1. Purpose

This Privacy Policy aims to inform individuals (hereinafter, users or data subjects) who visit our website (hereinafter, website, site, or web) about how we collect, process, and protect any personal data they choose to provide through any means (forms, emails, telephone, contracts, etc.), so that they can decide freely whether they wish us to process it.
Additionally, this Policy supplements the information previously provided to data subjects in the informative clauses included in the processes for collecting personal data.
This Policy also seeks to comply with Regulation (EU) 2016/679 of the European Parliament and Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and the free movement of such data (hereinafter, GDPR), as well as Organic Law 3/2018 of 5 December on the Protection of Personal Data and Guarantee of Digital Rights (hereinafter, LOPDGDD).

2. Data Controller

Entity: DUART-VILA ARQUITECTES S.L.P.
Tax ID / NIF: B97334916
Postal Address: Avda. Corts Valencianes, 38 – 1º, 46470 Albal, Valencia
Telephone: 961 268 456
Email: dva@dvarquitectes.com
Corporate Purpose: Architecture
Website: https://www.dvarquitectes.com/es
Registration Details: Mercantile Registry of Valencia, Volume 7527, Book 4828, Folio 104, Section 8, Sheet V 90842

3. Personal Data We Collect and How

For the development of our business activities, it is essential to process personal data collected via digital means (e.g., email, web forms or questionnaires), paper documents (e.g., contracts or forms), or in-person or telephone conversations. In all cases, data will be processed lawfully, fairly, and transparently.

Categories of personal data we may process:

• Identification data: Name, surname, ID or equivalent, image, and signature (manual or digital).
• Contact data: Telephone, email, postal address.
• Commercial data: Quotes, purchase conditions, service or purchase history, results of communications (phone, email, messaging, and other channels).
• Accounting data: Income and expense records, invoicing details.
• Banking data: Bank accounts and cards.
• Transaction data: Transfers, direct debits, amounts, and transaction details.
• Browsing data: Time spent on the website, pages visited, demographic data (e.g., age, sex, language).

We do not collect special categories of data (e.g., health data, ethnicity, political opinions, religious beliefs). If it becomes necessary, we will inform you and request prior and explicit consent.

All data collected will be adequate, relevant, and limited to what is strictly necessary, and will only be processed by authorised personnel or collaborators who have signed confidentiality agreements and comply with required security measures to ensure data confidentiality, integrity, and availability, in accordance with GDPR.

Data may be provided directly by the data subject or their legal representative, or collected by authorised collaborators acting on our behalf, always with prior and explicit consent.

If a subject does not provide the requested data or provides incomplete or incorrect data, it will not be possible to maintain a relationship or process the request.

Categories of data subjects:

3.1. Clients:

Identification, contact, commercial, accounting, banking, and transaction data, collected at the time of purchase or service contract, either personally, by phone, email, or web forms, or via authorised collaborators.

3.2. Information Requesters:

Identification, contact, and commercial data, collected to respond to requests by phone, email, or web forms.

3.3. Suppliers:

Identification, contact, commercial, accounting, banking, transaction, and financial data, processed throughout the commercial relationship.

3.4. Job Applicants:

Curriculum, identification, contact, and professional/personal data provided through any means (in person, email, web forms), including interviews, videoconferences, or via authorised collaborators. For more information, see our Job Applicants Policy.

3.5. Social Media Users:

Identification, contact, commercial, and other data users allow to be shared or visible on social media platforms (e.g., LinkedIn). See our Social Media Policy for details.

3.6. Claimants:

Identification, contact, and personal information relating to submitted claims.

3.7. Visitors:

Identification and contact data, collected when visiting our premises or provided by an authorised representative for access purposes.

3.8. Website Users:

Analytical data (e.g., time spent, pages visited) and demographic data (e.g., sex, age, country, language), collected only with explicit consent. See our Cookie Policy for more information.

3.9. Further Information:

Data subjects will have access to the legally required information in the informative clauses in forms, contracts, and other media, allowing them to decide freely whether to allow the processing of their personal data. All categories and types of data processed will be clearly identified in the corresponding processing activities owned by our entity.

4. Purpose of Data Processing

The processing of personal data is generally aimed at maintaining and fulfilling relationships with clients, suppliers, job applicants, information requesters, website/blog or social media users, and other interested parties. Examples by category:

4.1. Clients:

Your personal data will be processed to identify you, manage and maintain the pre-contractual and contractual relationship, including the sending of commercial communications through various channels, responding to inquiries,



conducting quality controls and commercial statistics, providing our services and/or selling goods, managing accounting and invoicing, processing transactions, handling collections, managing incidents and claims, exercising rights, and assessing economic solvency. Additionally, your data may be used for other purposes necessary to comply with the aforementioned relationship, applicable laws, and to safeguard our legitimate interests.

4.2. Information Requesters:

We will process your personal data to respond to your general information requests, to identify you, and to send or provide quotes and information regarding the goods and/or services of your interest, including any related commercial information in our response (verbal, written, or digital). We may also carry out follow-up communications through various channels to ascertain the decisions made regarding the commercial proposals we have sent you.

4.3. Job Applicants:

Your data will be processed to include you in our recruitment processes and talent pool, to identify you, and to contact you regarding job vacancies, interview coordination, and other matters related to your application. For further information, please refer to our Job Applicants Policy.

4.4. Suppliers:

Your personal data will be processed in order to maintain the commercial relationship, whether for requesting quotes, purchasing goods, or contracting services; to identify you; to manage accounting; to carry out transactions of goods and services; and for other purposes necessary to fulfil this relationship, comply with our legal obligations, and safeguard our legitimate interests.

4.5. Social Media Users:

We will process your personal data to maintain the relationship as a user of the same social network, to identify you, to contact you, and to share news and other personal data that you permit to be shared with other members of the network. For further information, please refer to our Social Media Policy.

4.6. Claimants:

Personal data will be processed to identify you, manage your claim, and contact you regarding its status, as well as to comply with our legal obligations and protect our legitimate interests.

4.7. Visitors:

Data regarding visits to our premises will be processed to identify you, to comply with our occupational health and safety obligations, and for security and access control purposes within our facilities.

4.8. Website Users:

Data may also be processed for various purposes (e.g., analysis of visits) upon your acceptance of cookies when visiting our website. For more information, please refer to our Cookies Policy.

4.9. Further Information:

Legally required information will be made available to data subjects in the corresponding privacy notices included in the various data collection channels (e.g., forms, voice recordings, contracts, etc.) and in other resources we provide (e.g., certificates, invoices, legal notices, etc.), allowing you to freely and explicitly decide whether the personal data requested may be processed by our entity. If you do not provide the requested data or if the data provided is incomplete or incorrect, it will not be possible to process your information request or maintain a relationship with you. Data will not be further processed or used for purposes other than those expressly accepted by the data subjects. The purposes motivating the processing of personal data will be duly identified in the corresponding processing activities owned by our entity.

5. Why We Process Your Data (Legal Basis)

The processing of your personal data by our entity is based on one or more of the following legal grounds:

1. When you provide your explicit, free, informed, and unequivocal consent. After being informed at the time your data is collected, and more fully through this Privacy Policy, you may voluntarily authorise us to process your data for one or more purposes by ticking the relevant boxes in our web forms or by providing your consent through the signing of the privacy notices we provide at the time your personal data is requested.
2. For the performance of a contract to which you are a party, or where you have requested pre-contractual measures from us.
3. When the processing is necessary to comply with a legal obligation applicable to our entity.
4. When the processing is necessary for the legitimate interests pursued by our entity or a third party, provided that such interests do not override the interests or fundamental rights and freedoms of the data subject. In this regard, we inform you that our entity has conducted a balancing assessment, weighing our legitimate interests against the rights and freedoms of the data subject, always ensuring the protection of their fundamental rights.

In the case of users under the age of 14, the consent of their parents, guardians, or legal representative is required to process their data. The user is solely responsible for the accuracy of the data they provide to us.

6. Data Retention

The personal data provided will be retained for as long as we maintain a relationship with you and for the time necessary to fulfil the purpose for which your data was collected. Once this relationship has ended, we will keep the data blocked in cases where it is necessary to retain it until the limitation period for liability expires, exclusively for the purposes of claims or legal actions, and to comply with our legal obligations.