PRIVACY POLICY

1. Identity and contact details of the Controller

2. Necessary, up-to-date information

3. General information: description of the information contained in the privacy policy

4. Detailed information on the processing carried out by the Company

5. Exercise of your rights

6. Cookies

7. Security measures

8. Minors

 

1. Identity and contact details of the Controller

J&A Garrigues, S.L.P. Domiciled at Calle Hermosilla, 3, 28001 Madrid, holding employer identification number B 81709081, with telephone number 91 5145200 (“Garrigues” or the “Company”) is the controller of your personal data. This privacy policy provides information on the use to be made by the Company of your personal data as a web user ("the website").

The purpose of this Privacy Policy is to provide information on your rights under the General Data Protection Regulation (“GDPR”). Should you have any questions regarding the processing of your data, please contact the Company at the following address: [email protected]

We inform you that the Garrigues Group (to which the Company belongs) has a Data Protection Officer who may be contacted at the following email address: [email protected]

2. Necessary, up-to-date information

Completion of all the fields marked with an asterisk (*) on the website forms is compulsory. Failure to fill out any of these fields could prevent the provision of the services or information requested.

You must provide truthful information; in order to ensure that the information provided is always up to date and does not contain errors, you should inform the Company as soon as possible of any amendments to or changes in your personal data by sending an email to: [email protected]

By clicking on the “Accept” button (or similar) on such forms, you state that the information and data provided are accurate and true.

3. 3. General information: description of the information contained in the privacy policy

In this privacy policy you will find a table containing the following information for each of the different types of data processing carried out by the Company:

  1. The purposes of the processing of your data, that is, the reason why the Company is processing your personal data.
  2. The legal basis that enables the Company to process your data for each of the purposes indicated.
  3. The possible disclosure of your data to third parties, as well as the ground for the disclosure. For these purposes, we inform you that we do not disclose your personal data to third parties unless there is a legal obligation to do so. Your personal data may be accessed by the Company’s data processors, that is, the service providers who need to access your personal data in order to perform their functions. The service providers accessing your personal data generally operate in the information systems and technology sectors. The following table will indicate, as applicable, any other sectors in which other possible service providers of the Company who need to access your personal data may operate.

     

    You may request more detailed information on the recipients of your data by sending an email to [email protected], indicating the specific recipients in relation to which you require information.

  4. The existence of potential international data transfers. Should you require a copy of the contractual clauses referred to in the table below, please contact Garrigues at the following email: [email protected]
  5. The storage period of the data provided by you. Your data will remain blocked, for the purposes of handling legal, administrative or tax claims, for the periods stipulated in the applicable legislation.

4. Detailed information on the processing carried out by Garrigues
 

Purpose of the processing Legal basis Recipients International transfers Storage period
Management of the queries raised through the query form The Company’s legitimate interest in attending to requests for information via the website. Your data may be disclosed to Garrigues Group companies (the “Group”), based on Garrigues’ legitimate interest in attending to your request for information. Additional service providers to those indicated in section 3.c will not access your personal data. Your data may be transferred to Group companies, for the purposes indicated in the “Recipients” column in relation to Group companies located outside of the European Economic Area (“EEA”) as set out in this link. These transfers are carried out based on the adherence of these companies to the Privacy Shield, if they are US companies, or based on signature by these companies located outside the EEA of standard data protection clauses adopted by the European Commission for international transfers. Until your request for information has been resolved
Management of the personnel recruitment process for Group companies and of the relationship with you as job candidate. Consent given by you to arrange your inclusion in the candidates for positions in Garrigues group companies database. Your data may be disclosed to companies in the Group, on the legal basis of the legitimate interest of Garrigues, since the CVs tool is used for personnel recruitment throughout the entire Group. In addition to the service providers indicated in section 3.c, personnel recruitment service providers may also access your personal data. Your data may be transferred to Group companies, for the purposes indicated in the “Recipients” column in relation to Group companies located outside of the European Economic Area (“EEA”) as set out in this link. These transfers are carried out based on the adherence of these companies to the Privacy Shield, if they are US companies, or based on signature by these companies located outside the EEA of standard data protection clauses adopted by the European Commission for international transfers. Your data will remain active in Garrigues job candidates database for 3 years from the time you provided Garrigues with your CV. Once this term has elapsed, the obligation to block data imposed by legislation may be applicable.
Management of your subscription to the Blog of the Group company identified in the registration form. To manage your subscription and the comments you provide in the blog. Contractual relationship for the provision of the requested service, even though the service is free of charge. The categories of recipient that may have access to your data are those listed in section 3.c. No international transfers of your data will be performed for this processing. For a period of three years following your last interaction with the Company or until you indicate that you do not wish to continue subscribing to the blog (whichever occurs first).

 

5. Exercise of your rights

You may exercise the following rights:

  1. right of access to your personal data to know which data are being processed and the processing operations that are being performed with that data;
  2. right to rectification of any inaccurate data;
  3. right to erasure of your personal data, where possible;
  4. right to request the restriction of the processing of your personal data where the accuracy, legality or need to process the data is doubtful, in which case we may store your data for the exercise or defense of claims;
  5. right to data portability, when the legal basis that enables us to process them, of those indicated in the above table, is the contractual relationship or your consent;
  6. right to object to the processing of your personal data, when the legal basis that enables us to process them, of those indicated in the above table, is legitimate interest. For such purposes, we will cease to process your data unless we have a compelling legitimate interest or it is for the establishment, exercise or defense of legal claims.
  7. right to withdraw your consent at any time.

You may exercise your rights at any time, without charge, by sending an email to [email protected] indicating the right you wish to exercise and your personal particulars.

If you consider that we have not adequately processed your personal data, you can contact the Data Protection Officer at [email protected]. You may also lodge a complaint with the Spanish Data Protection Agency if you consider that data protection legislation has been breached in the processing of your personal data.

6. Cookies

Garrigues will only use data storage and recovery devices (“Cookies”) where the user has granted its prior consent in such connection in line with what is indicated in the pop-up window on the user’s web browser when the user accesses the website for the first time and in the other terms and conditions indicated in Garrigues’ Cookies Policy, which all users should be familiar with.

7. Security measures

Garrigues will adopt the security measures required by the GDPR in line with the nature of the data processed from time to time. This notwithstanding, the technical security of a medium such as the Internet is not impregnable and there may be willful misconduct on the part of third parties, although Garrigues has put in place all measures within its power to prevent such misconduct.

8. Minors

Minors may not use the services available via the website without prior authorization from their parents, guardians or legal representatives. Such parents, guardians or legal representatives are the only parties responsible for all the acts performed via the website by the minors in their care, including completing forms with the personal data of such minors and ticking the accompanying boxes.