1. WHO DOES THIS POLICY APPLY TO?
This Policy applies to all new Platform users, whether they are CMA Clients or not (hereinafter, “User” or “Users”), who are natural persons. With the expression “personal data” we refer to any information about an identified or identifiable natural person.
If you are already a CMA Client who has subscribed an agreement with us, you may refer to the information contained in such agreement with regard to the specific privacy terms and conditions.
This Platform is intended for users older than 18 years old. Persons under this age may not use this Platform. Moreover, the User responsibly acknowledges that he or she has sufficient legal capacity to engage the services offered by CMA.
2. IF YOU BROWSE OR USE OR WEBSITE, WHO IS THE CONTROLLER OF YOUR PERSONAL DATA?
We are the data controller of your personal data:
- Full legal name: CECA MAGÁN ABOGADOS, S.L.P.
- Registered office: c/Velázquez, nº150, planta baja. 28002- Madrid
- Front office/headquarters: c/Velázquez, nº150, planta baja. 28002- Madrid
- Contact telephone number: + 34 91 345 48 25
- (General) contact email: email@example.com
If you have any questions regarding the protection of your personal data, please send an email to: firstname.lastname@example.org
3. WHAT DATA DO WE PROCESS?
We need to process your personal data to give you access to the contents and/or functionalities made available on the Platform or to be able to send you information or services, if you give us your consent. In this regard, we are strongly committed to process your data in a legitimate manner, consistent with the legal principles and duties set forth by current data protection regulations.
When you browse our Platform and, specifically, when you interact with us or opt into our system, you directly supply information to us —for instance, when you complete an online form or request according to the processing purpose specified in each case.
The data you supply are related to the forms or requests made available on the Platform and may vary according to the relevant type of form or request. Without prejudice to the above, different personal data categories may be gathered by means of forms/requests made available on the Platform. However, we will always ask for adequate, relevant and not excessive data in relation to the purposes for which the personal data are collected.
- Identification Personal Data (name and last name).
- Contact Personal Data (landline or mobile telephone number, email).
- Profiling Personal Data (investment profile, needs or related concerns, e.g. as expressed using the chat box, etc.).
4. HOW DO WE USE YOUR PERSONAL DATA?
- Enable you to browse our Platform, allowing you to access the information and the contents made available on it.
- Respond to your requests and inquiries and, specifically, to applications to participate in CMA’s recruitment processes. If the relevant inquiry forms or requests required your unequivocal consent to receive promotions, advertisements or offers related to specific services linked to such inquiries or requests, please be informed that you may revoke your consent at any time by writing an email to: email@example.com. Nevertheless, this will not prevent the prior processing of your personal data for such purposes.
- Respond to your questions in an efficient and prompt manner when you ask us about our services whether by email, telephone, chat, etc.
- Allow you to subscribe to our blog/newsletter, so you can access additional contents and information you may find interesting.
- Adopt as many protective measures as may be applicable as per current regulations, including any potential anonymization of our personal data, applying the appropriate available methods for such purpose. Consequently, in this regard, anonymization and pseudonymization processing may be used to better protect your personal data.
- Apply any relevant security, technical and/or organizational measures to your personal data considering the risk run at all times, including pseudonymization or encryption of the personal data by means of our Platform.
5. WHAT ARE OUR LEGITIMATE GROUNDS FOR PROCESSING YOUR PERSONAL DATA?
|Purpose of processing||Legitimate grounds for processing|
|Enable you to browse our Platform, allowing you to access the information and the contents made available on it.|
|Your consent and, as the case may be, satisfying our own or a third party’s legitimate interest, linked to the appropriate management, maintenance, development and performance of the Platform and any connected tools, networks and systems, guaranteeing their proper operation, functionalities and access contents and services, and the general security of all of the above.|
|Respond to the requests and inquiries you send us.||Your consent.|
|Respond to your questions in an efficient and prompt manner when you ask us about our services.||Your consent and, as the case may be, applying precontractual measures requested by the data subject.|
|Allow you to subscribe to our blog/newsletter.||Your consent.|
|Adopt as many protective measures as may be applicable as per current regulations, including any potential anonymization of our personal data, applying the appropriate available methods for such purpose. |
|Compliance with a legal obligation: REGULATION (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter, el “General Data Protection Regulation” or “GDPR”) https://www.boe.es/doue/2016/119/L00001-00088.pdf. For processing aimed at guaranteeing the security of the platform, the network and the associated information system, the legitimate grounds invoked may be satisfying our own or a third party’s legitimate interest (Recital 49 of the GDPR).|
|Apply any relevant security, technical and/or organizational measures to your personal data considering the risk run at all times, including pseudonymization or encryption of the personal data by means of our Platform.||Compliance with a legal obligation: REGULATION (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter, el “General Data Protection Regulation” or “GDPR”) https://www.boe.es/doue/2016/119/L00001-00088.pdf. For processing aimed at guaranteeing the security of the platform, the network and the associated information system, the legitimate grounds invoked may be satisfying our own or a third party’s legitimate interest (Recital 49 of the GDPR).|
If your consent constitutes the legitimate grounds for processing your personal data, please be reminded that you are entitled to revoke your consent at any time by simply writing an email to firstname.lastname@example.org. This procedure has no cost.
6. HOW LONG DO WE KEEP YOUR DATA?
|Personal data linked to informed data processing||Personal data storage times and criteria|
|Data linked to the User browsing our Platform||-Generally, your data will not be stored for longer than is absolutely necessary to allow you to browse and use our Platform and the contents made available on it.|
|Respond to the requests and inquiries you send us.||-As long as it takes us to properly take care of your specific requests and/or inquiries as the case may be.|
-If such requests and/or inquiries involved precontractual measures or the subscription of an agreement with CMA, your data will be stored for as long as it is necessary to satisfy such precontractual measures or service agreement between the parties.
|Respond to your questions in an efficient and prompt manner when you ask us about our services.||For no longer than is absolutely necessary to solve or take care of your questions.|
|Allow you to register as a User, if you choose to do so, and manage your registration||Up the moment when you opt out. If you are a CMA client, other personal data storage times may apply as specified below.|
|Allow you to subscribe to our blog/newsletter.||Up the moment when you opt out.|
|Adopt as many protective measures as may be applicable as per current regulations.|
|As long as the User’s personal data are processed, including the storage of such personal data according to the times stipulated by law, and regardless of the legitimate grounds CMA may put forward.|
|Apply any relevant security, technical and/or organizational measures to your personal data considering the risk run at all times, including pseudonymization or encryption of the personal data by means of our Platform.||As long as the User’s personal data are processed, including the storage of such personal data according to the times stipulated by law, and regardless of the legitimate grounds CMA may put forward.|
In any case, without prejudice for the above, the User is hereby informed of the following:
- According to current data protection regulations, with regard to CMA’s proper personal data processing, the data controller may also securely store the information for three years from collection (statute of limitations of infringements).
- Generally, any personal data which are no longer necessary for the processing purposes they were collected, are blocked and only available to competent authorities in the event legal responsibilities arise with regard to their processing, all according to applicable regulations. Personal data will not be used for other purposes. Once the blocking legal times have elapsed, personal data will be erased according to applicable regulations or securely anonymized by CMA (anonymized/non-personal data), if applicable.
7. WHAT ARE THE CONSEQUENCES OF NOT PROVIDING YOUR DATA?
We try to ask for and use the minimum and absolutely necessary data when we process your personal data to satisfy our business purpose. All according to the principles set forth in the applicable law.
However, if you do not provide us with your personal data: 1) you may not be able to properly browse our website (if you decline our technical or session cookies); 2) you may not be able to access some contents or services (e.g. if you do not submit your personal data to receive our newsletter, you will not receive it or the information or contents related thereto); 3) we may not be able to process your specific request or inquiry (e.g. if the form or request has not been fully filled out).
However, the information and personal data you provide to us should always be:
- Sufficient, but limited and proportional to the legitimate purposes of informed processing, as the case may be, fully observing the principles of personal data limitation and minimization.
- Accurate, updated and true, in order to be able to properly verify the identity, capacity and, if applicable, representation powers, and to adapt the data processing to your specific needs and to your actual circumstances on a case to case basis. All in observance of the principle of personal data accuracy.
Users will be fully responsible for the personal data and information they submit to CMA within the framework of the Platform and of the services requested or engaged.
8. DO WE SHARE YOUR PERSONAL DATA WITH THIRD PARTIES?
Generally, we do not share, with, sell or offer your data to third parties.
CMA has several trusted data processors who have access to the personal data owned by it only to the extent it is strictly necessary to render the services engaged by CMA. Such data processors operate under a service agreement, including the terms and conditions and safeguards set forth in article 28 GDPR. Controls, inspections and audits are conducted in this regard to verify that such data processors strictly observe the agreements subscribed for such purpose and any applicable regulations.
9. ARE YOUR PERSONAL DATA INTERNATIONALLY TRANSFERRED?
You are hereby informed that, in general terms, we have no intention to transfer your personal data internationally. CMA will adopt all necessary measures and safeguards in this regard according to current regulations on personal data protection.
10. WHAT ARE YOUR RIGHTS AND HOW CAN YOU EXERCISE THEM?
|Your rights||What does it mean?||How can you exercise it?|
|Right to access||This is your right to obtain confirmation from CMA as to whether your personal data are being processed or not, and to access basic information on such processing (article 15 of the GDPR), and to obtain a copy of the personal data undergoing processing.||You may write an email to email@example.com with the subject “Ejercicio Derechos” (“Exercise rights”, in English). If you are required to identify yourself, you may attach, if necessary, a copy of your national identity document or an equivalent identification document (passport, aliens’ identification document).|
|Right to rectification||This is your right to obtain from CMA without undue delay the rectification of inaccurate personal data, as per article 16 of the GDPR.||You may write an email to firstname.lastname@example.org with the subject “Ejercicio Derechos” (“Exercise rights”, in English). If you are required to identify yourself, you may attach, if necessary, a copy of your national identity document or an equivalent identification document (passport, aliens’ identification document).|
|Right to erasure||This is your right to obtain from CMA without undue delay the erasure of personal data, as per article 17 of the GDPR.||You may write an email to email@example.com with the subject “Ejercicio Derechos” (“Exercise rights”, in English). If you are required to identify yourself, you may attach, if necessary, a copy of your national identity document or an equivalent identification document (passport, aliens’ identification document).|
|Right to restriction of processing||This is your right to obtain from CMA restriction of processing where one of the following applies:|
– You contest the accuracy of your personal data, for a period enabling CMA to verify the accuracy of the personal data.
– The processing is unlawful, and you oppose the erasure of the personal data (and you request the restriction of their use instead).
– CMA no longer needs your personal data for the purposes of the processing, but they are required for the establishment, exercise or defense of legal claims.
The exercise of this right is limited to the provisions of article 18 of the GDPR.
|Right to data portability||This is your right to receive the personal data concerning you, which you have provided to CMA, in a structured, commonly used and machine-readable format, or to transmit those data to another controller when technically possible as per article 20 of the GDPR.|
|Right to object||This is your right to object at any time to processing of your personal data, including profiling, when based on satisfying our own or a third party’s legitimate interest as per article 21 of the GDPR.|
|Right to not be subject to a decision based solely on automated processing (including profiling)||This is your right to not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you as per article 22 GDPR.|
|Right to withdraw consent||This is your right to withdraw your consent at any time. The withdrawal of consent will not affect the lawfulness of processing by CMA based on your consent before its withdrawal.||You may withdraw your consent by using the forms, contents and privacy settings made available by CMA, as appropriate —for instance, you may opt out from the newsletter by clicking on the relevant link. However, you may also write an email to: firstname.lastname@example.org so we can properly satisfy your right in observance of applicable regulations.|
|Right to lodge a complaint with the competent supervisory authority (AEPD)||This means you may lodge a complaint with the relevant supervisory authority if you believe your personal data protection rights have been violated (articles 13 and 14 of the GDPR).||Please contact us before you lodge a complaint with the AEPD (Spanish Agency of Data Protection) so we can analyze your specific case and try to find an efficient and amicable solution, if possible. In addition to the foregoing, you may also visit AEPD’s website www.aepd.es|
11. ARE SECURITY AND PROTECTIVE MEASURES APPLIED TO YOUR PERSONAL DATA?
Considering the nature, scope, context and purposes of processing, as explained above, as well as the risks to your rights and freedoms (which may vary in likelihood and seriousness), CMA applies (and will apply) appropriate technical and organizational measures to guarantee that your personal data are secure and protected. We apply privacy criteria from design and by default, as well as a concurrent risk approach which will be revised and updated by CMA as appropriate.
The use of the Hypertext Transfer Protocol (HTTPS) on our Platform is an extra guarantee for the security of your personal data.
CMA reserves the right to make changes to this policy to adapt it to future applicable legislation, doctrine of case law, or resulting from technical, operational, commercial, corporate or business reasons. CMA shall notice the Users of any changes in due time, whenever reasonably possible. In any case, please carefully read this policy every time you access this Platform, since any changes will be published here.
Also, CMA may individually inform you of any intended changes to this policy before they come into force, whenever technically and reasonably possible, particularly if you are a CMA registered user.
13. DO YOU NEED TO CONTACT US?
14. JURISDICTION AND APPLICABLE LAW
Generally, any disputes and conflicts arising herefrom shall be preferably dealt by the parties to find an amicable solution by common consent. For such purpose, the parties shall use the email address provided in point 13 of this policy.