¿HABLAMOS?
LET’S TALK?

Privacy Policy

We ask you to carefully read this Privacy Policy, which describes our use of the data you provide to us, in accordance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 (GDPR), Organic Law 3/2018 of December 5, on the Protection of Personal Data and Guarantee of Digital Rights, and any other applicable regulations. Our goal is transparency in the information provided so that you, the user, can fully understand it. However, if after reading it you have any questions, you can always contact us through any of the communication channels made available to you, and we will clarify them for you.

I. DATA CONTROLLER

Contact details of the controller: ORIOL ASENSIO IP, SLP (hereinafter “ORIOL-IP”), with CIF B88146535 and registered office at Calle Martinez Izquierdo 19, Local derecho, 28028, Madrid (Spain)

Data Protection contact information: you can contact us at the email address indicated above and/or via email: secretaria@oriol-ip.com .

II. PRINCIPLES ACCORDING TO THE EUROPEAN DATA PROTECTION REGULATION

We undertake to process the personal data (hereinafter the “data”) provided in accordance with the following principles set out in the General Data Protection Regulation (GDPR):

  • Legality: We will only collect your Personal Data for specific, explicit, and legitimate purposes, and we will not process your Personal Data in an incompatible manner with those purposes.

  • Lawfulness: In accordance with Article 6 of the General Data Protection Regulation, your personal data will be processed if you expressly consent to the processing of such data as a means of outsourcing your free and informed consent. Your personal data may be necessary to formalize a contract, agreement, or service to which the data subject is a party, to comply with legal obligations, to protect the vital interests of the data subject and another natural person, to fulfill a task carried out in the public interest or in the exercise of official authority vested in the data controller, or to satisfy the legitimate interests pursued by the data controller when these do not violate the fundamental rights and freedoms of the data subject or the protection of their personal data.

  • Loyalty and transparency: in accordance with article 5 of the General Regulations of Data Protection as a manifestation of transparency, and proof of this is that the data subject is informed of the existence of the processing operation and its purposes.

  • Data minimization: we limit the collection of personal data to what is strictly relevant and necessary for the purposes for which they were collected.

  • Purpose Limitation: We will only collect your personal data for purposes specific, explicit and legitimate, and which we maintain in the way we process them.

  • Accuracy: We will keep your personal data accurate and up to date.

  • Data Security: We apply technical and organizational measures appropriate to ensure an adequate level of security, taking into account the risks and nature of the data, in order to prevent its disclosure or unauthorized access, or any loss or alteration. In short, any form of unlawful processing.

  • Any person who, having given their consent for data collection, wishes to request any management regarding the processing of data is recognized and may exercise the following rights: access, rectification, objection, erasure, restriction of processing, portability, and the right not to be subject to individualized decisions. This right will be free of charge, and said request will be corrected within one month, which may be extended for another two months depending on exceptional circumstances such as the number of requests, complexity, or other similar requests.

  • Principle of limitation of the retention period: the data will be kept for the time necessary and for the purposes of processing without undue delay, and during which time, the users’ and clients’ own data will be available to them upon request.

 

III. USER CONSENT:

The completion of our registration form, prior acceptance of this Privacy Policy, implies the unequivocal consent, on the part of the user, to the automated processing of data in accordance with the privacy conditions of the Web.

The data collected is necessary to respond to your request for information or, if you contract the ORIOL-IP service, is adequate, relevant, and not excessive in relation to the scope and specific purposes.

As stated in the Legal Notice, the privacy of website users is guaranteed. You can only be tracked, geolocated, or monitored if you activate the alert signal; no location can be traced by mere access to the applications.

Notwithstanding the foregoing, said consent may be revoked at any time by the interested party by unsubscribing through any of the means made available to the user. If the service is contracted, the channels made available to the user must be used to process the unsubscription from the service for data processing from the moment of such unsubscription, as well as for the retention and/or blocking of data, given the characteristics of the services.

 

 

IV. PURPOSES OF DATA

What will we use the personal information we use for?

  • Respond to user requests for information via the

  • In the event of contracting the service through any of the ORIOL-IP applications, for the proper administrative management and monitoring of said service, as well as the management of billing and collection of the same.

We collect two types of data and information from Users.

-The first type corresponds to non-identifiable and unidentifiable information belonging to users, which may be collected through their use of the site (“oriol-ip.com”). We do not know the identity of a user from whom non-personal information was collected. This information may include aggregated usage data and technical information provided by the device, both software and hardware (such as the type of browser and operating system used, language preferences, access time, etc.), in order to improve the functionality of our Site.

We also collect information about your activity on the website (such as pages visited, web browsing, clicks, actions, etc.).

 

-The second type of information is Personal Information, which is individually identifiable information, that is, information that identifies a person or can, without undue difficulty, identify a person. This information includes:

  • Device Information: We collect Personal Information from your This information includes geolocation data, IP address, unique identifiers (such as MAC addresses and UUIDs), and other information related to your activity on the Site.
  • Name, surname, entity, company name or area/department and email
  • Registration Information: When you register on our Site, you will be asked to provide certain information, such as your first and last name, your email or postal address, and other information.

 

Furthermore, we will only send you commercial communications, provided they are of interest to you, with your prior authorization, which you can provide by checking the corresponding box provided for this purpose, or if you contract any of our services, protected by Article 21 of the LSSICE, unless you indicate otherwise by exercising your right to object to receiving such communications.

 

V. HOW LONG WILL WE KEEP YOUR DATA?

The data will be kept for the period essential for the specific purpose, whether it is to provide information to the user or to manage the service in the case of contracting one of the applications. In the second case, once the user unsubscribes and the data is no longer necessary for the purpose for which it was collected, and as long as the user does not have consent for its conservation, we will keep your data blocked during the limitation periods of the obligations that may have arisen from the processing and/or the applicable legal deadlines, taking into account in all cases that we find data that may be necessary in the investigation of a punishable act, remaining at the disposal of the competent authorities, to address any potential liabilities arising from the processing.

Data blocking, in accordance with Article 17.3 of the GDPR, is understood as the right of “retention” as an exception to the obligation to erase. This means that the data will not be used or accessible to anyone, and will only be used in the event of a legal requirement or liability claim related to it. After the statutory limitation period has elapsed, the data will be permanently deleted in each case.


VI. LEGITIMATION

We process your data based on your consent.

In any case, you will have full rights over your personal data and its use and may exercise them at any time. The company is required to respond within one month and must provide duly justified reasons if this right is not exercised.

The personal data requested is mandatory for contacting you and for us to process your request. Furthermore, failure to provide the requested personal data or failure to accept this privacy policy will prevent us from processing requests made on the website.


VII. RECIPIENTS

To whom do we share your data?

ORIOL-IP will not share your data without your express authorization, with the exceptions indicated below.

Only for the management of certain services may natural or legal persons other than the Controller have access to the information collected.
Providers, such as web hosts, may access data. This will not, under current data protection regulations, be considered a communication or transfer of data, provided that the requirements of Article 28 of the GDPR regarding contractual arrangements with such providers are always met.

In any case, these providers, who are Data Processors, undertake to adopt the necessary technical and organizational measures before ORIOL-IP to comply with their commitment to data security, thereby protecting the confidentiality, integrity, and availability of the data.

Outside of the aforementioned cases, data will not be transferred under any circumstances, except to competent Public Bodies and State Security Forces, due to the service provided through the various applications, or at the request
of these Bodies.

They may also be transferred, in compliance with a legal provision, to the Tax Agency, Judges and Courts, among other authorities, when they have a legal obligation to provide them.


VIII. DATA PROTECTION RIGHTS

How can rights be exercised?

We inform you that you may exercise your rights of access, rectification, opposition, deletion, limitation of processing and portability by writing to the Controller at the address indicated above or to the email address: secretaria@oriol-ip.com.

We also remind you that, if you are a customer, you can revoke your consent or opt out of receiving commercial communications by any means and at any time by sending an email to the aforementioned address.
If you consider that your request has not been properly addressed or your data is not being processed appropriately, you can address your complaints to the Spanish Data Protection Agency, supervisory body on the matter in Spain.

Below, we provide you with more detailed information on these rights, with direct access to their exercise using the links provided by the Spanish Data Protection Agency:

A)-RIGHT OF ACCESS

Article 15 of the General Data Protection Regulation recognizes the data subject’s right to know whether or not their personal data is being processed, the purposes of the processing, the categories of data, the recipients, the source of the data, the retention period, and the criteria for determining that retention period. Thus, the data controller will provide a copy of the personal data being processed electronically upon submission of the request.

They may also request the data controller to rectify, delete, or restrict data and processing.

In order to make it easier for the user to exercise this right, we provide the form that must be completed for your request via the following link:

https://www.aepd.es/media/formularios/formulario-derecho-de-acceso.pdf

 

B)-RIGHT OF RECTIFICATION AND DELETION

Articles 16 and 17 of the General Data Protection Regulation establish that, in terms of rectification and deletion of personal data, the client or user may request rectification of their personal data because they consider it to be inaccurate or because These are completed or eliminated because they are not necessary for the purposes for which they were collected and processed.
In order to make it easier for the user to exercise this right, we provide the form that must be completed for your request via the following link:
https://www.aepd.es/media/formularios/formulario-derecho-de-rectificacion.pdf

https://www.aepd.es/media/formularios/formulario-derecho-de-supresion.pdf

 

C)-RIGHT TO LIMITATION OF PROCESSING

The data subject shall have the right to obtain from the controller restriction of processing of their personal data whenever they contest the accuracy of their personal data. That is, data may only be processed, except for storage, with the data subject’s consent, for the exercise or defense of legal claims, to protect the rights of another natural or legal person, or
for reasons of public interest of the Union or a particular Member State. Furthermore, the data subject shall be informed by the controller before such restriction is lifted.


In order to make it easier for the user to exercise this right, we provide the form that must be completed for your request via the following link:
https://www.aepd.es/media/formularios/formulario-derecho-de-limitacion.pdf

 

D)-RIGHT TO DATA PORTABILITY

Article 20 of the General Data Protection Regulation recognizes the right of the data subject to receive the personal data concerning them, that is, to have it transmitted directly from one controller to another, whenever technically feasible, in a structured, commonly used, and machine-readable format, without hindrance from the controller to whom the data was provided, when consent has been expressly outsourced or through a contract.


In order to make it easier for the user to exercise this right, we provide the form that must be completed for your request via the following link:
https://www.aepd.es/media/formularios/formulario-derecho-de-acceso.pdf


IX. MINORS

The content of the Website is not intended for minors under the age of 18. Likewise, and in the specific case of the data provided by the user, only users who are 14 years of age or older may freely give their consent for the processing of said data.

In any case, ORIOL-IP will take all possible measures to verify the age of users, but cannot be held responsible for any failure to do so.

 

X. SECURITY LEVEL

ORIOL-IP will implement the necessary technical and organizational security measures to guarantee the security of personal data in accordance with the provisions of REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of April 27, 2016 (GDPR), thereby preventing loss, alteration and unauthorized access to the same.

The user will have access to a detailed description of the specific measures adopted at all times via the website.
In any case, and if despite complying with all the necessary security measures, the Web, Hosting Server, or Mail Service, suffers a security breach that may affect its legitimate interests or rights, ORIOL-IP undertakes to inform within a maximum period of 72 hours to the Supervisory Authority, in this case the Spanish Data Protection Agency, as established by the regulations, and, as soon as possible, to all users who may have been affected.

If the user accesses a third-party website from the service itself, ORIOL-IP cannot guarantee its security under any circumstances, and therefore is exempt from all liability in the event of damage suffered by the user due to the use of the website or link in question. This Privacy Policy applies exclusively to the ORIOL-IP website and does not apply to any other website accessed through links not belonging to the Controller or through any other Internet channel.

 

XI. CONFIDENTIALITY

Any personal data collected will be treated with absolute confidentiality. ORIOL-IP undertakes to maintain confidentiality and guarantees its duty to safeguard such data by adopting all necessary measures to prevent its alteration, loss, and unauthorized processing or access, in accordance with applicable law.

To this end, ORIOL-IP will maintain the corresponding confidentiality agreements with any person involved in any phase of the processing of the personal data collected.


XII. INTERNATIONAL DATA TRANSFERS

An International Data Transfer is defined as the communication of your personal data to countries located outside the European Union, and more specifically outside the European Economic Area (EEA). There are
exceptions to countries outside this European area that are not considered an international transfer, as the recipient countries are considered adequate by the European Data Protection Commission to comply with European data protection standards.


If ORIOL-IP transfers personal information outside the EEA, either because the data storage is hosted on a server outside the borders of the EEA, or for any other reason, it is ensured that the corresponding Data Processor contracts will be signed and/or accepted, as well as ensuring that the State where the information is
hosted is within the countries considered safe by the European Commission for Data Protection, in which case it will not be considered

as an International Data Transfer, or, otherwise, that the contractual clauses regulating said international transfer are included, ensuring that the provider that may host or process personal information complies with the minimum-security standards and principles set forth in the GDPR.


XIII. RESPONSIBILITY

The user will be solely responsible for completing forms with false, inaccurate, incomplete, or outdated information. Please inform us of any changes or errors in your personal information as soon as possible by contacting us at the Data Protection Contact Point: secretaria@oriol-ip.com.

We will take the necessary steps to ensure that any incorrect information about you is removed or amended.

 

XIV. MODIFICATION OF THE PRIVACY POLICY

The requirements of this Privacy Policy supplement, and do not replace, any other requirements under applicable data protection legislation. In the event of a conflict between this Policy and the requirements of applicable data protection legislation, the latter shall prevail.


ORIOL-IP reserves the right to modify its Privacy Policy, at its sole discretion, or specifically due to changes in the Service, Website, or legislative, jurisprudential, or doctrinal changes by the Spanish Data Protection Agency.

Any changes to the Privacy Policy will be posted at least ten days before they become effective. When this occurs, we will notify you of any changes and ask you to reread the most recent version of our Privacy Policy and confirm your acceptance. You can also check this Policy periodically on our website, where it will be visible.

 ORIOL ASENSIO IP SLP ©2025 Todos los derechos reservados 

 ORIOL ASENSIO IP SLP ©2025 All rights reserved