

Security

We implement appropriate technical and organisational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access.

These measures may include access controls, authentication, backups, secure hosting, encryption where appropriate, confidentiality obligations, staff awareness measures, and supplier due diligence.

No internet transmission or information system is completely secure. You should therefore take reasonable care when sending information online and contact us if you believe your interaction with us has been compromised.

Your rights

Depending on the law applicable to you and subject to legal conditions and exceptions, you may have the right to:

Request access to your personal data;
Request correction of inaccurate or incomplete data;
Request deletion of your personal data;
Request restriction of processing;
Object to processing based on legitimate interests;
Object at any time to direct marketing;
Receive certain personal data in a structured, commonly used, and machine-readable format and transmit it to another controller;
Withdraw consent at any time, without affecting processing carried out before withdrawal;
Request information about international-transfer safeguards;
Not be subject to a decision based solely on automated processing that produces legal or similarly significant effects, where the law provides this right; and
Lodge a complaint with a competent data-protection authority.

We do not currently use solely automated decision-making producing legal or similarly significant effects in connection with ordinary use of this website.

To exercise your rights, contact us at hello@allegro234.net. Please describe your request clearly. We may ask for information reasonably necessary to verify your identity and protect your data.

We normally respond within one month where the GDPR applies. This period may be extended by up to two additional months for complex or numerous requests, in which case we will inform you.

Requests are generally free of charge. A reasonable fee may be charged, or a request refused, where permitted by law and the request is manifestly unfounded or excessive.

Complaints

We would appreciate the opportunity to address your concern directly. You may contact us at hello@allegro234.net.

You also have the right to complain to the competent supervisory authority.

In Spain, the supervisory authority is the Agencia Española de Protección de Datos -AEPD. The existing link to the AEPD website should be retained.

Residents of another EEA country may contact the authority in their place of residence, place of work or the place of the alleged infringement.

UK residents may contact the Information Commissioner’s Office -ICO. The relevant official link should be included where the website actively targets UK users.

Marketing preferences

You can stop receiving marketing communications at any time by:

Using the unsubscribe link contained in an email;
Changing any available communication preferences; or
Contacting us at hello@allegro234.net.

After opting out, we may retain minimal information on a suppression list so that your preference can be respected.

Opting out of marketing does not prevent us from sending essential administrative, contractual, or service-related communications.

Cookies and similar technologies

We use cookies and similar technologies as described in our Cookies Policy.

Except for technologies that are strictly necessary to provide the website or a service requested by you, cookies and similar technologies requiring consent will not be activated until valid consent has been obtained.

You may accept, reject, or manage non-essential cookies through the cookie-management tool. Withdrawing consent must be as easy as giving it.

Third-party websites and social media

The website may contain links to websites, platforms, plug-ins, embedded content, or social-media services operated by third parties.

Allegro 234 does not control those services and is not responsible for their privacy practices. Third parties may collect information about you in accordance with their own policies, particularly when you interact with embedded content, sharing buttons or social-media widgets.

We recommend reviewing the privacy and cookie information provided by those third parties before supplying personal data or enabling their services.

Children

The website and our services are directed primarily towards organisations, professionals, and adults. They are not intended for children, and we do not knowingly collect personal data directly from children through the website.

If you believe that a child has supplied personal data to us without appropriate authorisation, please contact us so that we can investigate and, where appropriate, delete it.

Additional information for residents of California and certain US states

Depending on the jurisdiction and whether the relevant statutory thresholds apply to Allegro 234, residents of California or other US states may have rights concerning access, correction, deletion and portability of personal information, and the right to opt out of certain sales, sharing, targeted advertising or profiling.

Allegro 234 does not sell personal information for monetary consideration.

Some analytics, advertising or cross-context behavioural technologies may constitute “sharing,” “targeted advertising” or a similar regulated activity under certain US state laws. Where applicable, users will be provided with an appropriate consent or opt-out mechanism.

We will not unlawfully discriminate against a person for exercising an applicable privacy right.

Requests may be submitted through hello@allegro234.net. We will verify and process requests in accordance with the law applicable to the requester.

Changes to this Privacy Policy

We may update this Privacy Policy to reflect changes in our activities, technologies, suppliers, legal obligations, or regulatory guidance.

The current version will always be published on this page with its effective date. Where changes materially affect how we use personal data, we will provide additional notice or seek renewed consent where required.

Contact us

Questions, requests or concerns regarding this Privacy Policy or our use of personal data may be sent to:

Allegro 234
Gran Vía de Hortaleza, 62
28043 Madrid
Spain
Email: hello@allegro234.net

Last updated: 26 June 2026