Data subject: private customers, employees, professionals and company legal representatives
Which kind of processing may we do with your personal data?
In compliance with the General Data Protection Regulation, we inform you that we may do
some of the following kind of processing with your personal data:
● TR04 –Marketing or advertising campaigns (Legal basis: Ley 34/1988, de 11 de
noviembre, General de Publicidad)
● TR08 – Obtain data subject’s opinion (Legal basis: General Data Protection Regulation)
● TR03 – Staff pick (Legal basis: Real Decreto Legislativo 3/2015, de 23 de octubre, por el
que se aprueba el texto refundido de la ley de Empleo)
● TG01 – Accounting (Legal basis: Real Decreto 1514/2007, de 16 de Noviembre, por el
que se regula el Plan General Contable)
● TG25 – Fiscal management (Legal basis: Ley 58/2003, de 17 de diciembre, General
● TG12 – Labor management or human resources (Legal basis: Real Decreto Legislativo
1/1994, de 20 de junio, por el que se aprueba el Texto Refundido de la Ley General de
la Seguridad Social)
● TR09 – Software or hardware technical or organisational security measures (Legal basis:
General Data Protection Regulation)
● TE08 – Data Protection (Legal basis: General Data Protection Regulation)
● TE02 – Prevention of occupational hazards (Legal basis: Ley 31/1995, de 8 de
noviembre, de prevención de Riesgos Laborales)
● TE07 – Data destruction (Legal basis: General Data Protection Regulation)
● TV01 – Sales or provision of services (Legal basis: commercial and tax legislation)
● TR05 – Email (Legal basis: commercial legislation)
● TR01 – Response to information requests (Legal basis: commercial legislation)
● TR07 – Personal data breach management (Legal basis: General Data Protection
● TE04 – Legal issues management (Legal basis: commercial and labor legislation)
● TE01 – Computer maintenance (Legal basis: commercial legislation)
Who processes your personal data?
The identity of the controller who processes your personal data is: GORDIN,
CHRISTIAN – Y4879936V
For what purpose do we process your personal data?
We process your personal data so that we can:
● check software and hardware securities
● send you commercial information via email.
● respond to information requests received
● manage personal data breach
● advertise our own products or services
● obtain data subject’s opinión
● pick new staff for our own Company
● comply with the Law on the Prevention of occupational hazards
● manage our own legal issues.
● manage, maintain and repair computer storage systems.
● manage our own staff
● manage our own tax and accounting
● comply with the storage limitation principle.
● comply with the General Data Protection Regulation
● administrative management of private customers
● manage the sale or provision of the contracted service.
Your personal data may be used to create user or comercial profiles. On no account shall we
use children’s personal data in order to create profiles.
We will preserve your personal data as long as our contractual relationship lasts, or until you
withdraw your consent or exercise your right to object. In order to withdraw your consent or
exercise your data protection rights, please do not hesitate to email us anytime.
Why do we process your personal data?
We are legitimized to process your personal data because of:
● Your freely given, specific, informed and unambiguous consent, whenever it is legally
enforceable. The withdrawal of consent shall not affect neither the lawfulness of
processing based on consent before its withdrawal nor the lawfulness of processing
based on other legal basis,
● The legal obligation of the controller,
● The contract signed by you or,
● The legitimate interest pursued by the controller. This kind of interest is based on the
previous weighing between the legitimate interest pursued by the controller and the
interests or fundamental rights and freedoms of the data subject. This weighing
implies carrying out an assessment of the legitimate interest and the impact of the
processing operations on the data subject, looking for the balance between these two
opposite concepts and applying additional guarantees. As long as the weighing is
favorable to the controller, the processing may be carried out.
With whom may we share your personal data?
We may share your personal data with the following companies and organisations:
● Agencia Tributaria
● Servicio Público de Empleo Estatal
● Tesorería General de la Seguridad Social
● Agencia Nacional de Protección de Datos
● Bank entities
On no account shall we transfer your personal data to neither countries outside the Union nor
Which personal data do we process and how have they been derived?
Your personal data will be added to the next filing systems, property of the controller:
● FG01 Accounting
● FG15 Fiscal management.
● FE01 Computer maintenance.
● FE04 Legal issues.
● FR05 E-mail.
● FR09 Software and hardware securities.
● FE07 Data destruction.
● FP01 Customers.
The personal data that we process originates from the data subject.
Which rights does the data subject have?
You shall have the following rights:
● Right of Access. You shall have the right to obtain from the controller confirmation as
to whether or not personal data concerning you is being processed, and, where that is
the case, access to the personal data and the following information: the purpose of the
processing; the categories of personal data concerned; the recipients to whom
personal data have been disclosed (in particular, recipients in third countries or
international organisations); where possible, the envisaged period for which the
personal data will be stored; where the personal data are not collected from the data
subject, any available information as to their source and the existence of automated
decision-making, including profiling.
● Right to rectification. You shall have the right to obtain from the controller without
undue delay the rectification of inaccurate personal data concerning you. Personal data
shall be accurate and, where necessary, kept up to date so, please, do not hesitate to
email us if any rectification is needed. You are responsible for providing us truthful and
accurate personal data.
● Right to erasure. You shall have the right to obtain from the controller the erasure of
personal data concerning you without undue delay when one of the legal grounds
applies. For example, you shall have this right when the personal data are no longer
necessary in relation to the purposes for which they were collected.
● Right to restriction of processing. You shall have the right to obtain from the controller
restriction of processing where one of the legal grounds applies. In such cases, your
personal data only will be processed with your consent or for the establishment,
exercise or defence of legal claims or for the protection of the rights of another natural
or legal person or for reasons of important public interest.
● Right to data portability. You shall have the right to receive the personal data
concerning you in a structured, commonly used and machine-readable format. You also
have the right to transmit those data to another controller without hindrance from the
controller to which the personal data have been provided. The fulfillment of two
conditions is needed to exercise your right to data portability: the processing must be
carried out by automated means and the processing must be based on your consent or
a contract signed by you.
● Right to object. You shall have the right to object, on grounds relating to your
● Automated individual decision-making. You shall have the right not to be subject to a
decision based solely on automated processing, including profiling, which produces
legal effects concerning you or similarly significantly affects you.
● You also shall have the right to withdraw your consent.
If you want to exercise any of those rights, please do not hesitate to email us.
You also shall have the right to lodge a complaint with a supervisory authority. In addition, you
shall have the right to go to court so as to claim compensation.
Finally, we inform you that we carry out an assessment of the impact of every processing
operation on the protection of personal data, so that we can implement appropriate technical
and organisational measures to ensure a level of security appropriate to the risk. Furthermore,
our data protection system allows us to fulfill every principle relating to processing of personal
If you have any questions or need further information, please do not hesitate to visit our
website or email us.