en flag
en flag

Privacy Policy

Carlos Javier Lorenzo Serrano (hereinafter, "CJLS") acknowledges the importance to you of how we use your personal information and the way in which we share it. This Policy aims to help you understand what data we collect, the purpose for which we process it, and our efforts to protect it. We appreciate the trust you place in us to handle it with the appropriate safeguards and in accordance with current regulations.

Similarly, CJLS recognizes the importance of identifying and protecting information assets, preventing the unauthorized destruction, disclosure, modification, and use of any information related to clients, employees, pricing, knowledge bases, manuals, case studies, source codes, strategy, management, and other concepts. CJLS is committed to developing, implementing, maintaining, and continuously improving the Information Security Management System (ISMS).

CJLS, owner of the website www.americanlegalspain.es complies with the guidelines of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 concerning the protection of natural persons with regard to the processing of personal data and the free movement of such data (General Data Protection Regulation, GDPR) and repealing Directive 95/46/EC, as well as Organic Law 3/2018 of 5 December on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD), and all other applicable regulations. CJLS ensures the correct use and processing of the user’s personal data.

Furthermore, CJLS complies with Law 34/2002 of July 11, on Information Society Services and Electronic Commerce and will request your consent for the processing of your personal data when necessary.

Information security is characterized by the preservation of:

  • Its confidentiality, ensuring that only authorized parties have access to the information;

  • Its integrity, ensuring that the information and its processing methods are accurate and complete;

  • Its availability, ensuring that authorized users have access to the information and associated assets when required.

Information security is achieved by implementing a suitable set of controls, including policies, practices, procedures, organizational structures, and software functions. These controls have been established to ensure that the specific security objectives of the company are met.

CJLS’s policy on information security includes the following:

  • Setting annual objectives related to Information Security, including the protection of personal data.

  • Developing a risk analysis process and, according to its outcome, implementing the corresponding actions to address unacceptable risks, in accordance with the criteria established in the Information Security Management System (ISMS).

  • Establishing control objectives and corresponding controls, based on the risk-related needs arising from the risk analysis process.

  • Complying with business, legal, regulatory, and contractual security requirements.

  • Raising awareness and training all personnel on information security matters.

  • Establishing necessary measures to ensure business continuity.

  • Sanctioning any violations of this policy and any policies or procedures of the ISMS.

  • Every employee is responsible for recording and reporting any confirmed or suspected information security violations.

  • Every employee is responsible for preserving the confidentiality, integrity, and availability of information assets in compliance with this policy and the inherent policies and procedures of the ISMS.

  • The Chief Information Security Officer is directly responsible for maintaining this policy, providing advice and guidance for its implementation, and investigating any violation reported by staff.

Who is responsible for processing your data, and how can you contact us?

The data controller is:

Carlos Javier Lorenzo Serrano (CJLS).

Calle Solano, 2 – 10614 Valdastillas, Spain.

You may contact us by postal mail at the address above or by email at the following address: info@americanlegalspain.es.

What categories of data do we use, and how are they obtained?

The categories of personal data we process include:

  • Identifying data: Name, surname, and (if necessary) NIF.

  • Contact data: Postal address, email address, phone number.

  • Personal characteristics: Date and place of birth, age, and nationality, if applying for registration in courses and events.

  • Academic data: Studies (if required by the course) and data related to the training (grades, questionnaires, assessments, and completed activities).

  • Financial data: Bank and credit card information if registering for non-free courses and events.

  • Other data: Data provided by users in the open fields of forms on the website or attached documents.

If the user provides data about third parties, they affirm they have the consent of those third parties and undertake to convey the information contained in this Privacy Policy to them, holding CJLS harmless from any responsibility in this regard. Nevertheless, CJLS may carry out periodic checks to verify this fact, adopting the due diligence measures that correspond in accordance with data protection regulations and/or any other applicable regulations.

What is the purpose and legal basis for data processing?

The data requested in the website forms are generally mandatory (unless otherwise specified in the required field) to fulfill the established purposes. Therefore, if they are not provided or are provided incorrectly, we may not be able to fulfill these purposes, though you may freely browse the website content.

Your personal data is processed in accordance with the General Data Protection Regulation (GDPR), Organic Law 3/2018, on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD), and all other applicable laws.

The primary purpose of data processing is to provide consulting and/or training services; to facilitate communication between CJLS and its clients and/or suppliers in relation to its objectives; and to fulfill legal obligations. We will not use data for any other purpose; if we do, we will contact you beforehand to inform you.

Personal data provided through the website will be processed by CJLS for the following purposes:

  • To manage user contact and information requests via the channels provided on the website www.herreragarcia.com.

  • To manage enrollment and participation in courses, seminars, and events organized by CJLS, either individually or jointly with other entities, when requested through the designated form.

  • To send subscribers to the blog technical communications related to CJLS’s work areas.

  • To publicize events and promote them through CJLS’s website and social media (LinkedIn, Twitter, Facebook).

What is the legal basis for processing your data?

Most of the information CJLS collects about you is based on freely given consent, which you can withdraw at any time. However, if you withdraw your consent, this will not affect the lawfulness of processing carried out previously.

If the data subject does not provide the personal data when requested, the requested service cannot be provided.

The consents obtained for the aforementioned purposes are independent, so the user can revoke any of them, jointly or individually, without affecting the others. To revoke such consent, the user may contact us by email at info@americanlegalspain.es or at CJLS’s office (Calle Solano, 2 – 10614 Valdastillas, Spain).

Who do we share your data with?

Your data will always be treated confidentially. Within CJLS, only those persons and roles who require such data to provide the requested information or service and fulfill our pre-contractual/contractual obligations will access your personal data.

Your data may be shared with:

  • Public Administrations, in cases provided by law.

  • Banks and financial entities for the collection of fees or rates.

Data will not be transferred to other third parties unless expressly required or permitted by law.

How long is your data stored?

User data will be retained until you request its deletion, object, or withdraw your consent. In any case, the data provided will be retained for the minimum time necessary, while the relationship remains active, or for the time necessary to fulfill legal obligations.

Exercising Rights

You may contact us by email at info@americanlegalspain.es, or at CJLS’s office (Calle Solano, 2 – 10614 Valdastillas, Spain), at any time and free of charge, to:

  • Withdraw consent granted.

  • Confirm whether CJLS is processing personal data concerning you.

  • Access your personal data.

  • Correct inaccurate or incomplete data.

  • Request the deletion of your data when, among other reasons, it is no longer necessary for the purposes collected.

  • Request the portability of your data and limitation of processing, where provided for by data protection regulations.

If the data subject disagrees with any resolution, they have the right to file a complaint with the Spanish Data Protection Agency at their website https://www.aepd.es or at their office (c/ Jorge Juan, 6 – 28001 Madrid).

Security Measures

CJLS will always process user data with absolute confidentiality, maintaining the required duty of secrecy regarding them, in accordance with applicable regulations, adopting the necessary technical and organizational measures to guarantee the security of the data and prevent its alteration, loss, processing, or unauthorized access, given the state of technology, the nature of the stored data, and the risks to which it is exposed.

Legal notice

Privacy Policy