Legal · Bestard Capital

Privacy policy

1. Data controller identification

The data controller for the personal data processed through bestardcapital.com (the "Website") is Francisco Bestard, operating under the trading name Bestard Capital as an independent professional (the "Controller", "we", "us").

Contact regarding personal data and this Privacy Policy: info@bestardcapital.com.

Bestard Capital is completing the incorporation of a corporate entity. Once that entity is registered, this Privacy Policy will be updated to identify the corporate controller together with its registered address and tax identification number. Until then, the Controller acts in an individual professional capacity and remains fully accountable under the General Data Protection Regulation (EU) 2016/679 ("GDPR").

Under Article 37 GDPR, the processing activities described in this policy do not meet the thresholds that would require the formal appointment of a Data Protection Officer (no large-scale systematic monitoring, no large-scale processing of special categories of data). No formal Data Protection Officer is therefore appointed. All privacy-related requests should be addressed to info@bestardcapital.com, which is monitored directly by the Controller.

2. Categories of personal data processed

We process the following categories of personal data, depending on how you interact with the Website:

3. Purposes of processing and legal basis

We process personal data for the following purposes, each with a corresponding legal basis under Article 6(1) GDPR:

4. Data retention periods

We retain personal data only for as long as necessary for the purposes described above, and in accordance with the following schedule:

5. Data recipients

Personal data is disclosed only to the following categories of recipients, each acting as a processor or independent controller under an appropriate data-protection instrument:

We do not use third-party marketing or advertising technology (adtech) on this Website, and we do not sell, rent or otherwise share personal data with data brokers.

6. International transfers

Where personal data is transferred outside the European Economic Area, we ensure an adequate level of protection is in place. Google Analytics 4 relies on the EU–US Data Privacy Framework (and, where applicable, Standard Contractual Clauses) as the transfer mechanism for any data that may be processed in the United States. Plausible Analytics is EU-only and does not transfer data outside the EU.

7. Data subject rights

Under Articles 15 to 22 GDPR, you have the right to:

To exercise any of these rights, send a written request to info@bestardcapital.com, specifying the right you wish to exercise and including sufficient information to verify your identity. We will respond within one month of receipt, extendable by two further months for complex requests, as permitted under Art. 12(3) GDPR.

You also have the right to lodge a complaint with a supervisory authority. If you are resident in France, the competent authority is the CNIL (Commission Nationale de l'Informatique et des Libertés — cnil.fr). If you are resident in Spain, the competent authority is the AEPD (Agencia Española de Protección de Datos — aepd.es). Residents of other EU/EEA member states may contact their local data protection authority; a full list is available from the European Data Protection Board.

8. Cookie use

The Website uses a limited set of cookies, described in full in our dedicated Cookie Policy. In summary: a strictly necessary cookie stores your consent choice; Google Analytics 4 cookies are set only after you actively consent; Plausible Analytics does not use cookies at all.

9. Automated decision-making

Bestard Capital does not carry out any automated decision-making or profiling that produces legal effects concerning you, or that similarly significantly affects you, within the meaning of Article 22 GDPR.

10. Security measures

We apply appropriate technical and organisational measures to protect personal data, including: enforced HTTPS with TLS 1.3 encryption across the Website; secure hosting infrastructure with access controls; and restriction of access to personal data to personnel who require it for the purposes described in this policy.

11. Changes to this policy

We may update this privacy policy from time to time to reflect changes in our data-processing practices or in applicable law. The date at the top of this page indicates when it was last revised. We encourage you to review this page periodically.

12. Contact and complaints

For any question regarding this privacy policy or our data-protection practices, or to exercise your rights, please contact us at info@bestardcapital.com. You also have the right to lodge a complaint with the CNIL (France), the AEPD (Spain), or the competent supervisory authority in your country of residence, as detailed in Section 7 above.