Privacy Policy

Date of entry into force: 03/15/2026
Responsible: Montserrat Berga Serramià (AURA Consulting)
Website: https://aura-ia.eu

1. Who are we and why is this policy different?

We are AURA, a consultancy specializing in the integration of Artificial Intelligence applied under a proprietary methodology based on security, transparency and human control.

As experts in data protection and digital ethics, we understand privacy not as a legal obligation, but as a fundamental right and a pillar of trust. Unlike many platforms that monetize or share your data with third parties, at aura-ia.eu we apply the principle of minimization and sovereignty:

  • Your data is processed only for the explicit purpose for which you provide it to us.
  • We do not use mass tracking systems or sell data to brokers.
  • Our technical infrastructure is designed to guarantee security and technological independence.

2. Data Controller

  • Identity: Montserrat Berga Serramià
  • Activity: Applied AI consulting, web development and process automation.
  • Contact: hola@aura-ia.eu
  • Professional address: Castelldefels, BCN

3. What data do we collect and why?

We only collect the data strictly necessary for each interaction, following the Analysis (A) phase of our methodology to identify the minimum viable data.

A. Contact and Service Request Forms

  • Data collected: Name, email, phone (optional), message and project details.
  • Purpose: To manage your request, answer queries and send quotes or collaboration proposals.
  • Legitimation: Explicit consent of the user by checking the checkbox.
  • Retention: Until the request is resolved and, subsequently, during the legal limitation periods for responsibilities.

B. Newsletter

  • Data collected: Email and name.
  • Purpose: Send educational content on AI, digital ethics and consulting news.
  • Legitimation: Explicit consent (double opt-in).
  • Retention: Until the user unsubscribes.

C. Browsing Data and Cookies

We use technical cookies essential for the operation of the site and preference cookies to manage consent.

  • Analytics: We do not use intrusive tracking tools (such as standard Google Analytics). We use privacy-friendly analytics (e.g. self-hosted Matomo) that anonymize IPs and do not cross-site data.
  • Purpose: Measure the audience in an aggregated manner to improve the user experience (Continuous Adaptation Phase).
  • Legitimate: Prior consent through the cookie banner (natively managed by Drupal without unnecessary external dependencies).

4. Sharing Data with Third Parties

Our philosophy of Technological Independence drastically limits the transfer of data:

  • We do not sell or rent your data to third parties.
  • Service Providers (Processors): We only share data with providers strictly necessary for technical operation (e.g.: hosting company released in the EU, secure email service). All of them have signed confidentiality agreements and comply with the GDPR.
  • International Transfers: We avoid transferring personal data outside the European Economic Area (EEA), unless there are adequate guarantees (standard clauses) and it is strictly necessary for the provision of the service (e.g. certain AI APIs, always informing you beforehand).

5. Data Security

Applying the Phase U (Strategic Use) of the AURA methodology to our own security:

  • We implement robust technical and organizational measures (SSL/TLS encryption, regular backups, restricted access with two-factor authentication).
  • Our development and production environment follows strict protocols to prevent unauthorized access.
  • In case we integrate AI into our internal processes to serve you, we guarantee that no sensitive data is used to train public models without your explicit consent.

6. Your Rights

As the data subject, you have the right to:

  • Access: Know what data we have about you.
  • Rectification: Correct inaccurate data.
  • Deletion (Right to be forgotten): Request the deletion of your data when it is no longer necessary.
  • Limitation and Opposition: Limit the processing or oppose it in certain cases.
  • Portability: Receive your data in a structured format.
  • Withdrawal of consent: At any time, without affecting the lawfulness of the previous treatment.

To exercise these rights, send us an email to privacitat@aura-ia.eu attaching a copy of your ID or identification document.

You also have the right to file a complaint with the Catalan Data Protection Authority (APDCAT) or the Spanish Data Protection Agency (AEPD) if you consider that the treatment does not comply with the regulations.

7. Changes to this Policy

We may update this policy to adapt to new legal requirements (such as the European AI Act) or improvements to our processes. We will inform you of any significant changes via our website or by email.