Information Security Management System ISO 27001 Certification

Bi4 Group Information Security Management System is certified under the compliance with the requirements of UNE-ISO / IEC 27001:2014

Bi4 Group regards Information Security as a key asset within its business model strategy, where technology plays a leading role in providing the most advanced and efficient security services and solutions on the market, and thus providing our customers a high added value.

The ISO 27001 certification offers our customers, as well as our suppliers and employees, an even greater guarantee in the processing of information and data, reducing the risks of fraud, loss or any other type of information leak.

Information is safeguarded in terms of:

  • Confidentiality: Information is not revealed or disclosed to unauthorized individuals, entities or processes.

  • Integrity: Protect the accuracy and completeness of information and the methods that are used to process and manage it.

  • Availability: Guaranteed access and use of the information and the systems of its treatment by the individuals, entities or authorized processes when it is required.

In order to ensure that the information security is managed correctly by Bi4 Group, we have created and are making use of a systematic process, which is documented and is known throughout the organization and that constitutes the ISMS.

With this certification, Bi4 Group offers a greater commitment to the security of information for all the services we provide.




The Privacy Policy is part of the General Conditions that govern this Website.

Version 1 24th March 2018

Who is responsible for the processing of your data?


Tax ID No.: B86913365

Address: Calle Gran Vía de Colón, 21, 3A, 18001, Granada (Spain).

Tel.: +34 958 198 003


You can contact us in any way to communicate with us. We reserve the right to modify or adapt this Privacy Policy at any time. You are advised to review it, and if you have registered and you access your account or profile, you will be informed of any changes.


What data do we gather through the Web?

We can process your IP, what operating system or browser you use, and even the length of your visit, anonymously.

If you provide us with information in the contact form, you will identify yourself so as to be contacted, if necessary.

  • Answering your questions, applications or requests.

  • Managing the requested service, answering your application, or processing your request.

  • Information by electronic means, which relates to your request.

  • Commercial or events information by electronic means, provided that there is express authorization.

  • Performing analysis and improvements on the Web, about our products and services. Improving our commercial strategy.

What is the legal basis for processing your data?

The acceptance and consent of the interested party: In the cases where it is necessary to fill in a form and click on the “submit” button to make a request, completing the form and submitting it will necessarily imply that you have been informed and have expressly given your consent to the content of the clause annexed to said form or acceptance of the privacy policy. All our forms show the symbol * when data are obligatory. If you do not complete these fields, or do not tick the acceptance checkbox for the privacy policy, sending the information will not be allowed. The following formula is usually shown: “I have read and agree with the Privacy policy of Bi4 Group.”


What data do we collect through the newsletter?

You can subscribe to the Newsletter on the Web, if you provide us with an e-mail address, to which the Newsletter will be sent.

We will only store your e-mail in our database, and then we will send you e-mails periodically, until you request cancellation, or we stop sending e-mails.

You will always have the option to cancel your subscription, in any communication.

For what purposes do we process your personal data?

  • Managing the requested service.

  • Information by electronic means, which relates to your request.

  • Commercial or events information by electronic means, provided that there is express authorization.

  • Performing analysis and improvements in mailing, to improve our business strategy.

What is the legal basis for processing your data?

Acceptance and consent of the interested party: In the cases where you subscribe, you must accept by ticking a checkbox and then click on the “submit” button. This will necessarily imply that you have been informed and have expressly granted your consent to receiving the newsletter.

If you do not tick the acceptance checkbox for the privacy policy, sending of the information will not be allowed. The following formula is usually shown:  “I have read and agree with the Privacy policy of Bi4 Group.”


For what purposes do we process your personal data?

  • Assessing the degree of quality in the service provided

  • Improving the services offered, under compliance with the ISO

What is the legal basis for processing your data?

The legal basis is the express consent of the respondent.


For what purposes do we process your personal data?

  • Information by electronic means, that relates to your request.

  • Commercial or events information by electronic means, provided that there is express authorization.

  • Managing the administrative, communications and logistics services performed by the person in charge.

  • Billing.

  • Making any transactions as appropriate.

  • Billing and declaration of any taxes as appropriate.

  • Control and debt recovery management.

What is the legal basis for processing your data?

The legal basis is the acceptance of a contractual relationship, or otherwise your consent when you contact us or offer us your products by any means.


For what purposes do we process your personal data?

  • Answering your questions, applications or requests.

  • Managing the requested service, answering your application, or processing your request.

  • Connecting with you and creating a community of followers.

What is the legal basis for processing your data?

The acceptance of a contractual relationship in the environment of the social network in question, and in accordance with its Privacy policies.







*(Google+ and Youtube)


What personal data do we use and for what purpose do we treat them?

  • All the personal data provided by the candidate are included in the files owned by Bi4 GROUP SPAIN SL for the purpose of organization of selection processes for hiring employees, giving you an appointment for job interviews or/and assessing you as a candidate in the different selection processes in which you have registered or in which the company considers that your profile fits.

  • If you tick the checkbox for acceptance of the privacy policy, you give us your consent to pass your job application on to the entities that make up the group of companies in order for you to be included in their personnel selection processes. If you do not check the acceptance policy of the privacy policy, the information will not be submitted.

The data provided will be kept until the award of a position, at most 1 year or until you freely communicate us your right to access them, modify inaccurate data or deletion / cancellation.

What is the legal basis for processing your data?

The legal basis is your unequivocal consent, when you send us your CV.

Do we include third-party personal data?

No. As a general rule we only process data sent by their owners. If you supply us with third-party data, before you do so you must inform such third party and ask for its consent; otherwise, you hold us harmless for non-compliance with this requirement.

And children’s data?

We do not process data about children under 14 years of age. Therefore, please refrain from supplying such data if you are not that age or, as the case may be, from supplying data about third parties who are not that age. BI4 GROUP SPAIN, S.L. declines any responsibility for non-compliance with this provision.

Do we make electronic communications?

  • They are made only to deal with your application if electronic communication is one of the means of communication you have supplied us with.

  • If we make any commercial communications, it will be because they have been previously and expressly authorized by you.

What security measures do we apply?

You can keep your mind at rest: We have adopted an optimal level of protection for the Personal Data that we handle, and we have installed all the means and technical measures at our disposal according to the state of technology to avoid personal data loss, misuse, alteration, unauthorized access and theft.

Who will your data be transferred to?

Your data will not be transferred to third parties, unless there is a legal obligation to do so. Specifically, your data will be communicated to the Inland. Revenue and to banks and financial entities for collection for the service provided or product acquired and to those in charge of data processing, as necessary to perform the agreement.

In the event of purchase or payment, if you choose an application, platform, bank card, or another on-line service, your data will be transferred to that platform or will be processed in its environment, always with the utmost security.

When we let them know, the web development and maintenance company, or the hosting company, will have access to our web. These companies will have signed a service provision agreement that obliges them to uphold the same privacy standards as we do.

When US applications are used, any international data transfer will adhere to the Privacy Shield agreement, which guarantees that US software companies comply with European data protection policies as regards privacy.

Your rights

  • To know if we are processing your data or not.

  • To access your personal data.

  • To request rectification of your data if they are wrong.

  • To request suppression of your data if they are no longer necessary for the purposes for which they were collected or if you withdraw the consent you gave us.

  • To request limited processing of your data, in certain situations, in which case we will keep them only in accordance with the regulations in force.

  • To port your data, which you will be supplied with in a structured, commonly used or mechanical reading form. If you prefer, we can send them to the new manager you designate. This is valid only in certain cases.

  • To file a claim with the Spanish Data Protection Agency or competent control authority, if you feel that we have not treated you properly.

  • To withdraw your consent for any processing for which you gave our consent, at any time.

If any of your data changes, we will be grateful if you let us know, so as to keep them updated.

Would you like a form to exercise your rights?

  • We have forms for you to exercise your rights. You can apply for them by e-mail or if you prefer you can use the forms prepared by the Spanish Data Protection Agency or third parties.

  • These forms must be electronically signed or accompanied with photocopy of your ID document.

  • If someone represents you, you must attach copy of their ID document, or they must sign with their electronic signature.

  • Forms can be submitted in person at or sent by letter or by mail to the address of the person in charge indicated at the beginning of this text.

How long do we take to reply to the exercise of your rights?

It depends on the right, but at the most a month after your request and two months if the issue is very complex and we notify you that we need more time.

Do we process cookies?

If we use cookies that are not the necessary ones, you may consult the cookies policy.

How long do we keep your personal data?

  • Your personal data are kept for as long as you have a relation with us.

  • Once that relation is terminated, the personal data processed for each purpose will be kept for the legally established periods, including the period within which a judge or a court may request them, the lapse period for legal actions being taken into account.

  • Processed data will be kept for as long as the legal deadlines referred to above do not expire, if there is a legal obligation to keep them, or, if there is no legal deadline, until the interested party requests to have such data suppressed or the consent given by such interested party is withdrawn.

  • We will keep all information and communications about your purchase or the provision of our service for as long as the guarantees over products or services are valid, so as to deal with possible claims.

  • For each data treatment or type of data, we provide you with a specific period, which you can consult in the following table:

File Document Preservation
Curriculums Until the award of a vacancy, max 1 year or until you freely communicate us your right to access them, modify inaccurate data or deletion / cancellation.
Marketing Databases or web visitors. During the treatment of the data.
Suppliers Invoices 10 years.
Contracts 5 years.
Legal Intellectual and Industrial Property Documents. Contracts and agreements. 5 years.
Permits, licenses, certificates. 6 years from the expiration day of the permit, license or certificate.
Confidentiality and non-competition agreements. Always the term of the obligation or confidentiality.
LOPD Treatment of personal data, if different from the treatment notified to the Spanish Data Protection Agency (AEPD) 3 years.
Personal data of employees stored in the network, computers and communication equipment used by them, access controls and internal management / administration systems. 5 years.


We thank you for visiting us. We want your site experience to be as good as possible.

To access our services you declare that you have the legal capacity to act according to your national law. The access and navigation on the website or the use of the services of the same imply the express and complete acceptance of these and each one of these General Conditions, including both the Particular Conditions fixed for certain promotions as the Privacy and Cookies Policy, relative to the purposes of the treatments of the data that you provide us. Please, read them carefully.

1.- Legal Information

In compliance with Law 34/2002, of July 11, on Services of the Information Society and Electronic Commerce, the identification data of the holder of the Website are:


Calle Gran Vía de Colón, 21, 3A

18001 Granada (Spain)


Data recorded in the Mercantile Registry of Granada, at Tomes 31943, File No. 211, Inscription 1st, Sheet M-574882

For any questions or queries, you can contact us through:

Telephone: +34 958 198 003

Email address:

The access to the User implies the express acceptance of the present General Conditions of Use, which may be modified or replaced by its owner at any time and without prior notice.

2.- General Conditions of Use

The following General Conditions regulate the use and access to the Website whose purpose is to be the gateway to BI4 GROUP SPAIN, S.L. offering information, services and content via Website. Through the Website, the User has access to information on specific products and services, tools and applications.

The User agrees to make an appropriate use of the contents, services, applications and tools that are accessible, subject to the Law and these General Conditions of Use and the Particular Conditions that may be established for access to certain services and applications, respecting the others Users of the same at all times.

In case of a total or partial default by the User, BI4 GROUP SPAIN, S.L. reserves the right to deny access to it without prior notice to the User.

3.- General Obligations of the User

The User is expressly obligated to:

  • Do not take any action intended to harm, block, damage, disable, temporarily or permanently overload the functionalities, tools, contents and / or infrastructure of the website, in a way that prevents its normal use.

  • Guard and maintain he confidentiality of the access keys associated with your User name, being responsible for the use of such personal and non-transferable access keys by third parties.

  • Do not introduce or make insulting or slanderous content, both of other Users and third parties.

  • Not to use any of the materials and information contained in this Website for unlawful purposes and expressly prohibited in these General Conditions of Use, as well as the particular conditions that are established for certain applications and / or utilities and that are contrary to the rights and interests of BI4 GROUP SPAIN, S.L., its users and / or third parties.

  • Do not offer or distribute products and services, or advertise or unsolicited commercial communications to other Users and visitors of BI4 GROUP SPAIN, S.L.

The User will be liable for all damages and losses of any nature that BI4 GROUP SPAIN, S.L. or any third party may suffer as a result of a breach of any of the obligations to which it is subjected by these “General Conditions of Use” or the law in relation to the access and / or use of the Website.

4.- Intellectual and Industrial Property

The website, the pages it comprises and the information or elements contained therein (including texts, documents, photographs, drawings, graphic representations, among others), as well as logotypes, trademarks, trade names or other distinctive signs are protected by intellectual or industrial property rights, of which BI4 GROUP SPAIN, S.L. is owner or holds authorization for its use and public communication of the legitimate owners of the same.

The User undertakes to use the contents diligently and correctly, according to the law, morality and public order. BI4 GROUP SPAIN, S.L. authorizes the User to view the information contained in this Website, as well as to make private reproductions (simple activity of downloading and storage in their computer systems), provided that the elements are intended for personal use only. In no case shall this means an authorization or license on the property rights of BI4 GROUP SPAIN, S.L. or the legitimate owners thereof.

The User is not authorized to proceed to the distribution, modification, transfer or public communication of the information contained in this Web in any form and for whatever purpose.

5.- Links

Links to third party sites or websites have been established solely as a utility to the User. BI4 GROUP SPAIN, S.L. is not responsible for the same or its content in any case.

BI4 GROUP SPAIN, S.L. does not assume any responsibility derived from the existence of links between the contents of this Site and contents located outside the same or any other mention of contents external to this Site. Such links or mentions are for informational purposes only and do not imply the support, approval, marketing or relationship between BI4 GROUP SPAIN, S.L. and the persons or entities that author and / or manage such content or holders of the sites where they are.

It is necessary to require the express and written authorization of the portal owners to make links with the Website.

6.- Responsibility

BI4 GROUP SPAIN, S.L. does not guarantee the continued access or the correct visualization, downloading or usefulness of the elements and information contained in the Website. These elements may be impeded, hindered or interrupted by factors or circumstances beyond control or outside our control, nor of those that are produced by the existence of computer viruses on the Internet.

BI4 GROUP SPAIN, S.L. does not assumes any liability for damages, losses, claims or expenses, produced by:

(i) Interference, interruptions, failures, omissions, delays, blockages or disconnections caused by errors in telecommunication lines and networks or by any other cause beyond the control of BI4 GROUP SPAIN, S.L.;

(ii) Illegitimate intrusion through the use of malicious programs and by any means of communication, such as computer viruses or any other;

(iii) Misuse or improper use of the Website;

(iv) Security or navigation errors caused by a malfunction of the browser or by the use of non-updated versions.

BI4 GROUP SPAIN, S.L. does not take responsibility or in any case will respond to users and third parties for acts of any third party outside BI4 GROUP SPAIN, S.L. which entails or may lead to the accomplishment of unfair competition and illicit publicity or infringement of intellectual and industrial property rights, business secrets, contractual commitments of any kind, rights to honor, personal privacy and Family and image rights, property rights and any other nature belonging to a third party due to the transmission, dissemination, storage, availability, reception, obtaining or access to the contents.

7.- Personal Data Protection Policy

All the policy for the processing of personal data can be found in the Privacy Policy. It is part of these General Conditions but we have put in a separate document: Privacy Policy.

8.- Special note for children under the age of 14

We do not collect personal data from children under the age of 14. If you are under 14 years of age, you must not be able to browse the internet nor transmit personal data. If you are not sure about anything in this section, ask for help from your parents or guardians.

9.- Legislation

This Legal Notice and its terms and conditions will be governed and interpreted in accordance with the Spanish Legislation. The User consent that the competent Courts to resolve any legal action derived or related to these Conditions or the Website by default are the Courts of Madrid. It is understood that this consent is given by accessing the Website or obtaining the status of registered user.

If any clause or section of these General Conditions, which is not essential for the existence of the same, is declared null or inapplicable, the validity of the remaining clauses will not be affected.



Information security is the protection of information against a wide range of security threats in order to guarantee business continuity, minimize business risks and maximize the return on investments and business opportunities.

The Management of Bi4 Group Spain is aware of the importance of identifying and protecting its information assets, avoiding the disclosure, modification and unauthorized destruction of all information related to our customers, employees, knowledge base, manuals, documents, cases, the source codes, strategies, management and other concepts; committing to develop, implement, maintain and continuously improve the Information Security Management System (ISMS).

The Management wants to affirm its support, approval and the assignment of the necessary resources for its execution, urging that it is distributed to all the staff with the associated documentation so that they know and comply with the requirements.

Area of Application

This Security Policy affects the Information Systems managed by Bi4 Group Spain, that should be carried out on a compulsory basis by all the personnel of the organization. In the same way, it should be applicable to all the collaborating entities that use the information and the systems owned by Bi4 Group Spain.

The Information Security Policy uses as reference the criteria of the International Standard ISO / IEC 27001:2013 and adopts the necessary precautions to guarantee the level of security required by the current legal framework with regards to the information security, especially in relation to the Personal Data Protection (Royal Decree 1720/2007 of 21 December, which approves the Regulation on Development of the Statutory Law 15/1999 of 13 December on Personal Data Protection).


The scope of this Security Policy applies to the development of the platforms within the environment managed by Bi4 Group and it does not apply to the developments within the environment managed by our customers.


The main goal of this Security Policy is to establish an action model that allows us to develop a company culture, the process and making decisions in Bi4 Group Spain as well as making sure that the information security and confidentiality of the Personal Data is protected and consistent:

  • Confidentiality: Make sure that only authorised people can access the information and the systems.

  • Integrity: Ensure the accuracy of the information and protection of the systems against any changes, losses or destruction, whether accidental or fraudulent.

  • Availability: Ensure that the information and the systems can be used as required and on time.

The above mentioned parameters are essential for compliance with the current legislation relating to the information security and the provision of quality service.

Our company management values the importance of availability and confidentiality of its information as its main criteria for risk estimations and even more for its clients. Thus, it commits to develop, implement, maintain and constantly improve its Information Security Management System (ISMS) with the aim of continuous improvement of the way we provide our services and how we treat the information of our clients. Therefore, the policy of Bi4 Group Spain is the following:

  • To establish the objectives with relation to the Information Security annually.

  • To fulfill the legal, contractual and business requirements.

  • To carry out the training and the Information Security awareness activities for all the personnel.

  • To develop the analysis process, management and risk assessment for the information assets.

  • To establish the control objectives and the corresponding controls to mitigate the detected risks.

  • To establish employee responsibility in relation to:

    • Reporting security violations.

    • Preserving the confidentiality, integrity and availability of information assets in compliance with the current policy.

    • Complying with the policies and the inherent procedures to the Information Security Management System.


The Security Manager will be directly in charge of the maintenance of this policy, providing his guidance and advice for its implementation and corrections in case of a failure of its compliance.

System Policy Management

The present Information Security Policy will always be aligned with the company General Policy and with the other internal management systems, such as the quality and the environmental policies.

The basis for the deployment of procedures and compliance with the principles of information security resides in the adequate awareness of all the users, both internal and external.

Therefore, the necessary training and awareness actions must be undertaken in order to reduce the IT security risks related to the lack of knowledge or inappropriate use.


What are cookies?

A cookie is a file that is downloaded to your computer, tablet, smartphone or any other device when accessing certain web pages. Cookies allow a website, among other things, to store and retrieve information about the browsing habits of Users or their computer and, depending on the information they contain and how they use their equipment, can be used to recognize the Users.

What types of cookies used on this website?

  • Session cookies are designed to collect and store data while the user accesses a web page. They are usually used to store information that only interests to preserve for the provision of the service requested by the User during access.

  • Analysis cookies that allow the responsible of the same, the monitoring and analysis of the behavior of the Users in the Website. The collected information is used for the measurement of the activity and for the elaboration of the navigation profiles of the Users, in order to introduce improvements.

How to configure your browser to accept or reject all or some of the cookies?

Users can configure their browser, accepting or rejecting all cookies, or selecting those whose installation supports and which does not, following one of the following procedures, depending on the browser used:

Google Chrome

  • Settings -> Show advanced options -> Privacy -> Content settings.

Mozilla Firefox

  • Menu -> Options -> Privacy -> History -> Use custom settings for history.

Internet Explorer

  • Tools -> Internet Options -> Privacy -> Settings.


  • Preferences -> Privacy. Opera • Settings -> Preferences -> Advanced -> Cookies.

Internet Explorer (Windows Phone)

  • More -> Settings -> Allow cookies on your phone.

Safari for IOS (iPhone and iPad)

  • Settings -> Safari -> Block cookies.

Chrome for Android

  • Menu -> Settings -> Site Settings.

Also, please note that some browsers allow you to browse in private or incognito mode, which means that cookies are installed on the device but they are deleted automatically when the browsing session ends.