SARA MIRABETE PIZARRO (TANGRAM LEGAL) respects current legislation regarding the protection of personal data, the privacy of users and the secrecy and security of personal data. All our clients’ data will be treated in accordance with the principles of legality, loyalty and transparency, limitation of the purpose and retention period, data minimization, accuracy, integrity and confidentiality, among others, as well as respecting the rest of the obligations and guarantees established in Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, and Organic Law 3/2018, of December 5, on the Protection of Personal Data and guarantee of digital rights, adopting To this end, the technical and organizational measures necessary to avoid the loss, misuse, alteration, unauthorized access and theft of the personal data provided, taking into account the state of the technology, the nature of the data and the risks to which they are exposed. exposed. If we introduce changes to it in the future, we will notify you through the website or through other means so that you can know the new privacy conditions introduced.

1. RESPONSIBLE FOR THE TREATMENT

Who is responsible for the processing of your data? The person responsible for processing your data is: SARA MIRABETE PIZARRO – TANGRAM LEGAL NIF: 46757663-C Address: Calle Valencia 359, 4-1. CP 08009 Barcelona Telephone: 93 626 89 29 E-mail: hola@tangramlegal.com

2. PERSONAL DATA

What is personal data and what data do we process? Personal data consists of information that identifies or allows identification of individual persons such as name, postal address, email address or telephone number, etc. Users / Information request / Newsletter. The personal data provided by users is the data collected through cookies. Reference is made to the cookie policy to know in detail what data the cookies collect: Cookie policy. If they provide contact information through the website or through other means, the name, email and, if applicable, contact telephone number may be collected. Customers. By virtue of the commercial relationship, we may have access to your basic identification data and your contact data, that is, name and surnames, date of birth, marital status, ID, email address, postal address and telephone number. Additionally, we may also have access to your banking information to provide the service and/or we can invoice you for our products and services. Likewise, by virtue of the commercial relationship, we may have access to personal data of your employees or third parties for whom you are the data controller. Potential employment candidates. The personal data provided by potential job candidates may be your name, contact email, telephone number and resume.

3. PURPOSE OF THE TREATMENT

3.1. For what purpose do we process your data? Web users/Request for information. We process the information that users provide us to allow a good browsing experience on the web. In the event that the user provides us with their contact information to make a query or receive information, they will be used to respond to the queries raised and provide information required by the users, including, without limitation, sending informative notes or invitations. to events of your interest. In accordance with Law 34/2002, of July 11, on Information Society Services (LSSICE), Sara Mirabete Pizarro does not practice SPAM, therefore, it does not send commercial emails by email that have not been previously requested. or authorized by the user. In all commercial communications from Sara Mirabete Pizarra, the user is given the possibility of canceling their express consent to receive our communications. Customers. We process the information provided by our clients to be able to prepare the individualized service proposal and subsequently carry out the correct execution of the contract. Likewise, we use the data to carry out the necessary administrative, legal and/or notarial procedures; for billing and management of contracted services; for the maintenance of the commercial relationship; and, to improve our services. If you did not provide us with your identification information, contact or banking information, it would not be possible for us to present our services to you. The data will be processed within the contractual relationship in compliance with the administrative, fiscal, accounting and labor obligations that are necessary under current legislation. Potential employment candidates. Your data will be processed solely and exclusively for the management of the selection of potential candidates as employees. We will not process your personal data for any other purpose than those described except for legal obligation or judicial requirement. You can revoke your consent at any time by sending a letter with the subject “Unsubscribe” to hola@tangramlegal.com. In no case do we use your data for profiling or to make automated decisions. 3.2. How long do we keep your data? In compliance with the principle of limiting the conservation period, the data collected will be processed solely and exclusively for the time necessary and for the purposes for which it was collected at any given time. For this reason, the personal data that you provide us will be kept for the duration of the commercial relationship and up to one year after the termination of said contractual relationship, for the time necessary to comply with legal obligations or until you request its deletion. We undertake to delete your data from our databases once the retention period indicated above has elapsed and to instruct the companies in charge of processing whose services we use to delete from their databases all information about you that they may have. Potential employment candidates. At the end of the selection process, the data of potential candidates who have not been selected for the job is deleted.

4. LEGITIMATION

What is the legitimacy for the processing of your data? The legal basis for the processing of your data and the personal information that you give us is the fulfillment of the contract or, alternatively, your consent. Web users/Request for information. Your consent granted to carry out the purposes described above, which will be requested at the time of acceptance of the cookie policy or, where applicable, marking the corresponding box when collecting your data for the corresponding purpose. Refusal to provide the information marked as mandatory will mean the impossibility of responding to the specific request in question. The interested party declares that the information and data provided to us are accurate, current and truthful. We ask that, in the event of a modification, you immediately communicate the same, so that the information being processed is at all times updated and does not contain errors. Clients. Your consent granted to carry out the purposes described above, which will be requested at the time of marking the box corresponding to the time to collect your data. Refusal to provide the information marked as mandatory will mean the impossibility of responding to the specific request in question. The interested party declares that the information and data provided to us are accurate, current and truthful. We ask that, in the event of a modification, you immediately communicate the same, so that the information being processed is at all times updated and does not contain errors. The execution of the service provision contract to which the client is a party. In cases where there is a contractual relationship between the parties, the legitimation for the development of the services and the administrative, fiscal, accounting and labor obligations that are necessary under current legislation will be the prior existence of the commercial relationship and/or or commercial relationship established between the parties. Likewise, the processing of contact data necessary to maintain the commercial relationship of natural persons who carry out commercial functions or provide services in a legal entity will be protected by virtue of the satisfaction of legitimate interests or, if it is considered necessary, it will be will be covered by a data processor contract to regulate the secure processing of said data. Potential employment candidates. Your consent granted to process your data during the selection process.

5. RECIPIENTS

To which recipients will your data be communicated? Sara Mirabete Pizarro does not carry out any transfer or communication of data to third parties without prior consent, unless there is a reasonable need to comply with a judicial procedure, legal obligation or after obtaining the user’s consent. Web users/Request for information/Client/Potential employment candidate. Although this is not a transfer of data, to provide the requested service you may be that third companies, which act as our suppliers, such as the Web hosting service or others, access your information to carry out the service that we have contracted from them. These processors access your data following our instructions and without being able to use it for a different purpose and maintaining the strictest confidentiality. Clients. Although this is not a transfer of data, it may be that third parties, which act as our suppliers, such as hosting providers , accounting, storage, mail and messaging, access your information to carry out the service that we have contracted for them. These processors access your data following our instructions and without being able to use it for a different purpose and maintaining the strictest confidentiality. In contracts with suppliers and clients in which one of the parties has access to the other party’s personal data, a data processor agreement must always be signed. Likewise, Sara Mirabete Pizarro reserves the right to conduct a questionnaire prior to contracting to ensure compliance with regulations for its suppliers. Potential employment candidates. Although this is not a transfer of data, it may be that third companies, which act as our suppliers, such as hosting providers, recruitment companies, recruitment platforms, emails and messaging, access your information to carry carry out the service that we have contracted from them. These processors access your data following our instructions and without being able to use it for a different purpose and maintaining the strictest confidentiality. Under no circumstances will international data transfers be made outside the European Economic Area (EEA) without your prior consent.

6. RIGHTS OF USERS AS INTERESTED PERSONS

What are your rights when you provide us with your data?

1. 1. ACCESS, RECTIFY, DELETE: All interested parties have the right to access their personal data, as well as to request the rectification of inaccurate data or, where appropriate, request its deletion when, among other reasons, the data is no longer necessary for the purposes for which they were collected.
   2. LIMIT THE PROCESSING: In certain circumstances, interested parties may request the limitation of the processing of their data, in which case we will only keep them for the exercise or defense of claims.

According to current regulations, you can request the limitation of your data when: a) You have exercised your rights of rectification or opposition and we are in the process of responding to your request. b) The treatment is illicit, which would determine the deletion of the data, but you oppose it. c) The data is no longer necessary for the processing and must be deleted but you need it to formulate the exercise or defense of claims.

• OPPOSE TO THE PROCESSING: The interested parties may oppose the processing of their data in which case we will stop processing their data, except for compelling legitimate reasons or the defense of possible claims.
• DATA PORTABILITY: Likewise, interested parties have the right to request portability of the data they have provided to us to transfer it to another data controller. In this case, the data will be transmitted to another person in charge or to the interested party in a structured, commonly used and machine-readable format.
• WITHDRAW CONSENT: All interested parties who have given consent for a specific purpose have the right to withdraw this consent at any time. The withdrawal of consent will not affect the legality of the processing carried out before the withdrawal of consent.

How to exercise rights? Puedes ejercer todos tus derechos mediante comunicación al email: hola@tangramlegal.com. O si lo prefieres por correo postal a la dirección: SARA MIRABETE PIZARRO – TANGRAM LEGAL |C/ VALENCIA 359, 4-1 | CP 08009 Barcelona; indicando siempre tu nombre y apellido(s), el derecho que solicitas ejercer, el motivo de la solicitud y adjuntando copia de tu documento de identidad. En plazo de un mes después de recibir la solicitud de ejercicio de tus derechos te informaremos sobre las actuaciones que hemos realizado a causa de tu petición. En caso de solicitudes especialmente complejas te contactaremos en un plazo máximo de dos meses. En cualquier caso si no estuvieses satisfecho con nuestra respuesta puedes presentar una reclamación ante la Autoridad de Control en materia de Protección de Datos competente: Agencia Española de Protección de Datos Dirección: Calle Jorge Juan, 6, 28001 Madrid Teléfonos: +34 901 100 099 / +34 91 266 35 17 Página web: www.agpd.es

7. ¿CÓMO PROTEGEMOS SU INFORMACIÓN?

Utilizamos medidas, controles y procedimientos de carácter físico, organizativo y tecnológico, razonablemente fiables y efectivos, orientados a preservar la integridad y la seguridad de sus datos y garantizar su privacidad. Furthermore, all staff with access to personal data have been trained and are aware of their obligations in relation to the processing of their personal data. In the case of the contracts we sign with our suppliers, we include clauses in which they are required to maintain the duty of secrecy with respect to the personal data to which they have had access by virtue of the order made, as well as to implement security measures. technical and organizational measures necessary to guarantee the permanent confidentiality, integrity, availability and resilience of personal data processing systems and services. All these security measures are reviewed periodically to guarantee their adequacy and effectiveness. However, absolute security cannot be guaranteed and there is no security system that is impenetrable, so, in the case of any information being processed and under our control that is compromised as a result of a security breach, we will take the necessary measures. appropriate measures to investigate the incident, notify the Control Authority and, where appropriate, those users who may have been affected so that they can take appropriate measures.

8. MODIFICATION OF THE PRIVACY POLICY.

Sara Mirabete Pizarro reserves the right to modify this policy to adapt it to new legislation, jurisprudence or industry practice. If we introduce changes to it in the future, we will notify you through the website or through other means so that you can know the new privacy conditions introduced.