Spain Legals
Privacy policy

Privacy Policy

Please find below detailed information regarding the processing of your personal data by JAUSAS LEGAL Y TRIBUTARIO S.L.P (FIELDFISHER), hereinafter "Fieldfisher España". This Privacy Notice explains who we are, how we collect, share and use your personal information, and how you can exercise your privacy rights.

It applies to all persons who access our website at www.fieldfisher.com/es-es/locations/espana2 ("Website"), contract or request information about our legal services ("Services") or participate in activities organised by our firm, such as presentations, breakfast meetings, webinars, conferences, workshops and other events of a similar nature. We recommend that you read this Privacy Notice in its entirety to ensure that you are fully informed.

DATA CONTROLLER PERSONAL DATA

JAUSAS LEGAL y TRIBUTARIO S.L.P. (FIELDFISHER ESPAÑA) with registered office at Paseo de Gracia 103, 7ª, 08008 Barcelona (Spain), is the entity responsible for the processing of your personal data, for the purposes described below.

DATA PROTECTION OFFICER

You can contact our Data Protection Officer at the Fieldfisher postal address above, or by email at protecciondatos@fieldfisher.es.

HOW DO WE OBTAIN YOUR PERSONAL DATA?

The information we hold about you has been obtained through the commercial or contractual relationships that you, or the company, entity or organisation for which you work or collaborate, have had, or currently have, with Fieldfisher España, or with the professionals that make up our professional office.

WHAT PERSONAL DATA DO WE PROCESS, FOR WHAT PURPOSE AND FOR WHAT REASON?

These purposes are listed below, indicating which data will be processed (type of data) and for what reason or on what basis (legal basis). The processing listed below applies to all categories of data subjects concerned, unless otherwise specified. We may also process any additional data that you provide to us or that is generated in the course of your relationship with Fieldfisher for the purposes set out above.

PROVISION OF LEGAL ADVISORY SERVICES
DATA TYPOLOGY	PURPOSE	LEGAL BASIS
· Identification data: name, surname, first name. · Contact details: email, telephone number. · Any personal data that you provide to us and that is generated in the course of the relationship.	We process your data for the sole purpose of providing you with the legal advice services that you have requested or contracted from us. Also to provide you with information and proposals for professional collaboration with regard to those legal services for which you have shown interest or have requested us.	The processing of your personal data is necessary in order to fulfil our contractual or pre-contractual obligations towards you, or towards the organisation you work for or with which you collaborate, in relation to the legal services you have contracted with us, or about which you have requested information from our firm.
RELATIONS WITH CORPORATE/PROFESSIONAL CONTACTS
DATA TYPOLOGY	PURPOSE	LEGAL BASIS
§ Identification data: name, surname, first name. § Contact details: email, telephone number. § Data related to the relationship established with Fieldfisher España.	Maintaining relations of any kind with the company, entity or organisation for which you work or collaborate, or with you if you are an independent professional, who contacts you through the Website or any form, communication channel or e-mail box, including through the delivery of business cards to Fieldfisher España staff.	Fieldfisher's legitimate interest derived from corporate contact with data subjects, which is expressly recognised by privacy regulations. In particular, by the Organic Law on the Protection of Personal Data and Guarantee of Digital Rights.
SENDING COMMERCIAL COMMUNICATIONS
DATA TYPOLOGY	PURPOSE	LEGAL BASIS
· Identification data: Name, surname, first name. · Contact details: e-mail, postcode, telephone number.	Sending commercial communications, including by electronic means, including e-mail, about Fieldfisher products, services, activities, news. If you have a prior relationship with Fieldfisher España, you may be sent commercial communications relating to Fieldfisher España services and which are similar in nature to those which motivate the relationship between Fieldfisher España and you, or between Fieldfisher España and the company, entity or organisation for which you work or collaborate.	The processing of your personal data is legitimised by the express consent you give us. You may withdraw your consent and unsubscribe from these communications at any time. If you have a previous relationship with Fieldfisher España, the processing of your personal data to send promotional information about Fieldfisher España activities similar to those that motivate the relationship with you, or with the company, entity or organisation for which you work or collaborate, responds to a legitimate interest of our entity and is authorised by current legislation.
LEGAL OBLIGATIONS
DATA TYPOLOGY	PURPOSE	LEGAL BASIS
§ Any personal data that you provide to us and that is generated in the course of the relationship.	Compliance with our civil, commercial, fiscal and accounting legal obligations, as well as those relating to compliance with personal data protection regulations, among others that may be applicable.	Fulfilling a legal obligation.
REGISTRATION/SUBSCRIPTION TO OFFICIAL FIELDFISHER SPAIN USER PAGES AND PROFILES ON SOCIAL NETWORKS
Fieldfisher has active profiles in different social networks, the following processing of personal data is applicable to persons who become interested in Fieldfisher Spain by being a member, following or being part of these profiles:
DATA TYPOLOGY	PURPOSE	LEGAL BASIS
Those personal data that allow us the privacy policy of the social network in which you have an account / user profile, as well as the privacy settings you have as a user of that social network. This data depends on your own privacy settings of the social network and the privacy policy of that social network.	Interaction of your profile on the relevant social network with Fieldfisher España, including responding to queries, comments posted on public profiles.	Fieldfisher España will process this personal data in compliance with the obligations arising from your status as a registered user of the social network and the conditions of use of said social network.
APPLICATION MANAGEMENT
DATA TYPOLOGY	PURPOSE	LEGAL BASIS
Those deposited by the interested party in the different data entry channels of Fieldfisher España, as well as others made available to them, and as a minimum: § Identification data: Name, surname, age, Curriculum Vitae. § Contact details: e-mail, telephone, address. § Navigation data. The data generated during the selection processes in which you participate will also be processed, which implies the possibility of carrying out an analysis of your personal profile in order to assess your suitability with respect to the corresponding vacancy. Such additional data may include data published on social networks whose privacy settings are not restricted to third parties and/or data published on the internet.	To deal with incoming job applications and carry out the relevant actions to manage the application and proceed to the evaluation of its suitability to join Fieldfisher España.	The processing of your personal data is legitimate if it is necessary for the implementation of pre-contractual measures at the request of the applicant or for the purpose of concluding a contract.

ARE PERSONAL DATA DISCLOSED TO THIRD PARTIES?

Your data may be disclosed to the recipients listed below, for the reasons explained below:

TARGET	PURPOSE	LEGAL BASIS
Service providers	Suppliers who need access to your data for the provision of services that Fieldfisher has contracted with these suppliers, and with whom Fieldfisher España has signed the necessary confidentiality and personal data processing contracts required by law to protect your privacy.	Contractual relationship.
Other companies belonging to the Fieldfisher brand.	We may disclose the data to the other companies that make up the Fieldfisher España brand for internal organisational purposes.	The legitimate interest of Fieldfisher España recognised by the applicable data protection regulations.
Communications to third parties necessary to provide our services to you	When it is necessary for the performance of the services you have contracted us to provide (banks, insurance companies, public administrations, counterparties, solicitors, notaries or other third parties about which you will be informed in due course).	Necessary to fulfil your request (contractual relationship and legal obligation).
Public Administrations; Courts and tribunals; Law enforcement agencies	To comply with the legal obligations to which Fieldfisher España is subject to carry out its activity, and in the cases foreseen in the Law.	Fulfilling a legal obligation.

Fieldfisher España will not share your data with other third parties without first obtaining your consent, except in those cases where it is necessary to comply with legal or contractual obligations to which Fieldfisher España is subject at any given time due to its nature and activity.

If in the future Fieldfisher España will make other communications of personal data, it will inform you in a timely manner.

ARE YOUR DATA TRANSFERRED INTERNATIONALLY?

Fieldfisher España may contract the services of suppliers located in countries outside the European Economic Area, based on decisions of adequacy of the European Commission. In this case, it is considered that the country has equivalent regulations to the European one. In the event that Fieldfisher España needs to contract services from suppliers located in countries that do not have regulations equivalent to the European one, its contracting will include all the guarantees and safeguards required by the regulations to preserve your privacy, after verification of the legislation of the country of destination.

These safeguards may include the application of contractual clauses and additional safeguards in accordance with the regulations of each destination country, or binding corporate rules approved by data protection authorities. We also inform you that we are permitted by law to send your data to such countries if this is necessary to fulfil our obligations arising from the service you request from us.

For more information about the safeguards to your privacy, or the destination countries to which we need to transfer your data in order to fulfil our contractual obligations to you, please contact Fieldfisher España at the addresses indicated in the "Exercise of rights" section of this Privacy Policy.

AUTOMATED DECISIONS

Fieldfisher España does not make decisions that may affect you based solely on automated processing of your personal data. All decision-making processes related to the processing purposes described above are carried out with human intervention.

The profiling indicated in the purposes of applicant management will in no case be used in the making of decisions by our organisation that may have legal effects for you or that may affect you in a significant way.

CONSERVATION PERIOD

Your personal data will be retained for as long as your relationship with Fieldfisher España is maintained and, after the termination of such relationship for any reason, during the statutory limitation periods that may apply. In this case, they will be processed for the sole purpose of proving compliance with our legal or contractual obligations. At the end of these periods of limitation, your data will be deleted or, alternatively, anonymised.

EXERCISE OF RIGHTS

You may exercise your rights of access, rectification, deletion and portability, limitation and/or opposition to the processing, through the postal and e-mail addresses indicated.

In addition, if you believe that the processing of your personal data is in breach of the law or your privacy rights, you may lodge a complaint:

- Via the postal and e-mail addresses indicated.

- Before the Spanish Data Protection Agency, through its electronic headquarters (www.agpd.es), or through its postal address.

CHANGES, MODIFICATIONS OR UPDATES

Fieldfisher España reserves the right to revise this Privacy Policy at any time it deems appropriate to reflect changes in regulations, best practices or to update its personal data processing activities. You will be notified of such updates in accordance with regulatory requirements if your rights are materially affected as a result of such a change or update.

PROCESSING OF DATA FOR WHICH YOU OR YOUR COMPANY ARE RESPONSIBLE OR YOUR COMPANY ARE RESPONSIBLE FOR

In order to provide our legal advice services, we may need to process personal data for which you, or your company or organisation, are a data controller. Please find below our Privacy Statement, which sets out our privacy and confidentiality obligations and commitments in relation to Fieldfisher España's processing of such data.

PRIVACY STATEMENT OF JAUSAS LEGAL Y TRIBUTARIO S.L.P.

REGARDING THE PROCESSING OF PERSONAL DATA ON BEHALF OF ITS CUSTOMERS

JAUSAS LEGAL Y TRIBUTARIO S.L.P. with CIF B61466868, domiciled in Barcelona, Paseo de Gracia 103, 7º, 08008 (hereinafter Fieldfisher España).

MANIFESTA

In order to provide its legal advice services (hereinafter "the Services"), Fieldfisher España needs to process personal data which is the responsibility of its clients.

To regulate such access in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, (hereinafter, GDPR), and its implementing regulations, Fieldfisher España undertakes the following obligations of confidentiality and data processing:

FIRST.- OBJECT.

The provision of the contracted services involves Fieldfisher España carrying out the following processing: registration, consultation, storage, dissemination, modification and deletion of personal data.

SECOND.- DURATION.

Fieldfisher España's confidentiality obligations contained in this Privacy Statement shall remain in force for the entire duration of the provision of the Services. Notwithstanding the foregoing, Fieldfisher España undertakes to continue to comply with the obligations set out in this Privacy Statement after the termination, termination or expiry of the Services.

THIRD.- PURPOSE OF THE PROCESSING.

Personal data shall be processed solely for the purpose of providing the Services. If Fieldfisher España considers it necessary to process the data for a different purpose, it must first request the Client's written authorisation. In the absence of such authorisation, Fieldfisher España will not be able to carry out such processing.

FOURTH.- TYPES OF DATA PROCESSED AND CATEGORIES OF DATA SUBJECTS

4.1 The types of Customer personal data that Fieldfisher España will process are as follows:

• Identification data

• Personal characteristics data

• Employment details

• Commercial information data

• Economic, financial and insurance data

• Transaction data on goods and services

4.2 The categories of data subjects for which the client is responsible for processing, and whose data will be processed by Fieldfisher España for the provision of services, are the following:

• Clients.

• Potential Clients.

• Suppliers.

• Contact persons.

• Employees.

• Third parties involved in legal advice

FIFTH - FIELDFISHER'S OBLIGATIONS

Fieldfisher España undertakes to comply with the following obligations:

a. Process personal data solely for the purpose of providing the contracted Services, in accordance with the instructions given, from time to time, in writing, by the Client (unless there is a law requiring additional processing, in which case the processor shall inform the controller of this legal requirement prior to processing, unless such law prohibits it for important reasons of public interest).

b. Maintain the duty of secrecy with regard to personal data to which it has access, even after the contractual relationship has ended, as well as to ensure that the persons in its charge have undertaken in writing to maintain the confidentiality of the personal data processed.

c. ensure, taking into account the state of the art, the costs of implementation, and the nature, scope, context and purposes of processing, as well as risks of varying likelihood and severity to the rights and freedoms of natural persons, implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including, where appropriate, inter alia:

• pseudonymisation and encryption of personal data;

• the ability to ensure the continued confidentiality, integrity, availability and resilience of processing systems and services;

• the ability to restore availability and access to personal data quickly in the event of a physical or technical incident;

• a process of regular verification, evaluation and assessment of the effectiveness of technical and organisational measures to ensure the security of processing.

In assessing the adequacy of the level of security, it shall take particular account of the risks presented by the processing of data, in particular as a result of accidental or unlawful destruction, loss or alteration of personal data transmitted, stored or otherwise processed, or unauthorised disclosure of or access to such data.

In any case, taking into account the type of processing to be carried out, at least the security measures identified in the Annex to this Privacy Statement shall be complied with.

d. To keep under its control and custody the personal data to which it has access due to the provision of the Service and not to disclose, transfer or otherwise communicate them, not even for their conservation to other persons outside the same and the provision of the Service.

However, the Client may expressly authorise in writing the Data Processor to use another Data Processor (hereinafter, the "Subcontractor"), whose identification details (full company name and VAT number) and subcontracted services must be communicated to the Client, prior to the provision of the service, at least one (1) month in advance. Fieldfisher España shall likewise inform the Client of any planned change in the incorporation or substitution of Subcontractors, thus giving the responsible party the opportunity to oppose such changes.

In the event that Fieldfisher Spain avails itself of the power recognised in the previous paragraph, Fieldfisher Spain is obliged to transfer and communicate to the Subcontractor all the obligations for Fieldfisher Spain arising from this Privacy Policy and, in particular, the provision of sufficient guarantees that it will implement appropriate technical and organisational measures, so that the processing complies with the applicable regulations.

In any case, access to the data is authorised for natural persons who provide their services to Fieldfisher España acting within the organisational framework of Fieldfisher España by virtue of a commercial and not an employment relationship. Likewise, access to the data is authorised to companies and professionals that Fieldfisher España has contracted within its internal organisation to provide general or maintenance services (IT services, consultancy, audits, etc.), provided that these tasks have not been arranged by Fieldfisher España for the purpose of subcontracting all or part of the Services it provides to the Client to a third party.

In the event that the Subcontractor provides its services from countries that do not have data protection regulations equivalent to the European ("Third Countries"), Fieldfisher Spain undertakes to:

• To inform the Client of this circumstance and, if applicable, to collaborate with the Client in the processing of the corresponding authorisation prior to the international transfer of data to the corresponding Third Country; and

• To establish all the safeguards required by European personal data protection regulations with regard to international transfers of data to Third Countries, and in particular to enter into agreements with data importers in Third Countries based on the Model Clauses approved for this purpose by the authorities of the European Union.

e. Delete or return to the Client, at its option, all personal data to which it has had access to provide the Service. Fieldfisher España also undertakes to delete existing copies, unless there is a legal requirement to retain personal data. Fieldfisher España may, however, retain the data, duly blocked, for as long as any liability may arise from its relationship with the Client.

f. To notify the Client, without undue delay, of any personal data security breaches of which it becomes aware, supporting the Client in notifying the Spanish Data Protection Agency or other competent supervisory authority and, where appropriate, data subjects of any security breaches that occur, and to support the Client, where necessary, in carrying out privacy impact assessments and prior consultation with the Spanish Data Protection Agency, where appropriate, and to assist the Client in complying with the obligation to respond to requests to exercise rights.

g. Cooperate with the Spanish Data Protection Agency or any other Supervisory Authority, at its request, in the fulfilment of its powers.

h. Make available to the Client all information necessary to demonstrate compliance with the obligations set out in this Privacy Statement and to allow and assist in the performance of audits, including inspections, by the Client or a third party authorised by the Client.

ANNEX I

General security measures (required whenever any of the identified processing operations take place):

· Implementation of an inventory procedure and control of incoming and outgoing media and documents.

· Definition and implementation of a procedure for pseudonymisation of personal data where technically possible

· Identification, dissemination and documentation of the roles and obligations of staff with access to data.

· Definition and implementation of a user identification and authentication procedure.

· Definition and implementation of a data access control procedure.

· Definition and implementation of a procedure for recording incidents.

· Definition and implementation of a backup procedure.

· Definition of media archiving criteria and storage devices.

· Definition and implementation of regular security controls to regularly test, evaluate and assess the effectiveness of technical and organisational measures to ensure the security of processing.

· Appointment of a Security Officer(s) or, where appropriate, Data Protection Officer.

· Definition and implementation of physical access controls.

· Definition and implementation of a service continuity plan.

Special security measures (required whenever several of the identified processing operations or one of them is considered to be particularly sensitive):

· Definition and implementation of a backup and recovery procedure.

· Definition and implementation of a media encryption process

· Definition and implementation of a procedure for the anonymisation of personal data where technically possible.

· Definition and implementation of a data access registration procedure.

· Definition and implementation of an encrypted communications procedure.

Fieldfisher Spain