Privacy Policy

What we do and do not do with your personal data on this website can be found here.

This policy sets out how we treat and protect the personal information of those who interact with us through this website.

Please read the full Legal Notice, Cookie Policy and this Privacy Policy before using this website.

In accordance with the provisions of EU Regulation 2016/679, of the European Parliament and of the Council of 27 April 2016 (RGPD) and Organic Law 3/2018, of 5 December, on the Protection of Personal Data and guarantee of digital rights, you are informed that, by accepting this Privacy Policy, you give your express, informed, free and unequivocal consent for the data you provide, and on which the security, technical and organisational measures provided for in the current regulations apply, to be processed by the owner as the data controller.

Data controller

Purpose of processing: What will we use the data for?

All data provided to this website or its staff are included in a register of personal data processing activities, created and maintained under the responsibility of the owner, essential to provide the services requested, inform or resolve the queries raised.

Our policy is not to create profiles on the users of our services.

Legitimacy of the treatment: Why do we need the data?

1. Contractual relationship: This is the one that applies when you buy one of our products or contract one of our services.
2. Legitimate interest: To deal with the queries and complaints that you make to us and to manage the collection of the amounts owed.
3. Consent: If you are a user of our website, by ticking the box on the contact form, you authorise us to send you the necessary communications to respond to your query or request for information.

Retention: How long will we keep your data?

We will only keep personal data for as long as is necessary to achieve the purposes for which it was collected. In determining the appropriate retention period, we consider the risks involved in the processing, as well as our contractual, legal and regulatory obligations, internal data retention policies and our legitimate business interests as described in this Privacy Notice and Cookie Policy.

In this sense, personal data will be kept once the relationship has ended, duly blocked, for the period of limitation of the actions that may arise from the relationship maintained with the interested party.

Once blocked, the data will be inaccessible and will not be processed except to make them available to the Public Administrations, Judges and Courts, for the attention of possible liabilities arising from the processing, as well as for the exercise and defence of claims before the Spanish Data Protection Agency.

The data retention period varies depending on the service contracted. In any case, it will be the minimum necessary, and may be kept for up to:

• 4 years: Law on Infringements and Penalties in the Social Order (obligations regarding affiliation, registrations, cancellations, contributions, payment of salaries...); Arts. 66 et seq. Ley General Tributaria (accounting books...).
• 5 years: Art. 1964 of the Civil Code (personal actions without special time limit).
• 6 years: Art. 30 of the Commercial Code (accounting books, invoices...).
• 10 years: Art. 25 of the Law on the Prevention of Money Laundering and Terrorist Financing.
  
  

Security: How will we protect data?

We are committed to the use and treatment of personal data, respecting their confidentiality, in accordance with their purpose; as well as to comply with the obligation to store them and adapt all measures to prevent alteration, loss, treatment or unauthorised access, in accordance with the provisions of current data protection regulations.

This website includes a security certificate. This is a protocol that makes your data travel in an integral and secure manner; that is, the transmission of data between a server and the web user, and in feedback is fully encrypted or encrypted.

We do not guarantee the absolute impregnability of the Internet network or, therefore, the violation of data through fraudulent access by third parties.

With respect to the confidentiality of processing, we ensure that anyone who is authorised to process personal data (including your staff, partners and service providers), will be under an appropriate obligation of confidentiality (whether a contractual or legal duty).

Recipients: With whom do we share data?

Some tools used on this website to manage data are contracted to third parties. In order to provide services strictly necessary for the development of the activity, we share data with providers under their corresponding privacy conditions.

Third-party service providers (e.g., if applicable, payment processing services, order processing, analytics, marketing campaign management, website management, email distribution and other similar service providers) so that they can perform business functions on our behalf.

This website may be accessed by the web development and maintenance company or the hosting company. They have signed a service contract which obliges them to maintain the same level of privacy as is applied to the processing carried out on this website.

Any international transfer of data derived from the use of tools or service providers will be avoided but, in any case, will be adhered to the Privacy Shield agreement, which guarantees that the American software companies comply with European data protection policies in terms of privacy, secrecy and data security.

Apart from the above, we do not disclose personal data to anyone, with the exception of those public or private entities to which we are obliged to do so in compliance with any law. For example, the Tax Law obliges us to provide the Tax Agency with certain information on economic transactions exceeding a certain amount.

In the event that, apart from the aforementioned cases, we need to disclose personal information to other entities, we will request prior permission through clear options that will allow you to decide in this regard.

Communication: Where may we send your data?

We will not carry out international transfers of personal data for any of the purposes indicated.

Your rights: What rights can you exercise as a data subject?

You have the right to obtain confirmation as to whether we are processing your personal data and you may also:

• Request access to your personal data.
• Request its rectification or deletion.
• Request cancellation.
• Request the limitation of their processing.
• Oppose the processing.
• Request data portability.

To exercise your rights, you can do so free of charge and at any time by contacting us through this website.

If you have given consent for a specific purpose, you have the right to withdraw it at any time, without this affecting the lawfulness of the processing based on the consent prior to its withdrawal.

Safeguarding your rights: Where can you make a complaint?

If you believe that your rights have been disregarded by us, you can make a complaint to the Spanish Data Protection Agency, by any of the following means:

• Electronic site: https://www.aepd.es
• Postal address: Agencia Española de Protección de Datos, C/ Jorge Juan, 6, 28001, Madrid, Spain
• Telephone: +34 901 100 099 and +34 912 663 517

Making a complaint to the Spanish Data Protection Agency does not entail any cost and you do not need the assistance of a lawyer or solicitor.

There is a form for exercising your rights, which you can request by email or, if you prefer, you can use the forms prepared by the Spanish Data Protection Agency or third parties.

These forms must be signed electronically or be accompanied by a photocopy of your ID card.

If someone is representing you, they must attach a copy of their DNI, or it must be signed with their electronic signature.

The forms can be submitted in person, sent by letter or by mail to the address of the person responsible.

Accuracy and veracity of data

You are solely responsible for the veracity and accuracy of the data you provide, exonerating us from any liability in this regard.

You guarantee and are responsible, in any case, for the accuracy, validity and authenticity of the personal data provided and undertake to keep them duly updated. You agree to provide complete and correct information in the contact or subscription form.

Revocability

The consent given, both for the processing and for the transfer of data, may be revoked at any time by communicating it to us in the terms established in this Policy for the exercise of ARCO rights. This revocation shall in no case be retroactive.

Notification and declaration of breaches

We take security measures appropriate to the level of risk to protect personal information against loss, misuse and unauthorised access, disclosure, alteration and destruction, taking into account the risks involved in the processing and the nature of the personal information.

However, if we determine that your data has been misappropriated, exposed by a security breach or improperly acquired by a third party, we will promptly notify you of such security breach, misappropriation or misacquisition.

Updates: What changes may there be to this Privacy Policy?

We reserve the right to modify this policy to adapt it to new legislation or case law, as well as industry practices that may affect compliance with this policy.