Privacy Policy
Privacy Policy
1. Purpose
This Privacy Policy aims to inform individuals (hereinafter, users or data subjects) who visit our Website (hereinafter, website or the site) about how we collect, process, and protect the personal data you choose to provide us through any means (forms, emails, phone, contracts, etc.) and, after reading it, freely decide whether you wish for us to process them. Additionally, this Policy supplements the information previously provided to data subjects in the informative clauses included in the processes for collecting personal data.
Furthermore, this policy aims to comply with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter GDPR) and Organic Law 3/2018, of December 5, on Personal Data Protection and guarantee of digital rights (hereinafter, LOPDGDD).
2. Data Controller
Entity: SETANTA ARQUITECTURA, S.L.P.
CIF/NIF: B19824309
Postal address: Avda. Corts Valencianes, 38, 1º, 1ª, 46470 Albal (Valencia)
Phone: 961 268 456
Email: info@setantaarquitectura.com
Corporate Purpose: Architecture
Website: https://setantaarquitectura.com/
Registry data: Mercantile Registry of Valencia Volume 7527, Book 4828, Folio 104, Section 8, Sheet V 90842
3. Why will we process your data (legitimacy)?
The processing of your personal data by our entity will be carried out based on one or more of the following legitimate grounds:
Article 6.1 a) GDPR:
The data subject has given consent to the processing of his or her personal data for one or more specific purposes.
Article 6.1 b) GDPR:
For the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract.
Article 6.1 c) GDPR:
Where processing is necessary for compliance with a legal obligation to which our entity is subject.
Article 6.1 f) GDPR:
Where processing is necessary for the purposes of the legitimate interests pursued by our entity or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. In this regard, we inform you that our entity has carried out an analysis weighing our legitimate interests against the rights and freedoms of the data subject, always respecting their fundamental rights. This shall not apply to processing carried out by public authorities in the performance of their tasks.
If the user is under 14 years of age, the consent of parents, guardians, or legal representatives will be required to process their data. The user is solely responsible for the veracity of the data they send us.
4. What personal data will we process and how do we obtain it?
For the development of our business activity, it is essential to process personal data, which can be collected through digital means, paper documents, or as a result of in-person or telephone conversations. In all these cases, the data will be processed fairly, lawfully, and transparently.
Categories of personal data we may process:
- Identification data: name and surname, DNI or equivalent document, image, voice, and signature.
- Contact data: phone, email, postal address.
- Commercial data: budgets, purchase conditions, service and/or purchase management and history, contact results (phone, email, messaging, and other communication channels).
- Accounting data: income and expense control, billing data.
- Bank data: bank accounts and cards.
- Economic data: payment status, collection management, financing.
- Curriculum data: academic data, professional experience, personal characteristics, etc.
- Transaction of goods and services: bank transfers and direct debits, amounts, and concepts.
- Navigation data: analysis of time spent on our website, pages visited.
We do not collect special categories of data (e.g., health data, ethnicity, political opinions, religious beliefs). If it becomes necessary, we will inform you and request prior and explicit consent.
Consequently, the requested data will be adequate, relevant, limited to what is strictly essential and necessary, processed only by personnel and/or collaborators authorized by our entity, who will have signed a confidentiality agreement and commit to complying with the necessary security standards to guarantee the confidentiality, integrity, and availability of the processed data and other legally established requirements in the GDPR. Therefore, they will be processed lawfully.
The data to be processed is provided by the data subject themselves or by their legal representative, although it may be the case that we delegate some functions to certain collaborators, and they are responsible for collecting your data, but it will always be processed with your prior and express consent.
If a subject does not provide the requested data or provides incomplete or incorrect data, it will not be possible to maintain a relationship or process the request.
Categories of data subjects:
4.1. Clients
Identification, contact, commercial, economic, accounting, banking, and goods and services transaction data will be processed, and may only be collected if the client provides it at the time of contracting services, requesting pre-contractual measures, or during the maintenance of the service provision relationship.
Data may be collected in person, by phone, email, or through forms on our website, online chat, instant messaging, etc.
Legal basis: Article 6.1 a); 6.1 b); 6.1 c); 6.1 f); GDPR
4.2. Information Seekers
Whether the requested information is in person, by phone, or in writing (e.g., email or web forms), we will request and process identification data, contact data, and commercial data.
Legal basis: Article 6.1 a); 6.1 f); GDPR
4.3. Suppliers
Identification, contact, commercial, accounting, banking, goods and services transaction, and financial data will be processed. This data may be processed during all stages of the commercial relationship and only if the supplier provides it to begin said relationship.
Legal basis: Article 6.1 a); 6.1 b); 6.1 c); 6.1 f) GDPR
4.4. Job Applicants
For this category of data subjects, curriculum data, identification data, contact data, and other data related to their professional or personal characteristics will be processed, which will be provided by the applicant themselves when submitting their application.
Data collection may be carried out in person, by email, web forms, in personnel selection interviews (in-person or remote), and may even reach us through a collaborator to whom we have delegated certain functions.
Legal basis: Article 6.1 a); 6.1 b); 6.1 f) GDPR
4.5. Social Media Users
Identification, contact, commercial, and other data users allow to be shared or visible on social media platforms (e.g., LinkedIn). See our Social Media Policy for details.
Legal basis: Article 6.1 f) GDPR
4.6. Complainants
Identification data, contact data, and personal information of the complainant or third parties submitted by the complainant will be processed.
Legal basis: Article 6.1 a); 6.1 c); 6.1 f) GDPR
4.7. Visitors
Identification data, contact data, the company they work for, and the reason for the visit will be processed. This data is collected when the visitor provides it upon requesting access to our facilities or when their contact person within our entity provides it to allow them access.
Legal basis: Article 6.1 c); 6.1 f) GDPR
4.8. Website Users
When visiting our website, and only if the user expressly authorizes it, navigation data may be collected by installed and authorized cookies. For more information, please visit our Cookie Policy.
Legal basis: Article 6.1 a) GDPR
4.9. More information for data subjects
Data subjects will be provided with the legally established information in the corresponding informative clauses included in the various data collection methods, so that the data subject can freely and expressly decide whether they want their personal data to be processed by our entity. For extended information, these clauses will explain how to access this policy.
All categories and types of personal data processed will be duly identified in the corresponding processing activities owned by our entity.
5. For what purposes will your data be processed?
In general, the processing of personal data carried out by our entity aims to fulfill and maintain the relationship with the different groups of people with whom we interact.
Depending on this relationship, the processing of your data serves different purposes, which are detailed below by way of example and not limitation:
5.1. Clients
Your personal data will be processed to identify you, fulfill and maintain the pre-contractual and contractual relationship, including sending commercial communications through different means, addressing inquiries, conducting quality controls and commercial statistics, for the provision of our services, for accounting and billing management, the transaction of goods and services, collection management, incident management, claims and exercise of rights, as well as for other purposes to which we are obliged to comply with said relationship, the laws to which we are subject, or to attend to our legitimate interests.
5.2. Information Seekers
We will process your personal data to address any kind of information requests you wish to submit, to identify you, to send or deliver quotes and information about goods and/or services of your interest, including in our response (verbal or written) commercial information related to your request. We will also conduct follow-up contacts, through different means, to ascertain decisions made regarding the commercial proposals we have sent you.
5.3. Job Applicants
Your data will be processed to include you in our selection processes and job pool, to identify you, as well as to contact you and inform you about vacancies, coordinate interviews, and other matters related to your application.
5.4. Suppliers
Your personal data will be processed for the purpose of maintaining the pre-contractual and contractual relationship, fulfilling the commercial relationship whether for requesting quotes, purchasing goods or contracting services, for making inquiries and identifying you, for accounting management and the transaction of goods and services, as well as for other purposes necessary to comply with said relationship, with our legal obligations, and legitimate interests.
5.5. Social Media Users
We will process your personal data to maintain the relationship as users of the same social network, to identify you, to contact you, share news or advertising, and process other personal data that the social network user themselves allows to be shared with the rest of its components. For more information, consult our Social Media Policy.
5.6. Complainants
Personal data will be processed to identify you, manage your claim, and contact you regarding its status, as well as to comply with our legal obligations and protect our legitimate interests.
5.7. Visitors
Data from visits to our facilities will be processed to identify you, to comply with our obligations regarding occupational risk prevention, and for security and access control purposes.
5.8. Website Users
By accepting the installation of cookies when visiting our website, data may be processed for analytical purposes, for example: visit duration, pages visited, etc., collected by Google. For more information, please visit our Cookie Policy.
5.9. More information for data subjects
Data subjects will be provided with the legally established information in the corresponding informative clauses included in the various data collection methods (e.g., forms, voice recordings, contracts, etc.), so that you can freely and expressly decide whether you want the requested personal data to be processed by our entity. In the same vein, this information will be reiterated in the different documents or communications we share with data subjects (e.g., badges, invoices, legal notices, etc.).
If the data subject does not provide the data we request or provides incomplete or erroneous data, we may not be able to fulfill their information request or interact with them.
The data will not be further processed or for purposes other than those accepted by the data subjects.
The purposes motivating the processing of personal data will be duly identified in the corresponding processing activities owned by our entity.
6. Data Retention
The personal data provided will be retained as long as we maintain a relationship with the data subject and for the time necessary to fulfill the purpose for which the data was collected.
Once this relationship ends, we will keep them blocked in cases where it is necessary to retain them, either until the statute of limitations for liabilities for the exclusive purpose of claims or legal actions, as well as to comply with our legal obligations, for example:
| Data Subjects | Sectoral Scope | Legal Basis | Retention Period |
|---|---|---|---|
| Clients Suppliers | Accounting | Art. 30.1 Royal Decree Commercial Code | 6 years from the last entry |
| Clients Suppliers | Tax | Art. 66 General Tax Law 58/2003 |
|
| Any person | General | Art. 1964.2 of the Civil Code | 5 years: Personal actions that do not have a special term expire after five years from when the obligation can be demanded. For continuous obligations to do or not to do, the term will begin each time they are breached. |
| Job Applicants | Labor | AEPD Labor Relations Guide | 1 year |
| Visitors | Access control to facilities | Instruction 1/1996 of the AEPD | 1 month |
| Website Users | Use of cookies | AEPD Guide on the use of cookies | 24 months maximum |
| Information Seekers | Commercial Legal | Art. 20.1 a) and d) Spanish Constitution | The shortest possible time or as indicated by law. |
| Clients Suppliers Visitors Job Applicants Workers | Video surveillance | Art. 22.3 LOPDGDD – personal data protection | 1 month |
When the data is no longer necessary, our entity will proceed with its secure and confidential deletion and destruction.
7. Profiling
We do not create profiles or make automated decisions using your personal data, but if we were to do so, you would be informed and your prior authorization would be requested.
Likewise, you have the right to object to this type of processing at any time by writing to our entity at: info@setantaarquitectura.com
8. Data Transfer
In general, our entity will only communicate personal data to third parties when there is a valid legal basis in accordance with Regulation (EU) 2016/679 (GDPR), such as a legal obligation, the execution of a contractual relationship, the provision of social and health services, or, where applicable, the consent of the data subject.
Likewise, certain personal data may be processed by companies belonging to our business group when necessary for the correct centralization of administrative, accounting, IT, or internal management services, always guaranteeing compliance with data protection regulations and the rights of data subjects.
Clients and Suppliers
In the case of clients and suppliers, their personal data may be communicated to third entities only when there is a legal obligation (for example, to the Tax Agency or other competent Public Administrations), or when it is necessary for the correct execution of the contractual relationship, as occurs with banking entities for the management of collections and payments. In such cases, only strictly essential data will be provided.
Job Applicants
In the case of job applicants, their data will not be communicated to third entities unless there is a legal obligation.
However, they may be communicated to other companies within the business group only if the candidate has previously granted their express authorization for this purpose.
Information Seekers and Website Users
Personal data collected through the website will not be communicated to third parties unless there is a valid legal basis or it is necessary for the provision of the requested service, with specific information provided in each case at the time of data collection.
Data Processors
Certain personal data may be processed by third-party providers to whom we delegate certain obligations (e.g., accounting consultancies or IT services), acting as data processors. In such cases, our entity has formalized the corresponding contract with them in accordance with Article 28 GDPR.
Public Authorities and Bodies
In general terms, personal data may be communicated to Judges, Courts, Public Prosecutors, or competent Public Administrations when there is a legal obligation or it is necessary for the formulation, exercise, or defense of claims.
9. International Data Transfer
In the event of transfers to third-party entities located in countries outside the European Economic Area, we will inform and request the prior and express consent of the data subjects.
10. Security Measures
Our entity has implemented all necessary technical and organizational measures to protect the personal data processed, preventing its loss, theft, or unauthorized use.
These measures have been created based on the type of data processed and the purposes motivating said processing. They are periodically verified in our internal controls for compliance with personal data protection regulations and through external audits.
11. Your Rights
As the owner of your personal data, acting on your own behalf or through your representative, you may contact our entity at any time and request to exercise your rights regarding personal data protection.
We explain what these rights are:
11.1. Right of Access
You have the right to know and request from us at any time the following information:
- Whether or not we are processing your personal data.
- The purposes of the processing, as well as the categories of personal data being processed.
- The origin of your data, if you did not provide it to us.
- The recipients or categories of recipients to whom my personal data has been or will be communicated, including, where applicable, recipients in third countries or international organizations.
- Information on appropriate safeguards relating to the transfer of my data to a third country or an international organization, if applicable.
- The envisaged retention period, or, if not possible, the criteria used to determine that period.
- If automated decisions exist, including profiling, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing.
- A copy of your personal data undergoing processing.
11.2. Right to Rectification
Request the rectification of your personal data when it is inaccurate, as well as to complete it when it is incomplete.
11.3. Right to Object
You can object to us processing your data when it is incorrect or no longer necessary to process it.
If you act as a defendant or a person affected by a complaint within the framework of Law 2/2023, you will not be able to exercise your right to object, as it is presumed (subject to proof to the contrary) that there are reasons that legitimize the processing of your personal data, in accordance with the provisions of Article 31.4 of the Law.
11.4. Right to Erasure
Request that your data be deleted for any of these reasons:
- Your data is no longer necessary for the purposes for which it was collected or processed.
- You have not given consent for the processing of your data.
- When you have exercised the right to object.
- When the data has been unlawfully processed.
- When the data must be erased for compliance with a legal obligation.
11.5. Right to Restriction of Processing
You may request to exercise this right when one or more of these situations occur:
- When you contest the accuracy of your data, for a period enabling the controller to verify the accuracy of the personal data.
- When the processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead.
- When the controller no longer needs the personal data for the purposes of the processing, but it is required by the data subject for the establishment, exercise or defense of legal claims.
- When you have objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.
11.6. Right to Data Portability
Refers to the right to obtain your data in a structured, commonly used, and machine-readable format, as well as to transmit it to another controller for further processing.
11.7. Right not to be subject to automated decisions
The right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
11.8. How you can exercise your rights
To exercise any of your rights, you must send a written request to SETANTA ARQUITECTURA, S.L.P., either by postal mail to the address: Avda. Corts Valencianes, 38, 1º, 1ª, 46470 Albal (Valencia) or by email to: info@setantaarquitectura.com stating the rights you wish to exercise. If you are acting on behalf of another person, you must prove your representation. If there are reasonable doubts regarding the identity of the person making the request, we may ask for additional necessary information to confirm your identity.
If you wish to submit any suggestion or query about the processing of your personal data, you can contact our data protection consultants:
BUSINESS ADAPTER, S.L.
Ronda Guglielmo Marconi, 11, 26, (Parque Tecnológico) 46980 Paterna (Valencia).
Data Subject Request Form
We inform you that you have the right to file a complaint with the Spanish Data Protection Agency at: C/ Jorge Juan, 6, 28001 Madrid or at www.aepd.es.
12. Commitment to Personal Data Protection
Purpose and Scope of Application
This commitment aims to comply with European and Spanish regulations on data protection and guarantee of digital rights (GDPR and LOPDGDD) and will be mandatory for all departments and employees of our entity, as well as for third parties acting on our behalf.
Principles governing the processing of personal data
We will process personal data with lawfulness, fairness, transparency, data minimization, accuracy, storage limitation, integrity, confidentiality, and active accountability. The processing of special categories of data is prohibited, as provided in Art. 9 of the GDPR and LOPDGDD.
Record of Processing Activities
Our entity will maintain a record of processing activities to assess processing risks and implement necessary security measures to ensure the confidentiality, integrity, availability, and retention period of the data.
Impact Assessment
For each processing activity, the need to conduct an Impact Assessment is analyzed to determine if there is a risk to the rights and freedoms of data subjects, in order to ascertain whether additional technical and organizational measures are necessary to guarantee their fundamental rights.
Security Measures and Security Breaches
All necessary technical and organizational measures will be applied to the personal data processed. In the event of a security breach, the Security Breach Response Protocol, designed for such purposes, will be applied.
Data Protection Rights
Our entity will address and respond to requests for the exercise of rights or information about their violation as quickly and diligently as possible.
Guarantee of digital rights in the workplace
Policies will be approved to guarantee the digital rights of workers, and they will be duly informed of these. These policies will promote the right to reconcile work activity with personal and family life, and the right to information and privacy will also be guaranteed. Our entity may exercise control over the performance of work functions, within the limits established in Art. 20.3 of the Workers’ Statute.
Training
All necessary workers will be trained in both data protection and their digital rights in the workplace.
Control
We have external consultants who advise and audit us to ensure compliance with the GDPR and the LOPDGDD.
13. Policy Update
Our entity reserves the right to modify this Policy without prior notice. Therefore, we recommend consulting it every time you visit our website.
Text updated on February 25, 2026.
