Privacy Policy


This Privacy Policy has been drawn up taking into account the provisions set out by the Organic Law on the Protection of Personal Data, as well as by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27th April 2016 on the protection of individuals with regard to the processing of personal data and the free movement of such data, hereinafter referred to as the GDPR.

This Privacy Policy sets out to inform data subjects, from whom information is being collected, about specific aspects relating to the processing of their data, such as the purposes of processing, contact information to exercise the corresponding rights, as well as information retention periods and security measures.

Data Controller

In terms of data protection, ENTERPRISE QUALITY MANAGEMENT, S.L. shall be considered the data controller in relation to the files/processing identified in this policy, specifically in the data processing section.

The details of the owner of this website are as follows:


Postal address: C/ Montserrat Roig 38-40 - PI Pedrosa • 08908 Hospitalet de Llobregat (Barcelona)


Data Processing

The personal data requested, where appropriate, shall consist solely of data strictly necessary to identify and respond to the request made by its owner, hereinafter referred to as the data subject. This information shall be treated in a fair, lawful and transparent manner in relation to the data subject. Meanwhile, personal data shall be collected for explicit and legitimate purposes and shall not be processed in any way other than for the aforementioned purposes.

The data collected from each data subject shall be appropriate, relevant, and not excessive in relation to the corresponding purposes for each case and shall be updated whenever necessary.

The data subject shall be informed, prior to the collection of their data, of the general purposes regulated in this policy in order to give their explicit, precise and unequivocal consent for the processing of their data, in accordance with the following aspects.

Purposes of data processing:

The explicit purposes for each type of processing are included in the information clauses within all data collection channels (website forms, paper forms, voice messages, posters, and information sheets).

However, the data subject's personal data shall be processed with the sole purpose of providing an effective response and answering requests made by the user specified next to the option, service, form or data collection system which the data subject uses.

Legal basis:

As a general rule, prior to the processing of personal data, ENTERPRISE QUALITY MANAGEMENT, S.L. shall obtain explicit and unequivocal consent from the data subject through the incorporation of informed consent clauses in the various information collection systems.

However, if the data subject's consent is not required, the legal basis of the processing which covers ENTERPRISE QUALITY MANAGEMENT, S.L. is the existence of a specific law or regulation which authorises or requires the processing of the data subject's data.


As a general rule, ENTERPRISE QUALITY MANAGEMENT, S.L. shall not transfer or disclose any data to third parties, unless required by law. However, if necessary, the data subject shall be informed of any such transfers or disclosures of data via the consent clauses included in each data collection channel.


As a general rule, personal data is always collected directly from the data subject. However, in certain exceptions, data may be collected through third parties, entities, or services other than the data subject. In this regard, this purpose shall be transferred to the data subject via the informed consent clauses contained in the data collection channels and within a reasonable time once the data has been collected, and at the latest within one month.

Retention periods:

The information collected from the data subject shall be retained for as long as it is necessary to fulfil the purpose for which the personal data was collected. Therefore, once the purpose has been fulfilled, the data shall be deleted. Said deletion shall result in the encryption of all data except for data available to public authorities, judges, and courts, as evidence for any possible legal action arising from the processing and for a predetermined period of time. Once the aforementioned period has elapsed, the information shall be destroyed.

For information purposes, the legal terms for the retention of information in relation to various matters are detailed below:


Documents of an occupational nature or related to social security 4 years such as Article 21 of Royal Legislative Decree 5/2000 of 4th August, which approves the reworded text of the Law on Employment Practices Liability

Accounting and tax documents for commercial purposes 6 years Art. 30 Commercial Code
Accounting and tax documents for tax purposes 4 years Articles 66 to 70 General Tax Law
Browsing data.

In relation to the browsing data which may be processed via the website, if data is collected which is covered by the regulation, please refer to the Cookie Policy published on our website.

Rights of data subjects.

Data protection regulations grant a series of rights to data subjects or owners of data, users of the website or users of the social media profiles of ENTERPRISE QUALITY MANAGEMENT, S.L.

The rights which apply to data subjects are as follows:

Right of access: right to obtain confirmation as to whether or not their personal data is being processed, the purposes of the processing, the categories of data concerned, the recipients or categories of recipient, the envisaged retention period and the source of said data.
Right to rectification: right to obtain the rectification of any inaccurate or incomplete personal data.
Right to deletion: right to obtain the deletion of the data in the following cases:
When the data is no longer necessary for the purpose for which it was collected
When the data subject withdraws consent
When the data subject objects to the processing
When the data must be deleted in compliance with a legal obligation
When the data has been obtained by virtue of an information society service based on the provisions of Art. 8 (1) of the European General Data Protection Regulation.
Right to object: right to object to processing based on the data subject's consent.

Right to restriction: right to obtain the restriction of  data processing where one of the following applies:
The accuracy of the personal data is contested by the data subject for a period enabling the controller to verify the accuracy of the personal data.
The processing is unlawful and the data subject opposes the deletion of the personal data.
The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims.
The data subject has objected to processing pending the verification whether the legitimate grounds of the controller override those of the data subject.
Right to portability: the right to obtain the data in a structured, commonly used and machine-readable format, and to transmit it to another data controller when:
The processing is based on consent
The processing is carried out by automated means
Right to lodge a complaint with the competent supervisory authority
Data subjects may exercise the indicated rights by writing to ENTERPRISE QUALITY MANAGEMENT, S.L. at the following address: C /Montserrat Roig 38-40 - PI Pedrosa • 08908 Hospitalet de Llobregat (Barcelona), indicating in the subject line the right they wish to exercise.

In this regard, ENTERPRISE QUALITY MANAGEMENT, S.L. shall deal with their request as soon as possible and taking into account the terms set out in the regulations on data protection.


The security measures adopted by ENTERPRISE QUALITY MANAGEMENT, S.L. are those required by the provisions of Article 32 of the GDPR. In this regard, ENTERPRISE QUALITY MANAGEMENT, S.L., taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing, as well as the risk of varying likelihood and severity for the rights and freedoms of individuals, the controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk.

In any case, ENTERPRISE QUALITY MANAGEMENT, S.L. has implemented sufficient mechanisms to:

Ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services.
Restore availability and access to personal data in a timely manner in the event of a physical or technical incident.
Regularly test, assess and evaluate the effectiveness of technical and organisational measures for ensuring the security of the processing.

Scroll to Top