Privacy policy

In accordance with current legislation on Personal Data Protection, and specifically in compliance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter, the General Data Protection Regulation), and by the Organic Law 3/2018 of December 5, 2018, on Personal Data Protection and Guarantee of Digital Rights (hereinafter, LOPD), GREY informs users about the Privacy Policy that will apply to the processing of personal data that, where appropriate, the user provides or has provided to GREY.

Below, you will find all the relevant information applicable to the use we make of the personal data of our customers and users, regardless of the channel or medium through which they interact with GREY: through our Web www.thegrey.es (hereinafter, the Web) or personally.

This privacy policy will always be available on the Web so that you can consult it whenever you deem appropriate. Additionally, whenever GREY requests personal data from you for a specific purpose, we will inform you in detail about the specific processing that will be carried out with your data in each case.

Who is the Data Controller?

The personal data provided, if any, will be processed by GREY AFFAIRS, S.L., (hereinafter, GREY), whose contact details are as follows:

Fiscal Address: Calle Josefa Valcarcel, 3, 28027 Madrid.
Tax Identification Number: B21671680
E-mail for data protection purposes: legal@thegrey.es

What do we process the data for? What data do we process? Why do we process them? And… For how long?

Personal data will be processed for different purposes, depending on the reason for which they were provided and the relationship, if any, that exists with GREY.

The following are the main purposes for which we may process your data

To manage existing business relationships between GREY and its customers or suppliers.

If you are a customer or a supplier of GREY, your data are processed to manage the relationship that binds us. Both parties need the data to be able to communicate and inform each other about the operation and processes used by each party in the normal development of their activities. In these cases, that is to say, whether you are a GREY customer or a service provider, the data processed by GREY are identification data (name, surname, postal address, e-mail address, postal code, telephone number, etc.). Specifically, GREY’s customer data will be used to:

a) Contact you in those cases in which there is an incidence or important communication related to the contracted services.
b) Send surveys to find out your degree of satisfaction with GREY, in order to improve their services.
c) Unless the customer states otherwise, send information about products similar to those contracted.

The legitimacy for the data processing specified in paragraphs a) is in the execution of the contract between the parties (contract for the provision of services). The legitimacy for the processing b) and c) are based on the legitimate interest of GREY and, in the specific case of c) in addition, based on the provisions of Article 21.2 LSSI. The data will be kept, therefore, as long as the business relationship between both parties remains in force.

We also inform you that such data may be communicated to third parties involved in the development of the existing relationship for the sole purpose that they can properly perform the functions assigned to them (technology service providers, suppliers and service providers and partners related to marketing and advertising) and for the time strictly necessary to perform their work or required by law, not being treated by them or retained beyond what is defined here.
To respond to queries, requests or petitions made by users and sent by email to the email address provided on the Web (info@thegrey.es) and to follow up on them.
That is, if you want to contact GREY to make a query, petition for advice or request for a meeting, your data (the identification data that you have provided us through any of these means) will be processed by GREY in order to answer your request or query. Obviously, GREY would not have your data and would not be able to answer you if you had not sent an email before, so the basis of consent to carry out this treatment will be the consent that you have given when contacting us voluntarily. In any case, these data will be retained by GREY for the time necessary to respond to your request or query. Subsequently, and if within two months of your reply, such contact has not led to a business relationship between the two, the data will be deleted.
To send commercial advertising communications in which users will be informed, including through electronic means, about the different products or services offered by GREY.
The data provided for this purpose will be processed on the legal basis of the consent of the person providing them. GREY may also send mailings for this purpose to customers who have not expressly expressed their opposition or to those professional contacts under the provisions of Article 19 LOPD. In this case, the basis of legitimacy of such treatment will be the legitimate interest.
Such consent may be withdrawn at any time, although this will not affect the lawfulness of the processing carried out previously, but once withdrawn, you will not receive them again. Personal data used for the sending of commercial advertising communications may be retained, for this purpose, indefinitely, unless the interested party requests cancellation/opposition to continue receiving such communications.
To manage the participation of users in GREY’s selection processes when they have sent their resume to info@thegrey.es.
In this case, in addition to the identification data, all the data included in the resume sent will be processed, such as academic and professional data, training/qualifications, student record, professional experience, membership in professional associations or schools. The legitimacy for the processing of data, in connection with the receipt of your resume, is based on the consent you give when you submit your employment information/resume. Such consent may be withdrawn at any time, even if this would mean that your application could not be taken into account in our recruitment processes. We also inform you that the withdrawal of your consent will not affect the lawfulness of the processing previously carried out. In any case, your data will be deleted after two years from the receipt of your resume.
To comply with the legal obligations required of GREY, as well as to carry out statistical studies that allow us to design improvements in the services provided based on your legitimate interest.
To manage the use of the Web and perform statistical analysis on the navigation on the same according to the provisions of the Cookies Policy.
Sometimes, GREY may receive the user’s IP address. The IP address is a code that identifies the Internet connection of a user at a specific time (this IP address may be static (it would always be the same) or dynamic (which may vary depending on the time). In any case, such data does not allow identification of the user as such, since this code does not identify the owner of this IP address. In principle, only the user’s Internet access provider could identify the owner of an IP address, therefore, and for GREY, it will always be anonymous information.

GREY will always keep your data for the time strictly necessary to fulfill each of the purposes determined. Once these periods have expired, your data will be kept and duly protected for as long as any liabilities arising from the processing may arise, in compliance with the regulations in force at any given time. Once the possible actions in each case have expired, we will proceed to the deletion of your data.

Where do we store the data?

The personal data provided will be stored using the appropriate protection guarantees required by the applicable regulations.

Which are your rights regarding the processing of your data?

The user, as the owner of the data processed by GREY, may, in accordance with the provisions of the General Data Protection Regulation:

access his/her personal data
request the correction of inaccurate data
request the deletion of his/her data and exercise his/her right to be forgotten
request the restriction of the processing of your data
object to the processing of your data
request your data portability
file a complaint before the Spanish Data Protection Agency, if you consider that the processing of your personal data is not in accordance with the regulations or in the event that the exercise of any of your rights is not satisfied.

The user can exercise all these rights by writing to the registered office of GREY included in this document or by sending an email tolegal@thegrey.es indicating the reason for your request and attaching a copy of your ID card or other valid identification document for these purposes.

The user is responsible that the information provided to GREY, through any means enabled for this purpose, is true. To this effect, he/she shall be responsible for the veracity of all the data he/she communicates and shall keep the information provided conveniently updated, in such a way that it always corresponds to his/her real situation. The user will be responsible for any false or inaccurate information provided and for any damages caused to GREY.

What security measures do we apply to protect your data?

GREY will never share the personal data provided by users with third parties without having obtained the prior consent of the owner of the data, unless legally obliged to do so.

GREY guarantees the security and confidentiality of the personal data provided. To this end, it has implemented the necessary technical and organizational security measures to prevent their alteration, loss, unauthorized processing or access, in accordance with the provisions of the applicable regulations.

GREY will apply the following principles to the processing of your data:

Principle of lawfulness, loyalty and transparency: GREY will require consent for the processing of users’ personal data by informing in a clear and transparent manner of the specific purposes for which they will be processed and any other information required by the regulations.
Principle of data minimization: GREY will only request and process personal data that is strictly necessary in relation to the purposes for which it is requested.
Principle of limitation of the storage period: the data will be kept for no longer than necessary for the purposes of the processing, depending on the purpose. GREY will inform of the retention period applicable in each case.
Principle of integrity and confidentiality: The user’s data will be processed ensuring adequate security and confidentiality.

Modifications to the Privacy Policy

GREY reserves the right to modify this policy to adapt it to new legislation, jurisprudence, and practices or decisions adopted by the Spanish Data Protection Agency or the European Data Protection Committee. In such cases, GREY will announce on its website or by the means it considers most appropriate, the changes introduced. In any case, we recommend that you review this policy, which is permanently available on our website, with each of your visits.

Cookie	Duration	Description
_wpfuuid	11 years	This cookie is used by the WPForms WordPress plugin. The cookie is used to allow the paid version of the plugin to connect entries from the same user and is used for some additional functionality such as the Form Abandonment plugin.
cli_user_preference	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-statistical	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Statistical".
CookieLawInfoConsent	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	2 years	The cookie is set by Google Analytics and helps the website owner understand how visitors interact with the website by collecting and reporting information anonymously.
_ga_#	2 años	Recopila datos sobre el número de veces que un usuario ha visitado el sitio web, además de las fechas de la primera visita y de la más reciente.