Privacy Policy
Our data protection policy is constructed and communicated in accordance with applicable regulations, particularly in relation to EU Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter, GDPR) and Law 3/2018, of December 5, on Data Protection and Guarantee of Digital Rights.
This privacy policy is common and applicable to the company CODESH MADRID, SL
The necessary technical and organizational measures have been adopted to guarantee the confidentiality, security, and proper processing of personal data, preventing its alteration, loss, unauthorized processing, or access in accordance with applicable regulations. Effective measures have been taken and, in all cases, the level of security appropriate to the level of data processed has been maintained. This work is carried out continuously, taking into account legislative developments or the Company's developments.
This policy may change over time due to possible legislative changes or other business management reasons. Any changes will be immediately reflected on the website.
The firm processes data of individuals in the performance of a professional role or function, as well as personal data in the private sphere. Both categories have been addressed in establishing this privacy policy. The entity may act as either the CONTROLLER or the PROCESSOR. This privacy policy addresses and covers both types of actions.
Who is the CONTROLLER of your data?
CODESH MADRID, SL, with NIF B19874452 and registered office at Edificio Ciudad de Sevilla, Calle Dublín 1, Office 1L, Las Rozas de Madrid (Madrid) - email customerservice@codeshofficial.com
PURPOSE OF DATA PROCESSING AND STORAGE
We process the information provided to us by our customers and other interested parties for the following purposes:
a) PURPOSES OF A CONTRACTUAL NATURE, in relation to partners, suppliers, collaborators and employees, to manage the provision of rights and obligations arising from the contractual relationship.
b) PURPOSES BASED ON THE CONSENT OF THE INTERESTED PARTY: For information purposes related to the entity's activities and actions.
The Company will be responsible for providing the information and collecting the consents necessary for the commercial use of the data.
c) REGULATORY PURPOSES: To comply with its legal and/or regulatory obligations.
d) PURPOSES BASED ON LEGITIMATE INTEREST, pursuant to the provisions of Article 19 of the LOPDGDD (Organic Law 3/2018 of December 5) and Article 6.1.f) of Regulation EU 2016/679.
The data is processed as DATA CONTROLLER when it is collected and processed by us.
Data is processed as DATA PROCESSOR, when the firm processes the data to provide a service to a third party that is the data controller.
DATA RETENTION
The personal data provided will be retained, in a general manner, and with the exception of the provisions in the previous paragraph.
a) For as long as required to fulfill the purpose for which they are collected, or as required by the contractual relationship, including the time necessary, in accordance with applicable regulations, to fulfill the relevant obligations and actions that may arise from it.
b) as long as its deletion is not requested by the interested party.
being blocked when the first of the two events mentioned above occurs.
From that moment on, it will be at the exclusive disposal of judges and courts, the Public Prosecutor's Office, or the competent public authorities, particularly data protection authorities, for the purpose of addressing any potential liabilities arising from the processing, during the statute of limitations. Once this period has elapsed, the data will be deleted.
Profiling is not performed.
LAWFUL PROCESSING
As DATA CONTROLLER, the legal basis for processing your data is:
a) In the contractual relationship and execution of the contract signed with us.
b) In the event that you have expressly given your consent, the legal basis is said consent.
c) Legal legitimacy based on regulatory purposes.
d) In the legitimate interest, under article 19 of the LOGPGDD.
As DATA CONTROLLER, it is up to the entity that has contracted us as the service provider, in its capacity as DATA CONTROLLER, to establish the legitimacy and processing model.
DATA RECIPIENTS
The data is communicated to our partners who perform services as subcontractors, law firms, and other data processors, as well as to authorities and public entities that request it.
In the case of collaborators, the corresponding data processing contract is signed with the recipient, as required by the General Data Protection Regulation.
INTERNATIONAL DATA TRANSFERS
The company does not generally carry out international data transfers. In connection with any transfer of your personal data to countries outside the EEA, the company will implement appropriate specific measures to ensure an adequate level of protection for your personal data.
USER RIGHTS
a) Anyone has the right to obtain confirmation as to whether or not we are processing personal data concerning them.
b) Interested parties have the right to access their personal data, as well as to request the rectification of inaccurate data or, where appropriate, request its deletion when, among other reasons, the data is no longer necessary for the purposes for which it was collected.
c) In certain circumstances provided for in Article 18 of the GDPR, data subjects may request that the processing of their data be restricted , in which case we will retain them only for the purpose of exercising or defending legal claims.
d) Interested parties may object to the processing of their data for marketing purposes, including profiling. The Foundation will stop processing the data except for compelling legitimate reasons or to exercise or defend potential legal claims.
e) Under the right to portability , data subjects have the right to obtain the personal data concerning them in a structured, commonly used and machine-readable format and to transmit them to another controller.
EXERCISE OF GDPR RIGHTS BY THE USER
By writing to the addresses indicated above.
USER RESPONSIBILITY
The User guarantees that the personal data provided through the form is true and is obligated to communicate any changes. Likewise, the User guarantees that the information provided corresponds to their actual situation, is up-to-date, and is accurate. Furthermore, the User undertakes to keep their data updated at all times. They are solely responsible for any inaccuracy or falsity of the data provided and for any damages this may cause to CODESH MADRID, SL, as the owner of the portal.
COMPLAINT TO THE SPANISH DATA PROTECTION AGENCY
If you believe the Foundation has not properly addressed your request, you may request protection from the Spanish Data Protection Agency, whose details can be found at www.agpd.es.
DATA CATEGORIES
What categories of data do we process?
a) Identification and location data.
b) Data about your professional function or activity.
c) Economic and payment data.
Generally, special categories of data under Articles 9 and 10 of the GDPR are not covered. If this is the case, the entity will comply with the requirements of Articles 9 and 10, and explicit consent will be collected.
The data received or collected is necessary to fulfill the stated purposes and is treated confidentially in accordance with the privacy and security policies established by the firm.
The data received or collected are those necessary to fulfill the indicated purposes.
ORIGIN
As DATA CONTROLLER, the personal data we process comes from the information you provide when you request services or resources from us, access our website, or establish any type of relationship with us, directly or indirectly.
As DATA PROCESSORS, the data comes from the DATA CONTROLLER, or we collect it for it during the provision of the service contracted with the CONTROLLER.