Privacy Policy

We provide you with this Privacy Policy to inform you in detail about how we process your personal data and protect your privacy and the information you provide to us.

If, in the future, we introduce modifications to this Privacy Policy, we will inform you through this portal or by other means so that you can be aware of the new privacy conditions adopted.

Below, we provide information in a question-and-answer format regarding the conditions under which our entity processes your personal data

Who is responsible for processing your data?

• Entity: AMBAR PARTNERS TECH SERVICES, S.L., with Tax Identification Number (NIF): B88306147 (here in after, “Ambar”)‍
• Address: C/ Guzmán el Bueno, 133 Edificio Britannia, 28003 - Madrid, Spain‍
• NIF: B88306147‍
• Telephone: +34 697 628 122‍
• Email: lopd@ambarpartners.com‍

Definitions

• Ambar Hauss: Refers to the web and mobile platform operated by Ambar and made available to the members of its community. It is designed as a digital space for Ambar's lawyers or "Partners," facilitating interaction, professional and personal growth, access to exclusive tools and services, discounts with partner brands, and potential professional collaboration opportunities.
• Partner: An independent lawyer or one with their own practice who has been admitted to the Ambar community and, therefore, has access to Ambar Hauss.‍

For what purpose do we process your personal data?

a) Managing the registration request so that users can (i) access the admission program to the Ambar community; (ii) enjoy Ambar Hauss services if admitted to the community.

b) We will process the data provided by the user to assess their admission to the Ambar community and, if admitted, to offer them various Ambar Hauss services.

How long will we process your data?

We only retain your data for as long as necessary to fulfill the purpose for which they were collected, comply with legal obligations, and address potential liabilities arising from the processing.

Data for platform registration management and user evaluation for community admission will be retained according to the following criteria:

• If the user's request is rejected, and they are not admitted to our community, their data will be stored for a maximum of two years for future consideration. After this period, the data will be deleted.
• If users are accepted into the Ambar community, their data will be retained as long as the relationship remains active. Once terminated, the data may be kept for the time required by applicable law.
• If a user completes the registration form but does not provide personal data for Ambar's assessment within two years, their data will also be deleted.
• Data for commercial communications will be retained indefinitely until you request their deletion or express your desire to stop receiving such communications.

‍What is the legal basis for processing your data?

The prospective offer of products and services to community members is based on Ambar's legitimate business interest in offering its services. This legitimate interest is recognized by applicable legal regulations (General Data Protection Regulation), which expressly allow personal data processing for direct marketing purposes. However, you have the right to object to this processing at any time using the contact methods outlined in this policy. Refusing this processing will only result in you not receiving our commercial communications.

The categories of processed data are those requested in each case through the relevant form or contract.

Who are the recipients of your data?

Any individual has the right to confirm whether we are processing their personal data. Interested parties have the right to access their data, request the correction of inaccurate data, or request their deletion when the data is no longer necessary for the purposes for which they were collected.

Under the GDPR, individuals may request the restriction of data processing or its portability, in which case we will only retain them for legal claims.

In certain circumstances, for reasons related to their particular situation, individuals may object to data processing. If you have given consent for specific processing, you may withdraw it at any time without affecting the lawfulness of prior processing. If this occurs, we will stop processing the data unless there are compelling legitimate grounds or for legal defense purposes.

Additionally, you may object to decisions based solely on automated processing.

These rights are characterized as follows:

• Exercising these rights is free unless the request is manifestly unfounded or excessive.
• You may exercise your rights personally or through a legal or voluntary representative.
• We must respond to your request within one month, extendable by two additional months for complex or numerous requests.
• We must inform you about available means to exercise your rights. If the request is electronic, we will respond electronically unless requested otherwise.
• If we do not process your request, we will inform you within one month, explaining the reasons and the possibility of filing a complaint with a supervisory authority.

To facilitate the exercise of these rights, we provide the following links to the request forms for each of them:

• Access Right Request Form
• Rectification Right Request Form
• Objection Right Request Form
• Deletion Right Request Form (Right to be Forgotten)
• Restriction of Processing Right Request Form
• Data Portability Right Request Form
• Right Not to Be Subject to Automated Individual Decision-Making Request Form

All rights can be exercised using the contact details provided at the beginning of this policy.

If your rights are violated, especially if you receive no response, you can file a complaint with the Spanish Data Protection Agency (www.aepd.es) or another competent authority. You can also seek additional information from these agencies.

How do we protect your personal data?

We are committed to protecting personal data using reliable and effective physical, organizational, and technological measures to ensure integrity, security, and privacy.

All personnel with access to personal data are trained and aware of their data protection obligations.

Contracts with service providers include clauses requiring confidentiality and compliance with security measures to ensure the continuous integrity and resilience of processing systems and services.

Security measures are periodically reviewed to ensure their adequacy and effectiveness.

However, absolute security cannot be guaranteed. If any security breach affects personal data under our control, we will take appropriate measures, notify the supervisory authority, and inform affected users if necessary.

What is your responsibility as a data owner?

By providing your data, you guarantee that you are over 18 and that the data provided is truthful, accurate, complete, and up-to-date. You are responsible for updating your data and for any damages resulting from providing false or inaccurate data.

If you provide third-party data, you assume the responsibility of informing them about this policy, as required by Article 14 of the GDPR.

‍

‍

‍

‍