In compliance with current legislation, Yepes Legal (hereinafter also referred to as the “Website”) commits to implementing the necessary technical and organizational measures based on an appropriate level of security regarding the risk of the data collected.
Applicable Laws in this Privacy Policy
This privacy policy aligns with current Spanish and European regulations on the protection of personal data online. Specifically, it complies with the following regulations:
– Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, concerning the protection of natural persons with regard to the processing of personal data and the free movement of such data (GDPR).
– Organic Law 3/2018 of 5 December, on the Protection of Personal Data and Guarantee of Digital Rights (LOPD).
– Royal Decree 1720/2007 of 21 December, which approves the Regulations implementing Organic Law 15/1999, of 13 December, on the Protection of Personal Data (RDLOPD).
– Law 34/2002 of 11 July, on Information Society Services and Electronic Commerce (LSSI-CE).
Identity of the Data Controller:
The data controller for personal data collected through Yepes Legal is RAQUEL YEPES SOLA, with NIF: 08914503W (hereinafter, “Data Controller”). Her contact details are as follows:
– Address: Alameda Principal 45, 1º B 29001 Málaga
– Phone: +34 667 216 824
– Email: raquel@yepeslegal.com
Registration of Personal Data:
In compliance with GDPR and LOPD, Yepes Legal informs users that any personal data collected through the forms provided on its pages will be included and processed in a file to facilitate, streamline, and fulfill the commitments established between Yepes Legal and the User or to maintain any relationship created through these forms, or to respond to any request or inquiry. Moreover, in accordance with GDPR and LOPD (unless the exception under article 30.5 of the GDPR applies), Yepes Legal maintains a record of processing activities, specifying the purposes of the data processing and other required details.
Principles for Processing Personal Data:
The processing of personal data belonging to the User is subject to the following principles, as outlined in Article 5 of the GDPR and Article 4 and subsequent articles of Organic Law 3/2018 of 5 December on Personal Data Protection and Guarantee of Digital Rights:
– Principle of lawfulness, fairness, and transparency: User consent will be required, following complete transparency about the purposes for collecting personal data.
– Purpose limitation principle: Personal data will be collected for specific, explicit, and legitimate purposes.
– Data minimization principle: Only the strictly necessary personal data in relation to the purposes for which they are processed will be collected.
– Accuracy principle: Personal data must be accurate and kept up to date.
– Storage limitation principle: Personal data will only be stored in a way that allows the User’s identification for as long as necessary for the purposes of processing.
– Integrity and confidentiality principle: Personal data will be processed in a manner that ensures their security and confidentiality.
– Proactive responsibility principle: The Data Controller is responsible for ensuring compliance with the above principles.
Categories of Personal Data:
The only category of personal data processed on Yepes Legal is identification data. No special categories of personal data are processed, as defined in Article 9 of the GDPR.
Legal Basis for Processing Personal Data:
The legal basis for processing personal data is the User’s consent. Yepes Legal is committed to obtaining the User’s express and verifiable consent for the processing of their personal data for one or more specific purposes.
The User has the right to withdraw their consent at any time, and withdrawal of consent will be as easy as giving it. Generally, withdrawal of consent will not affect the use of the Website. When a User must or may provide personal data through forms to make inquiries, request information, or for matters related to the Website’s content, they will be informed if any information is mandatory for completing the requested action.
Purposes of Data Processing:
Personal data is collected and managed by Yepes Legal to facilitate, expedite, and fulfill the commitments established between the Website and the User or to maintain the relationship established in the forms completed by the latter or to respond to a request or inquiry.
Data may also be used for commercial purposes related to personalization, operations, and statistics, as well as for marketing studies to tailor the content offered to the User and to improve the quality, operation, and navigation of the Website.
When personal data is collected, the User will be informed of the specific purpose(s) for which the personal data will be used.
Retention Period of Personal Data:
Personal data will only be retained for the minimum period necessary for the purposes of their processing or, in any event, for the following period: 18 months or until the User requests its deletion.
When personal data is collected, the User will be informed about the retention period or, when this is not possible, the criteria used to determine this period.
Recipients of Personal Data:
The User’s personal data will be shared only with the following recipients or recipient categories:
– Google – Mountain View, Santa Clara, California, USA
In cases where the Data Controller intends to transfer personal data to a third country or international organization, the User will be informed of this transfer at the time the data is collected, including information about the third country or organization and the existence or absence of an adequacy decision by the Commission.
Personal Data of Minors:
In compliance with Articles 8 of the GDPR and 7 of Organic Law 3/2018 of 5 December, only individuals over the age of 14 may provide valid consent for their personal data processing. For children under 14, parental or guardian consent is required for processing, and it will only be deemed lawful to the extent authorized.
Confidentiality and Security of Personal Data:
Yepes Legal commits to implementing the necessary technical and organizational measures, considering the appropriate level of security for the risk of the data collected, to ensure the confidentiality of personal data and to prevent the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to the transmitted, stored, or otherwise processed personal data.
The Website is equipped with an SSL (Secure Socket Layer) certificate to ensure secure and confidential transmission of personal data between the server and the User.
However, given that Yepes Legal cannot guarantee the absolute impregnability of the internet nor the total absence of hackers or other fraudulent data access, the Data Controller agrees to notify the User without undue delay in the event of a breach of the security of personal data that could likely pose a high risk to individuals’ rights and freedoms.
Rights Arising from Data Processing:
The User may exercise the following rights with respect to Yepes Legal, as recognized by GDPR and Organic Law 3/2018:
– Right of Access: The right to confirm whether Yepes Legal processes the User’s data, and to obtain information on such data and processing.
– Right of Rectification: The right to have inaccurate data corrected or incomplete data completed.
– Right to Erasure (Right to be Forgotten): The right to have data erased, provided legal conditions allow, such as when the data is no longer necessary for the purposes for which it was collected.
– Right to Restriction of Processing: The right to restrict data processing in certain cases.
– Right to Data Portability: If processing is automated, the User has the right to receive their personal data in a structured, commonly used, machine-readable format and to transfer it to another controller.
– Right to Object: The right to object to data processing.
– Right Not to Be Subject to Automated Individual Decision-Making: The right to avoid decisions based solely on automated processing.
To exercise these rights, Users may send a written request to the Data Controller at raquel@yepeslegal.com, including identification and details on the specific right being exercised.
Links to Third-Party Websites:
The Website may include hyperlinks or links allowing access to third-party websites not operated by Yepes Legal. These websites have their own data protection policies and are responsible for their data practices.
Complaints to the Supervisory Authority
Should the User believe that their data protection rights have not been respected, they have the right to file a complaint with the competent supervisory authority, which is the Spanish Data Protection Agency (AEPD), located at Calle Jorge Juan No. 6, 28001 Madrid, electronic headquarters: https://sedeagpd.gob.es/sede-electronica-web/
ACCEPTANCE AND CHANGES TO THIS PRIVACY POLICY
It is essential that the User has read and agrees with the terms regarding personal data protection contained in this Privacy Policy and consents to the processing of their personal data for Yepes Legal to carry out the stated purposes.
Yepes Legal reserves the right to modify its Privacy Policy as deemed appropriate or due to legislative, jurisprudential, or doctrinal changes from the Spanish Data Protection Agency. Changes or updates to this Privacy Policy will not be explicitly notified to the User. Therefore, Users are advised to review this page periodically to remain informed of any changes.
