Privacy Policy

WEBSITEURLWEBSITE URLWEBSITEURL

I. PRIVACY AND DATA PROTECTION POLICY

In compliance with current legislation, COMPANY/STUDIONAMECOMPANY / STUDIO NAMECOMPANY/STUDIONAME (hereinafter also referred to as “Website”) commits to adopting the necessary technical and organizational measures, according to the appropriate level of security based on the risk of the data collected.

Laws incorporated in this privacy policy

This privacy policy is adapted to the current Spanish and European regulations regarding the protection of personal data online. Specifically, it respects the following rules:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016, on the protection of natural persons regarding the processing of personal data and the free movement of such data (GDPR).

  • Organic Law 3/2018, of 5 December, on the Protection of Personal Data and Guarantee of Digital Rights (LOPD-GDD).

  • Royal Decree 1720/2007, of 21 December, which approves the Development Regulation of Organic Law 15/1999, of 13 December, on the Protection of Personal Data (RDLOPD).

  • Law 34/2002, of 11 July, on Information Society Services and Electronic Commerce (LSSI-CE).

Identity of the data controller

The data controller of the personal data collected on COMPANY/STUDIONAMECOMPANY / STUDIO NAMECOMPANY/STUDIONAME is: FULLNAMEFULL NAMEFULLNAME, with ID: IDNUMBERID NUMBERIDNUMBER (hereinafter, “Data Controller”). Contact information is as follows:

Email: CONTACTEMAILCONTACT EMAILCONTACTEMAIL

Personal Data Registry

In compliance with GDPR and LOPD-GDD, we inform you that the personal data collected by COMPANY/STUDIONAMECOMPANY / STUDIO NAMECOMPANY/STUDIONAME through the forms on its pages will be incorporated and processed in our records to facilitate, streamline, and fulfill the commitments established between COMPANY/STUDIONAMECOMPANY / STUDIO NAMECOMPANY/STUDIONAME and the User, or to maintain the relationship established through the forms filled out by the User, or to address any request or inquiry. Likewise, in accordance with GDPR and LOPD-GDD, except as provided in Article 30.5 of the GDPR, a record of processing activities is maintained specifying, according to its purposes, the processing activities carried out and other circumstances established by the GDPR.

Principles applicable to personal data processing

The processing of the User’s personal data will adhere to the following principles set out in Article 5 of the GDPR and Articles 4 and following of Organic Law 3/2018:

  • Lawfulness, fairness, and transparency: The User’s consent will be required at all times, after fully transparent information about the purposes for which personal data are collected.

  • Purpose limitation: Personal data will be collected for specific, explicit, and legitimate purposes.

  • Data minimization: Only the personal data strictly necessary for the purposes for which they are processed will be collected.

  • Accuracy: Personal data must be accurate and kept up to date.

  • Storage limitation: Personal data will only be retained as long as necessary to achieve the purposes of processing.

  • Integrity and confidentiality: Personal data will be processed to ensure security and confidentiality.

  • Accountability: The Data Controller is responsible for ensuring the previous principles are respected.

Categories of personal data

The categories of data processed on COMPANY/STUDIONAMECOMPANY / STUDIO NAMECOMPANY/STUDIONAME are strictly identification data. Special categories of personal data under Article 9 of the GDPR are never processed.

Legal basis for processing personal data

The legal basis for processing personal data is consent. COMPANY/STUDIONAMECOMPANY / STUDIO NAMECOMPANY/STUDIONAME undertakes to obtain the User’s express and verifiable consent for processing their personal data for one or more specific purposes.

The User has the right to withdraw their consent at any time. Withdrawing consent should be as easy as giving it. In general, withdrawal of consent will not affect the use of the Website.

When the User provides data through forms to make inquiries, request information, or for reasons related to Website content, they will be informed if completing any fields is mandatory because they are essential for the correct execution of the requested operation.

Purpose of data processing

Personal data are collected and processed by COMPANY/STUDIONAMECOMPANY / STUDIO NAMECOMPANY/STUDIONAME to facilitate, streamline, and fulfill the commitments established between the Website and the User, or to maintain the relationship established through the forms filled out, or to respond to a request or inquiry.

Data may also be used for commercial purposes, personalization, operational and statistical purposes, and activities related to the corporate purpose of COMPANY/STUDIONAMECOMPANY / STUDIO NAMECOMPANY/STUDIONAME, as well as for data extraction, storage, and marketing studies to tailor content offered to the User and improve quality, functionality, and navigation of the Website.

At the time personal data is collected, the User will be informed of the specific purposes for which it will be used.

Retention periods for personal data

Personal data will only be retained for the minimum time necessary for the purposes of processing and, in any case, only for the following period: RETENTIONPERIODRETENTION PERIODRETENTIONPERIOD, or until the User requests its deletion.

When personal data is collected, the User will be informed of the retention period or, if not possible, the criteria used to determine it.

Recipients of personal data

User personal data will not be shared with third parties.

At the time personal data is collected, the User will be informed about recipients or categories of recipients of the data.

Personal data of minors

Respecting Articles 8 GDPR and 7 of LOPD-GDD, only persons over 14 years old can legally give consent for data processing by COMPANY/STUDIONAMECOMPANY / STUDIO NAMECOMPANY/STUDIONAME. For minors under 14, parental or guardian consent is required.

Confidentiality and security of personal data

COMPANY/STUDIONAMECOMPANY / STUDIO NAMECOMPANY/STUDIONAME commits to adopting necessary technical and organizational measures to guarantee data security and avoid accidental or unlawful destruction, loss, alteration, unauthorized communication, or access.

The Website has an SSL certificate (Secure Socket Layer), ensuring data is transmitted securely and confidentially.

However, as complete internet security cannot be guaranteed, the Data Controller commits to informing the User without undue delay if a personal data breach occurs that may pose a high risk to individuals’ rights and freedoms.

Personal data will be treated as confidential by the Data Controller, who ensures this confidentiality through legal or contractual obligations with employees, associates, or any person who has access to the information.

Rights related to personal data processing

The User has the following rights under GDPR and LOPD-GDD:

  • Right of access

  • Right of rectification

  • Right to erasure (“right to be forgotten”)

  • Right to restriction of processing

  • Right to data portability

  • Right to object

  • Right not to be subject to automated decision-making, including profiling

These rights may be exercised by written communication to the Data Controller with reference “GDPR-WEBSITEURLWEBSITE URLWEBSITEURL”, specifying:

  • FULLNAMEFULL NAMEFULLNAME and a copy of IDDOCUMENTID DOCUMENTIDDOCUMENT

  • Specific reason or information requested

  • Address for notifications

  • Date and signature

  • Any supporting documentation

Requests may be sent to: CONTACTEMAILCONTACT EMAILCONTACTEMAIL

Links to third-party websites

The Website may include hyperlinks to third-party websites. These sites have their own privacy policies and are responsible for their own data processing practices.

Complaints to supervisory authorities

If the User believes there is a violation of applicable laws regarding their personal data, they have the right to judicial protection and to file a complaint with a supervisory authority, particularly in their country of residence, work, or where the infringement occurred. In Spain, this is the Spanish Data Protection Agency (https://www.aepd.es/