Privacy policy

Data privacy policy

1. Identity and contact details of the Controller

2. Necessary, up-to-date information

3. General information: description of the information contained in the privacy policy

4. Detailed information on the processing carried out by the Company

5. Exercise of your rights

6. Cookies

7. Security measures

8. Minors


1. Identity and contact details of the Controller

G-advisory Consultoría Técnica, Económica y Estratégica, S.L.P. domiciled at Calle Hermosilla, 3, 28001 Madrid, holding employer identification number B 82801069, and with telephone number 91 5145200 (“G-advisory” or the “Company”) is the controller of your personal data. This privacy policy provides information on the use to be made by the Company of your personal data as a web user (“the website“). The purpose of this Privacy Policy is to provide information on your rights under the General Data Protection Regulation (“GDPR”). Should you have any questions regarding the processing of your data, please contact the Company at the following address: [email protected] We inform you that the Garrigues Group (to which G-advisory belongs) has a Data Protection Officer who may be contacted at the following email address: [email protected]

2. Necessary, up-to-date information

Completion of all the fields marked with an asterisk (*) on the form is compulsory. Failure to fill out any of these fields could prevent the provision of the services or information requested. You must provide truthful information; in order to ensure that the information provided is always up to date and does not contain errors, you should inform the Company as soon as possible of any amendments to or changes in your personal data by sending an email to: [email protected] By clicking on the “Accept” button (or similar) on such forms, you state that the information and data provided are accurate and true.

3. General information: description of the information contained in the privacy policy.

In this privacy policy you will find a table containing the following information for each of the different types of data processing carried out by the Company:

  1. The purposes of the processing of your data, that is, the reason why the Company is processing your personal data.
  2. The legal basis that enables the Company to process your data for each of the purposes indicated.
  3. The possible disclosure of your data to third parties, as well as the ground for the disclosure. For these purposes, we inform you that we do not disclose your personal data to third parties unless there is a legal obligation to do so. Your personal data may be accessed by the Company’s data processors, that is, the service providers who need to access your personal data in order to perform their functions. The service providers accessing your personal data generally operate in the information systems and technology sectors. The following table will indicate, as applicable, any other sectors in which other possible service providers of the Company who need to access your personal data may operate. You may request more detailed information on the recipients of your data by sending an email to [email protected], indicating the specific recipients in relation to which you require information.
  4. The existence of potential international data transfers. Should you require a copy of these contractual clauses referred to in the table below, please contact G-advisory at the following email: [email protected]
  5. The storage period of the data provided by you. Your data will remain blocked, for the purposes of handling legal, administrative or tax claims, for the periods stipulated in the applicable legislation.

4. Detailed information on the processing carried out by G-advisory

Purpose of the processing Legal basis Recipients International transfers Storage period

Management of the queries raised through the query form

The Company’s legitimate interest in attending to requests for information via the website.

Your data may be disclosed to Garrigues Group companies (the “Group”), based on G-advisory legitimate interest in attending to your request for information

Additional service providers to those indicated in section 3c will not access your personal data.

Your data may be transferred to Group companies, for the purposes indicated in the “Recipients” column in relation to Group companies located outside of the European Economic Area (“EEA”) as set out in this link.

These transfers are carried out based on the adherence of these companies to the Privacy Shield, if they are US companies, or based on signature by these companies located outside the EEA of standard data protection clauses adopted by the European Commission for international transfers.

Until your request for information has been resolved


5. Exercise of your rig

You may exercise the following rights:

  1. right of access to your personal data to know which data are being processed and the processing operations that are being performed with that data;
  2. right to rectification of any inaccurate data;
  3. right to erasure of your personal data, where possible;
  4. right to request the restriction of the processing of your personal data where the accuracy, legality or need to process the data is doubtful, in which case we may store your data for the exercise or defense of claims;
  5. right to object to the processing of your personal data, when the legal basis that enables us to process them, of those indicated in the above table, is legitimate interest. For such purposes, we will cease to process your data unless we have a compelling legitimate interest or it is for the establishment, exercise or defense of legal claims.

You may exercise your rights at any time, without charge, by sending an email to [email protected] indicating the right you wish to exercise and your personal particulars. If you consider that we have not adequately processed your personal data, you can contact the Data Protection Officer at [email protected]. You may also lodge a complaint with the Spanish Data Protection Agency if you consider that data protection legislation has been breached in the processing of your personal data.

6. Cookies

G-advisory will only use data storage and recovery devices (“Cookies”) where the user has granted its prior consent in such connection in line with what is indicated in the pop-up window on the user’s web browser when the user accesses the website for the first time and in the other terms and conditions indicated in G-advisory Cookies Policy, which all users should be familiar with.

7. Security measures

G-advisory will adopt the security measures required by the GDPR in line with the nature of the data processed from time to time. This notwithstanding, the technical security of a medium such as the Internet is not impregnable and there may be willful misconduct on the part of third parties, although G-advisory has put in place all measures within its power to prevent such misconduct.

8. Minors

Minors may not use the services available via the website without prior authorization from their parents, guardians or legal representatives. Such parents, guardians or legal representatives are the only parties responsible for all the acts performed via the website by the minors in their care, including completing forms with the personal data of such minors and ticking the accompanying boxes.