1. INTRODUCTION
Before proceeding to contract and/or use any of our services or utilities you should read this Privacy and Data Protection Policy.
If you are a Client of DDP, this Privacy and Data Protection Policy will be incorporated into the contract that governs your relationship with DDP, to ensure the security of the data you provide to us as the Data Subject or Data Controller.
In the event that you are only a User of our Website, you must read this Privacy and Data Protection Policy each time you browse it and before submitting any data through the forms provided for this purpose. DOMINIO DE PROYECTOS S.L. (hereinafter, DDP), located at Avenida de Brasil 30, esc. 2, Planta 1, 28020, Madrid, is also the owner of the website www.dominiodeproyectos.com, and this policy also applies to the data that may be collected through the Website
This Privacy and Data Protection Policy outlines the guidelines and principles of action of DDP for the processing of personal data that you provide to us. In it, DDP informs you about how it collects your data and the processing it performs on the same.
DDP may change the conditions set forth in this Privacy and Data Protection Policy, either partially or entirely, in order to keep this document updated and in compliance with the requirements established by both national and international regulations.
When you are a Client and DDP makes changes to the clauses of this Privacy and Data Protection Policy, we will notify you as a Client of the Firm so that you can be aware of the clauses that may affect you.
The duration and validity of this Policy will last as long as it is displayed. Therefore, when it is modified, it will no longer be valid and will be replaced by the updated document.
2. DOMINIO DE PROYECTOS AND ITS COMMITMENT TO PRIVACY
DDP, as a firm that advocates for ethics, honesty, and transparency, is firmly committed to the protection of personal data, the confidentiality and security of this data, and the privacy of Users/Clients.
DDP complies with the current legislation on the protection of personal data and the guarantee of digital rights in accordance with Organic Law 3/2018, of December 5.
To this end, DDP has adopted the necessary technical and organizational measures to prevent the loss, misuse, alteration, unauthorized access, and theft of the personal data provided; all while considering the state of technology, the nature of the data, and the risks to which they are exposed.
DDP will only obtain personal data when it is adequate, relevant, and not excessive in relation to the scope and specific, explicit, and legitimate purposes for which it was obtained. In other words, DDP will only collect the data that is strictly necessary for each of the intended purposes.
As the Data Subject and/or Data Controller of the personal data you provide to us, you must comply with this Privacy and Data Protection Policy.
DDP’s commitment to privacy is reflected in the following conduct guidelines:
- DDP respects the privacy of Clients and/or Users, as well as their choices at all times. Therefore, it incorporates privacy respect into each of its actions.
- DDP will never offer or sell the data you provide to us.
- Your data will be secure and protected, always ensuring its confidentiality. Therefore, DDP only accepts high standards of quality and trust in its relationships.
- We will never use your data for purposes other than those for which it was collected.
3. RESPONSIBILITIES
As the Data Subject or Data Controller of the data you provide to us, you are responsible for ensuring that the data you provide is accurate, complete, and up to date. Therefore, you will be solely responsible if the data you provide is false, inaccurate, incomplete, or outdated, or if the data pertains to third parties for whom you have not obtained their explicit consent or informed them about its processing.
In the specific case that, during the contractual relationship, the Client provides DDP with personal data of employees or third parties, the Client, as the Data Controller of such data, must have informed them beforehand about the processing of their personal data, its purpose, and obtained their consent. You agree to notify any changes or modifications to the data.
Any loss or damage caused to DDP as the Data Controller or Data Processor due to the communication of incorrect, inaccurate, incomplete information, or third-party data without their informed consent, whether in the contractual relationship or in the registration forms, will be the sole responsibility of the Client and/or User.
In cases where DDP acts as the Data Processor of personal data for which the Client is the Data Controller, both parties commit to collaborating to ensure the protection of this data and the effective exercise of the rights of its data subjects.
The Client agrees not to provide DDP with any information or personal data that is not necessary or relevant for the execution of the contractual relationship.
4. WHAT ARE PERSONAL DATA?
Personal data refers to any information concerning identified or identifiable natural persons. In other words, personal data are those that identify a natural person (e.g., their first name or last name) or that allow identification (e.g., their address).
Information related to legal entities is not considered personal data.
If you are a Client of DDP, the personal data that may be collected for the proper execution of the service can include: first and last name, phone number, email, official identification document, and professional data. This will depend on the type of service provided by DDP.
The personal data collected by DDP are strictly necessary for the intended purpose or the provision of the service.
If you are a user of our Website, the personal data that may be collected through it are the following: first and last name, email, professional data, and phone number.
DDP will never collect personal data of special or sensitive categories.
5. COLLECTION OF PERSONAL DATA AND PURPOSES OF PROCESSING
Before providing us with your data, you should be aware of the purposes for which it will be processed, the Data Controller, the Processor (if applicable), the legal basis, the recipients of the data (if applicable), and your rights, among other aspects.
Therefore, to facilitate your understanding, below you will find a table that provides information on all aspects related to the Protection of Personal Data based on the purpose of the processing.
In the event that you browse our website, we inform you that it uses cookies in order to collect information on the use made of it, as well as to facilitate navigation and provide a better experience in the use of it. For more information about our Cookies Policy, please access it through the following link link.
6. WHO CAN ACCESS YOUR DATA?
Companies of the DOMINIO DE PROYECTOS Group
Depending on the services contracted, the data may be processed by companies within the DOMINIO DE PROYECTOS Group based on the legitimate interest of the Group, for service provision and to fulfill administrative and/or legal purposes.
Trusted Providers:
We also enter into contracts with trusted providers, to whom we require compliance with current data protection regulations, for the provision of certain services and to carry out a variety of business operations on our behalf. We only provide them with the information strictly necessary to perform the service, and we require them not to use your personal data for any other purpose. If the Client does not authorize the provision of a service by a trusted provider, another provider will be contracted, or the service will not be provided.
Authorities:
Depending on the services ultimately contracted by the Client, we may disclose their data to certain authorities to comply with tax filing services or social security registration and deregistration, among others. DDP will always inform the Client in advance about who will have access to their data, depending on the contracted services.
7. YOUR RIGHTS AND HOW TO EXERCISE THEM
As the data subject, you can exercise your rights of access, rectification, deletion, restriction of data, portability, opposition, and the right to be forgotten by sending an email to the address info@dominiodeproyectos.com with “Exercise of rights” in the subject line, or by postal mail to DOMINIO DE PROYECTOS S.L. with DOMINIO DE PROYECTOS S.L. at Avenida de Brasil 30, esc. 2, Planta 1, 28020, Madrid, along with a copy of your ID or official document for identification.
Next, we detail, for your easy understanding, the content of each of your rights. However, we kindly ask that you consult the General Data Protection Regulation for further information on your rights.
- Right of Access: The data subject has the right to obtain confirmation from the Data Controller as to whether or not personal data concerning them is being processed and, if so, the right to access that personal data.
- Right of Rectification: The data subject has the right to obtain, without delay, the rectification of inaccurate personal data concerning them from the Data Controller.
- Right of Deletion (Right to be Forgotten): The data subject has the right to obtain, without delay, the deletion of personal data concerning them from the Data Controller. It is important to note that this is not an absolute right, as there may be legal or legitimate reasons for retaining the data.
- Right to Object: The data subject has the right to object to the processing of their data at any time.
- Right to Restrict Processing: The data subject has the right to obtain from the Data Controller the restriction of the processing of their data. This right can only be exercised under certain circumstances defined by the General Data Protection Regulation (GDPR).
- Right to Data Portability: The data subject has the right to receive the personal data concerning them, which they have provided to a Data Controller, in a structured, commonly used, and machine-readable format, and to transmit those data to another Data Controller without hindrance from the original Controller, when the circumstances outlined in the General Data Protection Regulation (GDPR) are met.
At the same time, as the data subject, we inform you of the following rights that concern you:
- Right to information: You have the right to obtain clear, transparent, and easy-to-understand information about how we use your personal data and about your rights. This right to information is made effective through this Privacy and Data Protection Policy.
- Right to withdraw consent at any time when data processing is based on consent: You can withdraw your consent to the processing of your personal data when the processing is based on your consent. This withdrawal of consent will not affect the lawfulness of the processing based on consent prior to its withdrawal. If you wish to withdraw your consent, please contact us through the means previously indicated.
- Right to file a complaint with a supervisory authority: You have the right to lodge a complaint with the Spanish Agency for Data Protection regarding DDP’s Privacy and Data Protection practices. However, we kindly ask that before filing such a complaint, you contact us through the means provided.
8. INTERNATIONAL DATA TRANSFERS
All the data provided to DDP is stored on servers located within the European Union, which comply with the security requirements set forth in European regulations.
DDP does not carry out any international data transfers. In the eventual case where, for the provision of a contracted service, an international transfer outside the European Union is necessary, the Client will be informed beforehand and asked for their consent. Additionally, the Client will be made aware that all our providers are required to comply with European data protection regulations, regardless of their location.
9.HOW LONG DOES DOMINIO DE PROYECTOS KEEP YOUR PERSONAL DATA?
DDP will only retain your personal data for as long as necessary to fulfill the purposes for which they were collected or to comply with legal obligations.
DDP, at the Client’s choice, will delete or return the personal data once the service provision is completed, without prejudice to the obligation to retain them due to legal, regulatory, court, or administrative authority requirements, etc.
The personal data obtained with your consent for the execution of the business relationship and/or for sending communications, services, news, etc., will be retained until you inform us that you wish for your data to be deleted, exercising your rights previously explained.
In the case of Candidates, the personal data obtained for their participation in future selection processes will be retained until you unilaterally decide that we delete it (by exercising your previously explained rights) or when 1 year has passed since the selection process.
DDP will permanently and securely delete personal data once the purpose for which it was provided has been fulfilled or the period during which it must comply with the applicable legal obligation has expired.
SECURITY AND CONFIDENTIALITY OF PERSONAL DATA
In order to ensure the security and confidentiality of your data, DDP has adopted the required security levels for the protection of personal data, having implemented the technical and organizational measures at its disposal to prevent loss, misuse, alteration, unauthorized access, and theft of the personal data provided.
The personal data that DDP may collect, derived from the contractual relationship with us or through the various communications held with the Client/User, will be treated with absolute confidentiality.
Below are the technical and organizational measures implemented by DDP to ensure the security of your data.
Physical access controls to data
Regarding the measures to control physical access to personal data, DDP stores the data in a restricted access location with the necessary security measures. This ensures that unauthorized individuals are prevented from accessing the centers where the data is stored.
At the same time, DDP has measures in place to ensure the secure deletion of documents or files containing personal data. For this reason, if the documentation is in paper format, DDP provides its employees with shredders specifically designed for this purpose.
Access controls to systems
Regarding system access control, DDP has implemented a user authentication system with passwords for accessing its systems. Additionally, to maintain tighter control, we maintain a list of individuals/users who have access to the data processing systems for authentication purposes, thus identifying each access point.
All data processing systems are protected by a password to prevent unauthorized individuals from accessing personal data.
All employees receive training on how to protect their computer equipment, ensuring the security of the information contained within them at all times. The computer systems are programmed to automatically lock after detecting inactivity for a short period of time, preventing unauthorized access to the system. Additionally, accounts are locked after multiple failed login attempts in sequence.
Security Systems
Regarding the security systems employed to ensure the protection of data, DDP has established controls to ensure that only authorized devices are used when providing services. In cases where remote work is necessary, remote access is conducted via VPN.
Additionally, DDP has implemented technical security measures such as antimalware, automatic backups, antivirus software, and perimeter security.
Business continuity
DDP creates backup copies, which are stored in protected environments. Additionally, DDP has the ability to restore data from these backup copies.
11.INCIDENT MANAGEMENT
DDP has established a procedure for incident management, so that if a security breach or violation occurs, it can be reported to the Spanish Data Protection Agency and/or the Data Subject within 72 hours.
12. CONTACT
If you have any questions regarding Personal Data Protection, please write to us at the email address info@dominiodeproyectos.com with the subject line GDPR, or by postal mail to DDP at Avenida de Brasil 30, esc. 2, Planta 1, 28020, Madrid, including a copy of your ID or an official identification document.