ES EN
Let's talk

Privacy policy

The Company provides services such as social media management, brand consultancy, creative agency, marketing strategy and branding, etc.

Our data protection policy is built and communicated in accordance with applicable legislation, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter, the GDPR), and Spanish Law 3/2018 of 5 December, on Data Protection and the Guarantee of Digital Rights.

The Company has also adopted the technical and organisational measures necessary to guarantee the confidentiality, security and appropriate processing of personal data, preventing its alteration, loss, unauthorised processing or access in accordance with the applicable legislation, taking effective measures and providing, in all cases, a level of security appropriate to the level of the data processed. This work is carried out on an ongoing basis, in response to legislative or societal developments.

This policy may change over time due to possible legislative changes or other reasons relating to the management of the business. Whenever a change occurs, it will be reflected immediately on the website, and the relevant communications will be made where appropriate.

The firm manages data of natural persons in the performance of a professional role or function, as well as personal data in the private sphere. Both categories have been taken into account in establishing this privacy policy. The entity may act as DATA CONTROLLER or as DATA PROCESSOR. The privacy policy addresses and covers both types of activity.

Who is the controller of your data?

This website (the "Website") is owned by BRANDCROPS S.L. (hereinafter BRANDCROPS), Tax ID (CIF) B88585062, with registered office at Calle Fuencarral 123, 5B, Madrid. Email: lopd@brandcrops.com

Data protection officer: BRANDCROPS, S.L.

Purpose of processing and data retention

We process the information provided to us by our clients and other interested parties for the following purposes:

  • a) PURPOSES OF A CONTRACTUAL NATURE, in relation to partners, suppliers, collaborators and employees, in order to manage the rights and obligations arising from the contractual relationship.
  • b) PURPOSES BASED ON THE CONSENT OF THE DATA SUBJECT: For information purposes in relation to the entity’s activities and actions. The Company will be responsible for providing the information and collecting the consents necessary for the commercial use of the data.
  • c) REGULATORY PURPOSES: For compliance with its legal and/or regulatory obligations.
  • d) PURPOSES BASED ON LEGITIMATE INTEREST, pursuant to Article 19 of the LOPDGDD (Organic Law 3/2018 of 5 December) and Article 6(1)(f) of Regulation (EU) 2016/679.

Data is processed in our capacity as DATA CONTROLLER when it is collected and processed by us.

Data is processed in our capacity as DATA PROCESSOR when the firm processes data in order to provide a service to a third-party entity that is the controller of the data.

Specific purposes

Contact form.
Purpose: To provide you with a means of contacting us and to respond to your requests for information, as well as to send you communications about our products, services and activities, including by electronic means (email, SMS, WhatsApp), if you tick the acceptance box.
Legal basis: The user’s consent when requesting information from us through our contact form and ticking the box accepting the sending of information.
Retention: Once your request has been resolved via our form or answered by email, if it has not generated further processing, and, where you have agreed to receive commercial communications, until you request to unsubscribe from them.

Sending of emails.
Purpose: To respond to your requests for information, attend to your requests and answer your queries or questions. If we receive your CV, your personal and curricular data may form part of our databases in order to take part in our present and future recruitment processes.
Legal basis: The user’s consent when requesting information from us via email or sending us their data and CV to take part in our recruitment processes.
Retention: Once your request has been answered by email, if it has not generated further processing. If we receive your CV, your data may be retained for a maximum of one year for future recruitment processes.

Newsletter subscription.
Purpose: To send you commercial information about our activities and services, including by electronic means.
Legal basis: The user’s consent when subscribing to receive information through our form.
Retention: Until you request to unsubscribe from our commercial communications.

Comment form (blog).
Purpose: To publish your comment in the blog section of the website.
Legal basis: The user’s consent when submitting their personal data and comments on the relevant post.
Retention: For as long as the blog post remains published on the website.

Data retention

The personal data provided will, as a general rule, be retained:

  • a) For as long as is required to fulfil the purpose for which it was collected, or as required by the contractual relationship, including the time necessary, in accordance with applicable legislation, to comply with the relevant obligations and actions that may arise from it.
  • b) For as long as the data subject does not request its erasure.

The data being blocked when the first of the two events mentioned above occurs.

From that moment on, it will be kept available exclusively to Judges and Courts, the Public Prosecutor’s Office or the competent Public Authorities, in particular the data protection authorities, to address any liabilities arising from the processing, for the limitation period of such liabilities. Once that period has elapsed, the data will be erased.

No profiling is carried out.

Lawful processing

As DATA CONTROLLER, the legal basis for processing your data relies on:

  • a) The contractual relationship and the performance of the contract entered into with us.
  • b) Where you have expressly given your consent, the legal basis is that consent.
  • c) A legal basis grounded in regulatory purposes.
  • d) Legitimate interest, pursuant to Article 19 of the LOPDGDD.

As DATA PROCESSOR, it falls to the entity that has engaged us as a service provider, in its capacity as DATA CONTROLLER, to establish the legal basis and the processing model.

Data recipients

Data is disclosed to our collaborators who provide services as subcontractors, legal firms and other collaborators acting as data processors. In these cases, the relevant data processing agreement required by the General Data Protection Regulation is signed with the recipient.

International data transfers

In relation to any transfer of your personal data to countries outside the EEA, the firm will implement the appropriate specific measures to guarantee an adequate level of protection of your personal data.

User rights

  • a) Anyone has the right to obtain confirmation as to whether or not we are processing personal data concerning them.
  • b) Data subjects have the right to access their personal data, as well as to request the rectification of inaccurate data or, where applicable, to request its erasure when, among other reasons, the data is no longer necessary for the purposes for which it was collected.
  • c) In certain circumstances provided for in Article 18 of the GDPR, data subjects may request the restriction of the processing of their data, in which case we will retain it solely for the exercise or defence of claims.
  • d) Data subjects may object to the processing of their data for marketing purposes, including profiling. The Company will cease processing the data, except for compelling legitimate grounds or the exercise or defence of possible claims.
  • e) Under the right to data portability, data subjects have the right to obtain the personal data concerning them in a structured, commonly used and machine-readable format and to transmit it to another controller.

Exercise of GDPR rights by the user

By means of a written request addressed to the addresses indicated above.

User responsibility

The User warrants that the personal data provided through the form is truthful and undertakes to notify any change to it. Likewise, the User warrants that the information provided corresponds to their actual situation and that it is up to date and accurate. In addition, the User undertakes to keep their data up to date at all times, being solely responsible for the inaccuracy or falsity of the data provided and for any damage this may cause to BRANDCROPS, S.L. as owner of the portal.

Complaint to the Spanish Data Protection Agency

If you consider that the Company has not properly resolved your request, you may seek the protection of the Spanish Data Protection Agency, whose details you can find at www.aepd.es.

Categories of data

What categories of data do we process?

  • a) Identification data.
  • b) Data about your professional role or activity.
  • c) Financial data.

Generally, no special categories of data under Articles 9 and 10 of the GDPR are processed. Should this ever be the case, the entity will comply with the requirements of Articles 9 and 10, and explicit consent will be obtained.

The data received or collected is that necessary to fulfil the stated purposes, and is processed confidentially in accordance with the privacy and security policies established by the firm.

Source of data

As DATA CONTROLLER, the personal data we process comes from the information you provide to us when you request services or resources, access our website, or establish any kind of relationship with us, whether directly or indirectly.

As DATA PROCESSOR, the data comes from the DATA CONTROLLER, or is collected by us on their behalf during the provision of the service contracted with the CONTROLLER.