Blauersee

Privacy Policy

Política de privacidad de Blauersee

Privacy Policy

 
 
 

1. Introduction

Blauersee, as a legal and consulting firm, considers the privacy of its clients, employees, and third parties a fundamental priority. This Privacy Policy sets out the principles and procedures under which we process personal data, ensuring compliance with the General Data Protection Regulation (GDPR), Organic Law 3/2018 of 5 December on Personal Data Protection and the Guarantee of Digital Rights (LOPDGDD), and other applicable regulations in Spain.

Our commitment to confidentiality and data protection is based on both technical and organisational measures that ensure security and legal compliance, as well as on the professional duty of secrecy inherent to our activity.

2. Data Controller The controller responsible for the processing of personal data is Natalie Yoshida, acting on behalf of Blauersee. For any query related to data processing, you may contact our Data Protection Officer (DPO) by email at: dpo@blauersee.eu.

3. Categories of Data Processed Blauersee collects and processes the following categories of personal data:

  • Identification data: Name, surname, ID/passport number, telephone, and email address.
  • Professional data: Position, company, and professional background.
  • Financial data: Banking and invoicing information.
  • Sensitive data: Only those strictly necessary for the provision of legal services, in accordance with the principle of data minimisation.

4. Purposes of Processing Personal data shall be processed for the following purposes:

  • Provision of legal and consulting services.
  • Administrative, accounting, and tax management.
  • Communications with clients, suppliers, and collaborators.
  • Compliance with legal obligations, including those related to anti-money laundering and counter-terrorist financing laws.
  • Retention of information relevant to internal training and quality improvement of services.

5. Lawful Basis for Processing The processing of personal data is carried out on the following legal bases:

  • Execution of a contract or the application of pre-contractual measures.
  • Compliance with legal obligations.
  • Consent of the data subject, when required.
  • Blauersee’s legitimate interest, such as service improvement or internal management.

6. Data Retention Periods Blauersee will retain personal data only for as long as necessary to fulfil the purposes for which it was collected. Specific retention periods are defined in the Blauersee Data Retention Plan, in accordance with applicable laws, including:

  • Five (5) years after termination of the contractual relationship, unless a longer period is required by law.
  • Ten (10) years for data related to compliance with anti-money laundering and counter-terrorist financing legislation.

Retention of personal data is governed by the Blauersee Data Retention Plan, which is available on our website or upon request via dpo@blauersee.eu.

7. Data Subject Rights Data subjects may exercise the following rights:

  • Access: Obtain confirmation as to whether their personal data is being processed and access such data.
  • Rectification: Request the correction of inaccurate or incomplete data.
  • Erasure: Request the deletion of data when it is no longer necessary.
  • Objection: Object to processing based on legitimate interests or for direct marketing purposes.
  • Restriction: Request temporary restriction of processing in certain cases.
  • Portability: Receive their data in a structured, commonly used, and machine-readable format, or request its transfer to another controller.

To exercise these rights, please submit a written request to our DPO at dpo@blauersee.eu. All requests will be handled within a maximum period of 30 days.

8. International Data Transfers Blauersee does not transfer personal data outside the European Economic Area (EEA), except where necessary for the provision of legal services. In such cases, we ensure that appropriate safeguards are in place, in accordance with Articles 44–49 of the GDPR.

9. Data Security We adopt appropriate technical and organisational measures to guarantee the security of personal data and to prevent unauthorised access, alteration, loss, or destruction, in compliance with Articles 32 and 34 of the GDPR.

10. Review and Updates This Privacy Policy shall be reviewed periodically to ensure its adequacy to applicable regulations and Blauersee’s operational needs.

11. Contact If you have any questions regarding this Privacy Policy or the processing of your personal data, please contact us at: dpo@blauersee.eu.

Last review: November 2024.