Below you will find our Privacy Policy (hereinafter, “Web Privacy Policy” or “Policy”) governing the website https://www.cecamagan.com/en/ (hereinafter, “the Platform”), owned by CECA MAGÁN ABOGADOS, S.L.P. (hereinafter, “CMA” or “us/we”), with registered office in Calle Velázquez, no. 150, planta baja, 28002-Madrid, and registered with Madrid’s Commercial Register, under Volume 25401, Page18, Sheet 457516.

PLEASE, SPEND A FEW MINUTES READING OUR PRIVACY POLICY. IT WON’T TAKE LONG. THIS IS OUR WAY TO EXPLAIN TO YOU IN A SIMPLE, CLEAR AND TRANSPARENT MANNER HOW WE PROCESS AND PROTECT YOUR PERSONAL DATA AND YOUR RIGHTS. YOUR PERSONAL SECURITY AND THAT OF YOUR PERSONAL DATA IS ESSENTIAL TO US. WE TAKE YOUR PROTECTION VERY SERIOUSLY.

1. WHO DOES THIS POLICY APPLY TO?

This Policy applies to all new Platform users, whether they are CMA Clients or not (hereinafter, “User” or “Users”), who are natural persons. With the expression “personal data” we refer to any information about an identified or identifiable natural person.

If you are already a CMA Client who has subscribed an agreement with us, you may refer to the information contained in such agreement with regard to the specific privacy terms and conditions.

This Platform is intended for users older than 18 years old. Persons under this age may not use this Platform. Moreover, the User responsibly acknowledges that he or she has sufficient legal capacity to engage the services offered by CMA.

2. IF YOU BROWSE OR USE OR WEBSITE, WHO IS THE CONTROLLER OF YOUR PERSONAL DATA?

We are the data controller of your personal data:

  • Full legal name: CECA MAGÁN ABOGADOS, S.L.P.
  • Registered office: c/Velázquez, nº150, planta baja. 28002- Madrid
  • Front office/headquarters: c/Velázquez, nº150, planta baja. 28002- Madrid
  • Contact telephone number: + 34 91 345 48 25
  • (General) contact email: info@cecamagan.com

If you have any questions regarding the protection of your personal data, please send an email to: privacy@cecamagan.com

3. WHAT DATA DO WE PROCESS?

We need to process your personal data to give you access to the contents and/or functionalities made available on the Platform or to be able to send you information or services, if you give us your consent. In this regard, we are strongly committed to process your data in a legitimate manner, consistent with the legal principles and duties set forth by current data protection regulations.

When you browse our Platform and, specifically, when you interact with us or opt into our system, you directly supply information to us —for instance, when you complete an online form or request according to the processing purpose specified in each case.

The data you supply are related to the forms or requests made available on the Platform and may vary according to the relevant type of form or request. Without prejudice to the above, different personal data categories may be gathered by means of forms/requests made available on the Platform. However, we will always ask for adequate, relevant and not excessive data in relation to the purposes for which the personal data are collected.

  • Identification Personal Data (name and last name).
  • Contact Personal Data (landline or mobile telephone number, email).
  • Profiling Personal Data (investment profile, needs or related concerns, e.g. as expressed using the chat box, etc.).

Furthermore, when you browse our Platform you should watch out for the cookies installed on your local terminal or device, as this means your personal data are being processed according to the specific cookies and their purpose (please read our cookie policy). If you accept our cookie policy, we will use analytical cookies, which means that the personal data linked to your browsing profile will be used for analytical and/or statistical purposes. Please be noticed that, given that there is prior information on our legal personal data protection policy, if you continue browsing our Platform, you are unequivocally agreeing to our use of the cookies. However, you may change the analytical cookie settings as explained in our Cookie Policy.

4. HOW DO WE USE YOUR PERSONAL DATA?

The personal data you provide to us will be processed as specified in this Privacy Policy or in the forms made available on this Platform, if any. In this regard, your personal data are collected for the following purposes:

  • Enable you to browse our Platform, allowing you to access the information and the contents made available on it.
  • Respond to your requests and inquiries and, specifically, to applications to participate in CMA’s recruitment processes. If the relevant inquiry forms or requests required your unequivocal consent to receive promotions, advertisements or offers related to specific services linked to such inquiries or requests, please be informed that you may revoke your consent at any time by writing an email to: privacy@cecamagan.com. Nevertheless, this will not prevent the prior processing of your personal data for such purposes.
  • Respond to your questions in an efficient and prompt manner when you ask us about our services whether by email, telephone, chat, etc.
  • Allow you to subscribe to our blog/newsletter, so you can access additional contents and information you may find interesting.
  • Enable the use of our Platform’s cookies, as described in our cookie policy.
  • If you have accepted our Cookie Policy, for the purposes linked to the different types of cookies specified in it and, specifically, analytical cookies (browsing/user profile), conduct analyses and prepare statistics linked to web browsing in order to improve our services and their quality. You may change the settings of analytical cookies at any time by exercising your right to revoke your consent with regard to the purposes of such cookies. We hereby inform you that by revoking your consent to certain cookies, such as session or technical cookies, may prevent you from browsing our Platform (see cookie policy).
  • Adopt as many protective measures as may be applicable as per current regulations, including any potential anonymization of our personal data, applying the appropriate available methods for such purpose. Consequently, in this regard, anonymization and pseudonymization processing may be used to better protect your personal data.
  • Apply any relevant security, technical and/or organizational measures to your personal data considering the risk run at all times, including pseudonymization or encryption of the personal data by means of our Platform.

5. WHAT ARE OUR LEGITIMATE GROUNDS FOR PROCESSING YOUR PERSONAL DATA?

Purpose of processingLegitimate grounds for processing
Enable you to browse our Platform, allowing you to access the information and the contents made available on it.

 

Your consent and, as the case may be, satisfying our own or a third party’s legitimate interest, linked to the appropriate management, maintenance, development and performance of the Platform and any connected tools, networks and systems, guaranteeing their proper operation, functionalities and access contents and services, and the general security of all of the above.
Respond to the requests and inquiries you send us. Your consent.
Respond to your questions in an efficient and prompt manner when you ask us about our services.Your consent and, as the case may be, applying precontractual measures requested by the data subject.
Allow you to subscribe to our blog/newsletter.Your consent.
If you have accepted our Cookie Policy, for the purposes linked to the different types of cookies specified in it and, specifically, conduct the relevant analysis of your browsing habits for analytical and/or statistical purposes.Your consent.
Adopt as many protective measures as may be applicable as per current regulations, including any potential anonymization of our personal data, applying the appropriate available methods for such purpose.

 

Compliance with a legal obligation: REGULATION (EU) 2016/679 of the European Parliament and of the Council of 27 April  2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter, el “General Data Protection Regulation” or “GDPR”) https://www.boe.es/doue/2016/119/L00001-00088.pdf. For processing aimed at guaranteeing the security of the platform, the network and the associated information system, the legitimate grounds invoked may be satisfying our own or a third party’s legitimate interest (Recital 49 of the GDPR).
Apply any relevant security, technical and/or organizational measures to your personal data considering the risk run at all times, including pseudonymization or encryption of the personal data by means of our Platform.Compliance with a legal obligation: REGULATION (EU) 2016/679 of the European Parliament and of the Council of 27 April  2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter, el “General Data Protection Regulation” or “GDPR”) https://www.boe.es/doue/2016/119/L00001-00088.pdf. For processing aimed at guaranteeing the security of the platform, the network and the associated information system, the legitimate grounds invoked may be satisfying our own or a third party’s legitimate interest (Recital 49 of the GDPR).

If your consent constitutes the legitimate grounds for processing your personal data, please be reminded that you are entitled to revoke your consent at any time by simply writing an email to privacy@cecamagan.com. This procedure has no cost.

6. HOW LONG DO WE KEEP YOUR DATA?

Personal data linked to informed data processingPersonal data storage times and criteria
Data linked to the User browsing our Platform-Generally, your data will not be stored for longer than is absolutely necessary to allow you to browse and use our Platform and the contents made available on it.

-With regard to the data linked to your browsing profile, since you have accepted analytical cookies as described in CMA’s cookie policy, please read the relevant section regarding the time these remain activated in your device (see cookie policy).

Respond to the requests and inquiries you send us. -As long as it takes us to properly take care of your specific requests and/or inquiries as the case may be.

-If such requests and/or inquiries involved precontractual measures or the subscription of an agreement with CMA, your data will be stored for as long as it is necessary to satisfy such precontractual measures or service agreement between the parties.

Respond to your questions in an efficient and prompt manner when you ask us about our services.For no longer than is absolutely necessary to solve or take care of your questions.
Allow you to register as a User, if you choose to do so, and manage your registration Up the moment when you opt out. If you are a CMA client, other personal data storage times may apply as specified below.
Allow you to subscribe to our blog/newsletter.Up the moment when you opt out.
Adopt as many protective measures as may be applicable as per current regulations.

 

As long as the User’s personal data are processed, including the storage of such personal data according to the times stipulated by law, and regardless of the legitimate grounds CMA may put forward.
Apply any relevant security, technical and/or organizational measures to your personal data considering the risk run at all times, including pseudonymization or encryption of the personal data by means of our Platform.As long as the User’s personal data are processed, including the storage of such personal data according to the times stipulated by law, and regardless of the legitimate grounds CMA may put forward.

In any case, without prejudice for the above, the User is hereby informed of the following:

  • According to current data protection regulations, with regard to CMA’s proper personal data processing, the data controller may also securely store the information for three years from collection (statute of limitations of infringements).
  • With regard to the storage times of cookies, please check the relevant section of our cookie policy.
  • Generally, any personal data which are no longer necessary for the processing purposes they were collected, are blocked and only available to competent authorities in the event legal responsibilities arise with regard to their processing, all according to applicable regulations. Personal data will not be used for other purposes. Once the blocking legal times have elapsed, personal data will be erased according to applicable regulations or securely anonymized by CMA (anonymized/non-personal data), if applicable.

7. WHAT ARE THE CONSEQUENCES OF NOT PROVIDING YOUR DATA?

We try to ask for and use the minimum and absolutely necessary data when we process your personal data to satisfy our business purpose. All according to the principles set forth in the applicable law.

However, if you do not provide us with your personal data: 1) you may not be able to properly browse our website (if you decline our technical or session cookies); 2) you may not be able to access some contents or services (e.g. if you do not submit your personal data to receive our newsletter, you will not receive it or the information or contents related thereto); 3) we may not be able to process your specific request or inquiry (e.g. if the form or request has not been fully filled out).

However, the information and personal data you provide to us should always be:

  • Sufficient, but limited and proportional to the legitimate purposes of informed processing, as the case may be, fully observing the principles of personal data limitation and minimization.
  • Accurate, updated and true, in order to be able to properly verify the identity, capacity and, if applicable, representation powers, and to adapt the data processing to your specific needs and to your actual circumstances on a case to case basis. All in observance of the principle of personal data accuracy.

Users will be fully responsible for the personal data and information they submit to CMA within the framework of the Platform and of the services requested or engaged.

8. DO WE SHARE YOUR PERSONAL DATA WITH THIRD PARTIES?

Generally, we do not share, with, sell or offer your data to third parties.

Likewise, certain third parties may have access to your personal information when rendering the services engaged by CMA. For instance, in the case of third-party cookies used on the Platform (see cookie policy).

CMA has several trusted data processors who have access to the personal data owned by it only to the extent it is strictly necessary to render the services engaged by CMA. Such data processors operate under a service agreement, including the terms and conditions and safeguards set forth in article 28 GDPR. Controls, inspections and audits are conducted in this regard to verify that such data processors strictly observe the agreements subscribed for such purpose and any applicable regulations.

9. ARE YOUR PERSONAL DATA INTERNATIONALLY TRANSFERRED?

You are hereby informed that, in general terms, we have no intention to transfer your personal data internationally. CMA will adopt all necessary measures and safeguards in this regard according to current regulations on personal data protection.

Notwithstanding the above, in our cookie policy we inform you of the existence of possible international personal data transfers linked to the services rendered by our providers (third-party cookies). All international transfers are fully secure as per the applicable regulations, as the recipients are included in the list of certified companies under the Privacy Shield framework (see cookie policy).

10. WHAT ARE YOUR RIGHTS AND HOW CAN YOU EXERCISE THEM?

Your rightsWhat does it mean?How can you exercise it?
Right to informationThis is your right to receive appropriate information from CMA, both when your personal data are collected (whether you have provided them, or they have been obtained from a third party) and at any other later moment regarding the processing of your personal data. You decide on your personal data. See articles 12 through 14 of the GDPR.CMA strives to offer you all the necessary information on the processing of your personal data, as per articles 12 through 14 of the GDPR. However, if you have any questions or inquiries about our privacy or cookie policy, please, do not hesitate to write an email to: privacy@cecamagan.com and we will take care of your request for further information.
Right to accessThis is your right to obtain confirmation from CMA as to whether your personal data are being processed or not, and to access basic information on such processing (article 15 of the GDPR), and to obtain a copy of the personal data undergoing processing.You may write an email to privacy@cecamagan.com with the subject “Ejercicio Derechos” (“Exercise rights”, in English). If you are required to identify yourself, you may attach, if necessary, a copy of your national identity document or an equivalent identification document (passport, aliens’ identification document).
Right to rectificationThis is your right to obtain from CMA without undue delay the rectification of inaccurate personal data, as per article 16 of the GDPR.You may write an email to privacy@cecamagan.com with the subject “Ejercicio Derechos” (“Exercise rights”, in English). If you are required to identify yourself, you may attach, if necessary, a copy of your national identity document or an equivalent identification document (passport, aliens’ identification document).
Right to erasure This is your right to obtain from CMA without undue delay the erasure of personal data, as per article 17 of the GDPR.You may write an email to privacy@cecamagan.com with the subject “Ejercicio Derechos” (“Exercise rights”, in English). If you are required to identify yourself, you may attach, if necessary, a copy of your national identity document or an equivalent identification document (passport, aliens’ identification document).
Right to restriction of processingThis is your right to obtain from CMA restriction of processing where one of the following applies:

– You contest the accuracy of your personal data, for a period enabling CMA to verify the accuracy of the personal data.

– The processing is unlawful, and you oppose the erasure of the personal data (and you request the restriction of their use instead).

– CMA no longer needs your personal data for the purposes of the processing, but they are required for the establishment, exercise or defense of legal claims.

The exercise of this right is limited to the provisions of article 18 of the GDPR.

You may write an email to privacy@cecamagan.com with the subject “Ejercicio Derechos” (“Exercise rights”, in English). If you are required to identify yourself, you may attach, if necessary, a copy of your national identity document or an equivalent identification document (passport, aliens’ identification document).
Right to data portabilityThis is your right to receive the personal data concerning you, which you have provided to CMA, in a structured, commonly used and machine-readable format, or to transmit those data to another controller when technically possible as per article 20 of the GDPR.You may write an email to privacy@cecamagan.com with the subject “Ejercicio Derechos” (“Exercise rights”, in English). If you are required to identify yourself, you may attach, if necessary, a copy of your national identity document or an equivalent identification document (passport, aliens’ identification document).
Right to objectThis is your right to object at any time to processing of your personal data, including profiling, when based on satisfying our own or a third party’s legitimate interest as per article 21 of the GDPR.You may write an email to privacy@cecamagan.com with the subject “Ejercicio Derechos” (“Exercise rights”, in English). If you are required to identify yourself, you may attach, if necessary, a copy of your national identity document or an equivalent identification document (passport, aliens’ identification document).
Right to not be subject to a decision based solely on automated processing (including profiling)This is your right to not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you as per article 22 GDPR.You may write an email to privacy@cecamagan.com with the subject “Ejercicio Derechos” (“Exercise rights”, in English). If you are required to identify yourself, you may attach, if necessary, a copy of your national identity document or an equivalent identification document (passport, aliens’ identification document).
Right to withdraw consentThis is your right to withdraw your consent at any time. The withdrawal of consent will not affect the lawfulness of processing by CMA based on your consent before its withdrawal.You may withdraw your consent by using the forms, contents and privacy settings made available by CMA, as appropriate —for instance, you may opt out from the newsletter by clicking on the relevant link. However, you may also write an email to: privacy@cecamagan.com  so we can properly satisfy your right in observance of applicable regulations.
Right to lodge a complaint with the competent supervisory authority (AEPD)This means you may lodge a complaint with the relevant supervisory authority if you believe your personal data protection rights have been violated (articles 13 and 14 of the GDPR).Please contact us before you lodge a complaint with the AEPD (Spanish Agency of Data Protection) so we can analyze your specific case and try to find an efficient and amicable solution, if possible. In addition to the foregoing, you may also visit AEPD’s website www.aepd.es

11. ARE SECURITY AND PROTECTIVE MEASURES APPLIED TO YOUR PERSONAL DATA?

Considering the nature, scope, context and purposes of processing, as explained above, as well as the risks to your rights and freedoms (which may vary in likelihood and seriousness), CMA applies (and will apply) appropriate technical and organizational measures to guarantee that your personal data are secure and protected. We apply privacy criteria from design and by default, as well as a concurrent risk approach which will be revised and updated by CMA as appropriate.

The use of the Hypertext Transfer Protocol (HTTPS) on our Platform is an extra guarantee for the security of your personal data.

12. VALIDITY AND CHANGES TO THE PRIVACY POLICY

This privacy policy is valid from 01.09.2019.

CMA reserves the right to make changes to this policy to adapt it to future applicable legislation, doctrine of case law, or resulting from technical, operational, commercial, corporate or business reasons. CMA shall notice the Users of any changes in due time, whenever reasonably possible. In any case, please carefully read this policy every time you access this Platform, since any changes will be published here.

Also, CMA may individually inform you of any intended changes to this policy before they come into force, whenever technically and reasonably possible, particularly if you are a CMA registered user.

13. DO YOU NEED TO CONTACT US?

If you have any questions or suggestions about this privacy policy, please do not hesitate to contact us by email: privacy@cecamagan.com: privacy@cecamagan.com.

14. JURISDICTION AND APPLICABLE LAW

Generally, any disputes and conflicts arising herefrom shall be preferably dealt by the parties to find an amicable solution by common consent. For such purpose, the parties shall use the email address provided in point 13 of this policy.

If such agreed solution is not possible, in observance of the criteria set forth in the GDPR to determine the jurisdiction of the main authority to settle a conflict, dispute or claim related to this privacy policy, you are hereby informed that, at least in the administrative jurisdiction, the AEPD (Spanish Data Protection Agency) will be competent. The provisions of article 56 of the GDPR shall be observed at all times. Regarding the right to effective legal protection against CMA, in this case the provisions of article 79.2 of the GDPR shall be applicable, and you may exercise any appropriate actions before the Courts of the city of Madrid to the extent the controller is based in Spain. The current Spanish and European law shall be applicable.