Privacy Policy

Last updated: 15 January 2026

Introduction

epicmomentum S.L. ("we", "our", or "us") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website epicmomentum.world and use our structured finance deal modeling services.

This policy applies to all data we collect about you, including through our website, email communications, and business services. By using our services, you consent to the data practices described in this policy.

Data Controller Information

The data controller for your personal information is:

epicmomentum S.L.
Paseo de la Castellana 111
Valencia 46033
Valencian Community, Spain
Registration Number: B49587362
Email: privacy@epicmomentum.world

Data We Collect

We collect various types of information about you when you interact with our services. The data we collect includes:

Personal Information

  • Contact details: name, email address, phone number, postal address
  • Professional information: company name, job title, business address
  • Communication records: correspondence, enquiry forms, meeting notes
  • Project information: transaction details, financial data (when provided for modeling services)

Technical Information

  • IP address and location data
  • Browser type and version
  • Operating system and device information
  • Website usage data and analytics
  • Cookie and tracking technology data

How We Use Your Information

We use the data we collect for legitimate business purposes and in accordance with applicable data protection laws. How we use your information includes:

Service Provision

  • Delivering structured finance deal modeling services
  • Communicating about projects and providing updates
  • Processing enquiries and responding to questions
  • Managing client relationships and contracts

Business Operations

  • Improving our services and website functionality
  • Conducting business analysis and reporting
  • Ensuring security and preventing fraud
  • Complying with legal and regulatory requirements

Marketing and Communications

With your consent, we may use your contact information to send you marketing communications about our services, industry insights, and relevant updates. You can opt out of marketing communications at any time.

Legal Basis for Processing

Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds:

  • Contract performance: Processing necessary for performing contracts for our services
  • Legitimate interests: Processing for our legitimate business interests, such as improving services and preventing fraud
  • Consent: Where you have given specific consent for marketing communications or certain data processing activities
  • Legal compliance: Processing required to comply with applicable laws and regulations

Cookies and Tracking Technologies

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner.

For detailed information about the cookies we use, please refer to our Cookie Policy.

Data Sharing and Disclosure

We do not sell, trade, or otherwise transfer your personal information to third parties except in the following circumstances:

  • Service providers: Trusted third parties who assist us in operating our business, such as IT support, professional advisors, and analytics providers
  • Legal requirements: When required by law, regulation, or court order
  • Business transfers: In connection with any merger, sale, or transfer of company assets
  • Protection of rights: To protect our rights, property, or safety, or that of others

All third parties are required to maintain appropriate security measures and use your information only for the specified purposes.

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements. Our data retention practices include:

  • Client data: Retained for the duration of the business relationship and for 7 years after completion of services for legal and regulatory compliance
  • Marketing data: Retained until you withdraw consent or we no longer have a legitimate interest
  • Website analytics: Typically retained for 26 months in accordance with Google Analytics standard retention
  • Communication records: Retained for 3 years for business continuity and dispute resolution

Data Security

We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. Our security measures include:

  • Encryption of data in transit and at rest
  • Regular security assessments and updates
  • Access controls and authentication procedures
  • Staff training on data protection and security practices
  • Secure backup and recovery procedures

Your Rights

Under GDPR and applicable data protection laws, you have the following rights regarding your personal data:

  • Right of access: Request a copy of the personal data we hold about you
  • Right to rectification: Request correction of inaccurate or incomplete data
  • Right to erasure: Request deletion of your personal data in certain circumstances
  • Right to restrict processing: Request limitation of how we use your data
  • Right to data portability: Request transfer of your data to another organisation
  • Right to object: Object to processing based on legitimate interests or for marketing purposes
  • Right to withdraw consent: Withdraw consent for processing where consent is the legal basis

To exercise these rights, please contact us using the contact information provided below.

International Data Transfers

As we operate within the European Union, your personal data is primarily processed within the EU. If we need to transfer data outside the EU, we ensure appropriate safeguards are in place, such as:

  • Adequacy decisions by the European Commission
  • Standard Contractual Clauses approved by the European Commission
  • Binding Corporate Rules or certification schemes

Children's Privacy

Our services are not directed to individuals under the age of 16, and we do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child without appropriate consent, we will take steps to delete such information promptly.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the updated policy on our website and updating the "Last updated" date.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

Contact Us

If you have any questions about this Privacy Policy, wish to exercise your rights, or need to contact us regarding data protection matters, please reach out using the following contact information:

Data Protection Contact:
Email: privacy@epicmomentum.world
Phone: +34 969 931 564

Postal Address:
epicmomentum S.L.
Paseo de la Castellana 111
Valencia 46033
Valencian Community, Spain

You also have the right to lodge a complaint with the Spanish Data Protection Agency (Agencia Española de Protección de Datos) or your local supervisory authority if you believe we have not handled your personal data in accordance with applicable law.