Back home
PRIVACY POLICY
Sports Rights Group Capital, S.L. / SRG Capital
Last updated: 06/05/2026
Introduction
This Privacy Policy explains how Sports Rights Group Capital, S.L. ("SRG Capital", "we", "us" or "our") collects, uses, stores and protects personal data in connection with our website, business communications and commercial activities.
SRG Capital provides financial and operational solutions in the sports and football ecosystem, including activities related to football clubs, receivables, financing processes, commercial relationships, investors, partners and service providers.
Data Controller
Company name: Sports Rights Group Capital, S.L.
Commercial name: SRG Capital
Website: https://srgcapital.com/
Registered address: Sports Rights Group Capital, S.L.
Tax ID / VAT number: ESB16778532
General contact: info@srgcapital.com
Privacy contact: info@srgcapital.com
Personal Data We May Process
Depending on your relationship with us, we may process the following categories of personal data:
Identification and contact data — Name, surname, business email, phone number, job title, organisation, club or company.
Professional data — Role, department, seniority, business responsibilities, relationship with a club, investor, lender, partner or supplier.
Commercial relationship data — Meeting notes, communications, deal-related context, follow-up actions, relationship history and business preferences
.
Website and technical data — IP address, device information, browser data, pages visited, cookie identifiers and usage data.
Communication data — Emails, forms, messages, calls, meeting records and related correspondence.
Compliance and due diligence data — Information required for legal, AML/KYC/KYB, sanctions, conflict checks or counterparty verification, where applicable.
Candidate data — CV, professional experience, education, application data and interview notes, if you apply for a role with us.
Purposes and Legal Bases
We process personal data only where we have a lawful basis to do so. The main processing purposes are described below:
Responding to enquiries and communications
Data involved: contact and communication data.
Legal basis: legitimate interest and/or pre-contractual steps.
Managing commercial relationships with clubs, investors, lenders and partners
Data involved: professional, contact and relationship data.
Legal basis: legitimate interest and/or contract performance.
Assessing, structuring or supporting financing opportunities
Data involved: professional, commercial, counterparty and due diligence data.
Legal basis: legitimate interest, contract performance and legal obligations where applicable.
Operating and improving the Website
Data involved: technical and usage data.
Legal basis: legitimate interest for necessary operations; consent for non-essential cookies where required.
Marketing and business development communications
Data involved: contact and professional data.
Legal basis: consent where required and/or legitimate interest for B2B communications, subject to opt-out rights.
Compliance, legal and risk management
Data involved: identification, due diligence and relevant transaction data.
Legal basis: legal obligations and legitimate interest.
Recruitment
Data involved: candidate data.
Legal basis: pre-contractual steps and legitimate interest.
Sources of Personal Data
We may collect personal data directly from you, from your organisation, through business communications, through our Website, from publicly available sources, from professional databases, from commercial partners, or from service providers involved in our operations.
Data Sharing and Recipients
We may share personal data where necessary with the following categories of recipients:
Group companies, directors, employees, consultants and authorised team members
Technology providers, cloud hosting, email, CRM, project management and collaboration tools
Legal, tax, financial, audit, compliance and professional advisers
Banks, lenders, investors, funding partners or transaction counterparties, where relevant to a specific process
Regulators, courts, public authorities or law enforcement bodies where legally required
Other third parties where the data subject has consented or where sharing is necessary for legitimate business purposes
All service providers processing personal data on our behalf must provide appropriate contractual, technical and organisational safeguards.
International Transfers
SRG Capital may operate or engage with counterparties and service providers across Spain, France, Portugal, Germany, the United Kingdom, Italy, Belgium, the Netherlands, South America and other jurisdictions. Where personal data is transferred outside the European Economic Area, we will apply appropriate safeguards as required by applicable data protection laws, such as adequacy decisions, standard contractual clauses or equivalent mechanisms.
Data Retention
We retain personal data only for as long as necessary for the purposes for which it was collected, including business, legal, regulatory, accounting, audit, compliance or dispute resolution purposes.
General enquiries — Up to 24 months after the last interaction, unless a longer period is required.
Commercial relationship data — For the duration of the relationship and up to 5 years thereafter, unless legal obligations require longer retention.
Deal, transaction and due diligence data — For the duration required by legal, accounting, tax, AML/KYC/KYB or contractual obligations.
Website analytics data — According to the relevant cookie duration and consent settings.
Candidate data — Normally up to 12 months after the recruitment process, unless a longer period is agreed or legally required
Security Measures
We apply appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. These measures may include access controls, role-based permissions, secure cloud services, encryption where appropriate, user authentication, internal confidentiality obligations, vendor controls and regular review of user access.
Data Subject Rights
Subject to applicable law and depending on the circumstances, individuals may have the following rights:
Right of access — To know whether we process your personal data and obtain information about that processing.
Right to rectification — To request correction of inaccurate or incomplete personal data.
Right to erasure — To request deletion of personal data where legally applicable.
Right to restriction — To request restriction of processing in certain circumstances.
Right to data portability — To receive certain personal data in a structured, commonly used and machine-readable format.
Right to object — To object to processing based on legitimate interests or to direct marketing.
Right to withdraw consent — Where processing is based on consent, to withdraw it at any time without affecting prior lawful processing.
Right not to be subject to solely automated decisions — To request safeguards where decisions are based solely on automated processing and produce legal or similarly significant effects.
To exercise these rights, please contact us at info@srgcapital.com. We may need to verify your identity before processing your request.
Right to Lodge a Complaint
If you believe that your personal data has not been processed lawfully, you may contact us first so that we can review your concern. You also have the right to lodge a complaint with the competent supervisory authority. In Spain, this is the Spanish Data Protection Agency (Agencia Española de Protección de Datos – AEPD).
Cookies and Similar Technologies
The Website may use cookies and similar technologies. For more information, please see our Cookie Policy. Non-essential cookies will only be used where valid consent is obtained, unless an exemption applies.
Marketing Communications
We may send business communications where permitted by law. You may opt out of marketing communications at any time by using the unsubscribe mechanism included in the message or by contacting us directly. We will continue to send non-marketing communications where necessary for an existing relationship, transaction or legal purpose.
Children
Our Website and services are not directed at children. We do not knowingly collect personal data from children. If we become aware that we have collected such data without appropriate legal basis, we will take steps to delete it.
Updates to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our business, Website, legal obligations or internal practices. The latest version will be published on the Website with the corresponding update date.
Contact
For any questions about this Privacy Policy or the processing of your personal data, please contact us at info@srgcapital.com.