Privacy Policy

1. IDENTIFICATION OF THE DATA CONTROLLER

In compliance with Regulation (EU) 2016/679, General Data Protection Regulation (GDPR), Spanish Organic Law 3/2018 on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD), and Spanish Law 34/2002 on Information Society Services and Electronic Commerce (LSSI), users are informed that the personal data provided through this website will be processed by:

  • Data controller: Xavier Domènech Corbella (Controller)
  • ICAB bar registration number: 34374
  • Contact email: gdpr@domenechcorbella.com 

2. PURPOSES OF PROCESSING, DATA PROCESSED, LEGAL BASIS AND RETENTION PERIOD

Personal data will be processed for the purposes set out below. For each processing activity, the categories of data, the legal basis pursuant to Article 6 GDPR, and the applicable retention periods are identified.

2.1. Handling of enquiries (contact form)

Purpose of processing:

To manage, process, and respond to enquiries, requests, or communications submitted by users.

Categories of data processed:

  • Identification data: name and surname
  • Contact data: email address
  • Other data: information contained in the enquiry

Legal basis:

  • Article 6.1(b) GDPR: pre-contractual measures at the request of the data subject (when the enquiry relates to the potential engagement of legal services)
  • Article 6.1(f) GDPR: legitimate interest of the Controller

Retention period:

Data will be retained for the time necessary to handle the request and subsequently for a maximum period of 12 months, unless a legal obligation to retain the data applies or legal liabilities may arise.

2.2. Provision of professional services

Purpose of processing:

If the user engages the Controller’s professional services, their personal data will be processed to manage the lawyer-client relationship, provide the requested legal advice, and comply with applicable legal and deontological obligations.

Categories of data processed:

  • Identification and contact data
  • Professional or business data
  • Information provided within the scope of the engagement

Legal basis:

  • Article 6.1(b) GDPR: performance of a service contract
  • Article 6.1(c) GDPR: compliance with legal obligations

Retention period:

Data will be retained for the duration of the professional relationship and subsequently for the periods required to comply with legal obligations and address potential liabilities.

3. COMMERCIAL COMMUNICATIONS AND COMPLIANCE WITH e-PRIVACY REGULATIONS

The Controller does not currently send commercial communications by electronic means. However, if such processing were to take place in the future, it will be carried out in accordance with European e-Privacy regulations and Article 21 of the LSSI, and in particular:

  • Communications will only be sent where there is a valid legal basis, such as the data subject’s consent or a prior contractual relationship, in accordance with applicable law; and
  • Each communication will provide recipients with a simple and free method to object to the use of their data for promotional purposes.

4. RECIPIENTS OF DATA

Personal data may be disclosed to third-party service providers acting on behalf of the Controller, in particular:

  • Technology providers (hosting, email, website maintenance)
  • Accounting or administrative service providers

All of them act as data processors under Article 28 GDPR, and appropriate data processing agreements have been signed.

5. INTERNATIONAL DATA TRANSFERS

As a general rule, no international transfers of personal data outside the European Economic Area (EEA) are carried out.

If, on an occasional basis, a technology provider involves the processing of personal data outside the EEA, this will be assessed in advance and, where applicable, it will be ensured that the transfer complies with Articles 44 et seq. GDPR through appropriate safeguards (such as European Commission Standard Contractual Clauses or other valid mechanisms), as well as additional technical, organisational and/or contractual measures to ensure a level of protection essentially equivalent to that guaranteed within the EEA, in accordance with the recommendations of the European Data Protection Board (EDPB).

6. USER RIGHTS

Users may exercise the following rights:

  • Access: obtain confirmation as to whether their data is being processed and access it, as well as information about the processing
  • Rectification: request correction of inaccurate or incomplete data
  • Erasure: request deletion of their data when, among other reasons, it is no longer necessary for the purposes for which it was collected
  • Restriction: request limitation of processing in certain circumstances, in which case data will only be retained for legal claims
  • Portability: receive their data in a structured, commonly used and machine-readable format and transmit it to another controller where technically feasible
  • Objection: object to the processing of their data in certain circumstances, in which case processing will cease unless there are overriding legitimate grounds
  • Withdrawal of consent: withdraw consent at any time, without affecting the lawfulness of prior processing

To exercise these rights, users may contact: gdpr@domenechcorbella.com

Users also have the right to lodge a complaint with the competent data protection authority, in Spain the Spanish Data Protection Agency (AEPD – www.aepd.es), particularly where they consider that their rights have not been properly addressed.

7. ACCOUNTABILITY

The Controller applies the principle of accountability, adopting the necessary technical and organisational measures to ensure and demonstrate compliance with data protection regulations.

In particular, the Controller:

  • Applies data protection by design and by default
  • Maintains a record of processing activities
  • Carries out risk assessments where appropriate
  • Enters into data processing agreements under Article 28 GDPR
  • Implements internal policies and procedures on data protection
  • Ensures confidentiality of authorised personnel

8. SECURITY MEASURES

The Controller has implemented the necessary technical and organisational measures to ensure an appropriate level of security, taking into account the risk of processing personal data in accordance with Article 32 GDPR.

These measures are designed to ensure the confidentiality, integrity, availability, and resilience of personal data.

In particular:

  • Access control to systems and devices through appropriate authentication mechanisms
  • Use of properly secured and updated devices
  • Basic security measures in professional electronic communications
  • Restricted and prudent access management for digital and physical information
  • Prevention of unauthorised access, loss, or alteration of data
  • Compliance with professional legal privilege and confidentiality obligations

Processing is carried out under a risk-based approach, and security measures are periodically reviewed and updated.

9. MINORS

The website is not specifically directed at minors, although it may be accessible to them.

The Controller does not knowingly process personal data of minors. Minors are advised to use the website under the supervision of their parents or legal guardians.

10. SOCIAL MEDIA

The website may include links to social media platforms (e.g., LinkedIn).

In such cases, data processing is governed by the privacy policies of those platforms, which users are responsible for reviewing.

11. COOKIES

The website uses strictly necessary technical cookies for its operation, which do not require user consent.

It also uses third-party analytics technologies (such as IONOS SiteAnalytics) to analyse website usage for statistical purposes and service improvement. These technologies do not use cookies, but involve the processing of personal data and require prior user consent.

The website may contain links to third-party websites (such as LinkedIn), whose policies are independent of the Controller.

For more information about cookies and similar technologies, users may consult the Cookies Policy.

12. CHANGES TO THIS POLICY

The Controller reserves the right to modify this Privacy Policy to reflect legal, case law, or operational changes in its processing activities.

In the event of significant changes, users will be informed via the website.

 

Last updated: April 2026

Information icon

Necesitamos su consentimiento para cargar las traducciones

Utilizamos un servicio de terceros para traducir el contenido del sitio web que puede recopilar datos sobre su actividad. Por favor revise los detalles en la política de privacidad y acepte el servicio para ver las traducciones.