You are here:

Privacy Policy

This Privacy Policy governs the collection of personal data by Overbrain SL (OVB Group).

The current document can be printed for reference using the print command in the configuration options of any browser.

Data Controller and Owner

Gabriele Maschio for Overbrain, SL
C/Galicia 41, 38660 Adeje, Santa Cruz de Tenerife (Spain)
Tel. +34 822 280 500
VAT: B76625250 – registered in the Commercial Registry of Santa Cruz de Tenerife, Volume: 3308, Folio: 28, Section: 8, Sheet: 52939, Registration: 1
Contact email of the Data Controller:

Collected Data Types

Among the types of personal data that Overbrain SL (OVB Group) collects, either directly or through third parties, are: Cookies; Usage Data; email address; name; surname(s); company name; number of employees; phone number; Billing Information; various types of Data; payment information; billing address.

The complete information regarding each category of personal data collected is provided in the sections of this privacy policy dedicated to that purpose or through specific explanatory texts displayed prior to the data collection.

All data requested by Overbrain SL (OVB Group) is mandatory, and the refusal to provide them may make it impossible for Overbrain SL (OVB Group) to provide the service. In cases where Overbrain SL (OVB Group) specifically indicates that certain data are not mandatory, users are free not to communicate such data without any consequences for the availability or functioning of the service. Users who have doubts about which data are mandatory can contact the Data Controller.

The use of Cookies or other tracking tools by Overbrain SL (OVB Group) or by the owners of third-party services used by Overbrain SL (OVB Group) serves the purpose of providing the service requested by the user, in addition to any other purposes described in this document and in the Cookie Policy, if available. The user assumes responsibility for the personal data of third parties obtained, published, or shared through Overbrain SL (OVB Group) and hereby declares to have the consent of said third parties to provide such data to the Data Controller.

Methods and Place of Data Processing

Processing Methods

The Data Controller will process the users’ data appropriately and adopt the appropriate security measures to prevent unauthorized access, disclosure, alteration, or destruction of the data.

Data processing is carried out using computers and/or IT-enabled tools, following organizational procedures and modes strictly related to the stated purposes. In addition to the Data Controller, in some cases, certain categories of authorized persons involved in the operation of Overbrain SL (OVB Group) (administration, sales, marketing, legal, and system administration departments) or external contractors providing services to the Data Controller (such as external technical service providers, courier companies, hosting companies, IT companies, communication agencies) may have access to the data. These individuals will be appointed as Data Processors by the Data Controller, if necessary. An up-to-date list of such individuals can be requested from the Data Controller at any time.

Legal Basis for Data Processing

The Data Controller may process the User’s Personal Data if one of the following conditions is met:

  • When Users have given their consent for one or more specific purposes. Note: Under various regulations, the Data Controller may be authorized to process Personal Data until the User objects to it (“opt-out”), without the need for consent or any other legal basis. However, this does not apply when the processing of Personal Data is subject to European legislation on the protection of Personal Data;
  • When the collection of Data is necessary for the performance of a contract between the User and/or any pre-contractual obligation thereof;
  • When the processing is necessary for compliance with a legal obligation binding on the User;
  • When the processing is related to a task carried out in the public interest or in the exercise of official authority vested in the Data Controller;
  • When the processing is necessary for the pursuit of a legitimate interest by the Data Controller or a third party.

In any case, the Data Controller is available to define the specific legal bases that apply to the processing, particularly if the collection of Personal Data is a contractual or statutory requirement or a requirement necessary to enter into a contract.


The Data is processed at the offices of the Data Controller, as well as any other location where the parties involved in the processing are located.

Depending on the User’s location, Data transfers may involve transferring the User’s Data to a country other than their own. For more information on the location of such transferred Data processing, Users may consult the section containing details on the processing of Personal Data.

Users also have the right to know the legal bases for Data transfers to another country outside the European Union or to any international organization governed by international public law or composed of two or more countries, such as the UN, and also to know the security measures taken by the Data Controller to safeguard their Data.

If such Data transfer takes place, Users can obtain more information by consulting the relevant sections of this document or by requesting it from the Data Controller through the contact information provided in the contact section.

Data Retention Period

Personal Data will be processed and retained for the time necessary and for the purpose for which it was collected.

  • Personal Data collected for the performance of a contract between the Data Controller and the User must be retained as long as the contract is fully formalized.
  • Personal Data collected in the legitimate interest of the Data Controller must be retained for the time necessary to fulfill that purpose. Users can find specific information related to the Data Controller’s legitimate interest by consulting the relevant sections of this document or by contacting the Data Controller.
  • The Data Controller may retain Personal Data for an additional period when the User provides consent for such processing, as long as that consent is valid. Additionally, the Data Controller is obliged to retain Personal Data for an additional period whenever necessary to comply with a legal obligation or an order from an authority.

Once the retention period has expired, Personal Data must be deleted. Therefore, the rights of access, modification, rectification, and data portability cannot be exercised once this period has expired.

Purpose of the Collected Data Processing

The User’s data is collected to allow the Data Controller to provide its Service, fulfill its legal obligations, respond to enforcement requests, protect its rights and interests (or those of its Users or third parties), detect any malicious or fraudulent activity, as well as for the following purposes: Remarketing and behavioral targeting, Displaying content from external platforms, Statistics, Contacting the User, Interaction with live chat platforms, Interaction with data collection platforms and other third parties, Productivity management activities, User database management

, Data transfer outside the EU, Advertising, and Payment management.

Users can find specific information about the Personal Data used for each purpose in the “Detailed Information on the Processing of Personal Data” section.

Detailed Information on the Processing of Personal Data

Personal Data is collected for the following purposes and using the following services:

  • Productivity management activities
  • Contacting the User
  • Statistics
  • User database management
  • Payment management
  • Interaction with live chat platforms
  • Interaction with data collection platforms and other third parties
  • Advertising
  • Remarketing and behavioral targeting
  • Data transfer outside the EU
  • Displaying content from external platforms

Information about disabling interest-based advertising

In addition to the opt-out features provided by any of the services listed in this document, Users can obtain more general information on how to disable interest-based advertising in the specific section of the Cookie Policy.

Additional Information on the Processing of Personal Data

Online Sale of Goods and Services

User Rights

Users have the right to exercise certain rights regarding the processing of their Data by the Data Controller.

In particular, Users have the right to:

  • Withdraw their consent at any time. Users have the right to withdraw consent where they have previously given their consent to the processing of their Personal Data.
  • Object to the processing of their Data. Users have the right to object to the processing of their Data if the processing is carried out on a legal basis other than consent. For further information, Users can refer to the relevant section below.
  • Access their Data. Users have the right to know whether their Data is being processed by the Data Controller, obtain information about certain aspects of the processing, and obtain a copy of the Data undergoing processing.
  • Verify and seek rectification. Users have the right to verify the accuracy of their Data and ask for it to be updated or corrected.
  • Restrict the processing of their Data. Users have the right, under certain circumstances, to restrict the processing of their Data. In this case, the Data Controller will process their Data solely for storage purposes.
  • Erase or delete Personal Data. Users have the right, under certain circumstances, to obtain the erasure of their Data from the Data Controller.
  • Receive their Data and have it transferred to another controller. Users have the right to receive their Data in a structured, commonly used, and machine-readable format and, if technically feasible, to have it transmitted to another controller without any hindrance. This provision is applicable provided that the Data is processed by automated means and that the processing is based on the User’s consent, on a contract to which the User is a party, or on pre-contractual obligations thereof.
  • Lodge a complaint. Users have the right to bring a claim before their competent data protection authority.

Details about the right to object to processing

When Personal Data is processed in the public interest, in the exercise of an official authority vested in the Data Controller, or for the purposes of the legitimate interests pursued by the Data Controller, Users may object to such processing by providing a ground related to their particular situation to justify the objection.

Users are reminded that if their Personal Data is processed for direct marketing purposes, they can object to that processing at any time without providing any justification. To find out whether the Data Controller is processing Personal Data for direct marketing purposes, Users can refer to the relevant sections of this document.

How to exercise these rights

Any requests to exercise User rights can be directed to the Data Controller through the contact details provided in this document. These requests will be processed by the Data Controller free of charge as early as possible and always within one month.

Cookie Policy

Overbrain SL (OVB Group) uses Trackers. For more information, Users can consult the Cookie Policy.

Additional Information on Data Collection and Processing

Legal Defense

User Personal Data may be used by the Data Controller for legal defense purposes in court or in the stages leading to possible legal action arising from the improper use of Overbrain SL (OVB Group) or related services by the User.

Users declare themselves to be aware that the Data Controller may be required to reveal Personal Data upon request of public authorities.

Additional Information about User’s Personal Data

In addition to the information contained in this privacy policy, Overbrain SL (OVB Group) may provide the User with additional and contextual information regarding specific services or the collection and processing of Personal Data upon request.

System Logs and Maintenance

For operation and maintenance purposes, Overbrain SL (OVB Group) and any third-party services used by it may collect system logs, which are files that record interactions and may also contain Personal Data, such as the User’s IP address.

Information Not Contained in this Policy

More details concerning the collection or processing of Personal Data may be requested from the Data Controller at any time. Please see the contact information at the beginning of this document.

How “Do Not Track” Requests Are Handled

Overbrain SL (OVB Group) does not support “Do Not Track” requests.

To determine whether any of the third-party services it uses honor the “Do Not Track” requests, please read their privacy policies.

Changes to this Privacy Policy

The Data Controller reserves the right to make changes to this privacy policy at any time by giving notice to Users on this page and possibly within Overbrain SL (OVB Group) and/or – as far as technically and legally feasible – sending a notice to Users via any contact information available to the Data Controller. It is strongly recommended to check this page often, referring to the date of the last modification listed at the bottom.

If the changes affect processing activities performed on the basis of the User’s consent, the Data Controller shall collect new consent from the User, where required.

Definitions and Legal References

Last revised: July 27, 2021