Privacy policy

Interested Parties or Affected Individuals: Private clients, workers, professionals, and company representatives

Data Processing
What processing activities do we perform with your personal data?

In compliance with Regulation (EU) 2016/679 and the Draft Organic Law on Personal Data Protection, we inform you that your personal data may be subject to the following processing activities:

  • TR10: Provision of services to vulnerable groups (Legal basis: Law 35/2006, of November 28).
  • TAB07: Administrative procedures (Legal basis: Regulation (EU) 2016/679 and LOPD).
  • TAB08: Contentious-administrative procedures (Legal basis: Regulation (EU) 2016/679 and LOPD).
  • TAB05: Criminal proceedings (Legal basis: Regulation (EU) 2016/679 and LOPD).
  • TR04: Advertising campaigns (Legal basis: Law 34/1988, of November 11, General Advertising Law).
  • TR08: Collecting feedback from data subjects (Legal basis: Regulation (EU) 2016/679 and LOPD).
  • TR03: Internal staff recruitment (Legal basis: Royal Legislative Decree 3/2015, of October 23, approving the revised Employment Law).
  • TA34: Accounting and bookkeeping management as a data controller (Legal basis: Royal Decree 1514/2007, of November 16, regulating the General Accounting Plan).
  • TA59: Data collection for tax management (Legal basis: Law 58/2003, of December 17, General Tax Law).
  • TA45: Collection of data for internal labor management (Legal basis: Royal Legislative Decree 1/1994, of June 20, approving the revised General Social Security Law).
  • TAB03: Procedures under legal aid services (Legal basis: Civil Procedure Law / Criminal Procedure Law).
  • TR09: Implementation of technical and organizational security measures in applied software (Legal basis: Regulation (EU) 2016/679 and LOPD).
  • TE02: Occupational risk prevention (Legal basis: Law 31/1995, of November 8, on Occupational Risk Prevention).
  • TE08: Document destruction (Legal basis: Regulation (EU) 2016/679).
  • TE09: Representation before courts and tribunals (Legal basis: Civil Procedure Law / Criminal Procedure Law).
  • TA01: Data collection for IRPF (personal income tax) declarations as a data controller (Forms 100-102) (Legal basis: Law 35/2006, of November 28).
  • TA02: Data collection for wealth tax declarations as a data controller (Form 174) (Legal basis: Law 19/1991, of June 6).
  • TA03: Data collection for non-resident income tax declarations as a data controller (Forms 206-210-211-216-296) (Legal basis: Order HFP/399/2017, of May 5).
  • TA04: Data collection for information declarations on assets and rights located abroad (Form 720) (Legal basis: Order HAP/72/2013, of January 30).
  • TAB01: Data collection for service provision under a letter of engagement (Legal basis: General Statute of the Spanish Bar Association).
  • TAB02: Extrajudicial legal advice (Legal basis: Civil Code).
  • TAB04: Civil/mercantile procedures (Legal basis: General Statute of the Spanish Bar Association).
  • TAB06: Labor/social procedures (Legal basis: General Statute of the Spanish Bar Association).
  • TE03: Transportation and package delivery (Legal basis: Commercial Code, August 22, 1885).
  • TE06: Anti-Money Laundering measures (Legal basis: Law 10/2010, of April 28, on Anti-Money Laundering).
  • TR05: Emails (Legal basis: Commercial Code and other applicable legislation).
  • TR01: Information requests received (Legal basis: Commercial Code and other mercantile provisions).
  • TR07: Incident and/or security breach management (Legal basis: Regulation (EU) 2016/679 and LOPD).
  • TE04: Internal legal affairs management (Legal basis: applicable mercantile and labor legislation).
  • TE01: IT system maintenance (Legal basis: Commercial Code).

Data Controller
Who are we?

We are responsible for processing your data. Therefore, we provide explicit, precise, and unequivocal information to both the data subjects and competent authorities regarding the following aspects:

Company Name: GESTIONEMPRESA CONSULTORES COOP. V.
Tax ID: F56302060
Address: CAMI VELL DE ALTEA Nº18 BAJO 2, L’ALFÀS DEL PI, 03581, ALICANTE
Data Protection Officer (DPO): Formación y Certificación de Protección de Datos, S.L.
Tax ID: F56302060
Email: dpd@gruposmz.es

GDPR Privacy Policy

Purposes

What do we use your personal data for?

In this organization, we may process your personal data exclusively for the purposes outlined below:

  • Ensure all necessary technical measures are implemented for the proper management of personal data with the applied software.
  • Send commercial and/or advertising information via email.
  • Manage information requests received from the data subject about our products or services.
  • Exclusively handle internal incidents detected in compliance with GDPR requirements.
  • Conduct advertising campaigns to promote our services and/or products.
  • Gather opinions from data subjects.
  • Select personnel to fill required job vacancies.
  • Comply with requirements set by the Anti-Money Laundering Law.
  • Fulfill all requirements provided in the Occupational Risk Prevention Law.
  • Manage the shipping of packages and correspondence.
  • Prevent financial fraud by clients and/or suppliers.
  • Address any legal issues affecting the company.
  • Manage, maintain, and repair IT storage systems.
  • Perform actions necessary for internal labor management.
  • Perform actions necessary for internal fiscal and accounting management.
  • Provide fiscal services to direct clients as a data controller.
  • Carry out all necessary tasks to provide services to vulnerable groups.
  • Comply with the principle of limiting the retention period of personal data.
  • Advise and/or legally defend the client.
  • Prevent, investigate, detect, or prosecute infractions. Enforce criminal penalties.
  • Prevent, investigate, detect, or prosecute administrative violations.
  • Represent clients before courts and tribunals.

Your personal data may also be used for automated decision-making. You are informed that the logic applied in individual automated decision-making and/or profiling is based on a computer program that performs the calculations necessary to determine the exact value corresponding to each analyzed parameter. You may contact us at the email provided in the first section for more information.

A commercial or user profile may be developed based on the information provided or obtained. It is explicitly stated that no profiles will be developed using the data of minors under any circumstances.

The personal data you provide will be retained while the contractual relationship lasts or, as applicable, until you exercise your right to object or withdraw the granted consent. To do so, you may access the relevant section on our website or email the address provided in the controller’s section.

Legitimacy

Why do we use your data?

We are authorized to process your personal data for the following reasons:

  • Your unequivocal, informed, and express consent, where legally required, without withdrawal affecting the lawfulness of prior processing or conditioning the execution of other treatments justified by different legal bases.
  • A legal obligation of the data controller.
  • The execution of a service provision contract and/or sale of corresponding products you have subscribed to.
  • The legal basis for processing your data is a legitimate interest of the controller. This interest has been assessed through a proportionality or balancing test between the legitimate interest of the controller and the interests or rights and freedoms of the data subjects. This assessment considered the interest, the processing’s impact on the data subjects, the balance between the two, and the implementation of additional safeguards. With the final balance favoring the controller, the processing may proceed under applicable personal data protection laws.

For any questions or clarifications, you can contact us via the email provided in the controller’s section.

Recipients

Who can we share your personal data with?

Your personal data will be shared with the following entities and organizations:

  • Tax Agency
  • State Public Employment Service
  • General Social Security Treasury
  • Ministry of Justice
  • SEPBLAC: Executive Service for the Prevention of Money Laundering
  • Courts and Tribunals of Justice

Your personal data will not be transferred to any third country or international organization.

GDPR Privacy Policy

Data Sources

What data do we process, and how did we obtain it?

Your personal data will be incorporated into the following files owned by the organization:

  • FA01 Direct Clients. Income Tax Return (Forms 100 and 102).
  • FA02 Direct Clients. Wealth Tax Return (Form 174).
  • FA03 Direct Clients. Non-Resident Income Tax Return (Forms 206-210-211-216-296).
  • FA04 Direct Clients. Informative Return on Assets and Rights Located Abroad (Form 720).
  • FA21 Internal Accounting Management.
  • FA22 Internal Labor Management.
  • FA36 Internal Fiscal Management. Data Collection.
  • FAB01 Data Collection for Service Provision via Engagement Letter.
  • FAB02 Extrajudicial Legal Advice.
  • FAB03 Legal Aid Procedures.
  • FAB04 Civil/Commercial Proceedings.
  • FAB05 Criminal Proceedings.
  • FAB06 Labor/Social Proceedings.
  • FAB07 Administrative and/or Contentious-Administrative Proceedings.
  • FE01 IT Maintenance.
  • FE02 Occupational Risk Prevention.
  • FE03 Transport and Shipping.
  • FE04 Internal Legal Affairs.
  • FE06 Anti-Money Laundering Prevention.
  • FE08 Document Destruction.
  • FR01 Information Requests Received.
  • FR03 Internal Personnel Selection.
  • FR04 Advertising Campaigns.
  • FR05 Emails.
  • FR07 Incident and/or Security Breach Management.
  • FR08 Collecting Opinions from Data Subjects.
  • FR09 Software and Hardware Security.
  • FR10 Vulnerable Group Management.
  • FE09 Representation Before Courts and Tribunals.

Your Rights

What rights can you exercise?

We guarantee the exercise of your rights concerning the processing of your personal data.