Privacy Policy
In accordance with the provisions of the current data protection legislation, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter, GDPR), as well as Organic Law 3/2018 of 5 December on the Protection of Personal Data and guarantee of digital rights (hereinafter, LOPD-GDD), the user is informed in accordance with the provisions of Articles 13 of the GDPR and 11 of the LOPD-GDD:
I. Responsible
Who is responsible for the processing of your data?
Website: WWW.SECONDBODYMONTESSORI.ORG
Company name: SECOND BODY SL
Tax ID: B13788856
Address: CALLE QUART N23 2 46001 VALENCIA
Email: hello@secondbodymontessori.org
II. Purpose
For what purpose will we process your personal data?
SECOND BODY SL processes your information for:
- Managing training activities.
- Maintenance of the business relationship and provision of the contracted service.
- Preparation of a budget tailored to your needs.
- Managing email communications with interested parties.
- Carrying out the company’s selection processes.
- Management of the company’s employees and human resources.
- Sending commercial information related to our sector: EDUCATION CENTER.
- Controlling the security of the facilities (video surveillance).
How long will we keep your data?
The personal data you provide us will be retained as long as the business relationship remains in effect. However, to be as transparent as possible, we inform you that the general time frames we work with are as follows:Additionally, given the sending of commercial information, even if the relationship between the parties ends, the responsible party will continue to retain your information for sending newsletters related to our products and services. You can always exercise the rights granted to you by current regulations by contacting us through the most convenient means for you.
- General identification data (email, name, surname, phone number, etc.): for the duration of the commercial relationship or until consent is revoked. In any case, they will be deleted when they are no longer needed for the purpose for which they were collected.
- Law on Infractions and Sanctions in the Social Order (obligations regarding affiliation, registrations, withdrawals, contributions, salary payments, etc.); Articles 66 and following of the General Tax Law (accounting books, etc.): four (4) years.
- Personal actions without a special term (Article 1964 of the Civil Code): five (5) years.
- Accounting, tax, and labor (Article 30 of the Commercial Code – accounting books, invoices, etc.): six (6) years.
- Labor: contracts, workday records, salary and contribution receipts, identification documents, four (4) years; in the case of occupational risk prevention reports, disease or accident records, contracts with prevention services, five (5) years.
- Data subject to the Law on the Prevention of Money Laundering and Terrorist Financing (Article 25): ten (10) years.
- Selection processes: two (2) years from the submission of the curriculum vitae.
- Video surveillance: thirty (30) days, except in the case of recording an infraction and/or crime.
- Dissociated and anonymized data: no retention period.
Additionally, given the sending of commercial information, even if the relationship between the parties ends, the responsible party will continue to retain your information for sending newsletters related to our products and services. You can always exercise the rights granted to you by current regulations by contacting us through the most convenient means for you.
Disaggregated and anonymized data: no time limit.
Despite the existence of these general time frames, we inform you that we will periodically review our systems to proceed with the deletion of data that is not legally necessary.
III. Legal Basis
What is the legal basis for processing your data?
According to the purposes for collecting our data, the processing of your data is necessary:
- To manage the business relationship you have subscribed to and contracted with us.
a. Execution of a contract (enabled by Article 6.1.b GDPR)
b. Consent of the data subject (enabled by Article 6.1.a GDPR) - To prepare a budget tailored to your needs.
a. Execution of a contract and/or pre-contractual relationship (enabled by Article 6.1.b GDPR) - To manage email communications with interested parties.
a. Consent of the data subject (enabled by Article 6.1.a GDPR)
b. Legitimate interest (enabled by Article 6.1.f GDPR) - To carry out the company’s selection processes.
a. Consent of the data subject (enabled by Article 6.1.a GDPR) - To manage the company’s employees and internal human resources.
a. Contractual execution (enabled by Article 6.1.b GDPR) - To send commercial communications.
a. Consent of the data subject (enabled by Article 6.1.a GDPR)
b. Consent of the data subject (enabled by Article 20 LSSICE)
c. Legitimate interest (enabled by Article 6.1.f GDPR and Article 21.2 LSSICE) - To control the security of the facilities (video surveillance).
a. Legitimate interest (enabled by Article 6.1.f GDPR) - To manage training activities.
a. Execution of a contract (enabled by Article 6.1.b GDPR)
b. Consent of the data subject (enabled by Article 6.1.a GDPR)
Additionally, all collected data are necessary for the provision of the service. However, those data marked with an asterisk (*) will be mandatory. If the mandatory data are not provided, the responsible party will not be able to provide the contracted service.
Lastly, we inform you that only individuals over the age of 14 can provide personal data on this website. As required by the LOPD and GDD, in the case of individuals under 14 years of age, parental or guardian consent is mandatory for us to process their personal data.
Furthermore, only individuals over the age of 18 can contract our services. In the case of individuals under 18 years of age, parental or legal guardian consent is mandatory for us to provide the offered services, unless the minor is emancipated.
IV. Rights of Interested Parties
What rights do I have regarding data protection?
In accordance with the provisions of Articles 13 GDPR and 11.2.c) LOPDGDD, you can exercise any of the following rights by communicating with us at the postal address CALLE QUART N23 2 46001 VALENCIA or the email address hello@secondbodymontessori.org. In any case, according to the current regulations, you are entitled to the following rights as provided in Articles 15 to 22 GDPR and 12 to 18 LOPDGDD:
- Right to request access to personal data concerning the data subject.
- Right to request rectification or deletion.
- Right to request the limitation of processing.
- Right to object to processing.
- Right to data portability.
You can request the forms to exercise your rights from the Responsible Party via the email address provided in the responsible party’s contact details. Additionally, you can file a complaint with the Spanish Data Protection Agency (AEPD). More information is available in Section VII of this document.
V. Recipients
To which recipients will your data be communicated?
You will always be informed and, where appropriate, your express consent will be requested to transfer your personal data or make international transfers in accordance with current regulations (Articles 13.1.e) and 44 GDPR, as well as Articles 11.1 and 40 LOPDGDD 3/2018). Therefore, we inform you that the third parties with whom the Responsible Party works have their servers located within the EU, EEA, or Switzerland, with adequate security measures in place to ensure proper and confidential data processing.
Outside of the aforementioned cases and unless required by law, your data will not be transferred or communicated to any third party, except in legally foreseen cases or when it is strictly necessary for the provision of a service. In general, the data may be transferred to:
- Technology service providers.
- Payment service providers.
- Courier and parcel companies.
- Third parties or intermediaries, as service providers, operating on our behalf (accounting firms, consultants, collaborating freelancers, etc.).
- Third-party data processors, collaborators, or those with a close business relationship with the Responsible Party for the sole purpose of providing our services.
Data transfers will be carried out with the utmost confidentiality, employing necessary measures such as signing confidentiality agreements or adhering to the privacy policies established on their respective websites. The User may refuse the transfer of their data to Data Processors by making a written request through any of the aforementioned means. The Responsible Party will not transfer or communicate your data to any third party, except in legally foreseen cases or when the provision of a service requires a contractual relationship with a Data Processor. Thus, the User agrees that some of the collected personal data may be provided to these Data Processors (payment platforms, accounting firms, intermediaries, etc.) when necessary for the effective realization of a contracted service or purchased product. The User also agrees that, in the event of service provision, these services may be partially or entirely subcontracted to other individuals or companies, who will be considered Data Processors, with whom a corresponding confidentiality agreement has been signed, or who have adhered to their privacy policies, established on their respective websites. The User may refuse the transfer of their data to Data Processors by making a written request through any of the aforementioned means.
VI. Source of your Data
How have we obtained your data?
The personal data used by SECOND BODY SL comes from the data subject themselves, thereby complying with the provisions of Articles 13 GDPR and 11 LOPDGDD already mentioned, or from group companies or collaborators, about which you can obtain more information by writing to the email address hello@secondbodymontessori.org or at the Responsible Party’s office at the postal address indicated in this document.
What categories of data do we handle?
The categories of personal data processed are:
Identification data
Name
Surname
DNI / NIE / Passport or equivalent document
Postal addresses
Email addresses
Gender
Date of birth
Place of birth
Contact phone number (mobile / landline)
Commercial information: own and third-party
Economic data
Bank account number
Credit card number
Curriculum vitae
Academic data
Qualifications
Hobbies Membership in associations or clubs
Video surveillance
Image
The processing of sensitive data will be carried out in accordance with Articles 9 GDPR and 9 LOPDGDD, always informing the data subject about which data will be used by the responsible party.
Health data
Data on religious beliefs
Data on philosophical beliefs
Data on ethnic or racial origin
Data on union or political affiliation
Data on sexual life or orientation
Biometric data
Genetic data
Data on sexual life or orientation
VII. Additional Information
Security measures:
Users of the responsible party’s website are informed that technical and organizational security measures have been adopted within our reach to prevent the loss, misuse, alteration, unauthorized access, and theft of data, ensuring the confidentiality, integrity, and quality of the information contained therein, in accordance with current data protection regulations. Personal data collected in the forms are processed solely by the responsible party’s staff or designated Data Processors. The website also has SSL encryption that allows Users to securely send their personal data through contact or registration forms on the website.
Social Networks:
The data controller has profiles on some of the main social networks on the Internet (Facebook, Instagram), recognizing in all cases the data controller for the data of its followers, fans, subscribers, commenters, and other User profiles (hereinafter, followers) published by the responsible party. The purpose of data processing by the data controller, where the law does not prohibit it, will be to inform its followers about its activities and offers, through any means that the social network allows, as well as to provide personalized User service. The legal basis that legitimizes this processing will be the consent of the data subject, which can be revoked at any time. In no case will the responsible party extract data from social networks, unless the User’s explicit and specific consent is obtained for this (for example, for the conduct of a contest).
Confidentiality:
The information provided by the User will, in any case, be considered confidential and will not be used for purposes other than those described here. The responsible party undertakes not to disclose or reveal information about the User’s requests, the reasons for the requested advice, or the duration of their relationship with the User.
Truthfulness of the data:
The User declares that all data provided by them are true and correct and undertakes to keep them updated. The User will be responsible for the truthfulness of their data and will be solely responsible for any conflicts or disputes that may arise from the falsity of the same. It is important that, in order for us to keep personal data updated, the User informs the responsible party whenever there has been any modification to them.
Documentation prepared by LegalDPO (https://legaldpo.es/), based on the information provided by the data controller. The content complies with the regulations in force in February 2023 and may vary according to legislative changes or judicial criteria, with the holder being responsible for checking regulatory compliance at all times.
VIII. Supervisory Authority
We make every effort to comply with data protection regulations as it is our most valuable asset. However, we inform you that if you believe your rights have been infringed, you can file a complaint with the Spanish Data Protection Agency (AEPD), located at C/ Jorge Juan, 6. 28001 – Madrid. More information about the AEPD can be found at http://www.agpd.es/. Documentation prepared by LegalDPO. https://legaldpo.es/
