Privacy Policy


This Privacy Policy has been according to the provisions set forth in the current Spanish Organic Law on the Protection of Personal Data and in the Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, hereinafter referred to as the GDPR.

The purpose of this Privacy Policy is to inform the data subjects whose personal information is being collected of the specific aspects related to the processing of their data, which includes, amongst other aspects, the purpose of the data processing, contact details to exercise the rights they are entitled to, the data retention period and the applicable security measures.

Data Controller

In terms of data protection, EUROLEX EUROPE, S.L. shall be considered as the Data Controller in relation to the files/processes identified in this policy, specifically in the section concerning Data Processing.

The personal details of the website owner are indicated below:

  • Data Controller: EUROLEX EUROPE, S.L.
  • Postal address: Calle Manufactura 2; 2ª planta Mód C Edificio Euro Mairena del Aljarafe, 41927 (Sevilla)
  • Electronic address:

Data processing

The personal data requested, where appropriate, will consist only of information which is strictly necessary in order to identify and deal with the request filed by the data owner, hereinafter the data subject. Said information shall be processed lawfully, fairly and in a transparent manner in relation to the data subject. On the other hand, the personal data shall be collected for specified, explicit and legitimate purposes, and shall not be processed in a manner that is incompatible with those purposes.

The data collected from each data subject shall be adequate, relevant and not excessive in relation to the purposes for which it is processed and it shall be updated when necessary.

The data subjects shall be informed, of the general conditions regulated in this policy before their data is collected so that they can give express, precise and unequivocal consent for the processing of their data, in accordance with the following aspects.

Purpose of data processing

The explicit purposes for which the data is processed are included in the informative clauses for each of the data collection channels (web forms, paper forms, announcements, posters or informative notes).
However, the data subject’s personal data shall be processed for the exclusive purposes of providing an effective response and dealing with requests submitted by the user, specified alongside the data collection option, service, form or system used by the owner.


As a general rule, before processing personal data, EUROLEX EUROPE, S.L. shall obtain express and unequivocal consent from the data subject, through the inclusion of informed consent clauses in the different data collection systems.
However, in the case in which the consent of the data subject is not required, the legitimate basis for processing under which EUROLEX EUROPE, S.L. shall act is the existence of a specific law or regulation that authorises or requires the processing of the data subject’s data.


As a general rule, EUROLEX EUROPE, S.L. shall not transfer or disclose data to third-party organisations, except in the cases required by law, however, if necessary, the data subject shall be informed of said data transfers or disclosures through the informed consent clauses that are included in the different personal data collection channels.


As a general rule, the personal data shall always be collected directly from the data subject, however, in certain cases the data may be collected through third parties, entities or services different to the data subject. In this respect, the data subject shall be informed through the informed consent clauses included in the different data collection channels, within a reasonable period after the personal data has been obtained, but at the latest within one month.

Retention period

The information collected from the data subject shall be retained for as long as necessary in order to fulfil the purpose for which the personal data was collected, meaning that once said purpose has been fulfilled, the data shall be cancelled. As a result of said cancellation, the data shall be blocked and preserved solely at the disposal of the public administrations, judges and the courts in order to deal with any liabilities that may arise from the processing during the established limitation period. Once the cited period has terminated, the information shall be destroyed.

For informational purposes, the legal retention periods for the different types of information are as indicated below:

Documentation related to employment or social security 4 years Article 21 of the Spanish Royal Legislative Decree 5/2000 of 4 August, by means of which the consolidated text of the Spanish Law on Infractions and Sanctions in the Social Order was approved
Accounting or taxation documentation for commercial purposes 6 years Art. 30 of the Spanish Commercial Code
Accounting or taxation documentation for tax purposes 4 years Articles 66 to 70 of the Spanish General Taxation Law
Building access control 1 month Guidance from the Spanish Data Protection Authority on the use of video cameras for security and other purposes.
Video surveillance 1 month Guidance from the Spanish Data Protection Authority on the use of video cameras for security and other purposes. Spanish Organic Law 4/1997 of 4 August, which regulates the use of video cameras by law enforcement agencies in public places. Spanish Organic Law 4/2015 of 30 March on the protection of citizens’ security

Browsing data

With regards to browsing data that may be processed through the website, if any data subject to regulations is collected we recommend checking out the Cookie Policy published on our website.

Rights of the data subject

The data protection regulations grant a series of rights to the data owners or data subjects, and to the users of EUROLEX EUROPE, S.L.’s website or social media profiles.

The data subjects are entitled to exercise the following rights:

  • Right of access: the right to obtain information as to whether their personal data is being processed, the purposes of the processing, the categories of the personal data concerned, the recipients or categories of recipients, and the period for which the personal data shall be stored and information as to their source.
  • Right to rectification: the right to obtain the rectification of inaccurate or incomplete personal data.
  • Right to erasure: right to obtain the erasure of data where the following grounds apply:
    • When the personal data is no longer necessary for the purpose for which it was collected
    • When the data subject withdraws consent
    • When the data subject objects to the processing
    • When it must be erased for compliance with a legal obligation
    • When the data was obtained in virtue of an information society service based on the provisions set forth in article 8, section 1 of the European Regulations on Data Protection.
  • Right to object: the right to object to specific processing based on the consent of the data subject.
  • Right to restriction of processing: the right to obtain the restriction of processing where one of the following applies.
    • When the data subject contests the accuracy of the personal data, for a period that enables the company to verify the accuracy of said data.
    • When processing is unlawful and the data subject opposes the erasure of the personal data.
    • When the company no longer needs the personal data for the purposes of the processing, but said data is required by the data subject for the establishment, exercising or defence of legal claims.
    • When the data subject has objected to the processing while it is being verified whether the legitimate grounds of the company override those of the data subject.
  • Right to data portability: the right to obtain data in a structured, commonly used and machine readable format, and the right to transmit said data to another data controller when:
    • The data processing is based on consent
    • The data processing is carried out by automated means
  • The right to present a claim before the competent control authority

The data subjects may exercise the cited rights by sending EUROLEX EUROPE, S.L., a written request to the following e-mail address: indicating the right they wish to exercise in the email subject.

In this respect, EUROLEX EUROPE, S.L. shall deal with requests as soon as possible, taking into account the deadlines established in the regulations on data protection.


The security measures adopted by EUROLEX EUROPE, S.L. are as established in article 32 of the GDPR. In this respect, EUROLEX EUROPE, S.L. has established appropriate technical and organisational measures to guarantee a level of security appropriate to the risk, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons.

In any case, EUROLEX EUROPE, S.L. has implemented sufficient mechanisms in order to:

  1. Guarantee the ongoing confidentiality, integrity, availability and resilience of processing systems and services.
  2. Restore the availability and access to personal data in a timely manner in the event of a physical or technical incident.
  3. Test, assess and evaluate the effectiveness of technical and organisational measures for ensuring the security of the processing.
  4. Pseudonymise and encrypt personal data, where applicable.