1. Introduction

Welcome to GLZ Global ("we," "our," or "us"). We are committed to protecting your privacy and handling your personal data in an open and transparent manner. This privacy policy explains how we collect, use, share, and protect your personal information when you visit our website www.glzglobal.com, use our services, or interact with us.

This policy applies to all users of our services, including startups seeking funding, investors, partners, and website visitors.

 

2. Who We Are and How to Contact Us

The data controller for your personal information is:

GLZ Global Consulting S.L.
Via Augusta, 123
08006 Barcelona, Spain
Email: connect@glzconsulting.net
Phone: +34 603 784 620

If you have any questions about this privacy policy or our data protection practices, please contact us using the details provided above.

 

3. What Information We Collect

We may collect and process the following categories of personal data:

 

3.1 Information You Provide to Us

• Identity Data: First name, last name, username, job title, company position

• Contact Data: Email address, telephone number, business address, billing address

• Business Data: Company name, business plan, pitch deck, financial information, funding history, company structure, product/service descriptions, market analysis, team information

• Financial Data: Bank account details, payment card information, transaction history, investment amounts

• Communications Data: Content of correspondence with us via email, phone, or other channels

• Marketing and Communications Preferences: Your preferences for receiving marketing communications and newsletters

 

3.2 Information We Collect Automatically

• Technical Data: IP address, browser type and version, time zone setting, geolocation data, browser plug-in types and versions, operating system and platform, device information

• Usage Data: Information about how you navigate our website, pages visited, time spent on pages, links clicked, search queries, date and time of visits

• Cookie Data: Information collected through cookies and similar tracking technologies (see our Cookie Policy for details)

 

3.3 Information from Third Parties

• Analytics Providers: Such as Google Analytics

• Advertising Networks: For targeted advertising purposes

• Publicly Available Sources: LinkedIn, company registries, news articles, public databases

• Professional Networks: Information shared by mutual contacts or referral partners

 

4. How We Collect Your Information

We collect data through:

 

4.1 Direct Interactions

You provide us with personal data when you:

• Submit inquiry forms on our website

• Request information about our services

• Subscribe to our newsletter or publications

• Register for events or webinars

• Engage us to provide fundraising services

• Communicate with us via email, phone, or in person

• Provide feedback or complete surveys

 

4.2 Automated Technologies

As you interact with our website, we automatically collect Technical and Usage Data through:

• Cookies (see Section 12 and our Cookie Policy)

• Server logs

• Web beacons and pixels

• Analytics tools

 

4.3 Third Parties

We receive personal data from:

• Analytics providers (e.g., Google Analytics)

• Advertising networks

• Search information providers

• Professional networking platforms

• Our business partners and referral sources

 

5. How We Use Your Information

We process your personal data for the following purposes:

 

5.1 Service Delivery

• To provide fundraising intermediation and investment banking services

• To connect startups with appropriate investors

• To facilitate due diligence processes

• To prepare pitch materials and investor presentations

• To manage and execute fundraising campaigns

 

5.2 Relationship Management

• To communicate with you about our services

• To respond to your inquiries and requests

• To notify you of changes to our terms or privacy policy

• To provide customer support

• To manage our contractual relationship with you

 

5.3 Business Operations

• To administer and protect our business and website

• For troubleshooting, data analysis, and testing

• For system maintenance, support, and reporting

• For hosting of data and IT infrastructure management

• To prevent fraud and ensure security

 

5.4 Marketing and Analytics

• To deliver relevant website content and advertisements

• To measure and understand the effectiveness of our marketing

• To improve our website, services, and customer experience

• To conduct data analytics and business intelligence

• To make recommendations about services that may interest you

 

5.5 Legal and Compliance

• To comply with legal and regulatory obligations

• To establish, exercise, or defend legal claims

• To protect our rights, property, and safety

 

6. Legal Basis for Processing Personal Data

Under GDPR, we rely on the following legal bases:

 

6.1 Consent

Where you have given explicit consent for specific processing activities, such as:

• Marketing communications

• Non-essential cookies

• Sharing sensitive business information

You may withdraw consent at any time by contacting us.

 

6.2 Contract Performance

Processing necessary to:

• Provide our fundraising services

• Execute agreements with clients and investors

• Take pre-contractual steps at your request

 

6.3 Legal Obligation

Processing required to comply with:

• Financial regulations and reporting requirements

• Anti-money laundering (AML) and Know Your Customer (KYC) obligations

• Tax laws and accounting standards

• Court orders or regulatory requests

 

6.4 Legitimate Interests

Processing necessary for our legitimate business interests, including:

• Improving and developing our services

• Network security and fraud prevention

• Business analytics and optimization

• Direct marketing to business contacts

• Managing our business relationships

We balance these interests against your rights and will not process data where your interests override ours.

 

7. Data Sharing and Disclosure

We share your personal data with:

 

7.1 Internal Recipients

• Other companies within the GLZ Global group

• Our employees and contractors with appropriate confidentiality obligations

 

7.2 External Service Providers

• IT Service Providers: Website hosting, cloud storage, email services

• Analytics Providers: Google Analytics, marketing analytics platforms

• Communication Tools: Email marketing platforms, CRM systems

• Payment Processors: For transaction processing

• Professional Advisers: Lawyers, accountants, auditors, insurers, bankers

 

7.3 Business Partners

• Investors: When connecting startups with funding opportunities

• Startups: When presenting investment opportunities to investors

• Co-investors and Syndicate Partners: For collaborative deals

• Due Diligence Providers: For verification and research services

 

7.4 Legal and Regulatory

• Law enforcement agencies, courts, and regulators when legally required

• Third parties in connection with legal proceedings

 

7.5 Business Transfers

• Potential buyers or investors in the event of a business sale, merger, or acquisition

• Professional advisers in relation to corporate transactions

Data Processing Agreements: All third-party processors are bound by data processing agreements ensuring they handle your data securely and only for specified purposes.

 

8. International Data Transfers

Given the global nature of our business, we may transfer your personal data outside the European Economic Area (EEA), including to:

• United States (for cloud services and analytics)

• United Kingdom

• Other jurisdictions where our clients or investors are located

We ensure adequate protection through:

 

8.1 Adequacy Decisions

Transfers to countries deemed adequate by the European Commission

 

8.2 Standard Contractual Clauses (SCCs)

We use EU-approved Standard Contractual Clauses for transfers to countries without adequacy decisions

 

8.3 Additional Safeguards

• Technical security measures (encryption, access controls)

• Organizational safeguards (data processing agreements, privacy impact assessments)

• Regular monitoring and compliance reviews

You may request copies of our data transfer safeguards by contacting us.

 

9. Data Security

We implement industry-standard security measures including:

 

9.1 Technical Measures

• Encryption of data in transit (SSL/TLS) and at rest

• Secure access controls and authentication

• Regular security updates and patches

• Firewalls and intrusion detection systems

• Secure backup and disaster recovery procedures

 

9.2 Organizational Measures

• Confidentiality agreements with employees and contractors

• Access limitations based on need-to-know principles

• Regular security training for staff

• Data protection impact assessments for high-risk processing

• Incident response and breach notification procedures

 

9.3 Data Breach Notification

In the event of a data breach affecting your rights and freedoms, we will:

• Notify the relevant supervisory authority within 72 hours

• Notify you without undue delay if the breach poses high risk

• Document the breach and our response measures

Note: While we implement robust security measures, no system is completely secure. We cannot guarantee absolute security of data transmitted over the internet.

 

10. Data Retention

We retain personal data only as long as necessary for the purposes outlined in this policy:

 

10.1 Retention Periods

• Active Client Data: Duration of engagement plus 7 years (for legal and accounting requirements)

• Investor Communications: 7 years from last interaction (for regulatory compliance)

• Marketing Data: 2 years from last engagement, unless consent is withdrawn earlier

• Website Analytics: 26 months (Google Analytics default)

• Financial Records: 10 years (for tax and regulatory purposes)

• Contractual Documents: 7 years after contract termination

• Job Applications: 12 months from submission

 

10.2 Deletion

After retention periods expire, we will:

• Securely delete or anonymize personal data

• Remove data from active systems and backups

• Maintain only anonymized statistical data if needed

You may request early deletion by exercising your right to erasure (see Section 11).

 

11. Your Legal Rights

Under data protection laws, you have the following rights:

 

11.1 Right of Access

Request a copy of the personal data we hold about you

 

11.2 Right to Rectification

Request correction of inaccurate or incomplete data

 

11.3 Right to Erasure ("Right to be Forgotten")

Request deletion of your personal data in certain circumstances:

• Data no longer necessary for original purpose

• You withdraw consent (where consent was the legal basis)

• You object to processing and no overriding legitimate grounds exist

• Data processed unlawfully

• Legal obligation requires deletion

 

11.4 Right to Restriction

Request limitation of processing when:

• You contest data accuracy

• Processing is unlawful but you don't want deletion

• We no longer need the data but you need it for legal claims

• You've objected to processing pending verification

 

11.5 Right to Data Portability

Receive your data in a structured, machine-readable format and transmit it to another controller

 

11.6 Right to Object

Object to processing based on:

• Legitimate interests (including profiling)

• Direct marketing (we will cease immediately)

 

11.7 Right to Withdraw Consent

Withdraw consent at any time where processing is based on consent (does not affect lawfulness of prior processing)

 

11.8 Right Not to be Subject to Automated Decision-Making

We do not currently engage in fully automated decision-making or profiling that produces legal or similarly significant effects. If this changes, we will update this policy and notify you.

 

11.9 How to Exercise Your Rights

To exercise any of these rights:

• Email: connect@glzconsulting.net

• Phone: +34 603 784 620

• Mail: GLZ Global Consulting S.L., Via Augusta, 123, 08006 Barcelona, Spain

We will respond within one month, which may be extended by two months for complex requests.

No Fee: Exercising your rights is generally free, unless requests are manifestly unfounded or excessive.

 

12. Cookies and Tracking Technologies

Our website uses cookies and similar technologies. Please see our comprehensive Cookie Policy at: https://www.glzglobal.com/cookie-policy

 

12.1 Types of Cookies We Use

• Strictly Necessary Cookies: Essential for website functionality

• Performance Cookies: Analytics and website optimization (e.g., Google Analytics)

• Functionality Cookies: Remember your preferences and settings

• Targeting/Advertising Cookies: Deliver relevant advertisements

 

12.2 Cookie Management

You can control cookies through:

• Your browser settings

• Our cookie consent banner (upon first visit)

• Opt-out links for specific services

Note: Disabling certain cookies may affect website functionality.

 

13. Third-Party Links and Services

Our website may contain links to third-party websites, including:

• Social media platforms

• Partner websites

• Third-party tools and resources

We are not responsible for the privacy practices of these third parties. We recommend reviewing their privacy policies before providing any personal data.

 

14. Children's Privacy

Our services are not directed at individuals under 18 years of age. We do not knowingly collect personal data from children. If we learn that we have collected data from a child without parental consent, we will delete it promptly. If you believe we have collected data from a child, please contact us immediately.

 

15. Changes to This Privacy Policy

We may update this privacy policy periodically to reflect:

• Changes in our practices

• Legal or regulatory changes

• New services or features

 

15.1 Notification of Changes

• Material Changes: We will notify you via email or prominent website notice

• Minor Updates: Posted on this page with updated "Last Updated" date

We encourage you to review this policy regularly. Continued use of our services after changes constitutes acceptance of the updated policy.

 

16. How to Complain

 

16.1 Contact Us First

If you have concerns about our data handling practices, please contact us first:

• Email: connect@glzconsulting.net

• Phone: +34 603 784 620

We will investigate and respond to your complaint promptly.

 

16.2 Supervisory Authority

You have the right to lodge a complaint with the relevant supervisory authority:

For Spain:
Agencia Española de Protección de Datos (AEPD)
C/ Jorge Juan, 6
28001 Madrid, Spain
Website: www.aepd.es
Phone: +34 901 100 099

For EU/EEA Residents:
Contact your local data protection authority. A list is available at: https://edpb.europa.eu/about-edpb/board/members_en

 

17. Your California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

 

17.1 Right to Know

Request information about:

• Categories of personal information collected

• Categories of sources

• Business or commercial purposes for collection

• Categories of third parties with whom we share data

• Specific pieces of personal information collected about you

 

17.2 Right to Delete

Request deletion of personal information we have collected, subject to certain exceptions

 

17.3 Right to Opt-Out of Sale/Sharing

We do not sell personal information in exchange for monetary consideration. However, under the broad CCPA definition of "sale" and "sharing," our use of analytics and advertising technologies may constitute "selling" or "sharing."

To Opt-Out:

• Email: connect@glzconsulting.net with subject line "CCPA Opt-Out Request"

• We will process your request within 15 business days

 

17.4 Right to Correct

Request correction of inaccurate personal information

 

17.5 Right to Limit Use of Sensitive Personal Information

We do not use or disclose sensitive personal information for purposes other than those permitted by the CCPA

 

17.6 Right to Non-Discrimination

We will not discriminate against you for exercising your CCPA rights, including by:

• Denying goods or services

• Charging different prices or rates

• Providing different quality of services

 

17.7 Authorized Agents

You may designate an authorized agent to make requests on your behalf. The agent must provide proof of authorization.

 

17.8 Verification Process

To protect your privacy, we will verify your identity before responding to requests. We may request:

• Email confirmation

• Additional identifying information

• Signed declaration under penalty of perjury

 

17.9 Response Timeframes

We will respond to verifiable requests within 45 days, which may be extended by an additional 45 days if necessary.

 

17.10 "Shine the Light" Law

California residents may request information about our disclosure of personal information to third parties for their direct marketing purposes. We do not currently share personal information with third parties for their direct marketing purposes.

18. Additional Regional Privacy Rights

 

18.1 UK GDPR

UK residents have rights equivalent to those under EU GDPR. The relevant supervisory authority is the Information Commissioner's Office (ICO): www.ico.org.uk

 

18.2 Brazil (LGPD)

Brazilian residents have rights under Lei Geral de Proteção de Dados, including access, correction, deletion, and portability rights.

 

18.3 Other Jurisdictions

If you are located in another jurisdiction with privacy laws, you may have additional rights. Contact us to learn more.

 

Contact Information

For any questions, concerns, or requests regarding this privacy policy:

GLZ Global Consulting S.L.
Via Augusta, 123
08006 Barcelona, Spain
Email: connect@glzconsulting.net
Phone: +34 603 784 620

Effective Date: October 4, 2025

This privacy policy was last reviewed and updated on October 4, 2025. We recommend checking this page periodically for any updates.