Privacy Policy

Our current Privacy Policy (hereinafter referred to as “Privacy Policy”) describes and explains the framework where CIALT (MADON LEGAL, SL) collects and treats all data regarding any kind of natural or artificial person (hereinafter referred to as “Client”) to whom we render our services in the legal, tax and mercantile areas, so as to ensure that their privacy is safeguarded and respected.


This Privacy Policy is applicable to all those personal data collected and / or treated by CIALT during the course of the rendering of its services and it includes, among others, the access or use from any country in the world, of CIALT website platform (, as well as its contents and, by and large, of all those legal advisory services and solutions offered by CIALT.


CIALT collects and treats the personal data that the Client makes available to it in order for CIALT to be able to render the services hired, and these are absolutely necessary not just for them to be recorded but also for them to be performed. In this regard, Client does know and does accept that his / her / its failure to provide some personal data will actually prevent CIALT from rendering all those services related to same.


For the purposes of this Privacy Policy, “Interested party” shall mean all those natural or artificial persons whose data may be subject to treatment by CIALT.


Should any kind of doubt, query or need arise relating to this Privacy Policy, it is hereby expressly stated that any “Interested Party” may contact CIALT through our email

1 Person accountable for personal data treatment


1.1 The person accountable for all personal data treated as a result of the use or the hiring of the services rendered by CIALT shall, for all purposes, be the registered company MADON LEGAL, SL, holder of TIN No. B-20799235, a company that has its registered office at B-20799235, and is registered at the Mercantile Register of Gipuzkoa, Volume 20.11, Folio 201, Sheet No. SS-21.938, contact telephone number 943 311 866 and whose e-mail address is


2 Data Protection Delegate (DPD)


2.1 CIALT has appointed a Data Protection Delegate (DPD), whose e-mail contact address is:


3 Purpose of personal data treatment


3.1 CIALT performs a data treatment geared to the following aims:


3.1.1. Intended purpose of the contractual nature: the data treatment performed by CIALT as a result of the hiring of the rendering of its legal services, or the conclusion of an agreement with CIALT, has the following aims:


  • To manage the existing relationship between CIALT and Client, on the basis of the applications filed or requests made by the latter.
  • To offer the solution and / or advice required to meet his / her / its specific needs, by the rendering of tax and mercantile legal services.
  • To serve notices or to send all that information that CIALT considers that has to be brought to Client’s attention so as to make the rendering of services possible and, at the same time, to keep a contractual relationship between both of them.
  • To implement all kinds of necessary procedures for the anonymization (i.e. elimination of all kinds of reference whatsoever to identity) as a result of which CIALT will no longer be able to identify the Client nor relating him / her / it with the data that this latter transferred at a particular time so as to make the rendering of those services hired from CIALT possible.


3.1.2 Intended purpose of the business nature: the data treatment performed by CIALT as a result of the conclusion of an Agreement with CIALT and, failing this, as a consequence of the Interested Party’s genuineness of consent, and in the absence of this, due to CIALT lawful interest, is intended:


  • To send on a regular basis commercial information regarding all those latest developments, products and / or services related to CIALT that might be of his / her / its interest.
  • To create a commercial profile of Clients in order to supply them with information and / or transactions regarding all those products and / or services that might be of interest.
  • To carry out a market research analysis.


3.2 It is hereby expressly stated that CIALT shall, in no case, treat, exploit, use or assign personal data for a use other than any of those expressly provided for herein.



4 Legitimation of personal data treatment


4.1 The licit nature of personal data treatment carried out by CIALT is based on the following sources or reasons:


4.1.1 Legitimation on the basis of the performance of a contract or the rendering of a service: Should the personal data treated arise from the information supplied by Client as a result of the conclusion of a contract with CIALT the subject matter of which is either to render and / or to be rendered legal advisory services, then the legal grounds for the treatment of said data shall be based on the performance of said contract or on the performance of the service requested by Client, and it shall be subject to the terms and conditions provided for therein and also in this Privacy Policy.


4.1.2 Legitimation on the basis of the Interested Party consent: In all those cases where data are voluntarily provided by Client, the legal basis for data treatment is grounded on the granting of his / her / its consent. In all these cases, Client may withdraw his / her / its consent, by exercising those rights he / she / it enjoys and which are detailed in this Privacy Policy.


The express denial of consent regarding commercial use shall not have any bearing on the continuation of or on compliance with the contractual relationship triggering the performance of advisory services by CIALT which, as the case may be, had been hired. In that case, CIALT shall be entitled to go on treating data, though only in order to perform the contract it has concluded.


4.1.3 Legitimation on the basis of CIALT lawful interest: Without prejudice to the causes hereinabove described, CIALT treats personal data in order to comply with its lawful interests. In particular, CIALT lawful interests shall be understood to refer to those concerning the possibility of promoting, offering, keeping and improving performance regarding service supply, development of new services or functions which are useful for CIALT, and the offering of CIALT services to its different existing Clients and / or potential Clients.


5 Communication of data and addressees


5.1 As a general rule, CIALT does not sell, exchange with or transfer to third parties any personal data collected and / or treated in the course of the performance of its legal-tax and mercantile advisory services.


5.2 Nevertheless, it should be pointed out that an optimal performance of the services offered by CIALT may require that third parties which are CIALT service renderers have access to the personal data collected and / or treated by it.


5.3 Por esa razón, se advierte de que, cuando el acceso a dichos datos sea estrictamente necesario para la prestación de los servicios de CIALT, los datos que recoja o trate podrán transferirse y/o comunicarse a terceros que suscriban relaciones jurídicas con CIALT, con el objeto de gestionar parte de los servicios contratados con CIALT y/o colaborar en la correcta prestación de los mismos.


5.4 That is the reason why, notice should be taken that, where access to said data is strictly necessary in order to render CIALT services, those data that CIALT collects or treats may be transferred and / or be brought to the knowledge of third parties that enter into legal relationships with CIALT, in order to be able to manage some of the services hired with CIALT and / or collaborate in order to make their correct rendering possible.


5.5 Upon the acceptance of this Privacy Policy, Clients understand that some of the above mentioned service renderers may by located in countries outside the European Economic Area (EEA) or that they do not actually offer a security level equivalent to the Spanish one. In those cases, transfers are subject to the authorization issued by the “Dirección de la Autoridad de Control Española” (i.e. Spanish Directorate for Control Authority), on standard model clauses adopted by the Commission and, where appropriate, on the Privacy Shield.


5.6 In addition to the foregoing, CIALT shall be entitled to assign and / or communicate personal data in order to fulfil its legal obligations in relation to Public Administrations and / or Judicial Bodies, in those cases where it is so required pursuant to the law in force from time to time.


6 Time period required for data deletion


6.1 All personal data collected and / or treated by CIALT shall be kept for the time period that may be necessary in order to satisfy the purpose they were collected for.


6.2 In this regard, once the services have been rendered or when the life of the contract by means of which the performance of legal advisory services by CIALT was hired for is terminated, all those personal data and informative data and / or those data generated as a result of the performance of services shall be forthwith deleted in a safe and confidential way.


6.3 Without prejudice to the foregoing, once the contractual / commercial relationship entered into with CIALT is terminated, CIALT shall be entitled to keep Client’s contact data for a maximum period of three (3) years, with the sole purpose of sending information and / or promotions concerning those CIALT products and / or services that might be of Client’s interest.


6.4 In addition, CIALT shall be entitled to anonymize those personal data collected and / or treated in order to use them solely and exclusively for statistical purposes.


6.5 In any case, data shall remain available just for Judges and Courts / Tribunals, the Public Prosecutor’s Office or the relevant Public Administrations and, in particular, they shall be made available to the data protection authorities, in order to be able to meet any kind of liability whatsoever arising from their treatment, during their limitation period. Once those time periods have lapsed, data shall be deleted.


7 Rights of interested parties


7.1 By means of this Privacy Policy, CIALT brings to the knowledge of interested parties and also makes available to them the possibility to, at any time, freely and voluntarily exercise all the rights detailed below:


  • Right of access, in order to know the type of data collected and treated, as well as the features of the treatment they have been subject to.
  • Right to rectification, in order to request the modification of collected data on the grounds that they are inaccurate or untrue.
  • Right to data portability, in order to ask for a copy of those data which have been treated by CIALT.
  • Right to restriction of data processing, in order to ask for the suspension of treatment should this be deemed to be illicit or where data accuracy has been challenged.
  • Right to erasure (a.k.a. right to be forgotten), in order to ask for the erasure of data collected when their treatment is no longer necessary.
  • Right to object, intended to ask for the cessation of the sending of commercial communications by CIALT.
  • Right to revoke consent already granted.
  • Right to file claims with the Spanish Data Protection Agency (“AEPD”) in order to claim from said body the protection of those rights granted by the law in force.


7.2 Those rights may be exercised, free from any kind of charge, by any interested person just by sending the relevant written and signed application, by postal mail, to Avenida Tolosa 75, 2ª planta, 20.018 Donostia / San Sebastián (Gipuzkoa, España), or alternatively by electronic mail to the following e-mail address:


7.3 The above mentioned application shall include the following data: Client’s name and surnames, his / her / its address for service, photocopy of his / her Identity Card, Passport or Tax Identification Number (should it be an artificial person) and detailed information about what is being asked for through said application. In this regard, it is expressly stated that in the Web Page that the Spanish Data Protection Agency (“AEPD”) makes available to all those Interested Parties it includes a number of forms that will help them to exercise those rights they are entitled to.


7.4 Finally, attention is drawn to the fact that the removal of consent by any Interested Party resorting to the procedure detailed hereinabove shall not have a bearing on the licit nature of the treatment made prior to said removal.


8 Security measures


8.1 In compliance with the applicable regulations, CIALT commits itself to take all those measures that might be requisite in order to fulfil its duty to keep secret all those personal data that it may collect and / or treat, by avoiding their alteration, loss, treatment and / or unauthorized access.


8.2 In this regard, hereby it is expressly stated that CIALT has implemented the requisite security technical and / or organizational measures in order to guarantee personal data security, bearing in mind the current state of factors as relevant as the latest technological developments, the nature of the data stored and the risks these are exposed to.


8.3 In this regard, it is hereby stated that CIALT is an entity that does care about privacy, and in order to reinforce both the confidentiality and integrity of information in its organization, all of its processes are kept under constant supervision, control and assessment, in order to guarantee that both privacy and safety of the information referred to in this Privacy Policy are respected.

Este sitio web utiliza cookies para que usted tenga la mejor experiencia de usuario. Si continúa navegando está dando su consentimiento para la aceptación de las mencionadas cookies y la aceptación de nuestra política de cookies, pinche el enlace para mayor información.plugin cookies

Aviso de cookies
Abrir chat
¿Necesitas ayuda?
¡Hola! ¿Podemos ayudarte?