Privacy policy

PALOMA ZABALGO ABOGADOS is a law firm that specialises in family law within the European Union.

The Firm would like to inform users of the website https://www.palomazabalgo.com/ about the treatment and use of personal data collected by the Firm in relation to legal advice.

Our data protection policy is constructed and communicated in compliance with applicable regulations, including EU Regulation 2016/679 (GDPR) and Law 3/2018 on Data Protection and the Guarantee of Digital Rights.

The company has implemented technical and organizational measures to ensure the confidentiality, security, and proper processing of personal data. These measures prevent unauthorized access, alteration, loss, or processing of personal data, in compliance with applicable regulations. The company takes effective measures and ensures an appropriate level of security for the data processed. This work is carried out continuously, considering any changes in legislation or society.

This privacy policy may change due to legislative or business management reasons. Any changes will be promptly reflected on the website, and appropriate communications will be made.

The firm handles personal data of natural persons in a professional or private capacity. This policy applies to both categories of data. The entity can act as either a controller or a processor. The privacy policy covers both roles.

Who is the PERSON RESPONSIBLE FOR THE PROCESSING of your data?
Identity: Paloma Zabalgo Jiménez
Postal address: Calle Claudio Coello 32, 28001 Madrid
Telephone: 911268502
E-mail: hola@palomazabalgo.com

DATA PROTECTION OFFICER: Paloma Zabalgo Jiménez
PURPOSE OF DATA PROCESSING

AND STORAGE
We process the information provided by our customers and other interested parties for the following contractual purposes:

to manage the provision of rights and obligations arising from the contractual relationship with associates, suppliers, collaborators, and employees.

b) The company will use your personal information for informational purposes related to its activities and actions, based on your consent. c) The

c) company may also use your personal information for legitimate interests, as allowed by Article 19 of the LOPDGDD (Organic Law 3/2018 of 5 December) and Article 6.1.f) of EU Regulation 2016/679.

With regards to data pertaining to clients’ counterparts, we must uphold citizens’ right to legal assistance as enshrined in Article 24.2 of the Constitution. This right is further developed by laws governing each Jurisdictional Order, specifically in regards to the representation and defence of parties.

We act as the controller of the processing when collecting and processing this data.

When the company processes data to provide a service to a third party, which is the data controller, it acts as a processor.

RETENTION OF DATA
Personal data provided will be kept for the time required to fulfil the purpose for which it was collected or for the duration of the contractual relationship, including the time required by applicable regulations to fulfil relevant obligations and actions that may arise.

Data will be blocked and retained as long as their deletion has not been requested by the data subject, in accordance with the aforementioned events.

From that moment onwards, the data shall remain exclusively available to Judges, Courts, the Public Prosecutor’s Office, or the competent Public Administrations, particularly the data protection authorities, for the purpose of addressing any liabilities arising from the processing during the period of limitation of such liabilities. Once the aforementioned period has expired, the data will be deleted.

No profiling is conducted.

LAWFUL PROCESSING
As DATA CONTROLLER, the legal basis for the processing of your data is based on

a) The contractual relationship and the execution of the contract signed with us.
b) In the case of express consent, the legal basis is such consent.
c) Legitimate interest, in accordance with article 19 of the LOGPGDD.

As DATA CONTROLLER, it is up to the entity that has appointed us as service provider, in its capacity as DATA CONTROLLER, to establish the legitimation and the treatment model.

RECIPIENT OF THE DATA
The data are communicated to our employees who perform services such as subcontractors, legal firms collaborating in the processing. In these cases, the corresponding contract for ordering data from the processing is signed with the recipient, as required by the General Data Protection Regulation.

INTERNATIONAL DATA TRANSFERS
In connection with any transfer of your personal data to countries outside the EEA, the Company will take appropriate specific measures to ensure an adequate level of protection of your personal data.

USERS’ RIGHTS
a) Any person has the right to obtain confirmation as to whether or not we are processing personal data relating to him or her.
b) Data subjects have the right to access their personal data and to request the rectification of inaccurate data or, where appropriate, the erasure of such data if, inter alia, it is no longer necessary for the purposes for which it was collected.
c) In certain circumstances provided for in Article 18 of the GDPR, data subjects may request the limitation of the processing of their data, in which case we will only keep them for the purpose of exercising or defending claims.
d) Data subjects may object to the processing of their data for marketing purposes, including profiling. The Foundation will stop processing the data, except for compelling legitimate reasons or for the exercise or defence of possible claims.
e) Under the right to portability, data subjects have the right to obtain their personal data in a structured, machine-readable format and to transfer it to another controller.

EXERCISE OF RGDP RIGHTS BY THE USER
By writing to the above addresse

COMPLAINT TO THE SPANISH DATA PROTECTION AGENCY
If you consider that the Foundation has not properly dealt with your request, you may contact the Spanish Data Protection Agency, whose contact details can be found at “www.agpd.es”

CATEGORIES OF DATA
What types of data do we process?
a) Identifying data.
b) Data relating to your professional function or activity.
c) Family and economic data.

Special categories of Articles 9 and 10 of the GDPR may apply. In these cases, RED LEAF complies with the requirements of Articles 9 and 10 and explicit consent is obtained.

The data received or collected are those necessary to fulfil the stated purposes, and are treated confidentially in accordance with the privacy and security policies established by the company.

The data received or collected are those necessary to fulfil the stated purposes.
As the data controller, we process personal data that you provide when requesting services or resources, accessing our website, or establishing any kind of relationship with us, directly or indirectly.

As data processors, we receive data from the controller or collect it on their behalf during the provision of contracted services