Privacy and Cookies Policies

CONTROLLER

Croma Law Firm S.L.P. (“Croma” or “us”)
c/Pau Claris, 75, 6º 3ª, 08010 Barcelona (Spain)
NIF: B67621599
+34 934193798
hello@croma.legal

DATA ORIGIN AND DATA CATEGORIES

We will process any personal data that you may provide us through the “contact us” form, as well as through other means. Generally, this personal data may include your name, last name, email, company, phone number, country, city and any other personal data that you may provide us with through the free text box. By providing us with your data, you guarantee us and take responsibility for the veracity and accuracy thereof. On the other hand, we will also collect aggregate data through cookies for the sole purpose of analysing browsing on our website.

PURPOSES AND LEGAL BASIS FOR DATA PROCESSING

Purpose of rendering the services and/or respond to your queries based on Art. 6.1.(b) GDPR (need to execute a contract).

Purpose to send you commercial emails about our services based on Art. 6.1.(a) GDPR (consent).

Purpose of performing navigation analysis of our Website based on Art. 6.1.(a) GDPR (consent).

DATA STORAGE

We will retain your data for as long as our client-provider commercial relationship is in force, in order to manage it correctly and to send you commercial information of interest to you. However, if we observe a prolonged period of inactivity, we will erase your data if the data processing is no longer adequate, relevant and limited to what is necessary for the purposes for which the data is processed. The above default rule will apply unless you request the erasure of your data.

Once the processing of your data is no longer adequate, relevant and limited to what is necessary for the purposes for which the data is processed, we will solely retain your data for the purposes of discharging potential responsibilities as required by any applicable regulations.

RECIPIENTS

Generally, we do not need to disclose your data to third parties to perform our services. However, note that we do need to disclose your personal information to:

Providers: those providers that need to access your personal data to provide us with their services will have access to your data, such as accounting firms, IT service providers, cloud platforms, CRM providers, partners, consultants or collaborators. These third parties will act as our subprocessors and will have implemented the appropriate safeguards to protect your personal information, including the relevant data processing agreement according to Art. 28 GDPR.

Other: we will disclose your personal data to third parties if required by law, by a public or judiciary authority or for public interest or public order purposes, such as, for example, to comply with anti-money laundering and counter-terrorist financing, regulations, tax obligations or Social Security obligations.

INTERNATIONAL TRANSFERS

We do not and we do not intend to carry out international transfers. However, as usual today, some IT/technology providers have their servers outside the European Economic Area (“EEA”), for instance in the US. In the case that one of our providers is located outside the EEA (e.g., Google), we will enter into as many documents as necessary to ensure that it offers appropriate safeguards for the data subjects equivalent to those of the EU to carry out such international transfers.

RIGHTS

Which rights do you have?

As provided by the GDPR (“GDPR”) and the Spanish Personal Data Protection and guarantee of digital rights Law (“LOPDgdd”), we inform you of your right to:

Access: you have the right to access your data in order to find out what personal data we process that concerns you.

Rectification or erasure: under certain circumstances, you will have the right to rectify inaccurate personal data relating to you that is processed by us, or even to request its erasure.

Restriction: under certain circumstances, you will have the right to request the restriction of the processing of your data by us, in which case, we wish to inform you that we will only retain the data for the exercise or defence of legal claims.

Portability: under certain circumstances, you will have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly-used and machine-readable format, and the right to transmit this data to another controller.

Object: under certain circumstances and on grounds relating to your particular situation, you will have the right to object to the processing of your data, in which case we will no longer process it unless compelling legitimate grounds exist, or for the exercise or defence of possible legal claims. At any time, you may object to receiving commercial communications. At any time, you may object to the receipt of commercial communications.

How can you exercise your rights?

You may exercise the above-mentioned rights by contacting us as set out in Section 1, indicating “Privacy Rights” as the subject matter. In order to verify your identity, we may require you to send us certain additional information or documentation, such as a copy of your national identification document or passport.

The exercise of these rights is free. Please note, however, that a fee may be charged when requests are unfounded, excessive, or repetitive.

Do you have the right to withdraw your consent?

Yes. You may, at any moment, withdraw your consent regarding the processing of your data for one, several or all of the purposes referred to above. Be aware that, should that happen, our rendering of the Services could be altered or even discontinued completely.

Do you have the right to appeal?

Yes, you can appeal to the competent supervisory authority in your place of residence. You may obtain information on how to contact the different EU supervisory authorities by contacting us at the following email address hello@croma.legal. For instance, in Spain, the supervisory authority is the Spanish Data Protection Agency (AEPD). In any event, before starting any appeal, please contact us by email (hello@croma.legal) so that we can settle any discrepancies or disputes in an amicable manner.

When will we reply to you?

We will reply to your queries as soon as possible and, in any event, within one month. Should we not meet this deadline, please excuse us and contact us again so that we can deal with and rectify any possible technical error, which may have caused our late reply.

COOKIES POLICY

What is a cookie?

The objective of this policy is to inform you clearly and precisely about the cookies used on the Website.
A cookie is a small text file that websites install on the computer or mobile device of users who visit them. Cookies make it possible for a website or digital platform to remember the user’s actions and preferences (login identifier, password, language, font size and other display preferences), so that the user does not have to reconfigure them upon their return to the site or digital platform.

There are many types of cookies, such as first-party cookies and third-party cookies, as well as technical cookies (allowing the user to navigate the website), preference or personalisation cookies (enabling the website to remember information), analytical or measurement cookies (permitting tracking and analysis) and behavioural advertising cookies (allowing the development of a specific profile to display advertising based on it). There are also session cookies and persistent cookies depending on the length of a user’s stay.

What cookies do we use in this Website?

On this Website, we use the strictly necessary and analytics cookies.

The technical cookies are those cookies that we consider essential for browsing our Website, as they facilitate the use of its features or tools. In particular, we use the following:

viewd_cookie_policy from GDPR Cookie Consent plugin, which is used to make the cookie configuration panel available to users. Its duration is 1 year.

CookieLawInfoConsent from GDPR Cookie Consent plugin, which is used to check the status of the users’ consent. Its duration is 1 year.

cookielawinfo-checkbox from GDPR Cookie Consent plugin, which is used to check the status of the users’ consent. Its duration is 1 year.

Elementor own cookie, we use it in relation to the WordPress theme of the web to be able to change its content in real time. It is a persistent cookie.

Rc::a from Google, it is used to distinguish between humans and bots. It is a persistent cookie.

Rc::c from Google, it is used to distinguish between humans and bots. It is a session cookie.

The analytical or statistical cookies that we use are those of Google Analytics and Vimeo that allow us to provide you with a good navigation experience during your visit to our Website. They allow us to analyse the use of the Website so that we can perform metrics and improve its performance. In particular, we use the following:

_ga from Google, it is used to record a unique ID that is used to generate statistical data about how the visitor uses the website. Its duration is 2 years.

_gat from Google, it is used to control the request rate. Its duration is 1 day.

_gid from Google, it is used to record a unique ID that is used to generate statistical data about how the visitor uses the website. Its duration is 1 day.

_vuid de Vimeo – from Vimeo, it is used to collect data about the user’s visits to the website, such as which pages have been read. Its duration is 2 years.

You can find more information in this link.

How do I configure or delete cookies?

In addition to managing consent through our first label message, you can accept, block, or delete the cookies by configuring the options that your browser offers. However, this may affect the operation of the Website, making the User experience less satisfactory or even preventing the use of the Website. You can discover more information about cookies in this Guide Guía de la AEPD.