Privacy Policy

WEBSITE PRIVACY POLICY

https://atrilresearch.com

I. PRIVACY POLICY AND DATA PROTECTION

In accordance with applicable legislation, Atril Research (hereinafter also referred to as the “Website”) is committed to adopting the technical and organisational measures necessary to ensure a level of security appropriate to the risks associated with the personal data collected.

Legislation Incorporated into this Privacy Policy

This Privacy Policy complies with the current Spanish and European legislation governing the protection of personal data online. In particular, it complies with the following regulations:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation – GDPR).
  • Spanish Organic Law 3/2018 of 5 December on the Protection of Personal Data and the Guarantee of Digital Rights (LOPD-GDD).
  • Royal Decree 1720/2007 of 21 December, approving the implementing regulations of the former Organic Law 15/1999 on the Protection of Personal Data (RDLOPD), where applicable.
  • Law 34/2002 of 11 July on Information Society Services and Electronic Commerce (LSSI-CE).

Identity of the Data Controller

The Data Controller responsible for processing the personal data collected through Atril Research is:

Lorena Tomás Laudo
Tax Identification Number (NIF): 73261614J

Contact details:

Postal Address
Carrer Manuel de Falla, 18, 8, 3º
43005 Tarragona
Spain

Email
lorena@atrilresearch.com

Registration of Personal Data

In accordance with the GDPR and the Spanish Organic Law 3/2018 (LOPD-GDD), we inform you that the personal data collected by Atril Research through the forms available on this Website will be incorporated into our processing records and processed for the purpose of facilitating, managing and fulfilling the commitments established between Atril Research and the User, maintaining the relationship created through the forms completed by the User, or responding to requests or enquiries submitted through the Website.

Furthermore, in accordance with the GDPR and the LOPD-GDD, and unless the exception provided for in Article 30(5) of the GDPR applies, Atril Research maintains a Record of Processing Activities describing the processing operations carried out, their purposes and the additional information required under the GDPR.

Principles Governing the Processing of Personal Data

The processing of the User’s personal data shall be carried out in accordance with the principles set out in Article 5 of the GDPR and Article 4 et seq. of Spanish Organic Law 3/2018 of 5 December on the Protection of Personal Data and the Guarantee of Digital Rights:

  • Lawfulness, fairness and transparency: Personal data will only be processed with the User’s consent, obtained after providing clear and transparent information about the purposes for which the data is collected.
  • Purpose limitation: Personal data will be collected for specified, explicit and legitimate purposes.
  • Data minimisation: Only personal data that is adequate, relevant and limited to what is necessary for the intended purposes will be collected.
  • Accuracy: Personal data must be accurate and kept up to date.
  • Storage limitation: Personal data will be retained only for as long as necessary to fulfil the purposes for which it is processed.
  • Integrity and confidentiality: Personal data will be processed in a manner that ensures appropriate security and confidentiality.
  • Accountability: The Data Controller is responsible for demonstrating compliance with all of the above principles.

Categories of Personal Data

The categories of personal data processed by Atril Research include both identification data and special categories of personal data, as defined in Article 9 of the GDPR.

Special categories of personal data include data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data processed for the purpose of uniquely identifying a natural person, data concerning health, and data concerning a person’s sex life or sexual orientation.

The processing of special categories of personal data will always require the User’s explicit consent for one or more specific purposes.

Legal Basis for the Processing of Personal Data

The legal basis for the processing of personal data is the User’s consent. Atril Research is committed to obtaining the User’s explicit and verifiable consent before processing personal data for one or more specific purposes.

Users have the right to withdraw their consent at any time. Withdrawing consent will be as straightforward as giving it. As a general rule, the withdrawal of consent will not affect the User’s ability to use the Website.

Whenever Users are required or invited to provide personal data through forms in order to submit enquiries, request information, or for any purpose related to the Website’s content, they will be informed if any fields are mandatory because the requested information is essential for processing their request.

Purposes of the Processing of Personal Data

Personal data is collected and processed by Atril Research for the purpose of facilitating, managing and fulfilling the commitments established between the Website and the User, maintaining the relationship created through the forms completed by the User, and responding to requests or enquiries.

Personal data may also be used for commercial, operational, statistical and personalisation purposes related to the activities of Atril Research. In addition, it may be used for data analysis, storage and marketing research in order to tailor the content offered to Users and improve the quality, performance and usability of the Website.

At the time personal data is collected, Users will be informed of the specific purpose or purposes for which their personal data will be processed, that is, the intended use of the information collected.

Retention Periods for Personal Data

Personal data will be retained only for the minimum period necessary to fulfil the purposes for which it is processed and, in any event, for a maximum period of 24 months, unless the User requests its deletion sooner.

When personal data is collected, Users will be informed of the period for which their personal data will be stored or, where this is not possible, the criteria used to determine that period.

Recipients of Personal Data

The User’s personal data may be shared with the following recipients or categories of recipients:

([Complete this section if applicable.])

Where the Data Controller intends to transfer personal data to a third country or an international organisation, the User will be informed, at the time the personal data is collected, of the intended recipient country or international organisation, as well as the existence or absence of an adequacy decision adopted by the European Commission.

Personal Data of Minors

In accordance with Article 8 of the GDPR and Article 7 of Spanish Organic Law 3/2018 on the Protection of Personal Data and the Guarantee of Digital Rights, only individuals aged 14 years or older may lawfully give consent for the processing of their personal data by Atril Research.

Where the User is under the age of 14, parental or legal guardian consent will be required, and the processing of personal data will only be considered lawful to the extent that such consent has been granted.

Confidentiality and Security of Personal Data

Atril Research undertakes to implement the technical and organisational measures necessary to ensure a level of security appropriate to the risk associated with the personal data collected. These measures are designed to prevent the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed.

However, since Atril Research cannot guarantee the absolute security of the Internet or the complete absence of hackers or other individuals who may gain unauthorised access to personal data, the Data Controller undertakes to notify the User without undue delay whenever a personal data breach is likely to result in a high risk to the rights and freedoms of natural persons.

In accordance with Article 4 of the GDPR, a personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed.

Personal data will be treated as confidential by the Data Controller, who undertakes, through legal or contractual obligations, to ensure that such confidentiality is respected by employees, collaborators and any other persons authorised to access the information.

Rights Related to the Processing of Personal Data

Users may exercise the following rights recognised under the GDPR and Spanish Organic Law 3/2018 on the Protection of Personal Data and the Guarantee of Digital Rights in relation to the processing of their personal data by Atril Research:

  • Right of Access: The right to obtain confirmation as to whether Atril Research is processing the User’s personal data and, where that is the case, to access the personal data and obtain information regarding the processing carried out, including, among other things, the origin of the data and the recipients or categories of recipients to whom the data has been or will be disclosed.
  • Right to Rectification: The right to have inaccurate or incomplete personal data corrected.
  • Right to Erasure (“Right to be Forgotten”): The right to obtain the deletion of personal data where, among other circumstances, the data is no longer necessary for the purposes for which it was collected; the User withdraws consent and there is no other legal basis for processing; the User objects to the processing and there are no overriding legitimate grounds; the data has been unlawfully processed; deletion is required to comply with a legal obligation; or the data was collected in connection with the direct offering of information society services to a child under the age of 14. Where applicable, the Data Controller will take reasonable steps to inform other controllers processing the personal data of the User’s request to erase any links to, or copies of, that personal data.
  • Right to Restriction of Processing: The right to request that the processing of personal data be restricted where the User contests its accuracy, the processing is unlawful, the Data Controller no longer requires the data but the User needs it for the establishment, exercise or defence of legal claims, or the User has objected to the processing.
  • Right to Data Portability: Where processing is carried out by automated means, the User has the right to receive their personal data in a structured, commonly used and machine-readable format and to transmit that data to another controller. Where technically feasible, the Data Controller will transfer the data directly to the new controller.
  • Right to Object: The right to object to the processing of personal data by Atril Research.
  • Right Not to Be Subject to Automated Individual Decision-Making: The right not to be subject to a decision based solely on automated processing, including profiling, unless otherwise permitted by applicable law.

Exercising Your Rights

Users may exercise these rights by sending a written request to the Data Controller with the reference:

“GDPR – https://atrilresearch.com/

The request should include:

  • The User’s full name and a copy of an identity document or another legally valid means of identification. Where a representative acts on behalf of the User, proof of representation must also be provided.
  • A clear description of the request and the specific rights being exercised.
  • An address for correspondence.
  • The date and signature of the applicant.
  • Any supporting documents relevant to the request.

Requests and supporting documentation may be sent to:

Postal Address
Carrer Manuel de Falla, 18, 8, 3º
43005 Tarragona
Spain

Email
lorena@atrilresearch.com

Links to Third-Party Websites

This Website may contain hyperlinks to third-party websites that are not operated by Atril Research.

The operators of such websites maintain their own privacy policies and are solely responsible for their own data processing activities and privacy practices. Users are encouraged to review the privacy policies of any third-party websites they visit.

Complaints to the Supervisory Authority

If a User believes that the processing of their personal data infringes applicable data protection legislation, they have the right to effective judicial protection and to lodge a complaint with a supervisory authority, particularly in the Member State of their habitual residence, place of work or the place of the alleged infringement.

In Spain, the competent supervisory authority is the Spanish Data Protection Agency (Agencia Española de Protección de Datos – AEPD).


II. ACCEPTANCE OF AND CHANGES TO THIS PRIVACY POLICY

Users must read and accept the terms set out in this Privacy Policy regarding the protection of personal data before the Data Controller can process their personal data in accordance with the purposes, legal bases and retention periods described herein.

By using this Website, Users acknowledge and accept this Privacy Policy.

Atril Research reserves the right to modify this Privacy Policy at any time, either at its own discretion or as a result of legislative, regulatory or case law developments, or guidance issued by the Spanish Data Protection Agency.

Any changes or updates to this Privacy Policy will not necessarily be communicated individually to Users. Users are therefore encouraged to review this page periodically to stay informed of any changes.

This Privacy Policy has been updated to comply with Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR) and Spanish Organic Law 3/2018 on the Protection of Personal Data and the Guarantee of Digital Rights.