CLOUD WORKSPACES SL (hereinafter, CLOUDWORKS) as Responsible for the Treatment and of this website, in accordance with the provisions of General Data Protection Regulation Regulation (EU) 2016/679 and Organic Law 3/2018, of 5 December on Protection of Personal Data and guarantee of digital rights, makes this privacy policy available to you in order to inform you, in detail, about how we treat your personal data and protect your privacy and the information you provide us.
In this privacy policy we explain what your rights are regarding your personal information and how to exercise them. Additionally, in case you need to contact the competent authority in matters of data protection, we provide you with the contact information.
We, the controllers of your data | Entity: CLOUD WORKSPACES SL
TIN: B 65071862 Registered office: Sardenya 229-237 P. At. 08013 BARCELONA. Telephone: +800 200 459 Email: privacy@ wearecloudworks.com |
Our Data Protection Officer (DPO) | If you have any type of consultation, doubt or suggestion regarding how we use your personal data, you can contact the Data Protection Officer by email dpo@coworkinginthecloud.com |
What data do we collect?
The personal data that we collect from users and customers can be grouped according to the following categories:
We will never collect personal data that is specially protected or considered sensitive.
How do we collect personal data?
As a general rule, most of your personal information is provided to us directly by you, either in person at our coworking spaces, by phone, mail, web forms or by responding to surveys. However, we may also obtain information:
What can happen if you do not provide us with your personal information?
When we are required by law to collect your personal data or, when this is essential to enter into a contract with you, in the event that you do not want to provide us with your personal data, we will not be able to fulfil the purposes described. In the event that we find it necessary to cancel our services for this reason, we will notify you first when necessary.
For what purpose do we process your personal data?
We attach a detailed table with the purpose for which we collect your data and the legal basis that legitimises us for it.
Purpose of processing Why do we collect your data? |
Legal legitimacy to process your personal data |
To provide you with our services, accept payments and overdue charges | (1) Contractual execution
(2) Legitimate self-interest (for example, to manage possible non-payments) |
Register as a web user or new customer | (1) Express consent of the interested party
(2) Contractual execution |
Manage our relationship with our customers, which includes:
(1) Notify you of changes in our contracting conditions or policies (2) Request that you respond to a survey or rate our products/services |
(1) Contractual execution
(2) Compliance with a legal obligation (3) Legitimate self-interest (to update our records and know the opinion of our customers about our products/services) |
Send commercial communications, newsletters and advertising, through any communication channel | (1) Express consent of the interested party
(2) Legitimate self-interest (you have not always expressed your wish to stop receiving communication, ‘opt-out’) |
Respond to enquiries and/or provide information required by the interested party, including sending quotes | (1) Legitimate self-interest
(2) Contractual execution (3) Consent of the interested party (4) Compliance with a legal obligation |
Manage user interactions on our social networks | (1) Compliance with a legal obligation (for example to eliminate offensive, racist, vulgar or insulting comments; maintain an environment of respect and integration, preserve the privacy of minors, etc.)
(2) Legitimate self-interest (for example, when we remove third-party advertising from our networks) |
Use analytical data to improve the web browsing experience / use of the app, implement marketing strategies and optimize contracting processes through the use of cookies. | (1) Legitimate self-interest
(2) Consent of the interested party (for example, by accepting the use of analytical cookies) |
Manage and protect our business and our website. This includes the detection of navigation problems, data analysis, web/app tests, etc. | (1) Compliance with a legal obligation
(2) Legitimate self-interest (running our company, providing security for our networks, preventing fraud, etc.) |
Suggest and recommend products and services that may be of interest to you | (1) Legitimate interest (to grow our business) |
Provide personal data to authorities or by court order | Compliance with a legal obligation |
Provide greater security to our physical facilities (installation of CCTV cameras / video surveillance, access control) | In legitimate interest and in the interest of third parties. For example to detect the commission of an act harmful to our employees or customers. |
Update and improve our customer records | (1) In compliance with a legal obligation
(2) In execution of a contract (3) In legitimate interest (to verify that we can continue to contact our customers for issues related to their subscriptions, orders or products purchased). |
Guarantee safety at work, personnel management and the employability of candidates | (1) In compliance with a legal obligation
(2) In legitimate self-interest and that of third parties. To improve the experience of our employees when carrying out their dueties. |
With whom can we share your personal data?
We may share your personal data with:
All suppliers we work with are contractually bound to us. We can guarantee that they comply with all the necessary security measures to safeguard your personal data, that they will use your personal data solely and exclusively for the specified purposes, in accordance with our instructions.
We will also share personal data with law enforcement agencies when the law requires us to do so.
Where do we store your personal data?
All the data you provide us, both through this website and by other means or channels, will be stored on the servers of AMAZON WEB SERVICE AND GOOGLE. These servers are located within the European Economic Area.
International transfer of personal data
In order to be able to provide the service, we will sometimes need to transfer your data outside the European Economic Area (EEA). For example:
International data transfers are subject to specific rules governed by the principles of data protection laws. This means that we can only transfer your data to countries or international organisations outside the EU, when:
How long will we keep your personal data?
Your data will be kept for the duration of the commercial relationship with us or if you exercise your right of cancellation or opposition, or limitation of processing. However, we will keep certain personal identification and traffic data for a maximum period of 2 years in the event that it is required by the Judges and Courts or to initiate internal actions derived from the improper use of the website.
Likewise, we inform you that our data storage policies are adjusted to the terms that mark the different legal responsibilities for limitation purposes:
Under the provisions of article 30 of the Commercial Code, and except for other criteria, all documents and/or data of the company will be kept for 6 years.
This affects all accounting, tax, labor or commercial documentation, including correspondence.
Our company must also set minimum deadlines depending on the type of data in question and taking into account the different statutes of limitations, which each of the departments must know.
This table lists the statutes of limitations that affect or may affect our organisation:
Matter | Limitation | Regulation |
Labor, for the purposes of infractions | 3 years | Art. 4.1 RD 5/2000 |
Social Security, for the purposes of infractions | 4 years | Art. 4.2 RD 5/2000 |
Prevention of Occupational Risks, for the purposes of infractions | 5 years | Art. 4.3 RD 5/2000 |
Tax, for the purposes of tax debts | 4 years | Art. 66 Law 58/2003 |
Tax, for the purposes of checking offset fees or deductions applied | 10 years | Art. 66 bis Law 58/2003 |
Accounting and commercial | 6 years | Art. 30 of the CC |
Crimes against Public Treasury and Social Security | 10 years | Art. 131 OL 10/1995 |
You will not be subject to decisions based on automated processing that has effects on your data.
Our communications
All the personal data that you communicate to us will be incorporated into our information systems. If you accept this privacy policy, it means that you grant CLOUDWORKS the express consent to carry out the following activities and/or actions, unless you indicate otherwise:
How to stop receiving marketing communications (opt-out)?
At any time you can revoke any express consent you have given us to send you commercial information. To do this, you can request your withdrawal through the option (opt-out) when it is enabled in our app/web, or by sending us an email with the subject “unsubscribe” to privacy@wearecloudworks.com.
In accordance with the LSSICE, we never send out SPAM, therefore, we will not send you commercial emails if they have not been requested or authorised by you. However, in all our communications, you will have the possibility to revoke your consent.
We will not process your personal data for any other purpose than those described except by legal obligation or judicial requirement.
User responsibility – Declaration of veracity
By providing us with your personal data through electronic channels, the user declares that they are over 14 years of age and that all data provided to CLOUDWORKS is true, accurate, complete and up-to-date. For these purposes, the user confirms that they are responsible for the veracity of the data communicated and that they will keep said data suitably updated so that it responds to their real situation, being responsible for the false and inaccurate data that they may provide, as well as for the damages, direct or indirect, that may arise.
If you send us your resume …
In the event that you want to send us your CV through our website/email, we inform you that the data provided will be processed to allow you to participate in the selection processes that may exist, carrying out an analysis of your professional profile with the objective of selecting the most suitable candidate in case a vacancy occurs.
We do not accept resumes sent through other channels (for example, hand-delivered on paper). In the event of any change in the data, please notify us in writing as soon as possible, in order to keep your data duly updated.
The resumes will be kept for a maximum period of one year, after which they will be securely destroyed and all the data included will be deleted. We fully guarantee the confidentiality of your data. In this respect, after the aforementioned period, if you wish to continue taking part in potential selection processes, you must send your resume again.
How do we keep your data secure?
We take the protection of your data very seriously. For this reason, we guarantee the implementation of security measures, controls and procedures of a physical, organisational and technological nature, appropriate to prevent your data from being accidentally lost, used or accessed maliciously.
We limit access to your data to persons and entities authorised to do so and we make sure to properly train all our staff. All those involved in the processing of your personal data are subject to the obligation of strict confidentiality.
Additionally, we apply technical procedures to react to any suspicion that could constitute a data security breach. If necessary, we will notify you about it, as well as the supervisory authority (the AEPD in Spain), in accordance with current regulations.
How to exercise your ARCOLP rights?
Both the RGPD and the regulation of transposition to Spanish law (the LOPDGDD), guarantee the exercise of the following rights. You can exercise them at any time and always free of charge:
Right of access | The right to receive a copy of your personal data. |
Right to rectification | The right to request the correction of errors in personal data. |
Right to erasure (right to be forgotten) | The right to request that we delete your personal data – in certain situations. |
Right to restriction of processing | The right to request the restriction of the processing of your data. |
Right to object | The right to object to:
-the processing of your data for direct marketing (including the creation of profiles). -continue processing your data, in certain circumstances. For example, the treatment carried out based on our legitimate interest. |
Right of data portability | The right to receive your personal data in a structured, readable format and/or transmit this data to a third party – in specific situations. |
Right to avoid automated decision-making | Right not to be the subject to a decision based solely on automated processing, including profiling, that has legal effects or that affects significantly. |
To exercise any of the aforementioned rights, please send us your request to the email created specifically for this purpose: privacy@wearecloudworks.com
You can also contact our Data Protection Officer directly at: dpo@coworkinginthecloud.com
In your request you must include information on what exactly you need and in all events provide oficial proof of your identity.
The data protection supervisory authority
We hope to resolve any questions or concerns that may concern you in relation to your personal data. But if you want to file a complaint with the competent authority, you have the right to do so.
In Spain, the highest authority in terms of data protection is the Spanish Data Protection Agency (AEPD).
https://www.aepd.es/es – Tel: 91 266 35 17.
Changes in this privacy policy
CLOUDWORKS reserves the right to modify this policy to adapt it to the new legislative or jurisprudential requirements.