Privacy Policy

In compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, regarding the protection of natural persons with regard to the processing of personal data and the free movement of such data, and Organic Law 3/2018, of December 5, on the Protection of Personal Data and guarantee of digital rights, you are informed that the personal data you provide through this website //www.assessorianegre.com (hereinafter, the website), will be processed in accordance with the following terms:

ASSESSORIA I GESTIÓ NEGRE, S.L.P. (hereinafter, ASSESSORIA I GESTIÓ NEGRE) is committed to protecting the privacy of users who access this website and/or any of its services. The use of the website and/or any of the services offered by ASSESSORIA I GESTIÓ NEGRE implies the user’s acceptance of the provisions contained in this Privacy Policy and that their personal data will be processed as stipulated herein. Please note that although there may be links from our website to other websites, this Privacy Policy does not apply to the websites of other companies or organizations to which the website may be redirected. ASSESSORIA I GESTIÓ NEGRE does not control the content of third-party websites nor does it accept any responsibility for the content or privacy policies of such websites.

Information on Data Processing (Regulation (EU) 2016/679 and LO 3/2018)

Data Controller: ASSESSORIA I GESTIÓ NEGRE, S.L.P.

NIF: B64223704

Address: Plaça de l’Ajuntament, 3, 1er pis, 08830, Sant Boi de Llobregat (Barcelona)

Email: info@assessorianegre.com
Purpose of Processing: To offer and manage our services.
Legal Basis: Consent obtained from the data subject.
Recipients: Data will not be communicated to third parties, unless required by law or necessary to fulfill the purpose of the processing.
Data Subject Rights: Data subjects have the right to exercise their rights of access, rectification, restriction of processing, erasure, portability, and objection by sending their request to our address (electronically or physically).
Data Retention Period: As long as the commercial relationship is maintained or for the years necessary to comply with legal obligations.
Complaints: Data subjects may contact the AEPD (Spanish Data Protection Agency) to file any complaint they deem appropriate.
Additional Information: You can consult additional and detailed information below in the “Privacy Questions” section.

 

Privacy Questions

In compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016 (GDPR), and Organic Law 3/2018, of December 5, on the Protection of Personal Data and guarantee of digital rights (LOPDGDD), we provide you with the following information about the processing of your personal data:

Who is responsible for processing your data?

ASSESSORIA I GESTIÓ NEGRE, S.L.P.

NIF: B64223704

Address: Plaça de l’Ajuntament, 3, 1er pis, 08830, Sant Boi de Llobregat (Barcelona)

Email: info@assessorianegre.com

For what purpose do we process your personal data?

  • We process the information provided to us to manage our legal advisory, management, and real estate intermediation services.
  • If you contact us through the contact form on our website, we will process your data to manage your inquiry.
  • If you give us your consent, we may also process your data to send you information about our activities and/or services.
  • If you send us a CV, we will process the data to manage our CV database for personnel selection.

How long will we keep your data?

  • The personal data provided will be kept as long as you are a user of our services or wish to receive information, since you may object to the processing of your data for promotional purposes at any time, and thereafter, for the periods established to comply with our legal obligations, which, in the case of accounting and tax documentation for commercial purposes, will be 6 years, in accordance with Art. 30 of the Commercial Code, and for tax purposes will be 4 years, in accordance with articles 66 to 70 of the General Tax Law.
  • In the case of CVs, data will be kept for one year.

What is the legal basis for processing your data?

The legal basis for processing your data is the execution of the service contract and the consents you provide.
With regard to information sent by minors under 16 years of age, it is essential that it is done with the consent of the parent, guardian, or legal representative of the minor so that personal data can be processed. If this is not the case, the legal representative of the minor must inform us as soon as they become aware.

To whom will your data be communicated?

Data will not be communicated to third parties, unless required by law or necessary to fulfill the purpose of the processing.

What are your rights when you provide us with your data?

  • Anyone has the right to obtain confirmation as to whether we are processing their personal data.
  • Data subjects have the right to access their personal data, as well as to request the rectification of inaccurate data or, where appropriate, request their erasure when, among other reasons, the data are no longer necessary for the purposes for which they were collected.
  • In certain circumstances, data subjects may request the restriction of the processing of their data, in which case we will only keep them for the exercise or defense of claims.
  • Also, in certain circumstances and for reasons related to their particular situation, data subjects may object to the processing of their data. In this case, we will stop processing them, except for compelling legitimate reasons or for the exercise or defense of possible claims.
  • Data subjects also have the right to data portability.
  • Any data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or significantly affects them in a similar way.
  • Finally, data subjects have the right to lodge a complaint with the competent Supervisory Authority.

How can you exercise your rights?

By sending us a written request, attaching a copy of a document that identifies you, to our physical or electronic address.

How did we obtain your data?

The personal data we process comes from the data subject themselves, who guarantees that the personal data provided are true and is responsible for communicating any changes. Data marked with an asterisk are mandatory in order to provide the requested service.

What data do we process?

The categories of data we may process are:

  • Identification data
  • Postal or electronic addresses

In the case of CVs, also:

  • Personal characteristics
  • Academic and professional data

The data are limited, as we only process the data necessary for the provision of our services and the management of our activity.

Do we use cookies?

We use cookies while browsing our website with the user’s consent.
The user can configure their browser to notify them of the use of cookies and to prevent their use. Please visit our cookie policy.

What security measures do we apply?

We apply the security measures established in Article 32 of the GDPR; therefore, we have adopted the necessary security measures to ensure an adequate level of security to the risk of the data processing we carry out, with mechanisms that allow us to guarantee the confidentiality, integrity, availability, and permanent resilience of processing systems and services.
Some of these measures are:

  • Informing staff about data processing policies.
  • Performing regular backups.
  • Access control to data.
  • Regular verification, evaluation, and assessment processes.

How do we process data on behalf of third parties?

When, in the provision of our services, we process personal data for which our clients are responsible, we do so as data processors, in accordance with Article 28 of the GDPR, and therefore, in these data processing activities:

  1. We will process personal data only following documented instructions from the controller, including with regard to transfers of personal data to a third country or an international organization, unless required to do so by Union or Member State law to which we are subject. In such a case, we will inform the controller of that legal requirement prior to processing, unless that law prohibits such information on important grounds of public interest.
  2. We guarantee that persons authorized to process personal data have committed themselves to confidentiality.
  3. We have adopted all necessary security measures, in accordance with Article 32 of the GDPR, implementing mechanisms to:
  • Ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services.
  • Restore the availability and access to personal data quickly in the event of a physical or technical incident.
  • Regularly test, assess, and evaluate the effectiveness of technical and organizational measures for ensuring the security of the processing.
  • Pseudonymize and encrypt personal data, where appropriate.
  1. We will respect the conditions indicated in sections 2 and 4 of Article 28 of the GDPR to engage another processor.
  2. We will assist the controller, as far as possible, according to the nature of the processing and by appropriate technical and organizational measures, so that they can fulfill their obligation to respond to requests for exercising the data subjects’ rights established in Chapter III of the GDPR.
  3. We will help the controller ensure compliance with the obligations regarding data security established in Articles 32 to 36 of the GDPR, taking into account the nature of the processing and the information available to us.
  4. At the controller’s choice, we will delete or return all personal data once the provision of processing services has ended and delete existing copies unless retention of the personal data is required by Union or Member State law.
  5. We will make available to the controller all information necessary to demonstrate compliance with the obligations set out in Article 28 of the GDPR, as well as to allow and contribute to audits, including inspections, by the controller or another auditor authorized by the controller.

As data processors, the types of data, categories of data subjects, and processing activities we may carry out on behalf of our clients are as follows:

  • Types of personal data we may process:
    • Identification data
    • Postal or electronic addresses
    • Commercial information
    • Transactions of goods and services
  • Categories of data subjects affected:
    • Clients
    • Suppliers
    • Staff
  • Data processing activities we may carry out:
    • Data access
    • Collection
    • Preparation
    • Modification
    • Storage
    • Analysis
    • Incorporation into documentation
    • Retention
    • Communication by transmission