Privacy
- SIMON PALAU
SIMON PALAU, as the Data Controller and owner of this website, in accordance with the provisions of Regulation (EU) 2016/679, the General Data Protection Regulation, and Organic Law 3/2018, of December 5, on the Protection of Personal Data and guarantee of digital rights, provides you with this privacy policy to inform you in detail about how we process your personal data and protect your privacy and the information you provide to us.
In this privacy policy, we explain your rights regarding your personal information and how to exercise them. Additionally, should you need to contact the competent authority in data protection matters, we provide the contact information.
We, the data controllers:
Identity: SIMON PALAU
What kind of information about you may we collect?
The personal data we collect from users and customers can be grouped into the following categories:
Basic and contact information: such as name, last name, marital status, qualification, nationality, city of residence, date of birth, or gender, including your billing address, email, and telephone number.
Financial and economic data: This category includes commercial transactions carried out with us, including data for identity verification and relevant financial checks to complete these transactions.
Professional and employment data: This category encompasses your professional interests and your professional identity published online, such as your LinkedIn profile.
Technical data: This includes IP address, registration data, browser and version used, location, time zone, browser plugins installed, operating system, and other technologies used during access to our platform.
Registration data: Such as contact details, languages, skills, measurements, experience, interests, preferences, feedback you have submitted, or any surveys you may have responded to.
Browsing data: Includes information related to your browsing behavior when visiting our platform.
Marketing and communication preferences: We collect your preferences for receiving commercial communications and updates from us, the consents given for these communications, and your preferred communication channel.
How do we collect your personal data?
As a general rule, most of your personal information is provided directly by you. This can be done in person through the website, by phone, email, or by responding to surveys. However, we may also obtain information from:
Third parties associated with us, such as your employer.
Third parties who have previously obtained your explicit consent.
Cookies we use on our website – for extended information on our use of cookies, please visit our cookie policy.
Social media, email, or instant messaging.
What could happen if you do not provide us with your personal information?
In cases where we are required by law to collect your personal data or when they are essential for entering into a contract with you, if you choose not to provide your personal data, we may be unable to serve you. If we need to cancel your registration due to this reason, we will notify you when necessary.
For what purpose do we process your personal information?
We have attached a detailed table with the purposes for which we collect your data and the legal basis that legitimizes us to do so.
Purpose of Processing | Why do we collect your information? | Legal Basis for Processing |
---|---|---|
Provide our services, accept payments, and collect dues | (1) Contractual performance | (2) Our legitimate interest |
Register as a web user or a new client | (1) Explicit consent of the data subject | (2) Contractual performance |
Manage our relationship with our clients, including: | (1) Notify you of changes to our contract terms or policies | (2) Request survey participation or feedback on our products/services |
Send commercial communications, newsletters, and advertisements through any communication channel | (1) Explicit consent of the data subject | (2) Our legitimate interest (provided you have not expressed your wish to stop receiving communications, ‘opt-out’) |
Respond to inquiries and provide required information, including sending quotes | (1) Our legitimate interest | (2) Contractual performance |
Manage user interactions on our social media | (1) Legal obligation (e.g., removing offensive, racist, or abusive comments, ensuring a respectful and inclusive environment, protecting the privacy of minors, etc.) | (2) Our legitimate interest (e.g., removing third-party advertising from our social networks) |
Use analytical data to improve the web browsing experience, implement marketing strategies, and optimize hiring processes using cookies | (1) Our legitimate interest | (2) Data subject’s consent (by accepting the use of analytical cookies, for example) |
Manage and protect our business and website, including detecting browsing issues, data analysis, web testing, etc. | (1) Legal obligation | (2) Our legitimate interest (business management, network security, fraud prevention, etc.) |
Suggest and recommend services that may be of interest | (1) Our legitimate interest (to grow our business) | |
Provide personal information to authorities or by judicial requirement | Legal obligation | |
Update and improve our customer records | (1) Legal obligation | (2) Contractual performance |
Ensure workplace security, staff management, and employability of candidates | (1) Legal obligation | (2) Our legitimate interest and that of third parties (to improve the experience of our employees in performing their functions) |
With whom might we share your personal data?
We may need to share your personal information with:
- Third-party companies we subcontract or service providers we employ to provide our services.
- Third parties we need to manage our business.
- The banks we work with.
All providers we work with are contractually linked to us. We can ensure that they comply with all necessary security measures to safeguard your personal information, which they will use solely for the specified purposes according to our instructions.
We will also share personal information with law enforcement agencies when required by law.
Where do we host your personal information?
All information you provide to us, through this website or any other means, will be hosted on SIMON PALAU’s servers. These servers are located within the European Economic Area.
International Transfer of Personal Information
In order to provide our services, there may be occasions when we need to transfer your data outside the European Economic Area (EEA). For instance:
- To communicate with you or our suppliers when they are located outside of the EU.
- When there is an international dimension to the products/services we provide to you.
International data transfers are subject to specific rules governed by data protection laws. This means that we can only transfer your data to countries or international organizations outside the EU when:
- The receiving country is deemed safe by the competent authority concerning the level of personal data protection it provides.
- All necessary measures have been taken to ensure the security of your data and the proper exercise of your legal rights, as well as the ability to file complaints.
- There is an applicable exception under data protection law.
How Long Will We Retain Your Personal Data?
Your data will be retained for the duration of our business relationship with you or until you exercise your right to erasure, objection, or restriction of processing. However, we will retain certain identifiable personal and traffic data for a maximum of 2 years in case it is required by courts or for internal actions resulting from the misuse of our website.
Furthermore, our data retention policies conform to the timeframes established by various legal responsibilities for prescription purposes, as outlined below:
- As a general rule: Pursuant to Article 30 of the Commercial Code, all company documents and/or information shall be retained for 6 years. This includes all accounting, tax, labor, or commercial documentation, including correspondence.
- Specific timeframes: Our company must also establish minimum timeframes depending on the type of data and the different periods of prescription that each department should be aware of.
The table below lists the prescription periods that affect or may affect our organization:
Matter | Prescription | Legislation |
---|---|---|
Labor, for the purpose of offenses | 3 years | Art. 4.1 RD 5/2000 |
Social Security, for the purpose of offenses | 4 years | Art. 4.2 RD 5/2000 |
Occupational Risk Prevention, for the purpose of offenses | 5 years | Art. 4.3 RD 5/2000 |
Fiscal, for the purpose of tax debts | 4 years | Art. 66 Law 58/2003 |
Fiscal, for the purpose of reviewed fees or applied deductions | 10 years | Art. 66 bis Law 58/2003 |
Accounting and commercial | 6 years | Art. 30 of the Commercial Code |
Offenses against Public Finance and Social Security | 10 years | Art. 131 LO 10/1995 |
Your data will not be the subject of decisions based on automated processing that produce effects on your data.
Our Communications
All personal information you communicate to us will be integrated into our information systems. If you accept this privacy policy, it signifies that you expressly consent to SIMON PALAU for the following activities and actions unless you specify otherwise:
- To send you commercial, promotional, and direct marketing communications through any available communication channel to inform you about our activities, services, promotions, advertisements, news, offers, and other information about services and products related to us and our group.
- To send electronic communications, provided you have subscribed to our NEWSLETTER and haven’t unsubscribed.
- Data retention for the periods established in applicable provisions.
To stop receiving marketing communications (opt-out), you can revoke any explicit consent you have provided us at any time. You can request to opt-out when available on our app/website or by emailing us with the subject “unsubscribe” at [email address]. According to the Spanish Law on Information Society Services and Electronic Commerce (LSSICE), we do not engage in SPAM, and we will not send commercial emails unless they have been requested or authorized by you. However, you will always have the option to revoke your consent in all our communications.
We will not process your personal data for any other purpose described herein unless required by law or a judicial order.
User Responsibility – Truth Declaration
By providing us with your personal information through electronic channels, you declare that you are over 14 years of age and that all data provided to SIMON PALAU is true, accurate, complete, and up to date. You confirm that you are responsible for the accuracy of the information provided and will keep it updated to reflect your real situation. You are responsible for any false or inaccurate information you may provide, as well as for any direct or indirect damages that may arise from such information.
How We Maintain the Security of Your Information
We take data protection very seriously. We guarantee the implementation of security measures, controls, and procedures of a physical, organizational, and technological nature that are appropriate to prevent data loss, misuse, or unauthorized access.
We limit access to your data to authorized individuals and entities and ensure that all our staff is properly trained. All parties involved in the processing of your personal data are subject to the duty of confidentiality.
Additionally, we employ technical procedures to respond to any suspicion of data security breaches. If necessary, we will notify you and the supervisory authority (AEPD in Spain), in accordance with applicable regulations.
How to Exercise Your ARCOLP Rights
Both the GDPR and the Spanish Law on Data Protection (LOPDGDD) guarantee your right to exercise the following rights, which can be exercised at any time and always free of charge:
- Right of Access: The right to receive a copy of your personal information.
- Right to Rectification: The right to request the correction of errors in your personal information.
- Right to Erasure (Right to be Forgotten): The right to request the removal of your personal information – in certain situations.
- Right to Restriction: The right to request the restriction of data processing.
- Right to Object:
- The right to object to data processing for direct marketing (including profiling).
- In certain circumstances, the right to object to our continued data processing, for example, processing based on our legitimate interest.
- Right to Data Portability: The right to receive your personal information in a structured, readable format and transmit this data to a third party – in specific situations.
- Right to Object to Automated Individual Decisions: The right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects or significantly affects you.
Data Protection Authority
We hope to address any concerns or questions you may have about your personal information. However, if you wish to file a complaint with the competent authority, you have the right to do so.
In Spain, the top authority for data protection is the Spanish Data Protection Agency (AEPD). You can reach them at [AEPD website] or call them at 91 266 35 17.
Changes to this Privacy Policy
SIMON PALAU reserves the right to modify this policy to align it with legislative or jurisprudential developments.