Discover who we are and what is our philosophy.


Data Protection

Every individual has the fundamental right to protect his or her privacy from the interference of any company or entity that might collect and store his or her personal data in violation of the said right. In relation to this fundamental right, the Spanish and the European Community legal systems recognize a series of rights related to personal data that companies must respect, and they establish a series of formal and substantive obligations that companies must satisfy.


How are they regulated?

- Article 18.4 of the Spanish Constitution of 1978

- 15/1999 Organic Law on Personal Data Protection of 13 December 1999

- Complementary regulations.

(With regard to public ownership files, it is important to note that Autonomous Communities, such as Madrid and Catalonia, have their on data protection agency and their own regulations for files owned by regional and local authorities).


- POSITIVE scope of application of the Data Protection Organic Law:

The current Organic Law is applicable to personal data registered in physical media, which makes them susceptible to being processed, and to all modalities of subsequent use of this data by the public and private sector. This Organic Law will govern personal data processinga) When the processing is carried out in Spanish territory as part of the activities of the person responsible for itb) When the person responsible for the processing is not based in Spanish territory and Spanish Law is applicable in accordance to the rules of Public International Law.b) When the person responsible for the processing is not based in the European Union territory but uses media located in Spanish territory to process the data, unless the media used are purely for transit purposes.


- NEGATIVE scope of the Data Protection Organic Law The personal data protection established by the current Organic Law is not applicable:

a) To files kept by individuals carrying out personal or domestic activities.

b) To files protected by the regulations on classified materials.

c) To files created for the investigation of terrorism and other serious forms of organized crime. In these cases, however, the party responsible for the file will inform the DPA of its existence, its general characteristics and its purpose.


The following types of personal data file are governed by specific regulations as well as special provisions of this Organic Law:

a) Files governed by electoral law.

b) Files with exclusively statistical purposes that are governed by national and autonomic law.

c) Files used to store personal qualification data under Army Personnel Regulations.

d) Files from the Civil Registry Office and the Central Registry of Convicts and Fugitives.

e) Files that contain images and sounds recorded with video cameras by law enforcement officials in accordance to the relevant legislation.


- Basic concepts about data protection included in the organic law on personal data protection:

Personal data: any information referring to identified or identifiable individuals.

File: any set of organized personal data, regardless of the method used to create, store, organize or access the data.

Data processing: automated or non automated operations and procedures used to collect, record, store, create, modify, block, cancel and transfer data resulting from communications, enquiries, interconnections and transfers.

Party responsible for the file or the processing: natural or legal person, either private or public, or administrative entity that decides the purpose and content of the file or the processing.

Affected or interested party: natural person whose personal data is processed.

Dissociation procedure: any personal data processing that prevents the association of an identified or identifiable person with the information obtained.

Processing agent: natural or legal person, public authority, service or agency that, independently or collectively, processes personal data on behalf of the party responsible for the processing.

Interested party consent: the express wish, given freely, unequivocally, specifically and knowingly by the interested party, consenting to the processing of his or her personal data.

Transfer or communication of data: any disclosure of data carried out by someone different to the interested party.

Public access sources: files that can be freely consulted without being restricted by any regulation or, in certain cases, with the only requirement of paying a fee. The following are the only public access sources: census estimations, telephone directories under the terms specified in their specific regulations, and lists of members of professional bodies including only their name, title, profession, activity, academic qualification, address and an indication of their membership. Official journals and bulletins as well as the media are also considered to be public access sources.

Security measures: security measures must be applied to all files. The level of security (high, medium or low) will depend on the type of data.

Security document: a document that must be prepared for every single file to record the high, medium or low level security measures applied. It is a working document in which incidents, changes in the system, for instance, are recorded.


What obligations does it impose on companies?

- To register files in the Data Protection General Registry

- To obtain the consent of the interested parties

- To inform the interested parties about the creation and purpose of the fIle

- To maintain the confidentiality of the data

- To take appropriate security measures

- To allow the interested parties to exercise their rightss


In short:∫∫

1. A proactive attitude towards the public authorities: they must communicate the existence of the file and who is responsible for it

2. An informative attitude towards the natural or legal person whose data they are requesting

3. Regular and safe updates of the stored data

4. A protective attitude towards the file, preventing its modification, loss or unauthorized processing or access.



Download here documents as application and authorization form.


Gallery of images

Discover who and where we are.