Privacy Policy - Emindset Law

EMINDSET LAW FIRM, S.L. tries to respect the privacy of its users by applying practices designed to protect the privacy of users of its website. We understand that information is the basis of human relationships in the virtual space and that the collection and responsible use of it is of vital importance so that users who browse our website feel comfortable and protected.

1. Introduction

By using and browsing www.emindsetlaw.com (“Website”) and/or communicating electronically with us, personal data of each User may be collected and processed, the treatment of which is governed by this privacy policy (“Privacy Policy”).

2. Data Controller

We are responsible for the processing of your data:

Emindset Law Firm, S.L. (“Emindset Andorra”) an Andorran company acting as parent company of Emindset España and Emindset Management, with registered office at C/ Prat de la Creu, 59-65, Ed. Prat de la Creu, Escala A, Planta 4, Despacho 1ª, AD500 Andorra la Vella (Principality of Andorra), Tax Registration Number (N.R.T.) L-711141-C and Trade Register Number 927360-J.

Emindset Management, S.L.U. (“Emindset Management”) an Andorran company with registered office at C/ Prat de la Creu, 59-65, Ed. Prat de la Creu, Escala A, Planta 4, Despacho 1ª, AD500 Andorra la Vella (Principality of Andorra), Tax Registration Number L-716693-U and Commercial Registry Number 932175-J.

Entrepreneurial Mindset Law, S.L. (“Emindset Spain”)a Spanish company with registered office at C/ Aragón 150, 3-1 (08011) Barcelona and CIF number B66946724.

In other words, Emindset Andorra, Emindset Spain and Emindset Management (hereinafter, jointly, “We”, “Emindset Group” or the “Joint Controllers”), are Joint Controllers. This means that we have regulated and are jointly responsible for processing and protecting your personal data.

You can contact our Data Protection Officer by email: dpo@emindsetlaw.com

3. Categories of personal data processed

The type of personal data we collect and process from Users on the Website are the following:

Identification data: name, surname, postal address, email address, postal code, and telephone.
Academic and professional data: training/qualifications, student history, professional experience, membership of professional schools or associations, in the case of selection processes.
Commercial information data.
Economic, financial, or banking data.
Statistical and/or computer data.
Any other information you choose to share with us.

The User guarantees that the data provided are true, accurate, complete, and updated, being responsible for any damage, direct or indirect, that may be caused as a result of a breach of such obligation. In the event that the User provides data from third parties, he declares to have their consent and undertakes to transfer the information contained in this clause exempting Emindset Group from any responsibility in this regard. However, Emindset Group may carry out the verifications to verify this fact, adopting the corresponding due diligence measures, in accordance with data protection regulations.

4. Purpose of the data processing

Emindset Group, will process the data of the Users, manually and/or automated, for the following specific purposes:

Manage the contracting of services carried out through the web, as well as the corresponding billing and delivery.
Send electronic communications about services, events, and news related to our professional activity, unless otherwise indicated or the user opposes or revokes his consent. As well as commercial and/or promotional information related to the sector of contracted services and added value for end users, unless otherwise indicated or the user opposes or revokes his consent.
Respond to your queries and requests.
If you send us your CV or register for the different job positions that we may publish, we will process your data in order to assess and manage your job application and, where appropriate, carry out the necessary actions for the selection and hiring of personnel, in order to offer you positions that fit your profile. Unless otherwise indicated, the provision of the required data is necessary, so its non-contribution will prevent the continuity of the selection process.
Comply with legally established obligations and verify compliance with contractual obligations, including fraud prevention.

5. Legal Basis

The legal basis that allows us to process your personal data depends on the purpose for which we process them, as explained in the following table:

Purpose of the processing	Legal Basis
1. Manage the contracting of services.	The processing of your data is necessary for the execution of the contract for the provision of services that bind us to you. The basis on which we process your data is your own consent.
2. Send communications about services, events, news, and commercial and/or promotional information.	The legitimate basis for processing your data for marketing purposes is the consent you give us, for example, when you agree to receive personalized information through various means when you authorize the sending of notifications when you give your consent through the configuration of cookies or privacy. To offer you personalized services or show you personalized information, we consider that we have a legitimate interest since we understand that the treatment of these is also beneficial for you because it allows you to improve your user experience and access information according to your preferences.
3. Customer Service	We consider that we have a legitimate interest to respond to requests or queries you raise through the various existing means of contact. We understand that the processing of this data is also beneficial for you as it allows us to serve you properly and resolve the queries raised. When you contact us for the management of incidents related to the contracted service, the treatment is necessary for the execution of the service contract. When your query is related to the exercise of the rights about which we inform you below, or with claims related to our services, what legitimizes us to process your data is compliance with legal obligations on our part.
4. Manage CVs of potential candidates	The legitimacy for the processing of your data, in relation to the sending of CVs and registrations in professional offers that we may publish, is based on the consent of the user who sends your data, which you can withdraw at any time, although this would make your candidacy could not be considered in our personnel selection processes. However, the withdrawal of your consent will not affect the legality of the treatments carried out previously.

6. Storage period

Emindset Group will keep the personal data of Users only for the time necessary to carry out the purposes for which they were collected, as long as it does not revoke the consent granted. Subsequently, if necessary, it will keep the information blocked by the legally established periods.

In the case of the data you provide us in relation to the job offers you wish to subscribe to, they will be kept for two years, from the date of the last update. After this period has elapsed without having been updated, the data will be deleted, unless you tell us otherwise.

7. Communication

Emindset Group informs the User that their data may be processed by the entities of the Group to be able to meet their requests, manage the services they contract, and inform them about services, events, and news related to our professional activity.

Additionally, we inform you that certain data, within the framework of current regulations or the contractual relationship you have with Emindset Group, may be communicated to:

Public administrations with competence in the sectors of activity of Emindset Group, when established by current regulations.
Banks and financial institutions for the collection of the services offered.
Other legal professionals, when such communication is required by law, or for the execution of the contracted services.

8. Rights of Users

We inform you that you have the right to exercise at any time, in the terms established by current legislation, your rights of access, rectification or erasure of data, limitation of data processing, object to the processing of data, right to data portability, as well as revoke the consent granted at any time or obtain confirmation about whether Emindset Group is processing personal data that concerns you, by writing to the address C / Prat de la Creu, 59-65, Ed. Prat de la Creu, Escala A, Planta 4, Despacho 1ª, AD500 Andorra la Vella or to the email address dpo@emindsetlaw.com , clearly indicating the right you wish to exercise and accompanying your ID, NIE or passport, which proves your identity.

You may also file a complaint with the Andorran Data Protection Agency or a data protection authority that is competent.

If Users provide us with the personal data of third parties, the User guarantees that he has informed them prior to their inclusion, of the ends contained in this Privacy Policy, personally responding to Emindset Group for any damages that may arise in case of contravention. The User undertakes to notify of any change or modification of the personal data provided. Any loss or damage caused to the Website, Emindset Group, or any third party through the communication of erroneous, inaccurate, or incomplete information will be the sole and exclusive responsibility of the User.

The personal data requested are obligatory, so refusal to provide them will make it impossible to provide the contracted services.

The User guarantees that the data provided is true, accurate, complete, and up to date, and shall be liable for any direct or indirect damage or harm that may be caused as a result of non-compliance with this obligation. In the event that the User provides data of third parties, he/she declares that he/she has their consent and undertakes to provide them with the information contained in this clause, exempting Emindset Group from any liability in this regard. However, Emindset Group may carry out verifications to verify this fact, adopting the corresponding due diligence measures, in accordance with data protection regulations.

9. Security measures

Emindset Group is committed to the protection of personal data and the privacy of Users, therefore, to protect the different types of data reflected in this Privacy Policy, we will carry out the necessary technical security measures to prevent its loss, manipulation, dissemination, or alteration.

Encryption of communications between the User’s device and Emindset Group’s servers.
Encryption of information on Emindset Group’s own servers.
Other means prevent access to the user’s data by third parties.

Notwithstanding the foregoing, the User must be aware that Internet security measures are not impregnable. Therefore, Emindset Group is not responsible for hypothetical damages that may arise from interferences, omissions, interruptions, computer viruses, telephone breakdowns, or disconnections in the operational functioning of this Website; delays or blockages in the use of this system caused by deficiencies or overloads of telephone lines as well as damages that may be caused by third parties through illegitimate interference beyond the control of Emindset Group.

Security breaches can be caused by workers, third parties, or computer errors. Therefore, we are legally obliged to notify the interested parties if their personal data has been seriously affected within a maximum period of 72 hours. In addition, Users will be notified as soon as the security breach is resolved.

10. Changes or modifications of data

The User undertakes to notify of any change or modification of the personal data provided. Any loss or damage caused to the Website, Emindset Group, or any third party through the communication of erroneous, inaccurate, or incomplete information shall be the sole and exclusive responsibility of the User.