Subscribe
Privacy
1. Data controller
Controller: Francisco Martín Mahedero
NIF: 05313727Z
Address: Calle Cardenal Cisneros nº 4, 1-D, 28010 Madrid, Spain
Privacy contact email: fran@franmahema.com
No Data Protection Officer has been appointed. Any question relating to the processing of personal data may be sent to the email address indicated above.
2. Scope of application
This Privacy Policy applies to the processing of personal data carried out through the website Franmahema.com.
This website currently does not include its own contact forms, private areas, user registration or direct contracting on the domain itself.
3. What personal data may be processed
As a general rule, simply accessing the website does not require actively providing identifying data.
However, the website may process the following categories of data to the extent necessary:
a) technical browsing and security data, such as IP address, access date and time, device or browser type, technical server logs and data necessary to prevent abuse or ensure the operation of the website;
b) data associated with cookies and similar technologies, in accordance with the Cookies Policy;
c) data contained in emails or communications that the user voluntarily sends to the contact address published on the website.
4. Source of the data
Personal data may be obtained:
a) directly from the data subject, when browsing the website or voluntarily sending an email;
b) automatically, through the technical, security, server or cookie systems used on the website.
5. Purposes and legal bases for processing
5.1. Technical operation, security and maintenance of the website
Purpose: to allow access to the website, guarantee its availability, security, stability, abuse prevention and response to technical incidents.
Legal basis: the controller’s legitimate interest in ensuring the proper operation and security of the website.
5.2. Management of consent and cookie preferences
Purpose: to remember the user’s cookie preferences, manage their settings and, where applicable, evidence the choice made.
Legal basis: compliance with legal obligations regarding cookies and, where applicable, the user’s consent for non-necessary cookies.
5.3. Handling voluntary email communications
Purpose: to handle, manage and respond to enquiries, proposals or communications that the user voluntarily sends to the email address published on the website.
Legal basis: the application of pre-contractual measures at the request of the data subject, when the enquiry has that nature, and, in all other cases, legitimate interest in managing received communications.
5.4. Compliance with legal obligations and defence of claims
Purpose: to comply with applicable legal obligations, respond to requests from competent authorities and defend the rights and interests of the controller.
Legal basis: compliance with legal obligations and legitimate interest in the controller’s legal defence.
6. Data recipients
Data may be communicated or made available to:
a) technology providers that provide services to the controller, such as web hosting, technical maintenance, email, security or cookie consent management, acting as processors where applicable;
b) public administrations, courts, tribunals, law enforcement agencies or other competent authorities, where there is a legal obligation or valid request.
Personal data will not be sold or transferred to third parties for their own commercial purposes.
7. International data transfers
As a general rule, providers located in the European Economic Area will be used whenever possible.
However, some technology providers may be located outside the European Economic Area or may involve remote access from third countries. In such cases, international transfers will only be carried out where there is an adequacy decision or appropriate safeguards under Regulation (EU) 2016/679, including, where applicable, standard contractual clauses and any supplementary measures that may be necessary.
The data subject may request additional information about such safeguards by writing to fran@franmahema.com.
8. Retention periods
Data will be retained for the time necessary to fulfil the purpose for which it was collected and, thereafter, for the applicable legal periods or while liabilities may arise.
For guidance:
a) technical data and security logs will be retained for the time strictly necessary to guarantee the operation, security and technical traceability of the website;
b) cookie preferences will be retained for the period indicated in the Cookies Policy or until the user modifies or withdraws them;
c) data contained in emails will be retained for the time necessary to handle the communication and, thereafter, while legal liabilities may arise or while retention is necessary for legitimate organizational or archiving reasons.
9. Rights of data subjects
The data subject may exercise the rights of access, rectification, erasure, objection, restriction of processing and, where legally applicable, portability, as well as withdraw consent where processing is based on consent, by sending a request to fran@franmahema.com.
The withdrawal of consent shall not affect the lawfulness of processing carried out before its withdrawal.
10. Minors
This website does not include forms or user registration and is not intended to deliberately collect personal data from minors.
If the controller detects inappropriate communication or processing of minors’ data through the website or the contact email, the controller may adopt the appropriate measures to erase or block the information, where applicable.
11. Information security
The controller applies appropriate technical and organizational measures to ensure a level of security appropriate to the risk, taking into account the state of the art, implementation costs, the nature of the processing and the risks to the rights and freedoms of individuals.
However, no system can guarantee absolute security or total invulnerability against incidents, unlawful access, third-party attacks or network failures.
12. Personal data breaches
When a personal data breach occurs, the controller will act in accordance with applicable regulations, assessing the risk to the rights and freedoms of the affected individuals.
Where legally required, the breach will be notified to the competent supervisory authority and, where appropriate, to the affected data subjects, within the time limits and terms provided by the regulations.
13. External links
The website may contain links to third-party pages, social networks, platforms or services. The processing of personal data carried out by those third parties will be governed by their own privacy policies and terms of use, not by this Privacy Policy.
14. Changes to the policy
This Privacy Policy may be modified to adapt it to regulatory, technical or functional changes to the website. The current version will be the one published on this page.