Privacy policy

Our privacy and data protection policy.

Updated: 12 April 2021

This Privacy Policy is an integral part of the Legal Disclaimer of the Web housed at www.riverogustafson.com

In this Privacy Policy, you will find all the relevant information regarding the use we make of our users’ personal data, regardless of the channel or means (online or in person) that you use to interact with us.

We are transparent with regard to what we do with your personal data, so that you understand the implications of the uses performed or the rights you have in relation to your data.

We permanently make available to you all the information in this Privacy Policy that may be queried as you deem it timely. You will also find information about each processing element affecting your personal data as you interact with us.

When our Platform is discussed, reference will be made to any of the channels or digital media or in person that you have used to interact with us, the main ones being:

  • Our website riverogustafson.com
  • By e-mail to the e-mail accounts of the workers of RIVERO & GUSTAFSON ABOGADOS, SLP, with domain “riverogustafson.com”
  • Via the phone at 91-561-51-01

In compliance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, regarding the protection of natural persons with regard to the processing of personal data and the free circulation of these data and by which Directive 95/45 / CE (General Data Protection Regulation) and by Organic Law 3/2018, on Protection of Personal Data and guarantee of digital rights is repealed, you are duly informed that:

1. WHO IS THE DATA CONTROLLER IN CHARGE OF PROCESSING YOUR PERSONAL DATA?

The Data Controller entrusted with Processing your data is RIVERO & GUSTAFSON ABOGADOS, SLP, (hereinafter, “RIVERO & GUSTAFSON”), holder of Fiscal ID code B-81934739, whose registered office is in Avda. De Burgos nº 21, 11º. 28036 Madrid, telephone number 91-561-51-01, and email at protecciondedatos@riverogustafson.com. At RIVERO & GUSTAFSON we have regulated and are entrusted with the processing and protecting your personal data.

2. FOR WHAT PURPOSE DO WE PROCESS YOUR PERSONAL DATA?

Depending on the services you want to use, at all times we will need to process some data or others, which in general will be, as the case may be, the following:

  • Identifying data (including your name, surname, gender, date of birth, marital status, profession, place of work, collegiate number, personal address, professional address, email address, telephone numbers, language and country from which you interact with us, etc).
  • Academic and / or professional data (which includes training / degrees, student history, professional experience, membership of professional associations or colleges, in the event of selection processes).
  • Economic and transactional information (which includes your bank account details, payment details that we have made or have received).
  • Technical data (including the Internet protocol (IP) address used to connect your computer to the Internet, login information, browser type and version, time zone settings, browser plug-in types and versions, operating system and platform, etc).
  • Communications data (including your preferences for receiving communications from us).
  • Procedural data (which includes how much data is necessary from our clients to be able to provide them with our legal services).

The personal data requested in the exercise of the contractual relationship are mandatory, so that the refusal to supply them will entail the impossibility of carrying out the provision of the contracted services.

The user assures that the information provided is true, accurate, complete and up-to-date, and is responsible for any damage or loss, direct or indirect, that may ensue as a result of a breach of this stipulation.

In any case, only data that is adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed will be processed. The data will be kept only for the time necessary for the purposes of the treatment.

RIVERO & GUSTAFSON will process user data, manually and / or automatically, depending on how you interact with our Platform, for the following purposes:

PURPOSE

1.- Develop, fulfil and execute the service contract that you have entered into with us.

This includes the treatment of your data to:

ü  Perform the legal services that you have entered into with us in a timely fashion.

ü  Manage the payment of services that you contract, regardless of the means of payment used.

ü  Contact you in relation to updates or informative communications related to the contracted services.

ü  For billing purposes and to make the invoices of the services you have entered into available to you.

 

2. Staff selection and recruitment

In the event that you send us your CV or register for the job offers that RIVERO & GUSTAFSON publishes, your data will be processed in order to assess and manage your job application and, where appropriate, carry out the necessary actions for the Staffing selection process.

3. Compliance with the legally established obligations.

Compliance with legally established obligations, as well as to verify compliance with contractual obligations, including fraud prevention.

4.- Analysis of usability and quality to improve our services

If you access our Platform, you are informed that your browsing data will be processed for analytical and statistical purposes; that is, to understand the way in which users interact with our Platform so that improvements to the same can be made.

 

     

    3.- WHAT ARE THE LEGAL GROUNDS FOR THE PROCESSING OF YOUR DATA?

    The lawful grounding that allows us to process your personal data depends on the purpose for which it is processed, in accordance with the contents of the table below:

    Purpose

    Lawful grounding

    1. Develop, fulfil and execute the service contract

    The processing of your data is necessary for the enforcement of the contract for the provision of services that links us to you.

    2. Staff selection and recruitment

    The standing is grounded on the express and unequivocal consent of the user who submits their data to RIVERO & GUSTAFSON in order to participate in a personnel selection and recruitment process.

    3. Compliance with the legally established obligations.

    The standing is grounded on compliance with the legal obligations that RIVERO & GUSTAFSON must meet.

    4. Usability and quality analysis

    It is considered that we hold a legitimate interest to analyse the usability of the Platform, since we understand that the processing of this data is beneficial for you because the purpose is to improve the user experience and offer a higher quality service.

     

    4.- HOW LONG WILL WE STORE YOUR DATA?

    The retention term of your data will depend on the purposes for which these are processed:

    Purpose

    Retention period

    1. Develop, fulfil and execute the service contract

    Your data will be processed for the time necessary to implement the service contract.

     

    2. Staff selection and recruitment

    Your data will be processed for a period of 1 year, after that period has elapsed, without having been updated, the data will be deleted, unless you indicate otherwise.

     

    3. Compliance with the legally established obligations.

    We will process the data for the legally established terms so that RIVERO & GUSTAFSON can comply with its judicially mandatory obligations.

    4. Usability and quality analysis

    Your data will be processed occasionally during the time in which we require to carry out a specific action or until your browsing data has been anonymised.

     

     Regardless of whether we process your data for the time strictly necessary to fulfill the corresponding purpose, it will be subsequently stored duly saved, protected and blocked during the time in which responsibilities arising from the processing may arise, in compliance with the regulations in force at all times. Once the possible actions are prescribed in each case, the personal data will then be deleted.

    5.- WILL WE SHARE YOUR DATA WITH THIRD PARTIES?

    5.1.- To comply with the purposes indicated in this Privacy Policy, it is necessary that we give access to your personal data to third parties who provide us with support in the services we offer you:

    • Business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you.
    • Search engine and analytics providers to help us improve and optimise our site.
    • IT Service Providers
    • Specialist advisory bodies
    • Banks and financial institutions
    • Accounting service providers
    • Suppliers and collaborators of logistics, transport and delivery services
    • Suppliers and collaborators of services related to marketing and advertising
    • Suppliers of custodianship, protection and management of information and assets.
    • Administrative records
    • Tax management suppliers
    • Other professionals in the legal field (such as notaries and court attorneys)

    5.2.- Likewise, certain data, within the framework of current regulations or the contractual relationship that the user maintains with RIVERO & GUSTAFSON, these can be notified of to:

    • Public administrations with competence in the sectors of activity of RIVERO & GUSTAFSON, when required by current regulations.
    • The State Security Forces and Bodies, by virtue of the provisions of current regulations.
    • SEPBLAC, when required by current regulations.

    5.3.- RIVERO & GUSTAFSON contracts its virtual infrastructure according to a “cloud computing” model through Microsoft Corporation (USA) and under the contractual framework based on the standard clauses established in the EU Directive 95/46 / CE.

    Microsoft provided its standard contractual clauses to the Article 29 Working Group for review and approval. The Group determined that the implementation of the provisions in the Microsoft agreements was in line with its strict requirements. The approval covered the interactions reflected in the model clauses 2010/87 / EU, but not in the appendices, which describe the data transfers and security measures implemented by the data importer. The AEPD can analyse the appendices separately.

    Available Information:

    https://docs.microsoft.com/es-es/compliance/regulatory/offering-eu-model-clauses#microsoft-and-european-union-model-clauses

    https://www.microsoftvolumelicensing.com/DocumentSearch.aspx?Mode=3&DocumentTypeId=67

    5.4. Likewise, RIVERO & GUSTAFSON uses the Google Analytics services of Google Inc. for its website. (USA), under the Google Ads Data Processing Terms. Information available at:

    https://privacy.google.com/businesses/processorterms/

    6.- WHAT ARE YOUR RIGHTS WHEN YOU PROVIDE US YOUR DATA?

    Regardless of the purpose or the legal basis by virtue of which we process your data, you have the following rights:

    RIGHTS

    Access Rights

    Anyone is entitled to obtain confirmation regarding whether RIVERO & GUSTAFSON is treating personal data that concerns them or not.

     

    Likewise, you have the right to obtain clear, transparent and easy to understand information about the way in which we use your personal data and about your rights.

     

    You also have the right to access your personal data, as well as to obtain a copy of your personal data that forms the basis of the processing.

     

    To exercise this right, please contact us by any of the means indicated below.

    Right of Correction.

    You have the right to request the rectification of inaccurate data or that have ceased to be valid or to have them completed when they are incomplete or, where appropriate, request the deletion when, amongst other reasons, the data is no longer necessary for the purposes for which they were gathered. As soon as the rectification is carried out, the data will be blocked.

     

    To exercise this right, please contact us by any of the means indicated below.

     

    Right to erasure (Right to be forgotten)

    In certain circumstances, you have the right to have your personal data erased or eliminated, without this right being absolute, since we may have legal or legitimate reasons to keep it. As soon as the rectification is carried out, the data will be blocked.

     

    To exercise this right, please contact us by any of the means indicated below.

     

    Right to restriction of processing

    Under certain circumstances you may request the restriction of the processing of your data, in which case we will only retain it for the exercise of or defence against legal claims.

     

    In certain circumstances and for reasons related to your particular situation, the data may only be processed, with the exception of its conservation, with your consent or for the formulation, exercise or defence of claims, with a view to the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.

     

    To exercise this right, please contact us by any of the means indicated below.

     

    Right to withdraw consent at any time when data processing is based on consent

    You have the right to withdraw your consent to the processing of your personal data when the processing is based on your consent.

     

    The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

     

    To exercise this right, please contact us by any of the means indicated below.

    Right to data portability

    You have the right to transfer, copy or move data from our database to a different one. It is only possible to exercise this right with respect to data that you have provided, when the treatment is based on the execution of a contract, or your consent and the treatment is carried out by automated means.

     

    To exercise this right, please contact us by any of the means indicated below.

    Right to lodge a complaint with a supervisory authority

    You have the right to claim the privacy and data protection practices of RIVERO & GUSTAFSON before the Spanish Data Protection Agency (www.aepd.es) as well as file a claim with the latter in case you have are not wholly satisfied from RIVERO & GUSTAFSON in the exercise of the above rights.

    How can you contact us to exercise your rights?

    To exercise any of the rights described above, you can write to us at the following email address protecciondedatos@riverogustafson.com, attaching a copy of your ID.
    7.- WHAT HAPPENS IF YOU PROVIDE US WITH THIRD PARTY DATA?

    If you provide us with Personal Data belonging to third parties, you must have their consent and you guarantee to have informed them about the purposes and the way in which we need to treat their personal data, exempting RIVERO & GUSTAFSON from any responsibility in this regard.

    8.- PERSONAL DATA BELONGING TO MINORS

    RIVERO & GUSTAFSON considers that children deserve specific protection with regard to their personal data, since they may be less aware of the risks, consequences, guarantees and rights concerning the processing of personal data. This specific protection must apply, in particular, to the use of personal data of minors for marketing purposes or the elaboration of personality or user profiles, and to the obtaining of personal data relating to children when using services offered directly to a child. RIVERO & GUSTAFSON complies with the Convention of 20 November 1989 on the Rights of the Child, adopted by the United Nations General Assembly, and Organic Law 1/1996, of 15 January, on the Legal Protection of Minors, approved by the Spanish Parliament, as well as similar legislation enacted in other countries to protect minors.

    9.- INFORMATION REGARDING COOKIES
    In the following link you can find our Cookies Policy.
    10.- CHANGES TO THE COOKIES AND PRIVACY POLICY

    The information contained in this Privacy Policy may be modified as necessary. If this is carried out, we will notify you by various means through the Platform, or even inform you via email when the change in question is significant to your privacy, so that you can review the changes, consider them and, where appropriate, object or unsubscribe from any service or feature. In any event, we suggest you verify this Privacy Policy from time to time in case there are minor changes, or any interactive improvement has been inserted, taking advantage of the fact that you will always find it as a permanent information point in our Web.