ES EN
Under attack?
I'm interested
I'm interested
Under attack?


Español English
Home Privacy Policy

Privacy Policy

We ask that you carefully read this Privacy Policy, which describes how we use the data you provide us, always in accordance with the requirements of (EU) REGULATION 2016/679 OF THE EUROPEAN PARLIAMENT AND COUNCIL, of April 27, 2016 (GDPR), and Spanish Organic Law 3/2018, of December 5, on Personal Data Protection and Guarantee of Digital Rights and all other related regulations that may apply. Our goal is for the information provided to be transparent so that you as a user can understand it properly. However, if after reading it you still have questions, you can always contact us through any of the communication channels made available to you and we will be happy to answer them for you. 

I.-DATA CONTROLLER

Data controller contact information: The data controller of the website is TRANSPARENT EDGE SERVICES, S.L. (hereinafter, THE DATA CONTROLLER) WITH Spanish Tax ID (CIF) B85363141 and address Calle Cedaceros 11, 6ºC 28014 (Madrid) Spain, which shall be responsible for processing the personal data that the user provides through the website.

Data Protection contact information: You can contact the address indicated above, the phone number (+34) 910916419, or the email dpo@transparentedge.eu.

DPO contact information: You can also directly contact our Data Protection Officer at dpo@transparentedge.eu.

II.– PRINCIPLES UNDER THE EUROPEAN DATA PROTECTION REGULATION

We agree to process the personal data provided in accordance with the following principles set out in the General Data Protection Regulation (GDPR):

  • Legality: We shall only collect your personal data for specific, explicit, and legitimate purposes, and we shall not process your personal data in a manner inconsistent with the aforementioned purposes.
  • Lawfullness: In accordance with Article 6 of the General Data Protection Regulation, your personal data shall be managed while you have given your express content for that data to be processed as an outward expression of your willingness and free and informed consent. Your personal data may be necessary to execute a contract, agreement, or service to which the data subject party is party, to comply with legal requirements, to protect the vital interests of the data subject or another person, to fulfill a mission of public interest or in the exercise of public powers conferred to the data controller, or to fulfill the legitimate interests pursued by the data controller when said interests do not infringe upon the fundamental rights and freedoms of the data subject nor the protection of the data subject’s personal data.
  • Fairness and transparency: In accordance with Article 5 of the General Data Protection Regulation, as a demonstration and evidence of transparency, the data subject is informed of the existence of the processing operation and its purposes.
  • Data minimization: We limit the collection of personal data to what is strictly relevant and necessary for the purposes for which the data were collected.
  • Purpose limitation: We shall only collect and process your personal data for specific, explicit, and legitimate purposes.
  • Accuracy: We shall keep your personal data accurate and up-to-date.
  • Data Security: We apply suitable technical and organizational measures to guarantee the proper level of security based on the risks and nature of the data, in order to prevent their disclosure or unauthorized access, or any loss or alteration—essentially, from any type of illegal processing.
  • Access and Rectification: Any person who, having given their consent for data collection, wants to make any request regarding their processing, is entitled to and may exercise: the right to access, rectification, opposition, erasure, limitation of processing, portability, and not being subject to individual decisions. Said exercise shall be free and the request shall be attended to within a month, to be extended by two additional months in exceptional circumstances such as the number of requests, complexity, or similar. Point 15 of this document provides information about how to exercise these rights and the means and channels through which we shall carry out your request.
  • Principle of limitation of the retention period: The data shall be held for as long as necessary for processing purposes without undue delay, during which time the data belonging to users and clients shall always be available to them upon request.

III.-USER CONSENT:

The user shall be understood to accept the conditions established from the moment they provide their contact data through any of the channels available on the page, particularly through the contact form.

The data collected—in principle, the name and the email address—are appropriate, pertinent, and non-excessive in relation to the specific purposes of providing the information requested by the user. Their specific purpose is to respond to users’ requests for information about the company’s services.

However, we must inform you that the consent granted may always be revoked at any time, at which point we shall immediately stop using them for any purposes not related to providing the service, keeping them blocked for the minimum time necessary to respond to potential legal liabilities.

IV.- WHAT PERSONAL DATA DO WE PROCESS?

We shall process the following personal data for the legitimate purposes that shall be explained below:

Data necessary to respond to requests for information:

  • Name
  • Email address
  • Company
  • Phone number

V.- PURPOSES OF DATA PROCESSING.

Why do we process your personal data?

To fulfill our objectives, we process data for the following purposes:

  • Respond to users’ requests for information about the services provided by the company.
  • When services are contracted, to properly manage administrative, accounting, and fiscal matters with the client.

VI.- HOW LONG DO WE KEEP YOUR DATA?

The amount of time personal data is held shall vary depending on the function of the service provided and the legal basis of the consent granted by the user. In principle, they shall be held for as long as you remain a client of the company.

However, irrespective of the above, notwithstanding our no longer using your data to provide you the service or send you any type of commercial communication, we are legally obliged to keep your data blocked during the required statutory limitation period for the obligations that may have arisen from the processing and/or the applicable limitation periods, and they shall remain at the disposal of the competent authorities for possible liabilities arising from their processing.

In accordance with Article 17.3 of the GDPR, data blocking is understood to be the right to “retention” as an exception to the right to erasure. This means that the data shall not be used by or accessible to anyone, and that they shall only be used in the event that there is any legal requirement or liability claim in relation to them. The data shall finally be deleted once the statutory limitation period has passed.

VII.-LEGAL STANDING

We process your data on the legal basis of your consent. In any case, you shall always have full rights over your personal data and how they are used, which you may exercise at any time.

As mentioned above, collecting a certain minimum amount of information is required to be able to provide you with the proper service, so the data collected are pertinent and never excessive. We never ask for any data that is not necessary for the established purposes.

VIII.-RECIPIENTS

Who do we transfer your data to?

The data collected shall never be transferred without your express authorization. In the event that it is necessary to contract certain services from providers that may require such a transfer, the corresponding data access contracts shall be signed in the framework of Article 28 of the GDPR.

Notwithstanding the above, the DATA CONTROLLER shall not transfer your data, except to relevant Government Agencies, the Tax Agency, State Security Forces, Judges and Courts, when legally required to provide them.

IX.- DATA PROTECTION RIGHTS

RIGHT OF ACCESS

Article 15 of the General Data Protection Regulation recognizes the right of the data subject to know whether or not their personal data are being processed, the categories of data, the recipients, the origin of the data, the retention period, and the criteria for determining said period. So, the data processor shall provide a copy of the personal data subject to processing in an electronic format when requested.

Likewise, the data subject can request the following from the controller: rectification, erasure, or limitation of data and of processing.

To facilitate the user’s exercise of this right, we provide the following link to the form they must complete for the request:

https://www.aepd.es/media/formularios/formulario-derecho-de-acceso.pdf

RIGHT OF RECTIFICATION AND ERASURE

Articles 16 and 17 of the General Data Protection Regulation establish in the area of rectification and erasure of personal data that the client or user may request the rectification of their personal data if they consider them to be inexact or for the data to be completed or deleted if they are not necessary for the purposes for which they were collected and processed.

To facilitate the user’s exercise of this right, we provide the following link to the form they must complete for the request:

https://www.aepd.es/media/formularios/formulario-derecho-de-rectificacion.pdf

https://www.aepd.es/media/formularios/formulario-derecho-de-supresion.pdf

 RIGHT TO LIMITATION OF PROCESSING

The data subject shall have the right to require from the data controller the limitation of the processing of their data whenever they contest the accuracy of the personal data. In other words, the data may only be subject to processing, except for its retention, with the consent of the data subject, to bring or respond to claims, to protect the rights of another person or legal entity, or for reasons of public interest of the European Union or a particular Member State. Additionally, this shall be reported by the data controller before lifting the aforementioned limitation.

To facilitate the user’s exercise of this right, we provide the following link to the form they must complete for the request:

https://www.aepd.es/media/formularios/formulario-derecho-de-limitacion.pdf

RIGHT TO PORTABILITY OF DATA

Article 20 of the General Data Protection Regulation recognizes the right of the data subject to receive the personal data that concerns them. It shall be transmitted directly from controller to controller whenever technically possible, in a structured, commonly used, and machine-readable format, without hindrance from the controller to which the data have been provided, when the consent has been expressed outwardly or through a contract.

To facilitate the user’s exercise of this right, we provide the following link to the form they must complete for the request:

https://www.aepd.es/media/formularios/formulario-derecho-de-acceso.pdf

How can you exercise your rights?

We inform you that you can exercise the aforementioned rights by writing to the Data Controller at the address Calle Cedaceros 11, 6ºC 28014 (Madrid) Spain, or to the email address dpo@transparentedge.eu, or to the address of our Data Protection Officer (DPO) dpo@transparentedge.eu.

Additionally, we remind you that you can oppose the sending of commercial communications of any kind at all times by sending an email to the address mentioned above.

If you think that your request has not been attended to correctly or if your data are not being processed in the proper way, you can direct your claims to the Spanish Data Protection Agency, the supervisory authority in Spain.

 X.- SECURITY LEVEL

The DATA CONTROLLER shall implement the necessary technical and organizational measures to guarantee the security of the personal data, in accordance with the provisions of (EU) REGULATION 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of April 27, 2016 (GDPR), thus preventing their loss or alteration or unauthorized access to them.

The user is responsible for not transferring their account data to third parties, to ensure it remains inaccessible to unauthorized people. Otherwise, the DATA CONTROLLER guarantees that the security measures taken in relation to your account also comply with the security standards on data protection.

In any case, if despite complying with all the necessary security measures, the website were to suffer a security breach that affected your legitimate interests or rights, the DATA CONTROLLER agrees to inform the Supervisory Authority—in this case, the Spanish Data Protection Agency—within 72 hours, as well as all users who may have been affected.

 XI.- INTERNATIONAL DATA TRANSFERS

An International Data Transfer is understood to be any communication of your personal data to countries located outside the European Union, and more specifically outside the European Economic Space (EES). There are exceptions of countries outside this European space that are not considered to be international transfers, because the recipients are countries that the European Data Protection Commission considers to be suitable because they comply with European data protection standards.

The DATA CONTROLLER does not currently have any services contracted with providers located outside the European Economic Space (EES). In any case, given its activity, it may be necessary to transfer the essential data in the framework of the services provided for their correct provision, with this transfer being essential to ensure full performance. In some cases, depending on the type of service contracted by the user, it may be necessary to transfer data internationally. Some countries outside the EES are recognized by the European Commission as guaranteeing an appropriate level of data protection in accordance with EES standards.

In the event that transfers are made to countries not considered suitable by the European Commission, the DATA CONTROLLER shall sign the contracts, guarantees, and safeguards necessary to preserve their privacy.

For more information about how your privacy is guaranteed, you can contact the Data Controller at dpo@transparentedge.eu, at the mailing address indicated above, or at the address of our Data Protection Officer (DPO) dpo@transparentedge.eu.

XII.- MINORS

In accordance with the provisions of Spanish Organic Law 3/2018, of December 5, on Personal Data Protection and Guarantee of Digital Rights, the minimum age to authorize the processing of data is 14 years old.

However, notwithstanding the above, for persons under 18 years of age, the contracting of services shall require the prior consent of their parents or guardians.

The DATA CONTROLLER reserves the right to take all possible measures to confirm the age of users, but cannot be liable for any non-compliance in this regard. However, if the data controller were to have the slightest doubt about the user’s age, it may restrict their access and not provide the passwords to create the registered user account or cancel the account if it has already been created.

XIII.-CONFIDENTIALITY

The personal data that is collected shall be processed with full confidentiality, and we agree to keep them secret, except to use and transfer them in the framework of the services provided, which you accept from the moment you sign up. The data are guaranteed to be kept confidential, taking all the necessary measures to prevent them from being lost or altered, or from unauthorized access or processing, in accordance with applicable law.

XIV.- THIRD-PARTY PERSONAL DATA MANAGED BY YOU

In the event that you, as a client, use any of our products and/or services to store, transmit, or process on our systems the personal data of third parties, you shall be solely responsible for managing, processing, guaranteeing, and protecting those personal data. Clients are also responsible for encrypting them and restricting access to them.

Our relationship with our clients is exclusive and we assume no liability regarding third-party data.

Likewise, our clients are responsible for complying with the legal requirements applicable to the content they host or manage through our systems. Thus, if there is a security incident that involves unauthorized access by third parties to personal data managed by you, TRANSPARENT EDGE SERVICES SL cannot ever be liable for any possible claims from affected third parties or any disciplinary procedure from the Supervisory Authority.

XV.- MODIFICATION OF THE PRIVACY POLICY

The DATA CONTROLLER reserves the right to modify its Privacy Policy, at its sole discretion, or especially as a result of legislative, jurisprudential, or doctrinal changes of the Spanish Data Protection Agency. We, therefore, ask you to review the Policy every now and then in order to stay informed at all times.

Last updated: January 2024