Privacy Policy

WEBSITE PRIVACY POLICY

I. PRIVACY AND DATA PROTECTION POLICY

Respecting the provisions of current legislation, pequeñasonrisas.es (hereinafter, also the Website) undertakes to adopt the necessary technical and organizational measures, appropriate to the level of security required by the risk of the data collected.

Laws incorporated into this privacy policy

This privacy policy is adapted to current Spanish and European regulations on the protection of personal data on the internet. Specifically, it complies with the following laws:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016, concerning the protection of natural persons with regard to the processing of personal data and the free movement of such data (GDPR).

  • Organic Law 3/2018, of 5 December, on the Protection of Personal Data and the Guarantee of Digital Rights (LOPD-GDD).

  • Royal Decree 1720/2007, of 21 December, approving the implementing regulation of Organic Law 15/1999, of 13 December, on the Protection of Personal Data (RDLOPD).

  • Law 34/2002, of 11 July, on Information Society Services and Electronic Commerce (LSSI-CE).

Identity of the data controller

The controller of the personal data collected on the Website is: José María Camblor Rodríguez, with ID number: 39674219R (hereinafter, Data Controller). Contact details:

  • Address: C/ Buenaventura Muñoz, 16 Esc Izq 1º 3ª 08018 Barcelona

  • Phone: 324 339 220

  • Email: gurb6@hotmail.com

Personal data registration

In compliance with the GDPR and the LOPD-GDD, we inform you that the personal data collected by the Website through the forms available on its pages will be included in our database and processed to facilitate, expedite, and fulfill the commitments established between the Website and the User, or to maintain the relationship established in the forms the User completes, or to handle a request or inquiry.

Likewise, a record of processing activities is maintained (unless the exception in Article 30.5 of the GDPR applies), detailing the processing purposes and other circumstances as required by the GDPR.

Principles applicable to personal data processing

The processing of personal data shall adhere to the following principles outlined in Article 5 of the GDPR and Articles 4 and following of Organic Law 3/2018:

  • Lawfulness, fairness, and transparency: The User’s consent will be required following clear and transparent information.

  • Purpose limitation: Data will be collected for specified, explicit, and legitimate purposes.

  • Data minimization: Only the data necessary for the stated purposes will be collected.

  • Accuracy: Personal data must be accurate and kept up to date.

  • Storage limitation: Data will be retained only as long as necessary for processing purposes.

  • Integrity and confidentiality: Data will be processed securely and confidentially.

  • Accountability: The Data Controller is responsible for ensuring compliance with these principles.

Categories of personal data

Only identifying data is processed on the Website. No special categories of personal data (as defined in Article 9 of the GDPR) are processed.

Legal basis for processing

The legal basis for data processing is consent. The Website undertakes to obtain the User’s explicit and verifiable consent before processing their personal data for one or more specific purposes.

The User may withdraw consent at any time. Withdrawing consent will be as easy as giving it and will not affect the Website’s use.

Whenever the User is required or able to provide data via forms, it will be indicated if any fields are mandatory due to the necessity for proper completion of the process.

Purpose of data processing

Personal data is collected and managed by the Website in order to facilitate, expedite, and fulfill commitments between the Website and the User, or to manage requests or inquiries made through the forms.

Additionally, the data may be used for commercial, operational, statistical purposes, or for marketing and content optimization to improve quality and performance.

When data is collected, the User will be informed of the specific purpose(s) for which the data is being processed.

Data retention periods

Data will be retained for the minimum time necessary for processing purposes, and in any case, for no longer than 18 months, or until the User requests deletion.

At the time of data collection, the User will be informed of the retention period or the criteria used to determine it.

Recipients of personal data

User data will not be shared with third parties. If applicable, the User will be informed of the recipients or categories of recipients.

Data of minors

In compliance with Article 8 of the GDPR and Article 7 of Organic Law 3/2018, only those over the age of 14 can lawfully consent to data processing. For children under 14, parental or guardian consent is required.

Data confidentiality and security

The Website undertakes to adopt the necessary technical and organizational measures to ensure data security and prevent destruction, loss, alteration, unauthorized access or disclosure.

The Website uses an SSL certificate (Secure Socket Layer) to encrypt data transmission between server and user.

However, due to the nature of the internet, the Website cannot guarantee complete security. In case of a data breach posing a high risk to individuals’ rights and freedoms, the Data Controller will notify affected users without undue delay.

All personal data will be treated as confidential, and any person with access to this information will be contractually or legally bound to maintain confidentiality.

User rights

Users may exercise the following rights in accordance with the GDPR and Organic Law 3/2018:

  • Right of access

  • Right of rectification

  • Right to erasure (“right to be forgotten”)

  • Right to restriction of processing

  • Right to data portability

  • Right to object

  • Right not to be subject to automated decisions, including profiling

To exercise these rights, the User must submit a written request to the Data Controller referencing “GDPR-www.getic.es”, including:

  • Full name and ID document (and representative, if applicable)

  • Specific reasons and information sought

  • Notification address

  • Date and signature

  • Supporting documents, if applicable

This request can be sent to the contact details listed above.

Third-party links

The Website may contain links to third-party websites. These sites have their own privacy policies, and the Website is not responsible for their practices.

Complaints to supervisory authority

Users have the right to effective judicial protection and may file complaints with a supervisory authority in their country of residence, workplace, or where the violation occurred. In Spain, the competent authority is the Agencia Española de Protección de Datos (https://www.aepd.es/).

II. ACCEPTANCE AND CHANGES TO THIS PRIVACY POLICY

The User must have read and agreed with this Privacy Policy and the processing of their personal data as described. Use of the Website implies acceptance.

The Website reserves the right to modify this policy at its discretion or due to legislative, jurisprudential, or regulatory changes. Users are advised to review this page periodically.

This policy was updated to comply with Regulation (EU) 2016/679 and Organic Law 3/2018 on personal data protection and digital rights.

You don't have to face the challenges of moving alone. Reach out today.

Moving to a new country can feel overwhelming — but you’re not alone. We’re here to guide you every step of the way. From finding the perfect home to navigating the legal process, we’re your trusted partner in Spain.

Contact Us

Privacy Policy

Book A Call
Book A Call