Privacy Policy

Content and scope

Your privacy is essential for ENAIRE, which is why the Public Entity pays special attention to the protection of your personal data during the different data processing activities.  Personal data is any information about an identified or identifiable natural person, also known as the data subject or data subject. A person is considered "identifiable" when he or she can be identified directly or indirectly, in particular by reference to an identifier such as: a name or identification number.  ENAIRE will process your personal data in accordance with the Community Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR) and the Organic Law on Data Protection and Guarantee of Digital Rights 3/2018 of 5 December.

ENAIRE will act as the controller of your personal data.

Principles of treatment

In the treatment ENAIRE will apply the following principles:

Legality, fairness and transparency

  1. Have a legal justification for the management of personal data and identify an appropriate legal basis (or bases) for the data processing.
  2. Provide clear information on personal data management activities and legal justification in the privacy policy.

Limitation of purpose

  1. Collect data for specified, explicit and legitimate purposes and not process additional data in a way that is incompatible with those purposes.

Data minimization

  1. Ensure that the data processed is adequate, relevant and limited to what is necessary.

Accuracy and storage limitation

  1. Ensure the accuracy of the data and, if necessary, keep it updated.

Store data no longer than necessary for the purposes for which the data are processed.

Integrity and confidentiality (Data security)

  1. Implement appropriate technical and organizational measures to protect personal data from destruction, loss, alteration, unauthorized disclosure or accidental or unlawful access.
  2. Encrypt or anonymize personal data.
  3. Prepare a data protection impact assessment if necessary and implement the technical and organizational measures resulting from it, if applicable.
  4. Implement a process for dealing with data breaches.

Accountability and governance

  1. Designate someone responsible for data privacy within the organization.
  2. Maintain agreements with any third parties that manage personal data.
  3. Have records in place to be able to demonstrate compliance.

Privacy rights

  • Ensure that end users can obtain, correct, delete and update all information stored about them.

Personal data processed

ENAIRE will collect the following personal data:

  • Identifying information: name, surname, ID number, telephone number, business address and e-mail address.
  • Electronic: Electronic identification (IP address, login data, operating system device), passwords and metadata.
  • Professionals: position and organization to which you belong.

Source of personal data

ENAIRE only processes:

  • Data that you actively and knowingly provide to us through forms and/or email; data that is relevant and necessary for the provision of the service.
  • Among these, you should note that, by using cookies, you also provide us with your IP address, login data, passwords and metadata (data that provides information about other data).
  • You, as user, are responsible for the veracity of the data provided and undertake to keep them updated.


  • ENAIRE does not allow children under 14 years of age to include their personal data in any of the forms or spaces, of any type, that make up the website for the provision of services. Therefore, ENAIRE is exempt from any liability that may arise from failure to comply with this prohibition.
  • When any service may be intended for users under 14 years of age, the necessary legal means shall be provided to obtain the corresponding authorizations from parents or legal guardians.

Register of Treatment Activities

ENAIRE, in accordance with the provisions of article 6.bis of Law 19/2013, of December 9, on Transparency, Access to Public Information and Good Governance, has made public its register of processing activities. You can consult it at the following link.


ENAIRE is certified in the National Security Scheme (ENS) in accordance with the latest update carried out by Royal Decree 311/2022 of May 3.
ENAIRE guarantees a high level of protection of your personal data.


In accordance with the provisions of Articles 15 et seq. of the Community Regulation, ENAIRE informs you that you may exercise your rights at or, if you wish, at

If your data protection request is not duly processed by ENAIRE, you may submit a new request at

Finally, ENAIRE informs you that whenever any application or portal of the web requests certain personal data from you, you will be duly informed of the processing thereof in the terms required by Article 13 of the Community Regulation. Please pay attention to this information.