Privacy Policy


Who is the controller of your personal data?

PONCE Y SANTOYO ASOCIADOS, S.C.P. is the DATA CONTROLLER responsible for processing USERS’ personal data and informs you that your information will be processed according to European Data Protection Regulation (EU) 2016/679, of April the 27th (GDPR), and Spanish Organic Law 3/2018, of December the 5th (LOPDGDD).

Why do we process your personal data?

To keep a commercial relationship with you as a service USER. We may need to collect your data to serve the following purposes:

Sending commercial communications by e-mail, fax, SMS, MMS, social networks or any other electronical or physical means, current or future, that enable commercial communications. As the DATA CONTROLLER, we may contact you with regard to our products or services or the products or services of our collaborators or providers, with whom we have singed a trade promotion agreement. In this case, third parties will never have access to your personal data.  

Conducting market research and statistical analyses.  

Dealing with your orders and requests, and answering any queries you may submit via any of the contact methods made available to you through our website.

Sending our online newsletter with news, offers and promotions with regard to our activities.

What is our legal basis for processing your data?

The lawfulness of data processing is regulated by Article 6 of the GDPR, which lists the following conditions that justify the processing of data:

With the USER’S consent — sending commercial communications and newsletters.

In the legitimate interest of the DATA CONTROLLER — conducting market research, statistical analyses, etc. and dealing with orders and queries at the USER’S request.

How long will we store your personal data for?

We will not store your data for longer than we need to, given the purpose they were collected for or to comply with the legal requirements providing for data custody. When storing your data is no longer necessary, they will be deleted following appropriate security measures for data anonymisation or erasure.     

Who may we share your personal data with?

We do not expect to share your personal data with third parties with the exception of—should it be necessary in order to fulfil the purposes of the data processing—our communications service providers, with whom we have signed confidentiality agreements and data processing agreements as established by the data privacy regulations in force. 

What are your rights?

Your rights as a USER include the right to:

Withdraw your consent at any time.

Access your data, have them rectified or erased, stop or restrict the processing of your data, and data portability. 

Lodge a complaint with a supervisory authority ( if you consider that the processing of your data does not comply with the regulations in force.

You can exercise your rights by contacting:



By ticking the corresponding boxes and entering information in the fields marked with an asterisk (*) in the ‘contact us’ section or downloadable forms, USERS accept expressly, freely and in an unequivocal manner that it is necessary for the service provider to collect their data in order to deal with their requests. Providing information in the boxes that are not marked with an asterisk is optional. The USER confirms that the information they provide to the DATA CONTROLLER is true and takes responsibility for communicating any changes to it.    

The DATA CONTROLLER informs that all information collected through their website is mandatory, since these data are necessary to deliver an optimal service to the USER. In the event that the USER failed to provide the necessary data, the DATA CONTROLLER cannot guarantee that their services or information will fully meet the USER’S needs.


In accordance with the personal data protection regulations in force, the DATA CONTROLLER confirms his compliance with all the provisions in the GDPR and LOPDGDD regulations with regard to the processing of personal data they are responsible for, and his manifest compliance with the principles listed in Article 5 of the GDPR, according to which personal information must be processed lawfully, fairly and in a transparent manner in relation to the data subject. Likewise, personal data collection must be adequate, relevant and limited to what is necessary in relation to the purposes for which personal data are processed.

The DATA CONTROLLER guarantees that he has implemented appropriate technical and organisational policies to apply the security measures established by GDPR and LOPDGDD regulations in order to protect the rights and freedoms of the USER. He also guarantees that he has communicated the appropriate information for the USERS to be able to exercise their rights and freedoms.

For further information about privacy assurance, please contact the DATA CONTROLLER: PONCE Y SANTOYO ASOCIADOS, S.C.P.. C/ EEDGAR NEVILLE, 1 2º IZQ – 28020 MADRID (Madrid). Email: