Web Guide

Objective

The objective of this guide is to adapt your website to meet the requirements set forth in the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, and Organic Law 3/2018 of December 5, on Personal Data Protection and the Guarantee of Digital Rights.

Any online project that generates any form of income for its administrators—whether through sales transactions, advertising, or sponsorship—requires a Legal Notice. Spanish legislation establishes these requirements in Law 34/2002 on Information Society Services and Electronic Commerce, known as the LSSI-CE. Furthermore, if personal data is stored in any manner (via registration forms, etc.), a reference to the data privacy policy and the use of cookies is always mandatory.

Legal Notice

First and foremost, it is a requirement that our website make available to users a specific set of information on a permanent, easily accessible, direct, and free-of-charge basis, as stipulated in Article 10 of the LSSI (Law on Information Society Services). This mandatory information—which is generally presented under the heading of "Legal Notice"— is as follows:

Its corporate name, Tax Identification Number (NIF), registered office address, and email address, as well as any other details that facilitate direct and effective communication—such as a telephone number.
Registration details, in the event that the company is registered in the Mercantile Registry or in any other public registry.
When the service makes reference to the price of products, clear and accurate information must be provided, indicating whether or not it includes applicable taxes, shipping costs, and any other details required to be included in compliance with applicable regional regulations.
In cases where the activity is subject to prior authorization or involves the practice of a regulated profession,

users must be informed regarding the following aspects:

If a regulated profession is practiced (e.g., lawyer, physician, architect, engineer): the basic details certifying the right to practice said profession (the professional association to which the practitioner belongs, membership number, academic degree, the European Union Member State in which the degree was issued, and—where applicable—the corresponding official recognition/validation).
If the activity is subject to administrative authorization: the details of the authorization held and the identifying details of the body responsible for its supervision.

Furthermore, the "Legal Notice" typically includes other information, such as details regarding intellectual property, liability, general terms of use, applicable law, and jurisdiction...

We recommend populating the notice with every use made of the data provided via the website. Furthermore, we suggest hosting the document in a single, consistent location within the site; adopting a layered or tiered information model; and placing it—alongside the Cookie Policy and Privacy Notice—in a prominent position within the page header.

Cookie Policy

A Cookie Policy is a statement informing users about which cookies are active on your website, what user data is being tracked, the purpose behind such tracking, and where that information is sent.

One common use of cookies is user authentication on a website. Users typically identify themselves by entering their credentials on a login or validation page; cookies enable the server to recognize that the user has already been authenticated, thereby granting them access to services or allowing them to perform operations that are restricted to unauthenticated users—such as accessing password-protected areas, for instance.

The Cookie Policy must contain the following information: What are cookies? A brief explanation of the function that cookies perform on a website. Types of cookies and their specific uses. A clear and detailed explanation of the specific purposes for which we utilize cookies on our website.

Depending on the entity managing the computer or domain from which the cookies are sent—and which processes the data obtained through them—we can distinguish between the following categories:

a) First-party cookies: These are cookies sent to the user's terminal device from a computer or domain managed by the publisher itself—the entity providing the service requested by the user.

b) Third-party cookies: These are cookies sent to the user's terminal device from a computer or domain that is not managed by the publisher, but rather by a different entity that processes the data obtained through the cookies.

Depending on the purpose for which the data obtained through cookies is processed, some of these purposes may include:

a) Technical cookies: These are cookies that enable the user to navigate through a website, platform, or application and to utilize the various options or services available therein; including those that the publisher uses to manage and operate the website and to enable its functions and services.

b) Preference or personalization cookies: These are cookies that allow information to be remembered so that the user can access the service with certain characteristics that may differentiate their experience from that of other users—such as, for example, the language or the number of results to be displayed when the user performs a search.

c) Analytics or measurement cookies: These are cookies that allow the party responsible for them to track and analyze the behavior of users of the websites to which they are linked, including the quantification of the impact of advertisements.

d) Behavioral advertising cookies: These are cookies that store information regarding user behavior, obtained through the continuous observation of their browsing habits, thereby allowing for the development of a specific profile used to display advertising based on that profile.

Depending on the length of time they remain active on the user's device, we can distinguish between:

a) Session cookies: These are designed to collect and store data while the user accesses a website. They are typically used to store information that is only relevant to retain for the provision of a service requested by the user on a single occasion (for example, a list of purchased products) and expire when the session ends.

b) Persistent cookies: These are cookies in which data remains stored on the device and can be accessed and processed for a period defined by the party responsible for the cookie, which may range from a few minutes to several years.

Who installs them? In addition to explaining their purpose, we must indicate who installs the cookies on the user's device—whether it is the website owner or third parties/companies. It should also include information on how users can reject cookies or modify their settings regarding the cookies used on the website.

“We use our own and third-party cookies to analyze our services and display advertising related to your preferences, based on a profile created from your browsing habits (for example, pages visited). You can obtain more information and configure your preferences HERE.”

Example: You can find more information on how to change cookie settings in the browser you are using in the following list:

https://www.google.com/intl/en/policies/technologies/managing/
http://support.mozilla.com/en-GB/kb/Cookies#w_cookie-settings
http://windows.microsoft.com/en-GB/windows-vista/Block-or-allow-cookies
http://www.apple.com/safari/features.html#security

If your website stores any type of personal data from visitors—for instance, through a contact form—you are required to publish a legal text regarding your Privacy Policy (Point No. 4 of our Legal Notice). This policy must be concise, transparent, easily accessible, and provide information on:

1. What data is collected.
2. The purpose for collecting it.
3. The data retention period for data and web forms.
4. Transfers and recipients of this data.
5. How to exercise data protection rights.
6. A description of these rights and the option to file a complaint with the AEPD (Spanish Data Protection Agency).

Contact Form

Every form must include:

1) An acceptance checkbox—left unchecked by default—where the user provides their free and unequivocal consent for their personal data to be processed.

Example: I accept the processing of my data for the newsletter………………….
I accept the use of my data for informational or commercial purposes………

Users do not simply "accept" a privacy policy; rather, they are asked to provide acceptance for a specific use of their personal data.

Express consent must be requested for each type of communication intended for users—for example: emails containing commercial offers, monthly newsletters, SMS messages, postal mailings, etc. This entails creating a separate checkbox for each type of communication, accompanied by an explanation of what it entails.

2) A first informational layer—visible beneath the form and tailored to the specific form type (sales, contact, or subscription)—detailing information regarding the data controller, the purpose of the data collection, whether the data will be shared with third parties, and the rights available to the user.

Example: Your data will be processed by [Company Name] for the sole purpose of responding to your inquiry or request. It will not be shared with any third parties. Our data retention period—should you not be a customer—is one year. You may exercise your rights of access, rectification, restriction of processing, data portability, objection to processing, data erasure, and the right not to be subject to automated decision-making by contacting us at: ______________.

3) A direct link to the Privacy Policy (the second informational layer).

Web Guide

Objective

Legal Notice

Cookie Policy

About us

Information

Useful Links

Contact

Web Guide

Objective

Legal Notice

Cookie Policy

About us

Information

Useful Links

Contact

Cookie Information