Privacy and Cookies Policy
01 JUNE 2018
This Policy (hereinafter, the “Privacy and Cookies Policy”) regulates the privacy and cookies policy for the webs platform https://www.blaw.es/ (hereinafter, “the Platform”), which is owned by BLT LAW AND TAX, SL (hereinafter, BLAW), a Spanish trading company registered with the Trade Register of XXX in volume 22389, folio 4, section 8, page number 399831, entry 6. Its registered address is c/ Miguel Angel, 16, 2º derecha, 28010, Madrid, and it is assigned tax identification number (CIF) B-84577246. Its contact email address for the purposes of this privacy and cookies policy is: firstname.lastname@example.org email@example.com
1 | USE, PURPOSE AND APPLICABLE LAW
The Platform is a mechanism for interaction, communication and support which BLAW makes available to Internet users in order to offer them sufficient, legal and adequate information regarding its activities, products and services in relation to its legitimate economic and business activities which are governed by applicable Spanish laws and as concerns:
- The provision of information society services, basically by Spanish Law 34/2002, of 11 July, on information society services and electronic commerce.
- Personal data processing, by current Spanish and European regulations on the protection of natural persons’ personal data. In particular, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereinafter, the “GDPR”) shall be directly applicable as of 25/05/2018, pursuant to the provisions of said regulation.
In any case, the user hereby undertakes to appropriately and lawfully use the Platform as well as the content, products and services made available through it pursuant to the applicable laws in effect at any given time. Moreover, the Platform user hereby undertakes specifically to:
- In addition, the Platform user specifically agrees to the following:
- Guarantee the authenticity, veracity, updating and accuracy of all data communicated to BLAW as the user will be the sole party liable otherwise.
- Use it exclusively for the purposes and functionalities made available for such purpose by BLAW with said functionalities presented as offered by BLAW. The user is fully prohibited from using the Platform for any other purpose or means.
- Use the Platform legally and legitimately, avoiding any unauthorised, fraudulent, illegal or illegitimate use thereof and/or of the content and information made available through it, avoiding any breach of this policy and applicable regulations or damaging the legitimate rights and interests of BLAW or any third party which may be affected as a result of such actions.
- Not cause damage to the systems or elements associated with the Platform, its suppliers or any third parties to attempt to break the security or authentication measures in them, and not engage in any action that causes a disproportionate and unnecessary saturation of the communications infrastructure or environmental related to the Platform by attacking it in any way. BLAW may adopt any preventive or corrective measures deemed necessary to protect its interests in the proper functioning of the Web Platform and the specific functionalities offered in each case.
- Not introduce or spread any computer viruses or malware that may cause damage through the Platform.
- Not attempt to access, use and/or manipulate data owned by BLAW, under its responsibility or data owned by third-party providers or other users.
- In particular, and for non-exhaustive informational purposes, the user hereby undertakes not to transmit, disseminate or make available to any third party any information, data, content or messages, that may violate the rights held by BLAW or any third party.
- Not access without authorisation or interact with a false identity, whether impersonating a third party or not or using a profile or taking any action that may lead to confusion or error regarding the correct identification of the user involved
2 | USERS
This privacy and cookies policy is aimed at Platform users as concerns the processing of their personal data. In any case, it shall be noted that this Platform is aimed at users over the age of 18 and that its use by minors is prohibited. The information and personal data provided by users that aim to browse or register with the Platform must be:
- Sufficient, yet adequate, relevant and limited to the legitimate purposes of processing declared by BLAW with the utmost respect for the principles of purpose limitation and data minimisation (Article 5.1, section b) and c) of the GDPR).
- Exact, kept up to date and accurate in order to adequately identify the identity, capacity and, as applicable, representation of the user in question as well as be able to, as appropriate, limit processing to the users’ specific needs and actual situations. All of the foregoing is pursuant to the principle of personal data accuracy (5.1, section d) of the GDPR).
Users shall be fully liable for the proper use of their user accounts and associated passwords. If a registered user believes the security of their account and/or associated passwords have been compromised, they must immediately contact BLAW using the contact details provided at the beginning of this Policy and report the corresponding situation or incident so BLAW may adopt the appropriate measures as soon as communication is received from the user. The users holding such accounts shall be fully liable for all damages and harm caused by inappropriate use and the personal management of accounts and associated passwords with BLAW fully released of any liability for any consequence of the foregoing.
3 | RIGHT TO INFORMATION
Pursuant to current personal data protection regulations and particularly in accordance with the provisions of articles 12 to 14 of the GDPR, you are hereby informed:
- That the data controller is BLT LAW AND TAX, SL, with a registered address of c/ Miguel Angel, 16, 2º derecha, 28010, Madrid, assigned tax identification number B-84577246 and with the website https://www.blaw.es/ and contact email address: firstname.lastname@example.org
- That the personal data users provide through the Platform will be processed for the purpose particularly stipulated in this privacy and cookies policy and, where applicable, on the various data collection forms provided on the Platform. To this end, the data collected through the Platform is for the following processing purposes:
- To allow users to browse it and have access to the information and content available through the Platform including information on promotional or advertising campaigns aimed at the contracting of products and services either from BLAW or third party companies with which BLAW has some type of relationship. Such access is understood as without prejudice to the free nature of the content, services and specific products offered through the Platform which users may contract if desired.
- To respond to specific requests and demands users may make under this scope.
- To adopt any applicable protection measures pursuant to current regulations including the possible harmonisation of personal data by applying the adequate techniques available for such purpose. As a result, anonymisation and pseudonymisation may also be carried out under this scope to better protect your personal data.
- To apply the pertinent security, technical and/or organisational measures to the users’ personal data as appropriate in view of any risks in relation to their rights at any time detected by BLAW including personal data encryption and other measures that may involve certain processing of Platform users’ data.
If you do not agree with such processing purposes, we ask that you immediately leave our Platform. Otherwise, by accepting this policy or simply continuing to browse the Platform, for example, following notification of the information included in this policy, it shall be understood that the user unequivocally consents to the previously informed processing purposes. For these purposes, the provisions of section 4 of this policy concerning consent and user rights under this scope shall also apply.
- That the legal basis of processing is mainly user consent whereby once the user is informed of this policy, it will be understood that he/she has granted unequivocal consent to the processing of their personal data for the purposes indicated by accepting this policy or simply continuing to browse the Platform. Therefore, if a user does not agree with this policy or the purposes of processing informed, as indicated, he/she is asked not to continue browsing and leave the Platform immediately. In cases where users specifically request or contract certain content, products or services through the Platform, the main basis of processing will be the necessary application of precontractual measures at the request of the data subject when applicable or the performance of a contract if the user finally decides to contract the corresponding content, product or service.
- That, in general, the users’ personal data collected through the Platform will not be assigned to third parties without previously informing them which specific data are to be assigned, the identity of the assignees or recipients of their data, their activities and the specific purposes of processing said assignees may make of their data. Therefore, the users’ personal data will not be assigned to any third party without the user’s consent or, as applicable, unless there is another legal basis for processing as per article 6 of the GDPR such as due compliance with a legal obligation by BLAW (lawfulness of processing).
- That, in general, your personal data is not expected to be transferred internationally. If they are, the necessary measures pursuant to the GDPR shall be applied.
- That, in virtue of article 30 of the Spanish Commercial Code, the personal data may be saved by BLAW for a period of six years after termination of a relationship between the parties when the user is a BLAW customer. If not a customer, the user’s personal data may be saved for the time strictly necessary for proper browsing, access and enjoyment of the content, products and services available through the Platform requested or visited with all of the foregoing in coherence with the provisions of this privacy and cookies policy and applicable law in each case.
- That you may exercise your rights of access, rectification, deletion, restriction of processing, data portability and objection by sending written communication via email at email@example.com, with the Ref. “Ejercicio Derechos” (Exercise Rights), attaching a copy of your national identity document or equivalent identification document (passport, foreigner’s ID card…) to your request. If you do not believe your personal rights have been properly observed, you may submit a complaint to the competent supervisory authority; in this case, the Spanish Data Protection Agency.
4 | DATA SUBJECT CONSENT
By agreeing to this policy, the user grants their unequivocal, free and informed consent to the processing of their personal data for the processing purposes described in section 3 of this privacy and cookies policy. In the specific case of cookies, the provisions of section 7 of this policy particularly apply.
The user will have the capacity to choose the processing and destination of their data in accordance with their own specific interests and needs in each case meaning the user shall have the right to withdraw consent at any time when processing is based on their consent although such withdrawal will not in any way affect the lawfulness of any prior processing by BLAW.
In any case, BLAW may prevent the use of the Platform and services, content and functionalities associated to it if the user does not agree to this policy or does not consent to the processing of their personal information in accordance with the provisions thereof.
Acceptance of this policy is independent of any acceptance of any special legal terms and conditions that may govern specific services or products contracted by users made available through the Platform.
5 | SECURITY
BLAW has adopted and applies the security levels required by applicable personal data laws under its responsibility based on the corresponding risk approach and aims to install and/or apply additional technical or organisational protection means and measures to reinforce the general security of all personal data processing, systems, communication and corporate organisation environments as well as guarantee the proper protection from unauthorised or unlawful processing and their loss, destruction or incidental damage (principle of integrity and confidentiality). Nonetheless, the user must be aware that Internet security measures are not in any way unassailable and are subject to the state of technology at any given time and the cost of application.
For these purposes, the criteria for application and security measures as well as other security obligations associated with the GDPR, particularly the provisions of article 32 of the GDPR, shall be especially considered.
6 | SECRECY AND CONFIDENTIALITY OBLIGATION
BLAW hereby undertakes to comply with its obligation of secrecy and confidentiality with regard to the information and personal data provided by Platform users and that it is under its control and responsibility, pursuant to applicable laws and the corresponding risk at any given time.
7 | COOKIES POLICY
As established in Recital 30 of the GDPR, natural persons may be associated to online identifiers provided by their devices, applications, tools and protocols, such as internet protocol addresses, cookie identifiers or other identifiers such as radio frequency identification tags. This may leave traces which, in particular when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them. For this reason, BLAW has a cookies policy that is coherent with applicable regulations.
7.1. Applicable regulations:
Article 22 of Spanish Law 34/2002 of 11 July on information society services and electronic commerce (LSSICE) on the rights of recipients of electronic commercial communications, service providers may only use data storage and recovery devices on recipients’ terminals when they have granted their previously informed consent.
For this purpose, these recipients and end users must be provided with clear and complete information on the use thereof; particularly, on the purposes of data processing pursuant to the provisions of personal data protection regulations. Therefore, when technically possible and effective, the recipient’s consent accepting data processing may be granted through the use of adequate browser settings or other applications.
The foregoing does not prevent the possible technical storage or access for the sole purpose of transferring communication via an electronic communications network or, to the extent strictly necessary, to provide an information society service expressly requested by the recipient.
7.2. User consent to cookies: general rules and exceptions.
The only exceptions to this consent are those which exclusively allow communication between the user’s equipment and the network and, strictly speaking, those used to provide a service requested by the user. For example, so-called “technical cookies” (e.g., those required for the same navigation on the platform or application); “personalisation or configuration cookies” (e.g., those that allow the page to recognise the user’s language, etc.); and “security cookies” (e.g., those that detect erroneous and repeated attempts to connect to a site) would be exempt.
7.3. What is the purpose of cookies on this Platform? What are they?
the user’s terminal (personal computer, smartphone, tablet, mobile terminals and devices, etc.) irrespective of their nature for the main purpose of guaranteeing proper functioning of the Platform (remembering the chosen language and similar functions). Thus, in general and without prejudice to the provisions below, the cookies will enable browsing of the Platform as well as certain tools and services made available through it meaning you are hereby notified that disabling or blocking them may affect browsing or the correct or extended used thereof by the user.
7.4. Which cookies do we use on this Platform?
Cookies may be first or third-party. First-party cookies are sent or served to the user’s terminal from the Platform (publisher) and are managed by the latter while third-party cookies are sent or served to the user’s terminal from other domains or computers not managed by the Platform (publisher), but rather another entity which processes the data obtained through the cookies.
Moreover, the foregoing cookies may be session or persistent cookies. The first are a type of cookie designed to collect and store data while the user accesses the Platform for the main purpose of storing information that is only of interest to provide the service requested by the user one time. However, the second are a type in which data continues to be stored on the user’s terminal and can be accessed and processed for a defined period of time by the party responsible for the cookie.
Cookies may also be technical by allowing users to browse the Platform and use the different options or services that may exist such as controlling traffic and data communication, identifying logins, access to restricted areas, remembering elements included in contractual request, using security elements during browsing, storing content to disseminate videos or sound or sharing content through social media, for example.
They may also be customisation cookies, which are those that allow the user access to the service with some pre-defined characteristics based on certain criteria associated with the terminal such as the type of browser through which the service is accessed, the regional configuration for the area where the service is accessed, etc.
Likewise, they may be strictly for statistical or informational purposes for the publisher relating to the particular use of the Platform by users and of the content or services made available through it.
To display personalised adverts as per the behaviour or preferences shown by the user and to improve advertising campaigns.
Ownership: Google Analytics
Purpose: Statistical reports on website traffic, its total audience and the audience for a given advertising campaign.
Cookie: Google Adsense
Ownership: Google Adsense
Purpose: To improve and manage the exposure of advertisements to the user by avoiding the appearance of ads he has already seen
Cookie: Google Adwords Remarketing (Google Inc)
Ownership: Google Adwords Remarketing (Google Inc)
Purpose: To show personalized ads according to the behavior or preferences shown by the user and to improve advertising campaigns
Cookie: Google Adwords Remarketing (Google Inc)
Ownership: Google Adwords Remarketing (Google Inc)
Purpose: To customize advertising campaigns and display ads that match users’ preferences
7.5. Who uses the cookies?
The information collected through the cookies sent through the Platform may be used by either the owner thereof or a third party who provides this owner with a service.
7.6. Cookie management and configuration.
Based on the information provided in this policy, we offer you information as to how you may manage the cookies used for the Platform via the different options made available by the most popular browsers.
8 | VALIDITY OF AND MODIFICATIONS TO THE PRIVACY AND COOKIES POLICY
9 | LEGAL CONTACT
Protecting your rights is important to BLAW; therefore, please do not hesitate to contact us with any question or suggestion you may have with regard to this policy via the email address firstname.lastname@example.org
10 | APPLICABLE LAW AND JURISDICTION
In general, any dispute or conflict shall be preferentially submitted by the parties to the others in order to attempt to find an amicable solution by mutual agreement by using the legal contact channel for these purposes in the case of BLAW (or data protection officer, if designated) described in section 9 of this policy. If this is not possible and in view of the criteria contained in GDPR for determining jurisdiction of the leading or main authority for hearing any conflict, dispute or claim regarding this privacy and cookies policy, at least administratively, you are hereby informed that such authority is the Spanish Data Protection Agency (AEPD) and that the provisions of article 56 of the GDPR must be observed in all cases. As concerns the right to an effective judicial remedy against BLAW in these cases, the provisions of article 79.2 of the GDPR shall apply and the corresponding action must be filed with the Spanish Courts and Tribunals to the extent BLAW is a company established in Spain. In any case, Spanish law shall apply.