Keith Baddeley informs users of this website about his policy regarding the processing and protection of users’ and clients’ personal data that may be collected by browsing or contracting services via this website. In this regard, Keith Baddeley guarantees compliance with current regulations on the protection of personal data, as reflected in Spanish Organic Law 15/1999, dated 13 December 1999, on the Protection of Personal Data (Spanish acronym: LOPD) and in Spanish Royal Decree 1720/2007, dated 21 December 2007, approving the Implementing Regulations of the LOPD, and in the General Data Protection Regulations (GDPR) (EU) 2016/679.

SECURITY MEASURES

In compliance with current data protection regulations, Keith Baddeley informs users that technical and organisational measures have been adopted in accordance with the provisions of the aforementioned regulations. The personal data collected on the forms are processed only by Keith Baddeley’s staff or by the persons responsible for processing them (Data Processors). Security measures appropriate to the data provided have been adopted and, in addition, all technical means and measures available have been implemented to prevent the loss, misuse, alteration, unauthorised access and theft of the data provided by users.

DATA ACCURACY

The Client or User declares that all the information provided by him/her is true and correct and undertakes to keep it up to date, notifying Keith Baddeley of any changes to it. The user is responsible for the accuracy of his/her data and is solely responsible for any conflicts or disputes that may result from any inaccuracy relating to that data. In order for Keith Baddeley to be able to keep personal data up to date, it is important that the user informs him whenever there has been a change to the data. Otherwise, Keith Baddeley cannot be held responsible for its accuracy.

EXERCISE OF RIGHTS

The LOPD and GDPR give data subjects the opportunity to exercise a number of rights in relation to the processing of their personal data. Data subjects may exercise their rights to the extent that user data is processed by Keith Baddeley. To do so, the user must provide documentation proving his/her identity (identity card or passport), sent either by email to keith@keithbaddeley.com or by written communication to the address provided in the Legal Notice. Such communication must include the following information: user’s first name and last name, details of the request, address and supporting information.

The user him/herself must carry out the exercise of rights. However, a person authorised to be the authorised person’s legal representative may exercise them. In this case, documentation proving that the person authorised represents the data subject must be provided.

Users may request to exercise the following rights:

• Right to request access to their personal data.
• Right to request rectification (if incorrect) or deletion of their personal data.
• Right to request limitation of processing of their personal data, in which case the data will only be retained by Keith Baddeley for exercising or defending legal claims.
• Right to oppose to processing of their personal data: Keith Baddeley will no longer process their data, unless for legitimate reasons or the exercise or defence of any legal claim must continue to be processed.
• Right to data portability: if users want their data to be processed by another company, Keith Baddeley will provide the new owner with portability of that data.

In the event that consent has been given for a specific purpose, the user has the right to withdraw this consent at any time, without affecting the lawfulness of the processing based on the consent prior to its withdrawal.

If a user considers that there is a problem with the way in which Keith Baddeley is handling their data, they can address their complaints to the Security Officer or to the relevant data protection authority, the Spanish Data Protection Agency (Spanish abbreviation: AEPD) being applicable in the case of Spain.

DATA RETENTION

Disaggregated data will be retained without a deadline for deletion. With respect to Client data, the personal data retention period will vary depending on the service contracted by the Client. In any case, it will be retained for the minimum period required as follows:

• 4 years: Spanish Law on Infringements and Sanctions in the Social Order (obligations regarding worker affiliation, registration, cancellation of registration, contribution, salary payment, etc.); Article 66 and following of the Spanish General Tax Law (accounting books, etc.)
• 5 years: Article 1964 of the Spanish Civil Code (personal actions without special time limit)
• 6 years: Article 30 of the Spanish Commercial Code (accounting books, invoices, etc.)
• 10 years: Article 25 of the Spanish Prevention of Money Laundering and Financing of Terrorism Act.

Users on mailing lists or those uploaded by Keith Baddeley to social media pages or profiles will be retained until the user withdraws consent.

Job applicant data (CV), if any: In the event that the applicant is not selected, Keith Baddeley may keep his/her CV stored for a maximum of two years so that the applicant may be included in future calls for applications, unless the applicant indicates otherwise.

DATA COLLECTION AND PROCESSING

Keith Baddeley has the duty to inform the users of this website about the collection of personal data that may be carried out, either by sending emails or by completing the forms included on the website. In this regard, Keith Baddeley will be held responsible for the data collected by the means described above.

Keith Baddeley informs users that the purpose of processing the data collected is to deal with requests made by users, to include them in the contacts database, to provide services and to manage the business relationship. The operations, processes and technical procedures that are carried out in an automated or non-automated manner and that facilitate the collection, storage, modification, transfer and other actions on personal data, are considered as the Processing of personal data.

Keith Baddeley’s website is SSL encrypted, which allows the user to securely submit personal information via the contact forms on the website.

Keith Baddeley makes available to users a series of electronic mechanisms for the collection and processing of their personal data, for the purposes set out above. The personal data provided via electronic means, either via email or the contact forms on this website will be used for the commercial and administrative management of Keith Baddeley’s clients and users. This data will be processed using servers managed by:

• NOMINALIA Internet, S.L. (https://www.nominalia.com), which is the company providing web hosting services;
• Google LLC (through the use of Google Suite), which is the company providing email services, through which commercial communications will be carried out.

Email and name data will be included in a database to facilitate sending commercial communications and managing client or user subscriptions to the services requested. The client or user may unsubscribe at any time by clicking on the link in Keith Baddeley’s communications, or by addressing a request to exercise your right to the Data Processor or Keith Baddeley.

As established by the Spanish Law on Information Society Services and Electronic Commerce (Spanish abbreviation: LSSICE), Keith Baddeley undertakes not to send commercial communications without identifying them as such. For this purpose, information sent to clients to maintain the existing business relationship will not be considered as commercial communications.

In any case, only the specific data required to carry out the contracted service, or required to respond adequately to the request for information made by the user, will be obtained.

Occasionally, personal data will be provided through links to third party websites. In this case, at no time will Keith Baddeley’s staff have access to the personal data that the Client provides to such third parties.

SOCIAL MEDIA

Keith Baddeley has a profile on the main social networks on the Internet (currently Twitter and LinkedIn) and recognises in all cases that he is responsible for processing the data of his followers, fans, subscribers, commentators and other user profiles (hereinafter, followers) published by Keith Baddeley. Keith Baddeley will process such data within each of the aforementioned networks as the social network allows for business-related profiles.

Keith Baddeley will be able to inform his followers, where the law does not prohibit it and by any means that the social network allows, about his activities and offers, as well as provide personalised customer service. Under no circumstances will Keith Baddeley extract data from social networks unless the user has given his/her express consent to do so (e.g. for the holding of a contest).

DISCLOSURE OF INFORMATION TO THIRD PARTIES

Keith Baddeley will not transfer or communicate user data to any third party, except in the cases provided for by law or when the provision of a service involves the need for a contractual relationship with a Data Processor, and always in accordance with the general conditions approved by the user prior to contracting the service. Thus, when contracting Keith Baddeley’s services, the user accepts that some of them may be totally or partially subcontracted to other people or companies, which will be considered as Data Processors, with which the corresponding confidentiality agreement has been agreed, or whose privacy policies – as set out in their respective web pages – have been adhered to. The user also accepts that some of the personal data collected may be provided to these Data Processors when necessary for the effective performance of the contracted service. The user may refuse to transfer his/her data to the Data Processors, by written request, by any of the aforementioned means.

CONFIDENTIALITY

The information provided by the client will always be considered confidential and may not be used for purposes other than those related to the services contracted or products purchased from Keith Baddeley. Keith Baddeley undertakes not to disclose or reveal information about the client’s requirements, the reasons for the advice requested or the duration of his relationship with the client.

VALIDITY

This privacy and data protection policy was drafted by Keith Baddeley on 25 May 2018 and may vary depending on the changes in regulations and case law that occur. The holder of the data (Data Subject) is responsible for reading the updated document so that he/she understands his/her rights and obligations in this regard at any time.