image001

Privacy Policy

This privacy policy sets out how ORZA GESTIÓN Y TENENCIA DE PATRIMONIOS, A.I.E uses personal data and stipulates the rights of users in accordance with Regulation EU 2016/679 of the European Parliament and the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter “GDPR”), and Organic Law 3/2018 of 5 December on the protection of personal data and digital rights

1.Data controller identification

ORZA GESTIÓN Y TENENCIA DE PATRIMONIOS, A.I.E, with TIN: V-20780235, is responsible for
processing the following information: If you have any questions, you may contact us by:

  • Post: C/Hondarribia, nº 31, 1º Derecha, C.P. 20005, Donostia- San Sebastián (Gipuzkoa)
  • E-mail to: info@orza.info

2. Personal data processing: purpose, legal basis and recipients

ORZA GESTIÓN Y TENENCIA DE PATRIMONIOS, A.I.E maintains a record of processing activities under its responsibility. It contains the purposes of processing, the legal bases that legitimise it and all other elements stipulated in Art. 30 of the GDPR. The following lists the types of processing performed via the website and others related to the company’s activities:

Processing Purposes of processing│ Legal bases│ Recipients
Board of directors Purposes Management of board of directors’ data in compliance with applicable company law provisions, including: minutes book recording keeping, meeting notice dissemination, company registry filings, and if required, the execution of acts before a notary public.
Legal bases Compliance of legal obligations applicable to the data controller.
Recipients – Company register
– Tax administration
– Registered auditors
– Notary publics
Contact persons Purposes Management of contact persons, normally natural persons who provide services at client’s and subsidiaries, for the maintenance and development of business and company relations.
Legal bases Legitimate interest of the data processor in regard to the contact information and responsibility of natural persons who provide services for legal persons, and data pertaining to sole proprietors and freelancers.
Recipients Data will not be shared with third parties, unless required by law.
Candidates Purposes Management of the CVs of individuals who participate in the recruitment process and who send spontaneous candidatures.
Legal bases Consent of the data subject.
Recipients Data will not be shared with third parties, unless required by law.
Suppliers Fines Comprehensive management of suppliers, including: invoice management, payment management, accounting management, fiscal and administration management and maintenance of communications.
Legal bases – Execution of a contractual relationship or implementation of pre-contractual obligations.
– Compliance of legal obligations applicable to the data controller
– Legitimate interest of the data processor in regard to the contact information and responsibility of natural persons who provide services for legal persons. and data pertaining to sole proprietors and freelancers.
Recipients – Tax administration
– Registered auditors
– Financial institutions
– External fiscal consultancy
Whistle blower channel Purposes Management of information arising from the implementation of an internal whistleblowing system, regarding illegal actions and breaches of applicable legislation; company policies and
code of conduct
Legal bases Legitimate interest of the data processor regarding the adoption of organisational practices and management to prevent breaches that exempts or attenuates the organisation from criminal liability.
Recipients Competent administrative and judicial authorities, when applicable.
Communication Purposes Management of inquiries and requests for information the organisation receives.
Legal bases Consent of the data subject
Recipients – Hosting provider
– Website content manager

Users have the right to request further information on how their personal data is processed by ORZA GESTIÓN Y TENENCIA DE PATRIMONIOS, A.I.E, by contacting them via the available channels stipulated in Annexe 1. 

3. Data storage

Personal data is stored during the length of the established relations or as long as the data subject does not withdraw their consent, and during the applicable legal time limits, and the time required to comply with the purposes for it which it was collected, and identify possible liabilities that could arise from said purpose and data processing. Only the required personal data for processing is requested because if it wasn’t supplied it would not be done.

4. Exercise of rights

Please contact us by sending a letter by post or by e-mail at: info@orza.info, The data subject or holder of the personal data may exercise the following rights in accordance with the provisions set out in the regulation:

  • Right to access: You have the right to request access to, and be informed about, their personal data that is collected by the data controller.
  • Right to rectification: You have the right to request that the data controller correct any information you believe is inaccurate.
  • Right to erasure: You have the right to request that the data controller erase your personal data, inter alia, because it is no longer relevant for the purpose for which they were collected.
  • Right to object: You have the right to request that that the data controller no longer process your personal data under specific circumstances.
  • Right to restriction of processing: You have the right to request that the data controller limit the scope of processing in specific cases, but maintains its storage.
  • Right to data portability: You have the right to receive your personal data, which you provided the data controller and you have the right to request they be sent to another controller.
  • Right to withdraw your consent at any time.

Furthermore, the data subject can lodge a complaint with the Spanish Data Protection Agency should they believe their rights are not being respected.

Data subjects must supply a copy of an official document proving their identity when lodging a complaint.

5. Security safeguards

ORZA GESTIÓN Y TENENCIA DE PATRIMONIOS, A.I.E is committed to its obligation of professional secrecy concerning the protection of personal data and will adopt the necessary measures to prevent alteration, loss, unauthorised processing of, or access to personal data, in accordance with applicable legislation.

ORZA GESTIÓN Y TENENCIA DE PATRIMONIOS, A.I.E has put into place the technical and organisational security safeguards needed to ensure the protection of personal data and prevent alteration, loss, unauthorised processing of, or access to personal data, given the condition of the technology, the nature of the stored data and the risks to which the data is exposed; either from human, physical or natural actions, in accordance with applicable legislation.

6. Privacy policy updates

This privacy policy may be updated to reflect any legislative changes, or guidelines and positions issued by the supervisory authority. 

Last updated: 16 October 2019