Privacy policy

DATA PROCESSING OF CLIENTS

Data Controller Information: 

Identity: LGV Enterprise Solutions – NIF: B19759554  

Postal Address: Calle Ciega 11 3A

Phone: 637557560 – Email: lorenagarciacoach@gmail.com

“At LGV Enterprise Solutions, we process the information you provide to deliver the requested service and carry out billing. The data provided will be retained as long as the business relationship is maintained or for the time necessary to comply with legal obligations and address any potential liabilities arising from the purpose for which the data was collected. Data will not be shared with third parties unless there is a legal obligation. You have the right to obtain information about whether LGV Enterprise Solutions is processing your personal data, and you can exercise your rights of access, rectification, deletion, and portability of data, as well as opposition and limitation of processing before LGV Enterprise Solutions at Calle Ciega 11 3A or at the email address clientes@atomicamente.com, sufficiently identifying yourself in your request electronically or, if not possible, through a duly signed request. However, if the data controller has reasonable doubts regarding the identity of the person making the request, they may request additional information necessary to confirm identity. Additionally, if you believe that you have not fully satisfied your rights, you may file a complaint with the national supervisory authority by contacting the Spanish Data Protection Agency, C/ Jorge Juan, 6 – 28001 Madrid.

 

Contract with the Management Company Handling Client Matters:

1. Purpose of the Treatment Assignment

Through these clauses, ASESORAMIENTO EMPRESARIAL Y ECONOMICO S.L., located at JOSE FRANCHY ROCA 5 PLANTA 6 OFICINA 5 and NIF B35672542, is authorized as the data processor to process, on behalf of LGV Enterprise Solutions as the data controller, the personal data necessary to provide the service specified below.

The processing will consist of BILLING, ACCOUNTING, AND TAX MANAGEMENT.

2. Identification of Affected Information

To execute the services arising from this assignment, LGV Enterprise Solutions, as the data controller, provides ASESORAMIENTO EMPRESARIAL Y ECONOMICO S.L. with the identification and banking data of its clients.

3. Duration

This agreement has a duration of 12 months, being automatically renewed unless otherwise decided by either of the parties.

Upon termination of this contract, the processor must return to the controller, or transfer to another processor designated by the controller, the personal data processed and delete any copies in its possession. However, it may keep the data blocked for the minimum time necessary to meet possible liabilities that may arise from its relationship with LGV Enterprise Solutions, destroying them securely and definitively at the end of that period.

4. Obligations of the data processor

The data processor and all its personnel are obliged to:

  • Use the personal data being processed, or those collected for inclusion, only for the purpose of this order. Under no circumstances may you use the data for your own purposes.

Process the data in accordance with the documented instructions of the data controller. If the processor considers that any of the instructions provided violate the General Data Protection Regulation or any other data protection provisions, the processor shall immediately inform the controller.

  • Keep, in writing, a record of all categories of processing activities carried out on behalf of the controller, containing of all categories of processing activities carried out on behalf of the controller, containing:
  1. The name and contact details of the processor(s) and of each controller on whose behalf the processor is acting and, where appropriate, of the representative of the controller or processor and of the data protection officer.
  2. The categories of processing carried out on behalf of each person in charge.
  3. An overview of the appropriate technical and organizational security measures you are implementing. 
  • Not to communicate or disseminate the data to third parties, except with the express authorization of the data controller or in the legally admissible cases. If the person in charge wants to subcontract, totally or partially, the services object of this contract, he/she has to inform the person in charge and request his/her previous authorization.
  • Maintain the duty of secrecy with respect to the personal data to which it has had access by virtue of this assignment, even after the end of the contract.
  • Ensure that the persons authorized to process personal data undertake, expressly and in writing, to respect confidentiality and to comply with the corresponding security measures. and to comply with the corresponding security measures, of which the person in charge shall inform them accordingly. 
  • Keep at the disposal of the person in charge the documentation accrediting compliance with the obligation established in the previous section.
  • Ensure the necessary training in personal data protection for persons authorized to process personal data.
  • When the affected persons exercise their rights of access, rectification, deletion and portability of data and opposition and limitation of processing before the data processor, the latter must communicate this by e-mail to the address indicated by the data controller as soon as possible. The communication must be made immediately and in no case later than the working day following receipt of the request, together, where appropriate, with other information that may be relevant to resolve it. It will assist the responsible, whenever possible, so that it can comply and respond to the exercise of rights.
  • Notification of data security breaches:

The data processor shall notify the controller, without undue delay and via the e-mail address provided by the controller, of any breaches of security of the personal data under its responsibility of which it becomes aware, together with all relevant information for the documentation and communication of the incident. It shall also notify any failure it has suffered in its information processing and management systems that may jeopardize the security of the personal data processed, its integrity or availability, as well as any possible breach of confidentiality as a result of the disclosure to third parties of the data and information accessed during the performance of the contract.  

At a minimum, the following information shall be provided:

  1. Description of the nature of the personal data security breach, including, where possible, the categories and approximate number of data subjects affected, and the categories and approximate number of personal data records affected.
  2. Contact person’s data for more information.
  3. Description of the possible consequences of a breach of personal data security. 
  4. Description of the measures taken or proposed to be taken to remedy the breach of security of personal data, including, if applicable, measures taken to mitigate the possible negative effects.

If and to the extent that it is not possible to provide the information simultaneously, the information shall be provided gradually without undue delay.

ASESORAMIENTO EMPRESARIAL Y ECONOMICO S.L., at the request of the responsible, will communicate in the shortest possible time such data security breaches to the data subjects, when it is likely that the breach poses a high risk to the rights and freedoms of natural persons.

The communication must be made in clear and simple language and must include the elements indicated in each case by the person in charge, as a minimum:

  1. The nature of the data breach.
  2. Details of the point of contact of the person in charge or the person in charge where more information can be obtained.
  3. Describe the possible consequences of a breach of personal data security.
  4. Describe the measures taken or proposed by the controller to remedy the breach of security of personal data, including, if applicable, measures taken to mitigate potential adverse effects.
  • Make available to the person in charge all information necessary to demonstrate compliance with its obligations, as well as to allow and contribute to the performance of audits or inspections carried out by the person in charge or another auditor authorized by the person in charge.
  • Implement the necessary technical and organizational security measures to guarantee the confidentiality, integrity, availability and permanent resilience of the systems and services for the processing of personal data.
  • Destination of the data:

Delete, return to the controller or deliver, if applicable, to a new processor as determined by LGV Enterprise Solutions, all personal data upon completion of the commissioned processing service.

Data may not be destroyed when there is a legal provision requiring their retention, in which case they must be returned to the data controller, who will ensure their retention, duly blocked, for as long as such obligation persists.

The return must involve the complete erasure of the data on the computer equipment used by the processor. However, the processor may keep a copy of the data, duly blocked, for as long as liabilities may arise from the performance of the services provided to the data controller.

5. Obligations of the data controller

It is the responsibility of the data controller:

  1. To provide the person in charge with the necessary data to be able to provide the service.
  2. Ensure, prior to and throughout the processing, that the data processor complies with the provisions in force on data protection.
  3. Monitor the processing, including the possibility of requesting information to verify compliance with the obligations set forth in this contract.