2. Confidentiality and Data Protection Policy
BUFETE PRAT & ROCA, S.L.P. (hereinafter the Company) is committed with due diligence and
compliance with the Data Protection regulations implemented through Regulation (EU) 2016/679
regarding the protection of natural persons as regards the processing of their personal data and the
free movement of such data (General Data Protection (RGPD) and the provisions of the Organic Law
3/2018 on Data Protection and Digital Rights Guarantee (LOPDGDD).
Detailed information on the policy of confidentiality and Protection of Personal Data pursuant to the
provisions of the aforementioned regulations is set out below.
Contact information of the Responsible for Data Processing and the Data Protection Officer (DPO):
- Identity: BUFETE PRAT ROCA, S.L.P.
- Address / P. C. : 10, Tuset Street – 08006 Barcelona
- Phone number: 93 415 03 16
- E-mail: firstname.lastname@example.org
- Contact details of the DPO: Daniel Roca Pla
- Data Protection Channel: https://www.corporate-ethicline.com/prat-roca
3. Data processing purposes
- The Company will process the data provided by concerned persons for the following purposes:
Management of client service and meetings in our premises, as well as the conduction and
rendering of contracted services.
- Management of requests or suggestions made by the concerned persons with regard to our
- Informative and commercial communications: data processing in order to inform about activities, articles of interest and general information related to our activity and the contracted services/products.
- Management of data provided in the Curriculum Vitae (CV) of candidates applying for a job, for the purpose of selection and recruitment processes.
For the correct client service rendering and conduction of the abovementioned purposes, the concerned person consents to the processing of his/her data for said ends, all under the strictest compliance with the Data Protection Regulations and the policy hereby detailed. The concerned person may exercise his/her rights at any time (see specific section).
4. Data retention criteria
- Rendering of services contracted with the Company: personal data provided in contracts and
service proposals, as well as data related to third parties whose intervention is required, will
be kept for the duration of the hired services. Upon completion of contracted service/s,
personal data will be kept in those cases from which could derive liability with the Company
and/or in compliance with other regulatory frameworks applicable to the Company or
regulations with the force of law that require the retention of such data. Personal data will be
kept in a way that allows the identification and exercise of the rights of those concerned and,
under the legal, organizational and technical measures necessary to guarantee the
confidentiality and integrity of said data.
- Management of Curriculums Vitae: the Company, as a rule, keeps Curriculums Vitae for a
maximum period of one year; once this period has ended, said CV are automatically
destroyed, in compliance with the principle of data quality.
- Others: the rest of the data and information provided by the user by any means will be kept
for as long as needed in order to fulfil the purpose for which they were collected.
- Legal basis that enables the Company to process personal data of users, clients and potential
clients by virtue of the following titles.
- The consent of the concerned person for the processing and management of any request
of information or consult about our services and products.
- The consent given by job Candidates for selection and recruitment purposes.
- The framework for the provision and/or contracting of services/products with the Company.
- The legitimate interest to send informative and commercial communications and/or
promotional offers by email or any other means, related to the Company’s activity and to
the services/products contracted.
No personal data is transferred to third parties, except legal provision.
- Personal data is obtained directly from the concerned persons and from our collaborators. The
categories of personal data provided by our collaborators are the following:
- Identification Data
- Postal or electronic addresses
- Data provided and/or consented to by the concerned persons, necessary and related to the
management and provision of requested service/product.
- Right of Access, Rectification and Deletion: concerned persons have the right to obtain confirmation
as to whether the Company is treating their personal data or not. Concerned persons have the right
to access their personal data, as well as to request the rectification of inaccurate information or
request its deletion when, among other reasons, the data is no longer necessary for the purposes for
which it was collected.
- Right of Limitation and Opposition: in certain circumstances, the concerned persons may request the
limitation of the processing of their data, in which case the Company will only keep it for the
purposes of defence against claims. In certain circumstances and, for reasons related to their
particular situation, the concerned persons may oppose the processing of their data. The Company
will stop processing the data in said cases, except for compelling legitimate reasons, or for the
defence against possible claims.
These rights may be exercised through our Data Protection Channel, see specific section.
9. Data protection channel
The Company has implemented a Communications and Complaints Channel which incorporates all
the relevant and necessary aspects of data protection, with the highest commitment, rigor and professionalism in terms of security, experience, independence and knowledge in the treatment of
the communications received, in compliance with the requirements of article 24 of the LOPDGDD for
this type of channels.
The Data Protection Channel has been implemented through a web platform, developed and
managed by an independent external expert, to provide and guarantee the aforementioned
Through the Data Protection Channel, users can exercise their Rights (see previous section) and
communicate any suspicion or knowledge of possible security violations (breaches) and/or possible
breaches or irregularities regarding Data Protection regulations or the present policy of the
The information to access the Data Protection Channel are detailed at the beginning of this policy.
10. Cookies policy
Necessary cookies (All visitors)
cfduid: Used for our CloudFlare CDN to identify individual clients behind a shared IP address and apply security settings for each client.
PHPSESSID: To identify a single visit to the website.
11. Service and support
The concerned persons may communicate to the Company any questions related to the
processing of their personal data or interpretation of the present policy, by contacting the
Data Protection Officer (RPD / DPD) at the email address provided at the beginning of this