Privacy Policy

Data controller

• Entity: Yellow Glasses S.L. ‍
• Tax ID Number: B21836846  ‍
• Address: Paseo de la Castellana, 163, Planta 2, 28046 Madrid (España) ‍
• Contact email: rgpd@yellowglasses.es ‍
• Website: https://www.yellowglasses.es

‍

Data we process and its origin

Category: Identifiers
Examples: Name, surname, ID number/foreign resident ID number
Source: Directly from the data subject (forms, emails)

Category: Contact
Examples: Telephone number, email address, postal address
Source: Directly from the data subject

Category: Professional data
Examples: Company, position, CV, skills
Source: Directly from the data subject

Category: Browsing data
Examples: IP, cookies, device identifiers
Source: Web browsing

Category: Preferences
Examples: Subscriptions, stated interests
Source: Data subject, previous interactions

‍

Purpose of processing

1. Respond to requests for information or contact received via forms, telephone or email.‍
2. Managing the provision of our services and maintaining the contractual or pre-contractual relationship.
3. Sending commercial communications about own products and services, by electronic or equivalent means, provided that:
   - There is express consent (Art. 6.1.a GDPR and Art. 21 LSSI), or
   - There is a prior contractual relationship (Art. 21.2 LSSI).‍
4. Website navigation and performance analytics using cookies and similar technologies (see Privacy Policy).‍
5. Management of applications and selection processes for current or future job positions.‍
6. Compliance with legal obligations (tax, accounting, anti-money laundering, etc.).

No automated decisions with significant legal effects for the data subject will be made. Profiling, where applicable, is limited to the personalisation of content or offers and is based on the information indicated in this policy.

‍

Legal basis (art. 6 RGPD)

Purpose: Responding to requests
Legal basis: Consent of the data subject

Purpose: Provision of services
Legal basis: Performance of a contract or implementation of pre-contractual measures (Art. 6.1.b GDPR)

Purpose: Commercial communications
Legal basis: Consent (Art. 6.1.a GDPR + Art. 21 LSSI) or legitimate interest in relation to a previous contractual relationship (Art. 6.1.f GDPR + Art. 21.2 LSSI)

Purpose: Browsing analytics
Legal basis: Consent (cookie banner)

Purpose: HR and recruitment
Legal basis: Consent or performance of a contract (Art. 6.1.a/b GDPR)

Purpose: Legal obligations
Legal basis: Compliance with a legal obligation (Art. 6.1.c GDPR)

The data subject may withdraw their consent at any time; withdrawal will not affect the lawfulness of processing based on consent prior to withdrawal.

‍

Recipients and transfer

• Service providers (web hosting, CRM, analytics, email, HR) acting as data processors, bound by contract in accordance with Article 28 of the GDPR.
• Financial institutions and consultancies for financial and accounting management.
• Public administrations and authorities when there is a legal obligation.

International transfers: If any of our providers are located outside the European Economic Area (e.g. the US), transfers are covered by:

• Adequacy decision (Art. 45 GDPR), or
• Standard Contractual Clauses 2021/914/EU (Art. 46 GDPR), or
• Binding Corporate Rules.

‍

Retention period

Type of data / Purpose: Contact and enquiries
Retention period: Up to 3 years after the last interaction

Type of data / Purpose: Commercial communications
Retention period: Until you revoke your consent or request to be removed

Type of data / Purpose: Contractual data
Retention period: 6 years (Art. 30 of the Commercial Code)

Type of data / Purpose: CVs and selection processes
Retention period: 2 years from receipt or last update

Type of data / Purpose: Billing data
Retention period: 10 years (Law 58/2003, Art. 66 bis)

Type of data / Purpose: Cookie records
Retention period: According to the types detailed in the Cookie Policy

Once these periods have expired, the data will be blocked and retained only to meet possible legal responsibilities.

‍

Rights of data subjects

You have the right to:

1. Access your personal data.‍
2. Rectify it if it is inaccurate or incomplete.‍
3. Request its deletion when it is no longer necessary.‍
4. Object to its processing or limit it in the cases provided for. ‍
5. Transfer your data to another controller.‍
6. Withdraw your consent at any time.‍
7. Not be subject to automated decisions with significant effects.

To exercise these rights, send an email to  rgpd@yellowglasses.es  indicating the right you wish to exercise and attaching a copy of your identity document. You can also file a complaint with the Spanish Data Protection Agency (https://www.aepd.es) if you believe that your rights have been violated.

‍

Safety measures

We apply appropriate technical and organisational measures in accordance with Article 32 of the GDPR:

• Encryption of communications (TLS/SSL).
• Pseudonymisation and data minimisation.
• Firewalls and role-based access controls.
• Encrypted backups stored in secure locations.
• Incident response and security breach procedures.

‍

Cookies and similar technologies

Our site uses its own and third-party cookies to remember preferences, measure audience numbers and display personalised advertising. When you access the site for the first time, a banner is displayed with options to Accept, Reject or Configure cookies. For more information, see our Cookie Policy.

‍

Commercial communications

Each message will include a free and easy link or mechanism to unsubscribe. We will respect your decision within a maximum of 48 hours.

‍

Policy changes

We may modify this policy to adapt it to legislative or technical changes. We will publish the new version on this same page, indicating the date of the update. We recommend that you review it periodically.