en
Privacy Policy

Privacy Policy

This Privacy Policy describes how Origin CR, S.L. processes personal data collected through this website and in the context of its business activities. The Controller processes personal data in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR) and applicable national data protection laws, ensuring that personal data is handled lawfully, fairly and transparently and only for specified, explicit and legitimate purposes.

Capitalised terms used in this Privacy Policy, including but not limited to Controller, Processor, Personal Data and Processing, shall have the meaning attributed to them under Regulation (EU) 2016/679 (General Data Protection Regulation).

Privacy Policy Summary

Item

Description

Controller

Origin CR, S.L.

Tax ID

B67805481

Website

Home

Purpose of processing

To respond to enquiries, provide information about services, manage precontractual and contractual relationships, and deliver contracted services

Legal basis

• Consent of the data subject (Art. 6(1)(a) GDPR)
• Performance of a contract or precontractual measures (Art. 6(1)(b) GDPR)
• Compliance with legal obligations where applicable

Data retention

Personal data will be retained in accordance with the criteria set out in Section 3 of this Privacy Policy

Data recipients

Personal data will not be disclosed to third parties unless required by law or necessary for the provision of services

User rights

Access, rectification, erasure, restriction, portability and objection, as well as the right to lodge a complaint with the Spanish Data Protection Agency

Exercise of rights

info@origin-sw.com

Mandatory data

Data marked with (*) is necessary to process the request

Security measures

Appropriate technical and organisational measures are implemented in accordance with the GDPR

Applicable law

Spanish law

 

1. Data Controller

In accordance with Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR) and applicable Spanish data protection legislation, users are informed that personal data provided via this website will be processed by:

  • Company name: Origin CR, S.L.
  • Tax ID: B67805481
  • Domain name: https://www.origin-sw.com
  • Email address: info@origin-sw.com

Origin CR, S.L. (the Controller) is committed to protecting personal data and processing it lawfully, fairly, and transparently.

2. Personal Data Collected via Contact Forms

2.1. Personal Data Collected via Contact Forms and Enquiries

The Controller processes personal data provided by users through contact forms, email communications or other enquiry channels made available on the website.

Purpose of processing

  • To respond to requests, enquiries or consultations submitted by users
  • To provide information about the Controller’s services
  • To take steps at the request of the data subject prior to entering into a contractual relationship, where applicable

Legal basis

  • Consent of the data subject (Article 6(1)(a) GDPR), where the enquiry is voluntary
  • Precontractual measures at the request of the data subject (Article 6(1)(b) GDPR), where the request is connected to potential service provision

2.2. Personal Data of Clients (Attorney–Client Relationship)

The Controller also processes personal data of clients in the context of professional legal services provided under attorney–client contracts.

Purpose of processing

  • To manage and perform professional legal services
  • To comply with contractual obligations arising from attorney–client engagement
  • To comply with applicable legal, regulatory and professional obligations

Legal basis

  • Performance of a contract to which the data subject is a party (Article 6(1)(b) GDPR)
  • Compliance with legal obligations applicable to the Controller (Article 6(1)(c) GDPR), including professional, fiscal and regulatory requirements

3. Data Retention

Personal data will be retained only for as long as necessary to fulfil the purposes for which it was collected, in accordance with the principles of data minimisation and storage limitation.

Where personal data is processed in the context of a contractual relationship with clients, and such processing is necessary for the performance of a contract or the provision of contracted services, personal data may be retained for a period of up to ten (10) years following the termination of the contractual relationship, where required to comply with contractual, legal or regulatory obligations, or for the establishment, exercise or defence of legal claims.

In all other cases, personal data will be retained for the applicable retention periods provided for by law, or for as long as necessary for the relevant processing purpose, after which it will be securely deleted or anonymised.

4. Data Recipients and Transfers

Personal data will not be disclosed to third parties, except where:

  • There is a legal obligation to do so; or
  • Disclosure is strictly necessary for the provision of services (e.g. IT or hosting providers acting as data processors, under appropriate contractual safeguards)

No international data transfers are carried out unless legally permitted and adequately safeguarded.

5. User Rights

Any individual has the right to obtain confirmation as to whether or not the Controller is processing personal data relating to them.

Where such processing exists, data subjects may:

  • Access their personal data and obtain information about its processing
  • Request the rectification of inaccurate or incomplete data
  • Request the erasure of their data where, among other reasons, the data is no longer necessary for the purposes for which it was collected
  • Request the restriction of processing in certain circumstances, in which case the data will only be retained for the establishment, exercise or defence of legal claims
  • Object to the processing of their data, on grounds relating to their particular situation, unless the Controller demonstrates compelling legitimate grounds or the processing is necessary for legal claims
  • Request the portability of their data to another controller, where applicable under the GDPR

Where data is erased or processing is restricted, personal data may be blocked and retained solely to comply with legal obligations.

Data subjects may exercise their rights by contacting the Controller at info@origin-sw.com, and may lodge a complaint with the competent supervisory authority.
Where processing is based on consent, consent may be withdrawn at any time without affecting the lawfulness of processing carried out prior to its withdrawal.

6. Mandatory or Optional Nature of Data

Fields marked with an asterisk (*) are necessary in order to handle the user’s request. Failure to provide such data may prevent the Controller from responding adequately.

Users confirm that the personal data provided is accurate and undertake to notify the Controller of any changes.

7. Security Measures

Origin CR, S.L. , as a data Controller, has implemented appropriate technical and organisational measures to ensure a level of security appropriate to the risk, in accordance with Article 32 GDPR.

Personal data is processed in compliance with the principles of lawfulness, fairness, transparency, data minimisation, accuracy, storage limitation and integrity under Article 5 GDPR.

8. External Links

This website may contain links to thirdparty websites. Origin CR, S.L. accepts no responsibility for the content or privacy practices of such websites.

9. Applicable Law

This Privacy Policy is governed by Spanish law.

Made with by Anna Baldrich & Bufó Studio