Privacy Policy

Thank you for visiting this website.

Please read carefully the Terms and Conditions set out in this document. Use of this website implies the express and full acceptance of these Terms and Conditions, in the version published at the time of access. We recommend that you review this document each time you access the website in order to check whether any changes have been made to the terms of use, and that you leave the website if you do not agree with any such changes.

If we consider any amendments to be material, we will update the “Last Modified” date at the top of this page. You are responsible for reviewing and familiarising yourself with any amendments made.

Legislation incorporated into this Privacy Policy

This policy has been adapted to the following legislation currently in force in Spain and the European Union:

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR).

Spanish Organic Law 3/2018 of 5 December on the Protection of Personal Data and Guarantee of Digital Rights (LOPD-GDD).

Spanish Law 34/2002 of 11 July on Information Society Services and Electronic Commerce (LSSI-CE).

1. Data Controller Identification

In compliance with the information obligation set out in Article 10 of Spanish Law 34/2002 of 11 July on Information Society Services and Electronic Commerce, and with the data protection legislation currently in force, in particular Spanish Organic Law 3/2018 of 5 December on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD), which gives full effect to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR), the following information is provided.

Data Controller: ESFÉRICA INVERSIONES SICC, SA (hereinafter, the “COMPANY”)
Trade name: ESFÉRICA INVERSIONES
Tax Identification Number: A-70584651

2. Communication

You may contact us regarding any matter relating to the processing of personal data through the following channels:

Email: info@atalaya-invest.es
Registered office: Calle Compostela 8, 3º centro C, CP 15004, A Coruña Spain
Website: www.esfericainversiones.com
All notices and communications sent through any of the channels set out above shall be deemed effective for all purposes. We recognise that the privacy and security of your personal information are of the utmost importance. Accordingly, this Policy explains how we process your information and the measures we take to keep it secure. It also describes where and how we collect your personal information, as well as your rights in relation to any personal information we hold about you.

Principles applicable to personal data processing

The processing of the User’s personal data shall be governed by the following principles set out in Article 5 of the GDPR and Article 4 et seq. of Spanish Organic Law 3/2018 of 5 December on the Protection of Personal Data and Guarantee of Digital Rights:

  • Principle of lawfulness, fairness and transparency: the User’s consent shall be required at all times, following the provision of fully transparent information on the purposes for which the personal data are collected.
  • Principle of purpose limitation: personal data shall be collected for specified, explicit and legitimate purposes.
  • Principle of data minimisation: the personal data collected shall be limited to those strictly necessary in relation to the purposes for which they are processed.
  • Principle of accuracy: personal data must be accurate and kept up to date at all times.
  • Principle of storage limitation: personal data shall be kept in a form which permits identification of the User for no longer than is necessary for the purposes of processing.
  • Principle of integrity and confidentiality: personal data shall be processed in a manner that ensures their security and confidentiality.
  • Principle of accountability: the Data Controller shall be responsible for ensuring compliance with the foregoing principles.

What measures have we taken to safeguard the confidentiality, integrity and security of your data?

  • We request only the minimum information required, collecting only what we consider essential for our business activity or for the specific transaction concerned;
  • We have entered into confidentiality undertakings with our suppliers, staff and collaborators;
  • We have specialist advisers who provide ongoing support in this area and carry out periodic checks to ensure proper compliance with the applicable regulations;
  • We have implemented IT security measures designed to protect us against potential external attacks;
  • We have reviewed our documentation to ensure that it is appropriate in accordance with the applicable regulatory requirements;
  • We have assessed the impact that our procedures may have on the protection of your personal data;
  • We have trained our staff so that all personnel act diligently and ethically, in compliance with the requirements established under the applicable regulations.

Principles we apply to your personal information

When processing your personal data, we will apply the following principles, in accordance with the requirements of the European data protection framework:

  • Principle of lawfulness, fairness and transparency: we will require your consent for the processing of your personal data for one or more specific purposes, of which you will be informed in advance with full transparency.
  • Principle of data minimisation: we will request only data that are strictly necessary in relation to the purposes for which they are required.
  • Principle of storage limitation: data shall be retained for no longer than is necessary for the purposes of processing. Depending on the purpose, we will inform you of the applicable retention period; in the case of subscriptions, we will periodically review our lists and delete records that have remained inactive for a considerable period.
  • Principle of integrity and confidentiality: your data shall be processed in a manner that ensures appropriate security of personal data and safeguards confidentiality. Please note that we take all necessary precautions to prevent unauthorised access to, or misuse of, our users’ data by third parties.

LEGAL BASES FOR THE COLLECTION AND USE OF INFORMATION

If you are an individual located in the European Economic Area (EEA), the legal basis for collecting and using information depends on the personal information concerned and the context in which it is collected. Most of our information collection and processing activities are generally based on: 1) contractual necessity; 2) one or more legitimate interests of the COMPANY or of a third party that are not overridden by your data protection interests; or 3) your consent.

In certain circumstances, we will be under a legal obligation to collect your information or will need your personal information in order to protect your vital interests or those of another person.

PROCESSING ACTIVITIES

We set out below how we collect, use, disclose, transfer and store your information. This Privacy Policy applies to personal information collected through our website. It is important that you consult this Privacy Policy regularly in case it has been updated.

All users accessing our website may view its content without having to provide any personal information. Your personal data will only be collected when you voluntarily complete our form(s).

In such case, the User guarantees the authenticity, accuracy and truthfulness of the information provided and undertakes to keep personal data up to date so that they reflect, at all times, the User’s actual situation. The User shall be solely responsible for any false or inaccurate statements and for any damage that such statements may cause.

By using this communication channel, you expressly agree to receive periodic communications exclusively from the entity, which shall keep strictly confidential the personal data received from users through the website, ensuring their confidentiality and adopting the technical measures necessary to prevent any alteration, loss, misuse or unauthorised access to such data.

We further inform you that all data provided through electronic forms and/or by email are strictly necessary for the proper identification of the sender. This information shall be processed with strict confidentiality and solely for the purpose of managing requests for information, contracting our services and products, and the other purposes specified below.

You are hereby informed of, and give your full express consent to, the use of your data for activities related to the corporate purpose of the entity.

The consent granted, both for the processing and for the transfer of data subjects’ data, may be withdrawn at any time by notifying the email address info@atalaya-invest.es, under the terms set out in this Policy for the exercise of rights. Such withdrawal shall in no case have retroactive effect.

How we use your data

We may use your personal data as follows: the information you provide may assist us in decision-making, responding to requests, improving services, identifying new needs, generating promotions, understanding your expectations and providing you with a better service. We may also use your data for the following purposes.

Processing your order and providing products and services

  • Processing orders for the products and services you have purchased from us and keeping you informed of their progress;
  • Providing you with the relevant product or service.
    Billing and customer service
  • To invoice you or charge you for the use of our products and services;
  • To contact you if the billing information you provided is not up to date, is about to expire, or if we cannot accept payment;
  • To respond to any question or concern you may have about our products or services.

Service information notices

  • We will contact you to keep you updated with information on the products and services you hold with us.

Other purposes:

pecific purpose: if you provide your personal data for a specific purpose, we will use them in connection with the purpose for which they were provided. For example, if you contact us by email, we will use the personal data you provide to answer your question or resolve the issue, and we will reply to the email address from which the message was sent.

Internal purposes. We may use your personal data for internal purposes, such as improving the content and functionality of the services, better understanding the needs of our customers, improving services, protecting against, identifying or addressing fraudulent activities, enforcing our terms of service, managing your account, providing customer service and, more generally, managing the services and our business activity, among others.

Commercial communications. Provided that we have your express consent, which will be obtained through a dedicated checkbox included in our forms, we may use your personal data to contact you in the future in connection with commercial actions that may be of interest to you, always in relation to the products and/or services offered by the company.

In any event, you will always have the option to “unsubscribe” from these electronic communications at the bottom of such messages, or to notify us by sending an email to the following address: info@atalaya-invest.es. However, you may continue to receive notices and emails where they are necessary and essential for the maintenance of our contractual transactions.

In accordance with Spansih Law 34/2002 of 11 July on Information Society Services and Electronic Commerce (LSSICE), the COMPANY does not engage in SPAM practices and undertakes not to send commercial communications without duly identifying them as such.
Please note that, even if you decide not to subscribe to, or to unsubscribe from, promotional or commercial electronic communications, the COMPANY may still need to contact you as a User with important information about transactions relating to your account and your purchases of products, activity bookings or the contracting of other services.

The types of data collected and processed, and the purposes for which they are processed, are set out in further detail below:

CATEGORY PURPOSE

Website Visitor Usability and quality analysis to improve our services
User contacting us To respond to the user’s requests; to respond to any queries, complaints, comments or concerns that the user may have in relation to the information included on the website, the services provided through the website, the processing of personal data, matters relating to the legal texts included on the website, and any other enquiries that the user may have and that are not subject to contractual terms and conditions.

The legal bases are linked to the purposes set out in the previous section

CATEGORY LEGAL BASIS

Website Visitor The consent given when accepting cookies or continuing to browse our website. (GDPR Art. 6.1.a)
User contacting us Our legitimate interest in handling the enquiries and requests of the data subject, justified by the interest shown in contacting us and receiving information, with minimal intrusion into their privacy and the use of limited data provided by the user. (GDPR Art. 6.1.a)

Data provided voluntarily by the data subject

CATEGORY DATA COLLECTED

Website Visitor IP address, browsing data.
User contacting us Data provided by the data subject, normally: first name, surname, email address and telephone number.
Possible consequences of not providing such data

CATEGORY CONSEQUENCES

Website Visitor No consequences
User contacting us If the user contacting us does not provide their data, we will not be able to respond appropriately to their enquiry or enquiries.
Possible disclosures of data to third parties

CATEGORY POSSIBLE DISCLOSURES

Website Visitor No data are collected from the Website Visitor
User contacting us We will not disclose personal data relating to this type of user to third parties without their consent.
International transfers

CATEGORY INTERNATIONAL TRANSFERS

Website Visitor No data are collected from the Website Visitor
User contacting us No transfer of personal data is made to a third country or international organisation.

Retention periods

CATEGORY RETENTION PERIODS

Website Visitor No data are collected from the Website Visitor
User contacting us They shall be retained for the time necessary to fulfil the purpose for which they were collected.

OTHER ASPECTS RELATING TO DATA DISCLOSURE

As a general rule, the data you provide to us are not disclosed to third parties without your consent, unless required by law, for example in the event of a court summons or a request from a public authority, or where we believe in good faith that such action is necessary to: a) comply with a legal obligation; b) protect or defend our rights, interests or property, or those of a third party; c) prevent or investigate potential unlawful acts in connection with the Services; d) act in urgent circumstances to protect your personal safety; or e) safeguard against legal liability.

STORAGE

We may store your data or transfer them to a third party that will store them in accordance with this Privacy Policy. We adopt such measures as we consider reasonable to protect personal data against loss, misuse, unauthorised use, unauthorised access, inadvertent disclosure, alteration and destruction. However, no network, server, database, Internet transmission or email transmission is completely secure or error-free.
In the event of a security breach affecting data under our custody, we will take all necessary measures to mitigate its consequences and will notify the Supervisory Authority, providing all relevant information for documenting and reporting the incident.

CONSENTS

The consent of the data subject, in accordance with data protection regulations, consists of a freely given indication by the data subject whereby they agree to the processing of their data for a specific purpose, under certain conditions of which they must have been informed in advance.

Can you modify or withdraw your consent at any time?

Yes. Information on the processing activities to which you have consented will always be accessible. You may modify or withdraw your consent at any time through our email address.

Likewise, you may unsubscribe from our database at any time by sending an email to: info@atalaya-invest.es

AUTOMATED DECISIONS

The COMPANY does not make any decision based solely on the automated processing of your data.

STATISTICAL STUDIES

The COMPANY does not carry out studies for scientific, historical or statistical purposes; where applicable, the data will be anonymised for the purposes of the study in order to preserve confidentiality.

NOTICE OF PERSONAL DATA BREACH OR SECURITY BREACHES

A personal data breach means a breach of the security of the COMPANY’s information systems that causes or may cause the accidental or unlawful destruction, alteration, loss, unauthorised disclosure of, or access to, personal data transmitted, stored or processed in connection with the provision of our services.

In the event that the personal data stored and/or processed by the COMPANY are compromised in any way, we will duly notify the affected parties, in accordance with the provisions of Article 33 of the GDPR.

DATA PROTECTION RIGHTS

Users may send a written communication to the registered office of the COMPANY or to the email address indicated in the header of this Privacy Policy, including in both cases a photocopy of their National Identity Document or other similar identification document, to request the exercise of the following rights:

  • Right to rectification of personal data. You have the right to rectify information stored about you if it is inaccurate. If the information we store needs to be updated, or you believe it may be incorrect, you may update it whenever you deem necessary.
  •  Right of access to personal data. You have the right to request a copy of the personal data we hold about you.
  • Right to data portability. You have the right to transfer the data you have provided to us in certain circumstances.
  • Right to object to the use of personal data. You have the right to object to the processing of your personal information.
  • Right to erasure. We seek to process and retain your data only for as long as we need them. You also have the right to request the erasure of the personal data we hold about you. Such data shall be blocked and accessible only by certain persons in the event that we need them to handle any claim or meet our obligations.
  • Right to restriction. You have the right to request the restriction of the processing of your data so that we may store your data but not use them.

In addition to the specific means established for each right, you may exercise your rights of access, rectification, erasure, objection, restriction and portability, as well as withdraw the consents granted, by writing, with a photocopy of your National Identity Document and the reference “Data Protection”, to the postal or electronic address stated in the header of this Policy.

These rights are strictly personal and shall be exercised by the data subject, with no limitations other than those provided for by applicable law. However, the legal representative of the interested user may act where the user is incapacitated or a minor, making it impossible for them to exercise such rights personally. The Data Controller shall give effect to the exercise of your rights within thirty days following receipt of the request.

If the Data Controller considers that the request should not be granted, it shall provide a reasoned response within the period indicated in this section.

Where erasure of the data is appropriate but physical deletion is not possible, whether for technical reasons or due to the IT medium used, we will block the data in order to prevent their use until they are fully deleted from the information systems.

COLLECTION OF DATA FROM MINORS

Our website is not intended for persons under 16 years of age. We do not intentionally collect information, including personal data, about children or other persons who are not legally permitted to use our services.

If we become aware that we have collected personal data from a child under 16 years of age, we will delete such data as soon as possible, unless we are legally required to retain them. Please contact us if you believe that we have collected information from a person under 16 years of age by mistake or unintentionally, by sending an email to: info@atalaya-invest.es.

PROCESSING OF SPECIAL CATEGORIES OF PERSONAL DATA AND PERSONAL DATA RELATING TO CRIMINAL CONVICTIONS AND OFFENCES

When completing free-text fields, it is not permitted to enter personal information relating to personal data revealing ethnic or racial origin, political opinions, religious or philosophical beliefs, or trade union membership, or data concerning the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, health data, data concerning a natural person’s sex life or sexual orientation, or personal data relating to criminal convictions and offences.

If any information relating to the matters referred to above is entered in any of our forms or by email, it will be immediately deleted from our information systems and the enquiry submitted cannot be processed, as such data are neither necessary nor relevant for the specified purposes of the processing activities on this Website.

DATA PROTECTION OFFICER

We have appointed ELEONORA CARCERONI GARBAYO as Data Protection Officer, a lawyer registered under number 4693 with the Illustrious Provincial Bar Association of A Coruña, whose email address is: info@edora.es. As provided in Article 38.4 of the GDPR, data subjects may contact the Data Protection Officer with regard to all matters relating to the processing of their personal data and to the exercise of their rights under that Regulation.

COMPLAINT TO THE SUPERVISORY AUTHORITY

If you believe that your rights have not been duly addressed by our entity, you may lodge a complaint with the Spanish Data Protection Agency through any of the following channels:
Electronic office: www.agpd.es
Postal address: Agencia Española de Protección de Datos, C/ Jorge Juan, 6, 28001 Madrid
Telephone: Tel. 901 100 099 / Tel. 91 266 35 17
Lodging a complaint with the Spanish Data Protection Agency does not entail any cost and does not require the assistance of a lawyer or court representative.
ESFÉRICA INVERSIONES SICC, SA has adapted this website to comply with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons (GDPR), Spanish Organic Law 3/2018 of 5 December on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD), and Spanish Law 34/2002 of 11 July on Information Society Services and Electronic Commerce (LSSICE or LSSI).
© All rights reserved: ESFÉRICA INVERSIONES SICC, SA

LEGAL

CONTACTO

Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.