LEGAL
Privacy Policy
Last updated: 22 April 2026
At LAPSOWORK, SL we care about privacy and transparency. Below we set out in detail the processing of personal data that we carry out, as well as all the information relating to it.
Protection of personal data — privacy
The provider is deeply committed to compliance with personal data protection regulations, and guarantees full compliance with the obligations set out, as well as the implementation of technical and organisational security measures, as established in the General Data Protection Regulation of Europe EU 2016/679 (RGPD) and in Law 3/2018 on Data Protection and the Guarantee of Digital Rights (LOPD-GDD).
The provider makes the entity's Privacy Policy available to users, informing users of the following aspects:
- Details of the Data Controller.
- Purpose.
- Legitimation.
- Recipients.
- Origin.
- Additional information.
Whenever we need to obtain personal information from you, we always ask you to provide it voluntarily and expressly.
In compliance with Personal Data Protection regulations, you explicitly consent to the personal data provided being processed under our responsibility, in order to carry out the following purposes:
- To manage our relationship and provide you with the personalised service requested.
- The processing of enquiries, advice, orders, requests or any type of petition made by the user through any of the forms of contact made available to the user on the LAPSOWORK, SL website.
- Sending commercial advertising communications about our products by e-mail, fax, SMS, MMS, social networks or any other electronic or physical means, present or future, that make it possible to carry out commercial communications.
All requested data is mandatory; if you do not provide it, it would be impossible to carry out the purpose for which it is requested in each case.
Processing information
In accordance with the provisions of the General Data Protection Regulation EU 2016/679, and Law 3/2018 on the Protection of Personal Data and the Guarantee of Digital Rights, the user must receive timely and specific information about the data controller and the uses and purposes of the processing. To this end, the following information is provided:
1. Who is the controller of your data?
- Name: LAPSOWORK, SL
- CIF: B10834943
- Address: Avda. Elvas, Edif. PCTEX, s/n, Bloque 2, Puerta 1, 06006 Badajoz (Badajoz)
- Telephone: 910 053 253
- Email: [email protected]
1.1. Contact details of the Data Protection Officer (DPO)
- Name: Tuidentidad y Seguridad SLU
- Address: C/ Francisco Guerra 12, Portal 4, 1ºC, 06011 Badajoz (Spain)
- Email: [email protected]
2. For what purpose do we process your personal data?
At LAPSOWORK, SL we process the information provided to us by interested parties for the following purposes:
- Client management: to carry out the administrative, accounting and tax management of the services requested, as well as to send commercial communications about our products and services.
- Supplier management: the administrative, accounting and tax management of the contracted services, as well as of the contact persons.
- Recruitment: to manage the CVs received and to carry out staff recruitment processes.
- Contact forms: regarding the contact forms on our website, to respond to your request and to send you commercial communications, including by electronic means.
- Newsletter subscription form: to manage the subscription to our periodic newsletter.
- Video surveillance management: to ensure the safety of people, property and premises.
- Management of the data of the parties involved in the internal whistleblowing channel: management of the internal whistleblowing channel for the purpose of informing the controller of acts or conduct that have taken place within the entity or caused by third parties who contract with it, and which could be contrary to the general or sector-specific regulations applicable to it.
- Management of the data of the parties involved in the protocol for the prevention of sexual harassment or harassment on grounds of sex: management of the protocol for the prevention of sexual harassment or harassment on grounds of sex; regulation of the procedure, management of the complaint, collection of personal data and interviews with the affected parties.
3. For how long will we keep your data?
The data will be kept:
- For as long as the contractual relationship is maintained or for the years necessary to comply with legal obligations.
- Regarding CVs, the data will be kept for 2 years after the last interaction.
- For the management of the protocol for the prevention of sexual harassment or harassment on grounds of sex, the data will be deleted after two years, unless its retention is necessary to determine the possible liabilities that may arise in the event of possible claims made by those affected.
- Regarding the internal whistleblowing channel, the data will be kept for the time strictly necessary to decide whether it is appropriate to initiate the investigation of the reported facts. The maximum period will be three months from its entry into the system, unless the purpose of its retention serves as evidence of the functioning of the prevention model; in this case, the data will be kept anonymised (LOPDGDD art. 24.4).
- In relation to video surveillance, the data will be kept for a maximum of 30 days, except for communication to Law Enforcement Agencies and/or Courts and Tribunals.
4. What is the legitimation for the processing of your data?
We indicate the legal basis for the processing of your data:
4.1. Client management
- Performance of a contract: to carry out the commercial, administrative, accounting and tax management of the services requested by the client (RGPD art. 6.1.b).
- Legitimate interest of the Controller: to send commercial communications by electronic means about our products and/or services (RGPD recital 47, LSSICE art. 21.2).
- Consent of the data subject: the use of the WhatsApp instant messaging social network as a means of communication, Gsuite and Google Platform system services, as well as other tools such as the Zoom videoconferencing and chat platform. Through the use of these tools and others that would be made available upon request, transfers of identifying personal data, such as your telephone number, will be made to third countries (United States) (RGPD art. 6.1.a).
4.2. Supplier management
- Performance of a contract: to carry out the commercial, administrative, accounting and tax management of the services contracted with the supplier (RGPD art. 6.1.b).
- Legitimate interest of the Controller: to send commercial communications by electronic means about our products and/or services (RGPD recital 47, LSSICE art. 21.2).
- Consent of the data subject: the use of WhatsApp, Gsuite/Google Platform services and Zoom as a means of communication, with the corresponding transfers to the United States (RGPD art. 6.1.a).
4.3. Recruitment
- Performance of a contract: management of the CVs submitted by the candidate in order to carry out staff recruitment processes to find the best possible candidate for a specific job position (RGPD art. 6.1.b).
4.4. Newsletter subscription form
- Consent of the data subject: to send you the newsletter, which is sent periodically (RGPD art. 6.1.a).
4.5. Contact forms
- Performance of a contract: management of potential clients who have shown interest in our products and/or services (RGPD art. 6.1.b, LSSICE art. 21).
- Consent of the data subject: to send commercial communications, including by electronic means (RGPD art. 6.1.a).
- Legitimate interest of the Controller: management of professional contact data (LOPDGDD art. 19, RGPD art. 6.1.f).
4.6. Video surveillance
- Task carried out in the public interest: processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller (RGPD art. 6.1.e), as set out in the "GuÃa sobre el uso de videocámaras para seguridad y otras finalidades" published by the Agencia Española de Protección de Datos.
4.7. Management of the data of the parties involved in the internal whistleblowing channel
- Task carried out in the public interest: control of the risks of non-compliance within the organisation (Ley Orgánica 3/2018, de 5 de diciembre, de Protección de Datos Personales y garantÃa de los derechos digitales [Preámbulo V]).
- Compliance with a legal obligation: Directiva (UE) 2019/1937 del Parlamento Europeo y del Consejo de 23 de octubre de 2019, on the protection of persons who report breaches of Union law (art. 8; obligation to establish internal whistleblowing channels). Also Ley 2/2023, de 20 de febrero, regulating the protection of persons who report regulatory breaches and combating corruption.
- Consent of the data subject: for the retention and recording of complaints made through telephone lines and voice messaging systems with recording, as well as for the recording of the in-person meeting requested with the entity for the purpose of reporting (Directiva (UE) 2019/1937 art. 18.2 and 4).
4.8. Management of the data of the parties involved in the protocol for the prevention of sexual harassment or harassment on grounds of sex
- Compliance with a legal obligation: Ley Orgánica 3/2007, de 22 de marzo, para la igualdad efectiva de mujeres y hombres (art. 48); Real Decreto 901/2020, de 13 de octubre; Ley 31/1995, de 8 de noviembre, de prevención de riesgos laborales (art. 14).
5. To which recipients will your data be disclosed?
The data will be disclosed to the following recipients:
5.1. Client management
- Tax Administration, for the purpose of complying with legal obligations (legal requirement).
- Banking entities, for the purpose of charging the corresponding receipts (contractual requirement).
- WhatsApp social network platform, for the purpose of using the social network as a means of communication (contractual requirement).
- Google, LLC, for the purpose of use for videoconferencing and chat (contractual requirement).
- Lionheart Squared Ltd (Zoom), for the purpose of use for videoconferencing and chat (contractual requirement).
5.2. Supplier management
- Tax Administration (legal requirement).
- Banking entities, for the purpose of making the corresponding payments (contractual requirement).
- WhatsApp social network platform (contractual requirement).
- Google, LLC (contractual requirement).
- Lionheart Squared Ltd (Zoom) (contractual requirement).
5.3. Recruitment
Data will not be transferred to third parties, except by legal obligation.
5.4. Contact forms
Data will not be transferred to third parties, except by legal obligation. The technology provider of the form (Formspree Inc., USA) acts as a data processor with the corresponding legal guarantees.
5.5. Video surveillance
- Where appropriate, the State Law Enforcement Agencies, as well as Courts and Tribunals, for the purpose of providing the images if an offence has been committed (legal requirement).
5.6. Management of the data of the parties involved in the internal whistleblowing channel
- State Law Enforcement Agencies; Judicial Bodies; Public Prosecutor's Office, for the purpose of reporting the commission of a possible offence (legal requirement).
5.7. Management of the data of the parties involved in the protocol for the prevention of sexual harassment or harassment on grounds of sex
- State Law Enforcement Agencies; Judicial Bodies; Public Prosecutor's Office, for the purpose of reporting the commission of a possible offence (legal requirement).
6. Data transfers to third countries?
The following data transfers to third countries are foreseen through the use of social networks owned by us, in those processing activities where means of communication such as WhatsApp are used:
- WhatsApp Ireland Limited, for the purpose of providing social network services for sending instant messaging as a means of communication. The guarantee for this transfer has been established through the explicit consent of the data subject. You can consult additional information at: 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; www.whatsapp.com/legal.
- Lionheart Squared Ltd (Zoom), for the purpose of a videoconferencing and chat platform. The guarantee for this transfer has been established through standard data protection clauses. Additional information: 2 Pembroke House, Upper Pembroke Street 28-32, Dublin DO2 EK84, Ireland; zoom.us/es-es/privacy.html.
- Google LLC and Microsoft Corporation (USA), as providers of analytics tools (Google Analytics 4, Google Tag Manager, Microsoft Clarity) when the user grants consent for analytics cookies. Transfer covered by the EU–US Data Privacy Framework and the European Commission's standard contractual clauses.
- Formspree Inc. (USA), as the provider of the web form processing service. Transfer covered by standard contractual clauses.
7. What are your rights when you provide us with your data?
Anyone has the right to obtain confirmation as to whether or not, at LAPSOWORK, SL, we are processing personal data concerning them.
Interested parties have the right to access their personal data, as well as to request the rectification of inaccurate data or, where appropriate, to request its deletion when, among other reasons, the data is no longer necessary for the purposes for which it was collected. They likewise have the right to the portability of their data.
In certain circumstances, interested parties may request the limitation of the processing of their data, in which case we will only keep it for the exercise or defence of claims.
In certain circumstances and for reasons related to their particular situation, interested parties may object to the processing of their data. In this case, LAPSOWORK, SL will stop processing the data, except for compelling legitimate reasons or the exercise or defence of possible claims.
You may materially exercise your rights as follows: by contacting [email protected] or C/ Francisco Guerra 12, Portal 4, 1ºC, 06011 Badajoz (Spain).
When commercial communications are sent using the legitimate interest of the controller as a legal basis, the data subject may object to the processing of their data for that purpose.
The consent granted is for all the indicated purposes whose legal basis is the consent of the data subject. You have the right to withdraw such consent at any time, without this affecting the lawfulness of the processing based on the consent prior to its withdrawal.
If you feel that your rights regarding the protection of your personal data have been violated, especially when you have not obtained satisfaction in the exercise of your rights, you may file a complaint with the competent Data Protection Supervisory Authority through its website: www.aepd.es.
8. How have we obtained your data?
The personal data that we process at LAPSOWORK, SL comes from the data subject themselves or from their legal representative.
The categories of data processed are:
- Identifying data.
- Postal and electronic addresses.
- Commercial information.
- Banking data.