PRIVACY POLICY
1. DATA OF THE DATA CONTROLLER
Company Name: APNA ADVOCATS, S.L.P. (hereinafter, the “Company” or the “Responsible”).
VAT NUMBER: B67183491
Address: Plaza Tetuán, nº 40-41, Piso 1º – Oficina 1, CP 08010 Barcelona – Spain
Telephone: +34 936 32 32 36 Email for communications regarding Data Protection: info@martinezcaballero.com or that of our Data Protection Officer: equaldpo@equalprotecciondedatos.com.
1.1. Applicable regulations
Our Privacy Policy has been designed in accordance with the EU General Data Protection Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), and Organic Law 3/2018 of 5 December, on the Protection of Personal Data and Guarantee of Digital Rights.
By providing us with your data, you declare that you have read and understood this Privacy Policy, giving your unequivocal and express consent to the processing of your personal data in accordance with the purposes and terms expressed herein.
The Company may modify this Privacy Policy to adapt it to new legislation, jurisprudence or interpretation of the Spanish Data Protection Agency. These privacy conditions may be supplemented by the Legal Notice, Cookies Policy and the General Conditions that, where appropriate, are collected for certain services, such as online consultations, if such access involves any specialty in terms of protection of personal data.
2.- PRINCIPLES ACCORDING TO THE EUROPEAN DATA PROTECTION REGULATIONS
We undertake to process the personal data (hereinafter the “data”) provided in accordance with the following principles set out in the General Data Protection Regulation (GDPR):
– Lawfulness: We will only collect your Personal Data for specified, explicit and legitimate purposes, and we will not process your Personal Data in a way that is incompatible with those purposes.
– Lawfulness: in accordance with Article 6 of the General Data Protection Regulation, your personal data will be managed provided that you expressly consent to the processing of such data as a form of externalization of your free and informed will and consent. Your personal data may be necessary to perform a contract, agreement or service to which the data subject is a party, to comply with legal obligations, to protect the vital interests of the data subject and another natural person, to carry out a task carried out in the public interest or in the exercise of official authority vested in the controller or to meet the legitimate interests pursued by the controller where these do not violate the fundamental rights and freedoms of the data subject or the protection of the data subject’s personal data.
– Loyalty and transparency: in accordance with Article 5 of the General Data Protection Regulation as a manifestation of transparency and proof of which is that the data subject is informed of the existence of the processing operation and its purposes.
– Data minimization: we limit the collection of personal data to what is strictly relevant and necessary for the purposes for which it was collected.
– Purpose limitation: we will only collect your personal data for specified, explicit and legitimate purposes, and that we maintain in the way we process it.
– Accuracy: We will keep your personal information accurate and up to date.
– Data Security: we apply the appropriate technical and organizational measures to ensure the appropriate level of security taking into account the risks and nature of the data in order to prevent them from being disclosed or accessed by unauthorized personnel, or from any loss or alteration. In short, any form of unlawful processing.
– Any person who, having given his consent to the collection of data, wishes to request any management of the processing, is recognized and may exercise: the right of access, rectification, opposition, deletion, limitation of processing, portability and not to be subject to individualized decisions. Its exercise shall be free of charge and such request shall be corrected within a period of one month to be extended for another two months in view of exceptional circumstances such as, for example, the number of requests, complexity, or others of a similar nature.
– Principle of limitation of the storage period: the data will be kept for the time necessary and for the purposes of the processing without undue delay, and during the following periods
which the users’ and customers’ own information will be available to them upon request.
3. PURPOSE OF THE PROCESSING OF PERSONAL DATA
We process your personal data for the following purposes:
– To provide you with information related to legal services offered by our firm and detailed in this web site.
-To manage social networks. The Holder has a presence in social networks. If you become a follower in the social networks of the Holder, the processing of personal data will be governed by this section, as well as by those conditions of use, privacy policies and access regulations that belong to the social network that applies in each case and that you have previously accepted.
3.1. Data Retention Period
We will retain your personal data from the time you give us your consent until you revoke it or request the limitation of processing. In such cases, we will keep your data blocked for the legally required periods of time.
In case of contracting the services of the firm, the information provided by the client will be previously authorized by the client, complying the company with the duty of information contained in articles 13 and following of the RGPD, and will be kept for the time necessary for the provision of the service, and in any case during the period of mandatory legal prescription.
4. LEGITIMACY AND DATA COLLECTED
The legitimacy for the processing of your data is the express consent given by a positive and affirmative act (filling in the corresponding form and ticking the acceptance box of this policy or calling or sending an email providing your data for a consultation) at the time of providing us with your personal data.
4.1. Consent to process your data
By filling in the forms, checking the box “I accept the Privacy Policy” and clicking to send the data, or by sending e-mails to the Company through the accounts provided for this purpose, the User declares to have read and expressly accepted this privacy policy.
privacy, and you give your unequivocal and express consent to the processing of your personal data in accordance with the purposes indicated.
4.2. Data categories
The data collected refers to the category of identifying data, such as: Name, Telephone, E-mail, as well as the IP address from which you access the data collection form.
Only in case of contracting our services it may be necessary to process special category data, obtaining prior express consent to do so.
5. SECURITY MEASURES
As part of our commitment to ensure the security and confidentiality of your personal data, we inform you that the necessary technical and organizational measures have been adopted to ensure the security of personal data and prevent its alteration, loss, unauthorized processing or access, given the state of technology, the nature of the data stored and the risks to which they are exposed, according to Art. 32 of the RGPD EU 679/2016.
6. TRANSFER OF DATA
No data transfers or international transfers of the data collected through this website are foreseen, with the exception of those authorized by tax, commercial and telecommunications legislation, as well as in those cases in which a judicial authority requires us to do so.
7. USER RIGHTS
Any data subject has the right to obtain confirmation as to whether or not we are processing personal data concerning him or her. Interested parties have the right to access their personal data, as well as to request the rectification of inaccurate data or, where appropriate, to request its deletion when, among other reasons, the data is no longer necessary for the purposes for which it was collected. In certain circumstances, the interested parties may request the limitation of the processing of their data, in which case we will only keep them for the exercise or defense of claims. For reasons related to their particular situation, data subjects may object to the processing of their data. The Responsible will stop processing the data, except for compelling legitimate reasons, or the exercise or defense of possible claims.
We also remind you that, if you are a customer, you may revoke your consent or object to the sending of commercial communications by any means and at any time by sending an e-mail to info@martinezcaballero.com or to our Data Protection Officer: equaldpo@equalprotecciondedatos.com.
If you consider that your request has not been properly handled or your data is not being treated in an appropriate manner, you may address your complaints to the Spanish Data Protection Agency, the supervisory body for this matter in Spain.
Below, we provide you with further information on the aforementioned rights, with direct access to their exercise using the links of the Spanish Data Protection Agency:
A)-RIGHT OF ACCESS
Article 15 of the General Data Protection Regulation recognizes the right of the data subject to know whether or not his or her personal data are being processed and the purposes of the processing, the categories of data, the recipients, the origin of the data, the storage period and the criteria for determining the storage period. Thus, the data controller will provide a copy of the personal data being processed in electronic format upon request.
They may also request the data controller: rectification, deletion or limitation of data and data processing.
In order to facilitate the user the exercise of this right we provide through the following link the form to be completed for your request:
https://www.aepd.es/media/formularios/formulario-derecho-de-acceso.pdf
B)-RIGHT OF RECTIFICATION AND SUPPRESSION
Articles 16 and 17 of the General Data Protection Regulation establish that the client or user may request the rectification of his personal data if he considers them to be inaccurate or that they be completed or deleted because they are not necessary for the purposes for which they were collected and processed.
In order to make it easier for the user to exercise this right, we provide through the following link the form to be completed for your request: https://www.aepd.es/media/formularios/formulario-derecho-de-rectificacion.pdf https://www.aepd.es/media/formularios/formulario-derecho-de-supresion.pdf
C) – RIGHT TO LIMITATION OF PROCESSING
The data subject shall have the right to obtain from the controller the restriction of the processing of the data if he/she contests the accuracy of the personal data. That is, the data may only be processed, with the exception of their retention, with the consent of the data subject, for the purposes of the exercise or defence of claims, the protection of the rights of another natural or legal person or for reasons of public interest of the Union or of a specific Member State. In addition, the person in charge shall be informed by the person in charge prior to the lifting of such limitation.
In order to facilitate the user the exercise of this right we provide through the following link the form to be completed for your request:
https://www.aepd.es/media/formularios/formulario-derecho-de-limitacion.pdf
D) -RIGHT TO DATA PORTABILITY
Article 20 of the General Data Protection Regulation recognizes the right of the data subject to receive personal data relating to him/her, i.e. transmitted directly from controller to controller whenever technically possible, in a structured, commonly used and machine-readable format without being prevented from doing so by the controller to whom he/she has provided it, when consent has been expressly externalized or by contract.
In order to facilitate the user the exercise of this right we provide through the following link the form to be completed for your request:
https://www.aepd.es/media/formularios/formulario-derecho-de-acceso.pdf
8. CONFIDENTIALITY
The personal data that may be collected will be treated with absolute confidentiality, committing the Company to keep them secret and guaranteeing the duty to keep them by adopting all necessary measures to prevent their alteration, loss and unauthorized access or treatment, in accordance with the provisions of the applicable legislation.
To this end, the Controller guarantees that it will keep the corresponding confidentiality commitments signed with any person involved in any phase of the processing of the personal data collected.
9. INTERNATIONAL DATA TRANSFERS
An International Data Transfer is understood as the communication of your personal data to countries located outside the European Union, and more specifically outside the European Economic Area (EEA). There are exceptions of countries outside this European space that are not considered an international transfer because the recipients are countries that the European Data Protection Commission considers appropriate for complying with European data protection standards.
In the event that the Company transfers personal information outside the EEA, either because the data storage is hosted on a server outside the EEA borders, or for any other reason, it ensures that the contractual clauses regulating such international transfer will be maintained, ensuring that the provider that may host or process personal information complies with the minimum security standards and principles set out in the GDPR.