Skip to main content

Privacy policy

General Information on Data Protection

WindRose Servicios Financieros, SL (hereinafter “WindRose”) acts in the business sphere as an organization dedicated to the provision of services, therefore, the regulations on data protection are fully applicable to its activity. Specifically, it processes data for the following purposes: economic and financial advice and consultancy, education and training, advice on company acquisition processes and business restructuring and reorganization processes.

WindRose treats the information of its employees and collaborators for the correct administration of its business, to manage the employment relationship, to evaluate its professional performance  and to comply with legal obligations derived from the employment relationship, the prevention against money laundering and the protection of personal data. It also processes personal data for the management of sending corporate information, sending information about events and/or activities organized or of which it is a part.
In any case, the personal information provided will be treated in a lawful, loyal and transparent manner in relation to the interested parties. Said treatments will be adequate, pertinent and limited to what is necessary in relation to the purposes for which they are treated.
The legitimacy for the processing of personal data varies depending on the purposes described above and groups of interested persons, obtaining unequivocal consent when necessary in accordance with the provisions of current data protection regulations. When the legitimacy is not consent, the data will be processed in compliance with a contract or pre-contract in which the interested party is a party, or based on the legitimate interest of the person in charge.

For these purposes, WindRose, as a party and commitment to the security and confidentiality of the information that may store or process personal data of the client (even temporarily), has adopted the necessary measures to prevent the alteration, loss, treatment or unauthorized access of said data. thanks to measures regularly audited to ensure: 

  • Confidentiality: through adequate controls and administration of users with access to the systems. All the staff  has signed an annex to their employment contract that includes confidentiality and the duty of secrecy regarding access to information and personal data that they may have in the performance of their work. In addition, the application of encryption technologies has been implemented, both in storage and transmission of information. Use of confidentiality preservation technologies, applying access control or identity management solutions, among others. 
  • Integrity: the information systems have security policies and password policies that limit and protect the information available by assigning access profiles both on local servers and in the Microsoft cloud. 
  • Availability: through resource allocation policies and backup policies that reach all systems. 
  • Application of response protocols to incidents, both physical and logical, that guarantee their rapid and effective resolution.

WindRose has defined the actions to follow for its suitability as a provider of consulting services that include: 

  • Analysis of risks related to the client, the project and the information received. 
  • Organizational measures to adapt the annex to the staff employment contract to what is required in the RGPD regarding the obligations of staff with access to customer data. 
  • Regarding the destination of the data: these will only be transferred in the conditions under which it has been reported in each case, and in compliance with legal provisions.

In relation to the time of conservation of the data, it will include  at least, unless the consent given is revoked, until the purpose for which they were collected ends.

Interested persons are informed of the possibility of exercising their rights of access to their personal data, as well as requesting the rectification of inaccurate data or, where appropriate, requesting its deletion when, among other reasons, the data is no longer necessary to the purposes that justified its collection.

The interested person has the right to exercise the right to be forgotten and to the portability of their data whenever it is technically feasible.

In certain circumstances, interested persons may request the limitation of the processing of their data, in which case they will only be kept for the exercise of the right to defend possible claims.

In certain circumstances and for reasons related to their particular situation, interested persons may object to the processing of their data. WindRose will stop processing the data, except for compelling legitimate reasons, or the exercise of the right to defend possible claims.

The interested person is informed of the possibility of exercising the rights mentioned above through the email address [email protected] They have the right to file a claim with the Spanish Agency for Data Protection if they are not according to the care received regarding their rights.

Privacy Policy Updates

We reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect immediately after their publication on the website.