1. Who is the controller of processing your data?
The controller of processing your data is:
Andreas Fuss Advocat & Rechtsanwalt
Carrer de Casp, 54 principal 1ª B
08010 Barcelona, Spain
T +34 93 165 14 49 I F +34 93 550 42 44
E info(at)leywerk.es I www.leywerk.es
Contact relating to data protection: rgpd(at)leywerk.es
For further information about our law firm and the controller, please see the 'Legal Notice’ of this website.
2. General information
2.1 What categories of data do we process and how do we obtain the data
When you visit our website or communicate with us we need to process personal data. ‘Personal data’ is any information relating to an identified or identifiable person (for example, your name, your address, your phone number, your ID card number, etc.).
We only process the data to the extent that this is necessary and we provide information about this in this data protection declaration.
2.1.1 Processing of data when accessing this website
We strive to keep this website as simple as possible and to reduce the processing of personal data to a minimum. However, when you visit our website you transmit (for technical reasons) via your internet browser certain data to our web server. We or our hosting provider collect some of this data on each access and store it in so-called server log files. This information includes:
- Name of the visited website
- Date and time of the visit
- Amount of data transferred
- Information of successful retrieval
- Browser type and version
- Operating system of the user
- Referrer URL (the previously visited page)
- IP address and
- the requesting internet service provider (ISP).
Most of this data is technical. On the other hand, the IP address is personal, which is why we make it anonymous. The remaining information is not linked to personal data. An identification of the user or the creation of personal user profiles is thus excluded.
2.1.2 Data processing when communicating with us
Communication via the website
If you contact us via this website by using one of the contact forms provided, we process the data that you fill in and at least the data marked as mandatory.
Communication outside of this website
If you communicate with us outside of this website, for example by e-mail, fax, telephone, or post, we can process the following types of data:
Master file data (name, surname, salutation, title, date of birth, ID card, passport, NIE, residence card)
Contact details (address, telephone, fax, mobile phone number, e-mail address, Internet address, if the applicable company, department, job title, position)
Content data (texts, attachments, photographs, videos, or other content related to the subject of the request)
We process this data only to the extent necessary for the purposes mentioned below.
2.2 Type of processing
The data can be processed automatically. Otherwise, we cannot make this website available and offer the communication channels mentioned.
2.3 Purpose and legal basis of processing
2.3.1 Purpose and legal basis of processing when accessing this website
The purpose and legal bases of processing when accessing this website are as follows:
|Purpose||Legal basis||Legitimate interest|
|To make this website available and to enable contact with clients and interested third parties||Legitimate interests pursued by us, the performance of a contract||We have a legitimate interest in making information about us available on the internet|
|To collect statistical information about the use of the website (so-called "web analysis")||Legitimate interests pursued by us||We have an interest in receiving information about the use of this website to improve the offer.|
|To identify disruptions, to ensure the data security, and to optimize the website, including to detect unauthorized access or attempts to do so and to prevent improper use||Compliance with the legal obligations to which we are subject regarding data security, legitimate interests pursued by us||We have a legitimate interest in preventing disruptions, ensuring data security, optimizing the website, detecting and preventing unauthorized access to the website or intents to do so|
|To assert and to defend our rights||Legitimate interest pursued by us||We have a legitimate interest in asserting and defending our rights|
|Purpose||Legal basis||Legitimate interest|
|To communicate with you and to process and respond to your request||Legitimate interests pursued by us, the performance of a contract||We have a legitimate interest in processing and responding to your request|
|To take steps at your request prior to entering into a contract (e.g. sending the desired pre-contractual information or a cost estimate)||Taking steps at your request prior to entering into a contract, compliance with our legal obligations related to consumer protection|
|Compliance with our legal and professional obligations (for instance, to avoid a possible conflict of interest, to maintain professional secrecy, or to apply customer due diligence measures in the field of preventing money laundering or combating terrorist financing, etc.)||Compliance with the legal and professional obligations to which we are subject|
2.4 Recipients of the data
The personal data will be treated confidentially. The recipient is the controller. Subject to a mandatory legal obligation, the data will not be passed on to third parties.
2.5 Place of processing
The data - personal or not - are processed exclusively in Spain, the European Union, or the European Economic Area. The data shall not be forwarded to third countries or international organizations.
3. Period of storage of the data
We retain the data only as long as it is necessary for its purpose of processing. Thereafter, the data will be deleted without prejudice to mandatory legal blocking or retention periods.
3.1 Storage of Data that is processed when accessing this website
Without prejudice to mandatory regulations, we store the log files for a maximum of seven (7) days and we then delete them. Data whose retention is necessary for evidence (for example, in the event of misuse or fraud), may not be deleted until the incident has been clarified.
3.2 Storage of the data when communicating with us
4. Rights of the data subject
You have the following rights concerning the personal data processed by us, which are more specifically set out in the European General Data Protection Regulation (GDPR) and the Spanish Data Protection Act (Organic Law 3/2018 of 5 December, in short LOPD-GDD):
Right of access
You have the right to obtain confirmation as to whether or not personal data concerning you are processed, and, where that is the case, access to those data. Furthermore, you have the right to obtain a copy of the personal data undergoing processing (articles 16 GDPR and 13 LOPD-GDD).
Right to rectification
You have the right to obtain without undue delay the rectification of inaccurate personal data concerning you and the right to have incomplete data completed, including by means of providing a supplementary statement (articles 16 GDPR and art. 14 LOPD-GDD).
Right to erasure
You have the right to obtain the erasure of personal data concerning you without undue delay where one of the following grounds applies: the personal data are no longer necessary about the purposes for which they were collected or otherwise processed; you withdraw consent on which processing is based, and where there is no other legal ground for the processing; you object to the processing as stated below or you don't desire direct marketing; the personal data have been unlawfully processed; the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which we are subject; the personal data have been collected about the offer of information society services (articles 17 GDPR and art. 15 LOPD-GDD).
Right to restriction of processing
You have the right to obtain from the controller restriction of processing where the accuracy of the personal data is contested by you; the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead; we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims or you have objected to the processing (articles 18 GDPR and 16 LOPD-GDD).
Right to portability
You have the right to receive the personal data concerning you, which you have provided, in a structured, commonly used, and machine-readable format and to transmit those data to another controller without hindrance, where the processing is based on your consent and a contract and the processing is carried out by automated means (art. 20 GDPR, art. 17 LOPD-GDD).
Right to lodge a complaint
If you have questions or a complaint do not hesitate to contact us. Furthermore, you have the right to lodge a complaint with a supervisory authority, in particular in the place of your habitual residence, place of work, or place of alleged infringement, if you consider that the processing of personal data relating to you infringes the General Data Protection Regulation (GDPR) (art. 77 GDPR). The responsible supervisory authority for the place of our law firm is the Agencia Española de Protección de Datos, C/ Jorge, 6, 28001 Madrid, Spain.
Right of withdrawal
You have the right to withdraw your consent at any time with effect for the future (article 7.3 GDPR).
Right to object
You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on purposes of the legitimate interests pursued by us or by a third party or for the performance of a task carried out the public interest or in the exercise of official authority vested in us. Where you object to processing for direct marketing purposes, the existence of grounds relating to your particular situation is not necessary (articles 21 GDPR and 18 LOPD-GDD).
Exercise of rights
If you wish to make use of your rights, please send us an email to rgpd(at)leywerk.es or let us know otherwise. However, you can tell us this also otherwise under our contact details as above. If you have any questions, please do not hesitate to contact us by phone.
5. Additional information
5.1 Provision of your data
Providing your data is voluntary. However, if you wish to use this website or contact us or wish us to contact you, you must at least provide us with the personal data required for this purpose. Otherwise, you will not be able to use this website or we will not able to answer your request.
5.2 Automated decision-making
We do not use your personal information for automated decision-making.
We do not use your personal information for profiling.
5.5 Active components
This website does not use active components such as Java-Script, Java-Applets, or Active-X-Controls.
5.6 Secure data transport
When using this website the transmission of the data is encrypted. You can verify this by the fact that a lock is displayed in the address window of your browser and the Internet address (URL) of our site starts with https. However, secure data transport depends also on you. We recommend using only an updated browser to ensure secure data transport.
5.7 Security in communication by electronic means
Communication by electronic means, for example by e-mail, involves risks that can jeopardize the confidentiality of its content. In addition, security depends on both the sender and the recipient.
If you propose or start communication by electronic means with us unencrypted, we assume that you agree that the communication takes place without the use of encryption methods. However, we recommend you use instead the end-to-end encryption we have at your disposal. We use the encryption standard OpenPGP.
You can download our public key in Contact under Our public key. For further information about encryption please see More information.
We also recommend activating the transport encryption (TLS or Transport Layer Security) provided by your internet service provider on your computer.
Despite all these measures, please be aware that electronic communication may be subject to harmful activities of thirds and that the internet is not a safe place. We therefore cannot accept any responsibility for the data you post or share online or send to us by electronic means. If you have confidential information or documents, please send them to us by post or messenger or leave them in our office. This might be old-fashioned, but it is safe and doesn’t leave digital trails and footprints.
5.8 Instant messaging services, VoIP
For legal reasons, we do not use instant messaging services, such as WhatsApp, iMessage, Messenger, or services like Skype, FaceTime, etc. that have not been authorized by us.
5.9 Social media plugins
This website does not use social media plugins that may transmit personal data.
The last update was published on 13.07.2022.