This privacy policy applies to the processing of personal data of clients and/or users of the website esphotography.es, with ESPhotography as the Data Controller.

 

Confidentiality and Data Protection

This Privacy Policy provides information about your rights under REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT and OF THE COUNCIL of 27 April 2016, concerning the protection of natural persons with regard to the processing of personal data and the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), as well as under the Spanish Organic Law 3/2018 on the Protection of Personal Data and Guarantee of Digital Rights (LOPD GDD).

By providing us with their data, the client and/or user confirms that they have read and understood this Privacy Policy, giving their clear and explicit consent to the processing of their personal data in accordance with the purposes and terms outlined herein.

ESPhotography may modify this Privacy Policy to adapt it to legislative changes, case law, or interpretations by the Spanish Data Protection Agency. These privacy terms may be supplemented by the Legal Notice and Cookie Policy applicable to specific products or services.

 

Data Controller

The Data Controller is ESPhotography, with tax identification number (CIF) 53436802M, located at Calle Marte 2, Puerto del Carmen, 35510 Tías, Las Palmas. You can contact us through our phone number  +34 618 73 66 37 or via email at info@esphotography.es

 

PURPOSE

What will we use your personal data for?

At ESPhotography, we process your personal data in order to maintain our relationship with you and provide the services you have requested from us. For more detail, we outline below the specific purposes for which we will process your personal data:

  • Maintaining the professional relationship and delivering the contracted service. This includes initiating the professional relationship with our client and providing our specialized services in hearing health, ongoing advice, and technical support for hearing aids.
  • Sending offers and promotions related to our sector, provided that you have given us your explicit consent. 
  • Preparing a customized quote based on your needs, in accordance with your request received through any of the channels available on our website.
  • Gestionar comunicaciones por correo electrónico con interesados que nos hayan contactado de modo que podamos aclarar cualquier duda sobre nuestros servicios, precios o disponibilidad.
  • Management of employees and human resources of the company. This includes all necessary tasks to maintain the company’s human resources department: employment contracts and payroll, time tracking, training, occupational risk prevention, sick leave, vacations, and more.

 

Why do we need to use your personal data?

Your personal data is necessary for us to establish a relationship with you and provide the services you have requested. The fields marked with an asterisk (*) in the contact forms available on our website are mandatory. We will not be able to provide effective service if you do not authorize the use of this data. To that end, we provide a series of consent checkboxes where you can freely, clearly, and easily make your decision.

By ticking the appropriate boxes and entering data in the fields marked with an asterisk (*) in the contact form or in download forms, you expressly, freely, and unequivocally accept that your data is necessary for the provider to process your request. Providing data in the remaining fields is voluntary. You guarantee that the personal data provided to the CONTROLLER is accurate and agree to inform us of any changes to that data.

The CONTROLLER informs you that all data requested through the website is mandatory, as it is necessary to provide the USER with an optimal service. If all required data is not provided, we cannot guarantee that the information and services offered will be fully tailored to your needs.

 

LEGAL BASIS

What is the legal basis for processing your data?

According to the purposes for which your data is collected, the processing of your data is necessary:

  • To manage the professional relationship you have established and contracted with us.
    • Performance of a contract (as permitted under Article 6.1.b of the GDPR)
    • Consent of the data subject (as permitted under Article 6.1.a of the GDPR)
  • Sending commercial communications and newsletters
    • Consent of the data subject (as permitted under Article 6.1.a of the GDPR)
    • Consent of the data subject (as permitted under Article 20 of the LSSICE)
    • Legitimate interest (as permitted under Article 6.1.f of the GDPR)
  • To prepare a quote tailored to your needs.
    • Performance of a contract and/or pre-contractual measures (as permitted under Article 6.1.b of the GDPR)
  • To manage email communications with interested parties.
    • Consent of the data subject (as permitted under Article 6.1.a of the GDPR)
    • Legitimate interest (as permitted under Article 6.1.f of the GDPR)
  • Provision of healthcare or medical assistance.
    • Consent of the data subject (as permitted under Article 6.1.a of the GDPR)
    • Explicit consent for the processing of health-related data (as permitted under Article 9.2.a of the GDPR)
    • Law 41/2002, of November 14, the basic law regulating patient autonomy and rights and obligations regarding clinical information and documentation.
  • Management of the company’s employees and internal human resources
    • Contractual performance (as permitted under Article 6.1.b of the GDPR)

 

All data collected is necessary for the provision of the service. However, the fields marked with an asterisk (*) are mandatory. If the required data is not provided, ESPhotography will be unable to deliver the contracted service.

 

RECIIPIENTS

Who will have access to the information we have requested from you?

Only we and the authorized personnel within our organization will have access to the information we request from you.

No personal data will be shared with third parties unless it is necessary for the development and execution of the purposes of the processing. In such cases, data may be shared with our service providers involved in communications, with whom the CONTROLLER has signed the required confidentiality and data processing agreements in accordance with current privacy regulations.

Our website is currently hosted on servers provided by Hostinger UK Limited, whose servers are located within the European Union. (You can read their privacy policy by clicking here).

Likewise, entities that need access to your personal information in order for us to provide our services may also become aware of it. For example, our bank will have access to your data if payment for our services is made by card or bank transfer.

Your information may also be disclosed to public or private entities to whom we are legally required to provide personal data. For example, Tax Law requires us to report certain financial transactions exceeding a specific amount to the Tax Agency.

If, apart from the situations mentioned above, we need to share your personal information with other entities, we will first request your permission through clear options that will allow you to make an informed decision.

How do we protect your personal data?

In accordance with current personal data protection regulations, ESPhotography complies with all provisions of the GDPR and the LOPDGDD regarding the processing of personal data under its responsibility. We explicitly adhere to the principles outlined in Article 5 of the GDPR, ensuring that data is processed lawfully, fairly, and transparently in relation to the data subject, and that it is adequate, relevant, and limited to what is necessary for the purposes for which it is processed.

ESPhotography guarantees that it has implemented effective security measures based on the risks associated with the use of your information, in accordance with the appropriate technical and organizational policies established by the GDPR and the LOPDGDD. These measures are designed to protect the rights and freedoms of USERS, and we have provided them with the necessary information to enable them to exercise those rights.

ESPhotography has adopted a Data Protection Policy and carries out biannual compliance checks and annual audits to ensure that your personal data is secure at all times.

 

Will we send your data to countries outside the EU?

We inform you that your data will NOT be transferred internationally to any third country.

If, in order to provide our service, it becomes necessary to send your data to a country that does not offer the same level of security as Spain, we will always request your prior consent and implement effective security measures to reduce the risks associated with transferring your personal information to another country.

 

How long will we keep your personal data?

We will retain your data for the duration of our professional relationship and for as long as current laws require. In any case, your data will not be kept longer than necessary to fulfill the purpose for which it was collected. Once the applicable legal retention periods have ended, your data will be securely deleted using appropriate security measures to ensure its anonymization or complete destruction.   

Since neither the GDPR nor the LOPDGDD specify a concrete time limit for data retention, it is necessary to consider the purpose for which the data was collected and the principle of proportionality. Additionally, other applicable regulations must be consulted to determine the appropriate retention periods for your personal data.

To ensure maximum transparency with you, we inform you that the general timeframes we work with are as follows:

  • Accounting and tax records for commercial purposes: six (6) years.
  • Labor and Social Security records: four (4) years.
  • Medical records: a minimum of five (5) years from the date of discharge for each care process.

However, despite these general timeframes, we inform you that we will periodically review our systems to delete or remove any data that is no longer legally required. 

How did we obtain your data?

The personal data used by ESPhotography comes directly from the data subject.

 

What categories of data do we process?

The categories of personal data we process are:

  • Identification data
    • Full name
    • ID card / Foreigner ID (NIE) / Passport or equivalent document
    • Postal and email addresses
    • Date and place of birth
  • Commercial information
  • Financial information
    • Bank account number
    • Credit card number

 

DATA SUBJECT RIGHTS

What are your data protection rights?

You may exercise any of your rights by sending a written request to the email address provided in the “Data Controller” section.

You are entitled to the following rights:

RIGHT OF ACCESS

RIGHT TO RECTIFICATION OR ERASURE

RIGHT TO OBJECT TO PROCESSING

RIGHT TO DATA PORTABILITY

At any time, you may contact us to find out what information we hold about you, correct it if it is inaccurate, and have it deleted once our relationship has ended, provided this is legally permissible.

You also have the right to request the transfer of your information to another entity. This right is known as “data portability” and may be useful in certain situations.

To exercise any of these rights, you must submit a written request to our address, along with a photocopy of your ID card, so that we can verify your identity.

At our offices, we have specific forms available for requesting these rights, and we are happy to assist you in completing them.

To learn more about your data protection rights, you can visit the website of the Spanish Data Protection Agency (www.aepd.es).

 

Can you withdraw your consent if you change your mind later?

You can withdraw your consent regarding the use of your data at any time if you change your mind.

For example, if you once expressed interest in receiving advertising about our products or services but no longer wish to receive such communications, you can let us know by filling out the objection to processing form available at our offices.

 

AEPD, DATA PROTECTION OVERSIGHT

Where can you file a complaint?

If you believe that your rights have not been respected by our organization, you can file a complaint with the Spanish Data Protection Agency (AEPD), located at C/ Jorge Juan, 6, 28001 – Madrid.
For more information about the AEPD: https://www.aepd.es

 

LAST REVIEW: MARCH 2025