Privacy Policy

Identification.

Data Controller: GIMÉNEZ TORRES ABOGADOS S.L.P.
Tax ID No.: B-83689919
Address: Calle Conde de Aranda, 24
Location: Madrid
Post Code: 28001
Province: MADRID
Country: SPAIN
Email of Data Protection Delegate: madrid@gtyabogados.com
Telephone: 91 531 48 00

Information and Consent.

By accepting this Privacy Policy, the user is deemed informed and gives its free and specific consent to the Personal Data that they have facilitated through our web sites, hereinafter referred to as “Website”, and that which may be provided by other means, or in the future, being processed through GIMÉNEZ TORRES ABOGADOS S.L.P., in what remains of the document called the DATA CONTROLLER.

Obligation to provide data.

Unless otherwise specifically stated, the data requested in the Website forms is mandatory. If the date is not provided or not correctly provided, the User’s request cannot be met.

The user may freely view the content of the Website if they accept the use of cookies, otherwise they will be invited to leave the Website or to browse, if necessary, for contents that do not use cookies.

For what purpose will the Data Controller process the User’s Personal Data? – What is the legitimacy of Processing User Data?

Personal Data provided through the Website shall be processed by the DATA CONTROLLER, for the intended purposes, as follows:

  1. For the purpose of Contractual Compliance.

To comply with the agreements in the supply of products or services that one may have contracted with us and in order to carry them out according to the conditions set forth in each case. For the establishment of Employment Agreements and Contracts.

Article 6.1(b) GDPR Lawfulness of Processing – processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

  1. For the purpose of commercial communication and information based on user consent.

For the purpose of communicating commercial promotions, product information and news, and for inviting the user to events and activities for which we expressly request your consent, and which can easily be revoked at any time you may deem appropriate.

Article 6.1(a) GDPR Lawfulness of Processing – the data subject has given consent to the processing of his or her personal data for one or more specific purposes.

  1. Data provided for the purpose of sending Newsletters.

To manage the subscription and/or withdrawal from the Newsletter, carried out through the channel provided on the Website of the DATA CONTROLLER.

Article 6.1(a) GDPR Lawfulness of Processing – the data subject has given consent to the processing of his or her personal data for one or more specific purposes.

  1. Details provided in the contact forms.

To manage contact requests and user information through the channels provided for this purpose, on the Websites of the DATA CONTROLLER, in order to respond to the request raised.

Article 6.1(f) GDPR Lawfulness of Processing – processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

  1. Browsing data provided.

To carry out an analysis on the use of the Website and to check User Preferences and Behaviours.

Article 6.1(f) GDPR Lawfulness of Processing – processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

What subject data will be processed by the DATA CONTROLLER?

The DATA CONTROLLER will process the following categories of personal data, depending on the request or requests made by the User:

– Personal aspects that may be requested include: marital status; family data; date of birth; place of birth; age; gender; nationality; mother tongue; physical or anthropomorphic features.

– Social circumstances that may be requested include: characteristics of accommodation; family situation; properties and/or possessions; hobbies and lifestyle; membership to clubs and associations; licenses, permits, authorisations.

– Academic and Professional information that may be requested, include: training, degrees; student history; professional experience; membership to colleges or professional associations.

– Employment details that may be requested, include: Occupation; job roles; non-economic payroll data; employment history.

– Commercial information that may be requested, include activities and businesses; business licenses; subscriptions to publications/media; artistic, literary, scientific, or technical creations.

– Economic, financial and insurance information that may be requested, include: income, expenses, equity investments; credits, loans, guarantees; bank data; pension plans, retirement plans, economic payroll data; data regarding tax returns; insurances; mortgages; subsidies, benefits; credit history; credit cards.

– Goods and Services Transactions that may be requested, include: goods and services provided by the interested party; goods and services received by the interested party; financial transactions; compensation/indemnities.

Browsing Data.

With whom would the User Data be shared with?

Depending on the relationship that is established and always with prior consent, User Data may be communicated to:

– Organisations or persons directly related to the Data Controller.

– Social Security Bodies.

– Public Records.

– Professional Colleges.

– Tax Administration.

– Other Public Administration Bodies.

– Notaries and Solicitors.

– Law Enforcement Officials.

– Building Societies, Banks and National Savings.

– Insurance Institutions.

– Other Financial Institutions.

– Health Institutions.

– Public Administration with competence in the matter.

International Data Transfers.

We hereby advise you that, provided we have your prior consent, your Data may be transferred to the following:

– Organisations or persons directly related to the Data Controller.

– Service Providers.

– Universities and Study Centres.

– International Organisations

– Health Institutions.

– Legal Bodies.

– Financial Institutions.

Data Retention. 

For the purpose of Contractual Compliance.

Data will be kept during the term of the contract and once ended, during the period of limitation of the legal actions that may derive from it.

For the purpose of commercial communication and information based on User consent.

The data will be kept as long as the User does not revoke their given consent.

Data provided for the purpose of sending Newsletters.

The data will be kept as long as the User does not revoke their given consent.

Details provided in the contact forms.

The data will be kept as long as the user does not revoke their given consent, during the term of the requested service and once completed, during the period of limitation of the legal actions that may derive from the same.

Browsing Data provided.

The data will be kept as long as the User does not revoke their given consent.

User Liability.

The user warrants that they are of legal age and that the data provided to the CONTROLLER is true and up to date. The user will keep the information provided duly updated.

The user warrants that they have informed any third parties from whom they share data, of the aspects contained in this document, ensuring that it has obtained the prior consent of said third parties, in order to provide their data to the DATA CONTROLLER.

The user shall be liable for the provision of false or inaccurate information sent through the Website and for any direct or indirect damages incurred by the DATA CONTROLLER and/or the third parties.

Non-Exercising of Rights.

The user may at any time send a letter, free of charge, to our Data Protection Representative, i.e.: lopd@via.es, attaching a copy of their identity document or equivalent, in order to:

Revoke consents granted.

Obtain confirmation as to whether the DATA CONTROLLER is processing personal data concerning their person.

Access Personal Data.

Amend inaccurate or incomplete data.

Request deletion of data when, amongst other reasons, the data is no longer required for the purposes for which it was collected.

Obtain Data Processing limitation from the DATA CONTROLLER, whenever any of the conditions provided for in the data protection regulations are met.

Request portability of the data shared in such cases, as provided for under existing Data Protection Regulations.

File a complaint with the Spanish Data Protection Agency at Calle de Jorge Juan, 6, 28001 Madrid, if one deems that the DATA CONTROLLER did not process the data in accordance with the law.

Security Measures.

The data CONTROLLER will at all times handle the User Data in a confidential manner and shall maintain the obligation to privacy in respect of these, in compliance with the advice and provisions of EU Regulation 2016/679 of the European Parliament and Council of 27 April 2016, adopting, to this effect, the necessary technical and organisational measures that ensure the security of data and prevent its alteration, loss, treatment or unauthorised access, taking into account the state of technology, the nature of the data stored and the risks to which they are exposed.

Last Updated: 2 July 2018.