KEITH BADDELEY is fully committed to complying with the Spanish and European regulations on personal data protection and guarantees full compliance with the obligations under those regulations, including the implementation of the security measures set out in the General Data Protection Regulation (GDPR) (EU) 2016/679 and in Spanish Organic Law 3/2018, of 5 December 2018, on data protection and digital rights (Spanish abbreviation LOPD-GDD).
In accordance with these regulations, KEITH BADDELEY hereby informs users that the use of this website may require them to provide certain personal information through contact forms or by sending emails, and that this information will be processed by KEITH BADDELEY, the Data Controller, whose details are:
- Business Name: Keith Baddeley
- NIE: Y4992221Q
- Business Address: Apdo. Correos 190, 29788 FRIGILIANA (Málaga), Spain
- Phone: (+34) 675 993 887
- Email: keith@keithbaddeley.com
Data Collection and Processing
Personal data is any information that relates to a person, e.g. name, email address, address, phone number, tax ID number, etc. Additionally, when a User visits this website, certain information is stored automatically for technical reasons, e.g. the IP address assigned by their Internet access provider.
KEITH BADDELEY, as Data Controller, has a duty to inform the Users of this website about the collection of personal data that may take place as a result of sending an email or completing the forms included on the website.
Only the specific data required to carry out the contracted service, or required to respond adequately to the request for information made by the User, will be collected. The data collected identifies the User and is kept to the reasonable minimum required to carry out the activity in question. In particular, no sensitive data is collected at any time. Under no circumstances will the data be used for any purpose other than that for which it was collected.
Contact Forms/Email
Purpose: To answer your request for information made through the contact form on this website.
Legitimate Grounds: The legitimate grounds for processing the personal data provided is the consent of the User, who may withdraw this consent at any time.
Data Transfer: The personal data is processed using servers managed by Nominalia, which is therefore considered the Data Processor.
Minors
This website may only be used by those over the age of 14. As required under the LOPD-GDD, in the case of minors under the age of 14, consent from their parents or guardians is a mandatory prerequisite for KEITH BADDELEY to process their personal data.
Security Measures
Users of the KEITH BADDELEY website are hereby informed that all available technical, organisational and security measures have been taken to prevent the loss, misuse, alteration, unauthorised access and theft of data, and to guarantee the confidentiality, integrity and quality of the information contained therein, in accordance with the provisions of current data protection legislation. The personal data collected via the forms is processed only by KEITH BADDELEY’s staff or by designated Data Processors.
The KEITH BADDELEY website also uses SSL encryption, which allows the User to submit personal information securely via the contact forms on the website.
Data Accuracy
The User declares that all the information provided by them is true and correct and undertakes to keep it up to date. The User is solely responsible for the accuracy of their data and for any conflicts or disputes that may result from any inaccuracy relating to that data. It is important that the User inform KEITH BADDELEY of any changes to their personal data so that it can be kept up to date.
Data Transfer
KEITH BADDELEY will not transfer or communicate the User’s data to any third party, except in the cases provided for by law or where the provision of a service involves the need for a contractual relationship with a Data Processor. The User therefore accepts that some of the personal data collected may be provided to these Data Processors (payment platforms, administrative agencies, intermediaries, etc.) when this is necessary for the effective performance of a service contracted or product purchased. The User also accepts that, in the case of providing services, these may be totally or partially subcontracted to other people or companies, which will be considered Data Processors and with which a corresponding confidentiality agreement has been signed or which adhere to the privacy policies set out on their respective websites. The User may refuse to transfer their data to the Data Processors, by written request, by any of the aforementioned means.
Furthermore, in those cases where it is necessary, Client data may be transferred to certain bodies in order to comply with a legal obligation, for example: Spanish Tax Agency, banks, Labour Inspectorate, etc.
Exercising User Rights
The LOPD and GDPR give data subjects the opportunity to exercise a number of rights in relation to the processing of their personal data. To do so, the User must provide documentation proving their identity (identity card or passport), sent by email to keith@keithbaddeley.com or by written communication to the address provided in the Legal Notice. This communication must include the following information: User’s first and last name, details of the request, postal address and supporting information.
Users must exercise these rights themselves. However, a person authorised to act as the User’s legal representative may exercise them, in which case documentation must be provided to prove such representation.
Users may request to exercise the following rights:
- Right to request access to their personal data.
- Right to request rectification (if incorrect) or deletion of their personal data.
- Right to request limitation of processing of their personal data, in which case the data will only be retained by KEITH BADDELEY for exercising or defending legal claims.
- Right to object to processing: KEITH BADDELEY will stop processing their data unless for legitimate reasons or for exercising or defending any legal claim that may require further processing.
- Right to data portability: if Users want their data to be processed by another company, KEITH BADDELEY will ensure portability by providing their data in exportable format.
In the event that consent has been given for a specific purpose, the User has the right to withdraw this consent at any time, without affecting the lawfulness of the processing based on the consent given prior to its withdrawal.
If any User considers that there is a problem with the way in which KEITH BADDELEY is handling their data, they can address their complaint to the Security Officer or to the relevant data protection authority, which in Spain is the Spanish Data Protection Agency (Spanish abbreviation: AEPD).
Data Retention
Personal data provided by Users who use the contact form or who send KEITH BADDELEY an email requesting information will be processed for only as long as necessary to fulfil the request for information or until the consent given is withdrawn.
Personal data provided by Clients will be processed until the contractual relationship comes to an end. Personal data will be retained for the minimum period required as detailed below:
- 4 years: Spanish Labour Infringements and Penalties Law (obligations regarding worker affiliation, registration, cancellation of registration, contributions, salary payment, etc.); Article 66 and following of the Spanish General Tax Law (accounting records, etc.)
- 5 years: Article 1964 of the Spanish Civil Code (personal actions with no special time limit)
- 6 years: Article 30 of the Spanish Commercial Code (accounting records, invoices, etc.)
- 10 years: Article 25 of the Spanish Prevention of Money Laundering and Financing of Terrorism Law.
- No time limit: Disaggregated and anonymised data.
Social Media
KEITH BADDELEY has a profile on some of the main social networks on the Internet (LinkedIn, Twitter, Facebook and Instagram) and is in all cases responsible for processing the data published by KEITH BADDELEY concerning its followers, fans, subscribers, commentators and other user profiles (hereinafter, followers).
Where not prohibited by law, the purpose of the data processing carried out by KEITH BADDELEY is to inform its followers about its activities and offers, by any means allowed by the social network, and to provide a personalised service for its Clients. The legitimate grounds for processing this data is the consent of the data subject, who may withdraw this consent at any time.
Under no circumstances will KEITH BADDELEY extract data from social networks unless the User has given their express consent to do so (e.g. for a competition).
International Data Transfers
KEITH BADDELEY uses the marketing email delivery services of Mailchimp, which is based in the United States. Additionally, KEITH BADDELEY makes use of United States-based social media such as LinkedIn, Twitter and Facebook. Where appropriate, the User expressly and unequivocally gives their consent to the processing of their data and to the international transfer of such data to these service providers.
Confidentiality
In all cases, information provided by Clients will be considered confidential and will not be used for purposes other than those described here. KEITH BADDELEY agrees not to disclose or reveal information about the User’s requirements, the reasons for the advice sought or the duration of the relationship with the User.
Validity
This privacy and data protection policy was prepared by ExpertosLOPD®, a data protection company, on 26 January 2020, and may be subject to change in line with any changes in regulations and case law. Data owners (Data Subjects) are responsible for reading the updated document in order to understand their rights and obligations in this regard at any given time.