Privacy Policy

1. Applicable Regulations

This Privacy Policy complies with the current Spanish and European regulations on personal data protection. Specifically, it respects the following regulations:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR).

  • Organic Law 3/2018, of 5 December, on the Protection of Personal Data and guarantee of digital rights (LOPDGDD).

2. Identification of the Data Controller

  • Owner: Sherpa Certification S.L. ("The Controller")

  • Registered Address: Carrer del Futur S/N, 17252, Sant Antoni de Calonge (Girona), Spain.

  • Email: adm@sherpa-certification.com

  • Website: www.sherpa-certification.com

3. Purpose of Personal Data Processing

  • The Controller will process the user's data for the following purposes:

    • Managing your queries and requests: Responding to requests, questions, or information inquiries made by the user through contact forms, email, or telephone.

    • Managing the contractual and commercial relationship: Administering the contracting of services, managing invoicing, and complying with the contractual obligations acquired with the client.

    • Sending commercial communications: Sending commercial information, promotions, or advertising about the services of Sherpa Certification S.L., only if the user has given their express consent by ticking the corresponding box.

4. Legal Basis for Processing

The legal basis for processing your data is as follows:

  • For managing queries and requests: The consent you give us when you send your query or request (Art. 6.1.a GDPR).

  • For managing the contractual relationship: The performance of a contract for the provision of services to which you are a party (Art. 6.1.b GDPR).

  • For sending commercial communications: The express consent that you specifically and unequivocally grant (Art. 6.1.a GDPR).

The user may withdraw their consent at any time, without affecting the lawfulness of the processing based on the consent prior to its withdrawal.

5. Data Retention

Personal data will be kept for the time strictly necessary to fulfil the purposes for which they were collected and to determine any possible liabilities that may arise from that purpose. Specifically:

  • Client data: Will be kept for the duration of the contractual relationship and, once it has ended, for the applicable legal statute of limitations (generally 5 years for commercial obligations and up to 10 years for tax regulations).

  • Query and request data: Will be kept for the time necessary to respond to them and, in any case, for a maximum of one year.

  • Data for commercial communications: Will be kept as long as the user does not revoke their consent.

6. Disclosure of Data to Third Parties

In general, Sherpa Certification S.L. will not disclose your personal data to third parties, except where such disclosure is necessary for:

  • Compliance with a legal obligation (e.g., to the Tax Agency, Judges, and Courts).

  • The provision of a service by a provider acting as a Data Processor (e.g., hosting services, consultancy, etc.), with whom the corresponding contract that guarantees the protection of your data will have been signed.

No international data transfers are planned.

7. User Rights

Current data protection regulations grant you a series of rights that you can exercise at any time. These rights are:

  • Right of Access: To know what data of yours we are processing.

  • Right to Rectification: To request the correction of inaccurate data.

  • Right to Erasure (or "to be forgotten"): To request the deletion of your data when it is no longer necessary.

  • Right to Object: To object to us processing your data for specific purposes (such as direct marketing).

  • Right to Restriction of Processing: To request that we temporarily suspend the processing of your data.

  • Right to Data Portability: To receive your data in a structured, commonly used, and machine-readable format.

To exercise these rights, you must send a written communication, providing a copy of a document that proves your identity (ID card or passport), to the following email address: adm@sherpa-certification.com or to the postal address indicated in point 1.

Likewise, if you consider that your rights have not been duly addressed, you have the right to file a complaint with the Spanish Data Protection Agency (AEPD).

8. Security Measures

The Controller will treat the user's data at all times with absolute confidentiality and will maintain the mandatory duty of secrecy regarding them, in accordance with the provisions of the applicable regulations, adopting for this purpose the necessary technical and organisational measures to ensure the security of your data and prevent its alteration, loss, unauthorised processing, or access.

9. Changes to the Privacy Policy

Sherpa Certification S.L. reserves the right to modify this Privacy Policy to adapt it to new legislation or jurisprudence. In such cases, the changes introduced will be announced on this page in advance of their implementation.
Close
Search

Hit enter to search or ESC to close