Privacy Policy
This Privacy Policy sets out how personal data are processed by ORZA GESTIÓN Y TENENCIA DE PATRIMONIOS, A.I.E and the rights of the data subject in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regards to the processing of personal data and on the free movement of such data (hereafter the GDPR), and Organic Law 3/2018 of 5 December on the protection of personal data and the guarantee of digital rights (hereafter referred to by the Spanish acronym LOPDGDD).
1. Identity and contact details of the controller
ORZA GESTIÓN Y TENENCIA DE PATRIMONIOS, A.I.E, with tax ID V-20780235, is the data controller with responsibility for the processing of the data detailed below. The data controller can be contacted as follows:
- By writing to C/Hondarribia, nº 31, 1º Derecha, 20005, Donostia-San Sebastián, Gipuzkoa, Spain
- By emailing info@orza.info
2. Personal data processing: purpose, legal basis and recipients
ORZA GESTIÓN Y TENENCIA DE PATRIMONIOS, A.I.E holds a Record of Data Processing Activity detailing the purposes of the processing, the lawfulness of the processing and the other information required under art. 30 of the GDPR. Below is a list of the data processing carried out via this website and other websites related with the company’s business activity:
| Processing | Purposes of processing│ Legal bases│ Recipients | |
|---|---|---|
| Administrative | Purposes | Management of data pertaining to the business administrators to comply with legal obligations arising from trade legislation, including creating a minute book, issuing calls for proposals, filing mandatory records in the Commercial Registry and, where applicable, notarising documents. |
| Lawfulness | Complying with the data controller’s legal obligations. | |
| Recipients | Commercial Registry, tax authorities, accounts auditors, notaries. | |
| Managing investors | Purposes | Management of contact persons, normally natural persons who provide services at client’s and subsidiaries, for the maintenance and development of business and company relations. |
| Lawfulness | Satisfying the data controller’s legitimate interests with respect to the contact details and role exercised by the natural persons who provide services in legal entities (GDPR, art. 6.1.f│LOPDGDD, art. 19.1). | |
| Recipients | The data will not be communicated to third parties except where there is a legal obligation to do so. | |
| Hiring | Purposes | Managing the CVs of prospective candidates for existing openings and cold CVs. |
| Legal bases | The consent of the data subject. | |
| Recipients | The data will not be communicated to third parties except where there is a legal obligation to do so. | |
| Contacts | Fines | Managing the contact details of people in client businesses and organisations and of potential clients, existing suppliers, potential suppliers and entities linked to or interested in Orza. |
| Lawfulness | Satisfying the data controller’s legitimate interests with respect to the contact details and role exercised by the natural persons who provide services in legal entities and with respect to the contact details of individual entrepreneurs and freelance professionals (GDPR, art. 6.1.f│LOPDGDD, art. 19.1 and 19.1). | |
| Recipients | Tax authorities, accounts auditors, banking entities, external tax advisers. | |
| Complaints channel | Purposes | Managing data arising from the internal complaints system in relation to behaviour not compliant with the applicable legislation, the company’s policies and protocols and its code of ethics. |
| Lawfulness | The data controller’s legitimate interest in adopting organisational and management models to prevent offences and ensure the entity does not become criminally responsible. | |
| Recipients | Competent legal or administrative authorities, where applicable. | |
| Communication | Purposes | Managing enquiries and information requests. |
| Lawfulness | The consent of the data subject. | |
| Recipients | Hosting suppliers, website content manager. | |
Data conservation
The data shall be held for the duration of the relationship or provided the data subject does not withdraw their consent, and subsequently for the applicable legal period and time necessary to comply with the original purpose and to determine what responsibilities may arise from said purpose and from the data processing. Only those data necessary for the service or processing in question shall be requested. Failure to communicate this data will result in the service not being provided or the processing not being carried out.
Rights
The data subject or owner of the personal data may email info@orza.info to exercise the following rights as per the provisions of the applicable legislation:
- Right of access: to know whether their data are being processed or not.
- Right to rectification: to correct inaccurate data.
- Right to erasure: the processing will end when, among other reasons, the data are no longer needed for the purpose for which they were collected.
- Right to object: processing of the data may be stopped under specific circumstances.
- Right to restriction of processing: to limit the scope of the processing in certain cases, though the data will continue to be held.
- Right to data portability: to receive the data previously provided or request that they be send to a third party.
- The data subject has the right to withdraw their consent at any time.
They also have the right to contact the Spanish Data Protection Agency to assert their rights.
When exercising their rights, the data subject must provide a copy of their official identification documentation.
Security measures
ORZA GESTIÓN Y TENENCIA DE PATRIMONIOS, A.I.E commits to complying with the duty of secrecy with regard to personal data and their duty to store them safely and shall take the necessary measures to prevent their alteration, loss or unauthorised processing and/or access, as per the applicable legislation.
ORZA GESTIÓN Y TENENCIA DE PATRIMONIOS, A.I.E has implemented the necessary technical and organisational measures to guarantee the safety of personal data and prevent their alteration, loss or unauthorised processing and/or access, taking into account the current state of the art, the nature of the data being stored and the risks to which they are exposed, whether these are caused by human action or the physical or natural environment, in accordance with the applicable legislation.
6. Privacy policy updates
This Privacy Policy may be modified to bring it in line with changes in the law and with the criteria and positions of the relevant authorities.
Date of last update to the Privacy Policy: 6 September 2021.
