This Policy is issued in accordance with Regulation (EU) 2016/679 (GDPR), Organic Law 3/2018 (LOPDGDD) and Law 34/2002 (LSSI-CE). The data controller is BUFETE TRIBUTARIO DE BALEARES S.L. (CIF B57241762), with registered office at Pasaje Galerías Jaime III, 2 – 7E, 07012, Palma (Balearic Islands) and contact email bufete@bufetecaldentey.com. The scope of application covers processing derived from the use of bufetecaldentey.com (the ‘Website’).

1. Categories of data processed

• Identifying details: first name and surname(s).

• Contact details: email address, telephone number.

• Data contained in communications and attached documents sent via forms or by email.

• Browsing and usage data: IP address, device identifiers, pages visited, interaction times, and cookies in accordance with the Cookie Policy.

• Data from corporate social media profiles when the user interacts with them (e.g., likes, comments, or messages).

2. Purposes of processing

• Respond to requests and initiate/manage communications at the user's request.

• Apply pre-contractual measures or execute contracts for the provision of legal services.

• Comply with legal obligations (tax, accounting, money laundering prevention, procedural regulations, etc.).

• Analyse the use of the Website and improve its performance through analytical cookies (only with consent).

• Maintain the security of the digital environment and prevent fraudulent activities or misuse.

3. Legal basis (Art. 6 GDPR)

• Consent of the data subject for sending queries and, where applicable, for non-technical cookies.

• Execution of contract or pre-contractual measures when the consultation leads to a professional relationship.

• Compliance with legal obligations applicable to the Firm.

• Legitimate interest in the management and security of the Website and in improving services, weighed against reasonable user expectations.

4. Recipients and data processors

No data will be transferred to third parties except where legally required or when necessary for the proper provision of services (hosting, maintenance, analytics, support). Such third parties will act as data processors in accordance with Article 28 of the GDPR, with limited access and under confidentiality obligations.

5. International transfers

In general, they are not planned. If tools located outside the EEA are used, appropriate safeguards (standard contractual clauses, certifications or equivalent mechanisms) will be implemented and, where appropriate, impact assessments and complementary measures will be carried out.

6. Retention periods

• Web enquiries and communications: up to 12 months from closure, unless they result in professional services.

• Customer files: during the term of the relationship and, after its termination, the applicable limitation periods (generally 5–6 years for commercial/accounting obligations).

• Tax/accounting data: 6 years (Articles 30 CCom).

• Consent and rights records: for the time necessary to prove compliance.

• Cookies: as indicated in the Cookies Policy.

7. Rights of data subjects

Users may exercise their rights of access, rectification, erasure, objection, restriction of processing, portability and not to be subject to automated decisions by contacting bufete@bufetecaldentey.com. They may also withdraw their consent at any time and lodge a complaint with the Spanish Data Protection Agency (www.aepd.es).

8. Security measures

The Firm shall implement appropriate technical and organisational measures (access controls, encryption where feasible, backup management, internal confidentiality policies, incident logging and response procedures).

9. Policy Updates

The Firm may update this Policy to reflect regulatory changes, supervisory authority criteria, or modifications to processing. The current version will be the one published on the Policy Website.