PRIVACY POLICY
The purpose of this Privacy Policy is to inform individuals (hereinafter, the “users” or “data subjects”) who visit our website (hereinafter, the “website” or the “site”) of the manner in which we collect, process, and protect the personal data that they may voluntarily provide to us through any means (forms, emails, telephone, contracts, etc.), so that, after reading this Policy, they may freely decide whether they wish their personal data to be processed. In addition, this Privacy Policy supplements the information previously provided to data subjects through the information clauses included in the various personal data collection processes.
This policy also aims to comply with Regulation (EU) 2016/679 of the European Parliament and Council of April 27, 2016, concerning the protection of natural persons with regard to the processing of personal data and the free movement of such data (hereinafter, GDPR) and Organic Law 3/2018, of December 5, on Personal Data Protection and Digital Rights Guarantees (hereinafter, LOPDGDD).
2. Who is the controller of your personal data?
Entity: LOCAL COMUNICACIONES, S.L.
CIF/NIF: B02674240
Postal Address:C/ Puerto de los Leones, 1, Oficina 309, CP 28220 Majadahonda (Madrid)
Telephone: 919 366 341
E-mail: dpdlocalcom@businessadapter.es
Corporate purpose: Holding
Website: https://localcom.es/
Company registration details: Registered with the Commercial Registry of Madrid, Volume 41,109, Folio 10, Sheet M-727431
3. ¿How can you contact the Data Protection Officer?
Our entity has appointed a Data Protection Officer before the General Registry of the Spanish Data Protection Agency. Data subjects may address any complaints or queries regarding how our entity processes their personal data to the Data Protection Officer in writing, indicating the name of our entity or trade name, followed by the complaint or query, at:
BUSINESS ADAPTER, S.L.
Ronda Guglielmo Marconi, 11, 26, (Parque Tecnológico)
46980 Paterna (Valencia), Spain
Email: Email: info@businessadapter.es (ref. LOCALcom) or through the relevant Data Subject Request Form
4. Why do we process your data? (Lawful basis)
The processing of your personal data by our entity shall be based on one or more of the following lawful bases:
Article 6.1 a) GDPR:
the data subject has given consent to the processing of his or her personal data for one or more specific purposes.
Article 6.1 b) GDPR:
processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract.
Article 6.1 c) GDPR:
processing is necessary for compliance with a legal obligation applicable to our entity
Article 6.1 f) GDPR:
processing is necessary for the purposes of the legitimate interests pursued by our entity or by a third party, provided that such interests are not overridden by the interests or fundamental rights and freedoms of the data subject. In this regard, we inform you that our entity has carried out a balancing test between our legitimate interests and the rights and freedoms of the data subject, always respecting their fundamental rights. This shall not apply to processing carried out by public authorities in the performance of their tasks.
If the user is under 14 years of age, the consent of their parents, guardians, or legal representative will be required in order to process their data. The user is solely responsible for the accuracy of the data provided to us.
5. What personal data do we process, and how do we obtain it?
For the purposes of carrying out our business activities, it is necessary to process personal data, which may be collected through digital means, paper documents, or as a result of face-to-face or telephone conversations. In all such cases, the data will be processed in a fair, lawful, and transparent manner
The categories of data we process about the interested parties are:
• Identification data: first name and surname(s), national ID number (DNI) or equivalent identification document, image, voice, and signature.
• Contact data: telephone number, email address, postal address.
• Commercial data: quotations, purchasing terms and conditions, management and history of services and/or purchases, and records of communications maintained (telephone, email, messaging, and other communication channels).
(telephone, email, messaging, and other communication channels).
• Accounting data: income and expense control, invoicing data.
• Banking data: bank accounts and payment cards.
• Economic data: payment status, debt collection management, financing information.
• Curriculum vitae data: academic background, professional experience, personal characteristics, etc.
• Goods and services transaction data: bank transfers and direct debits, amounts and transaction details.
Browsing data: analysis of time spent on our website, pages visited, and demographic data (e.g. age, sex, language).
Our entity will not collect special categories of personal data (e.g. health data, ethnic origin, political opinions, or religious beliefs). However, should such processing become necessary, you will be informed accordingly and your prior express consent will be requested.
The data requested shall be adequate, relevant, and limited to what is strictly necessary. They shall be processed solely by authorised personnel and/or collaborators who have signed confidentiality undertakings and who undertake to comply with the security measures required to ensure the confidentiality, integrity, and availability of the data. All processing shall comply with the legal requirements of the GDPR and shall therefore be lawful.
The data to be processed are provided by the data subject or by their legal representative. However, there may be cases in which we delegate certain functions to specific collaborators, who may collect your data on our behalf, always with your prior express consent.
If an interested party fails to provide the requested data or provides incomplete or incorrect data, it will not be possible to fulfill or maintain the relationship with them.
The categories of data that we may process about an individual will depend on the relationship that such individual maintains with our entity, as set out below:
- Customers:
We process identification, contact, commercial, financial, accounting, banking, and goods and services transaction data. Such data may only be collected where the customer provides them when contracting services, requesting pre-contractual measures, or during the maintenance of the existing relationship between the parties.
The data may be collected in person, by telephone, by email, through the forms available on our website, online chat, instant messaging, etc.
Lawful basis:Article 6. 1 a); 6.1 b); 6.1 c), and 6.1 f) GDPR.
- Information requesters
Whether the requested information is provided in person, by telephone, or in writing (e.g. by email or via web forms), we will request and process identification, contact, and commercial data.
Lawful basis:Article 6.1 a); 6.1 f);GDPR
- Suppliers:
We process identification, contact, commercial, accounting, banking, goods and services transaction, and financial data.
Such data may be processed throughout all stages of the business relationship and only where the supplier provides them in order to begin such relationship.
Lawful basis:Article 6.1 a); 6.1 b); 6.1 c); 6.1 f) GDPR
- Job applicants
For this category of data subjects, we process CV data, identification data, contact data, and other data related to professional or personal characteristics, which are provided by the applicant when submitting their application.
Data may be collected in person, by email, through web forms, during recruitment interviews (whether in person or conducted remotely), and may also be received through collaborators to whom we have delegated certain functions.
Lawful basis:Article 6.1 a); 6.1 b); 6.1 f) GDPR
- Claimants:
We process identification and contact data, as well as personal information relating to the claimant or to third parties provided by the claimant. Lawful basis:Article 6.1 a); 6.1 c); 6.1 f) GDPR:
- Whistleblowers / Reporting persons:
Through our internal whistleblowing channel, reports may be submitted anonymously. However, you may also voluntarily provide us with identification and contact data, as well as other personal information relating to yourself or third parties connected with the report, in accordance with Law 2/2023 of 20 February on the protection of persons who report regulatory infringements and on combating corruption. Further information is available in the terms and conditions of the Internal Reporting Channel.
Lawful basis:Article 6.1 a); 6.1 c); 6.1 f) GDPR
- Visitors:
We process identification and contact data, the company for which the visitor works, and the reason for the visit. These data are collected when the visitor provides them in order to gain access to our premises, or when the person hosting the visitor within our entity provides them in order to enable such access.
Lawful basis:Article 6.1 c); 6.1 f) GDPR
- Website users:
When visiting our website, and only where the user expressly authorises it, analytical data may be collected (e.g. time spent on the site or pages visited), including demographic data (e.g. sex, age, country, or language).
For further information, please visit our Cookie Policy
Lawful basis:Article 6.1 a) GDPR
- Further information for data subjects:
The legally required information shall be made available to data subjects through the relevant information clauses included in the different data collection methods, so that the data subject may freely and expressly decide whether they wish their personal data to be processed by our entity. For more detailed information, such clauses shall indicate how to access this Policy.
All categories and types of personal data processed shall be duly identified in the corresponding processing activities for which our entity is responsible.
6. For what purposes will your data be processed?
In general, the processing of personal data carried out by our entity is intended to establish and maintain relationships with the various groups of individuals with whom we interact.
Depending on such relationship, your data may be processed for different purposes, including, but not limited to, the following:
- Customers:
Your personal data will be processed to identify you, to establish and maintain the pre-contractual and contractual relationship, including the sending of commercial communications by different means, to respond to enquiries, to carry out quality controls and commercial statistics, to provide our services, to manage accounting and invoicing, the transaction of goods and services, debt collection, incident management, claims handling, and the exercise of rights, as well as for other purposes necessary to comply with such relationship, the laws to which we are subject, or our legitimate interests.
- Information requesters
We will process your personal data in order to respond to any request for information that you may submit to us, to identify you, to send or provide quotations and information on the goods and/or services in which you are interested, including commercial information related to your request in our response (whether oral or written). We may also carry out follow-up contacts through different means in order to ascertain the decisions taken in relation to the commercial proposals sent to you.
- Job applicants
Your data will be processed in order to include you in our recruitment processes and candidate pool, to identify you, as well as to contact and inform you about job vacancies, coordinate interviews, and manage other matters related to your application.
- Suppliers:
Your personal data will be processed for the purpose of maintaining the pre-contractual and contractual relationship, fulfilling the business relationship, whether for requesting quotations, purchasing goods, or contracting services, carrying out enquiries, identifying you, managing accounting matters and goods and services transactions, as well as for other purposes necessary to comply with such relationship, our legal obligations, and our legitimate interests.
- Claimants:
Personal data will be processed in order to identify you, manage your claim, and contact you regarding its status, as well as to comply with our legal obligations and legitimate interests.
- Whistleblowers / Reporting persons:
The personal data that you choose to provide in your report will be processed in order to register and manage your report, as well as to identify and contact you (except where the report is anonymous), acknowledge receipt of your report, and keep you informed of the status of our investigations within the time limits and on the terms established in Law 2/2023 of 20 February. Likewise, we may process your data on the basis of our legitimate interests and/or where necessary to comply with other legal obligations to which we are subject. Further information is available in the terms and conditions of the Internal Reporting Channel.
- Visitors:
The data of visitors to our premises will be processed in order to identify them, to comply with our occupational risk prevention obligations, and for security and access control purposes.
- Website users:
By accepting the installation of cookies when visiting our website, data may be processed for various purposes (e.g. analysis of visits). For further information, please visit our Cookie Policy
- Further information for data subjects:
The legally required information shall be made available to data subjects through the relevant information clauses included in the different data collection means (e.g. forms, recorded messages, contracts, etc.), so that you may freely and expressly decide whether you wish the requested personal data to be processed by our entity. In this regard, such information shall also be referred to in the various documents or communications that we share with data subjects (e.g. notices, invoices, legal notices, etc.).
If the data subject does not provide the data requested, or provides incomplete or incorrect data, we may be unable to respond to their request for information or to establish or maintain a relationship with them.
The data will not be further processed for purposes other than those accepted by the interested parties.
The purposes that justify the processing of personal data shall be duly identified in the relevant processing activities for which our entity is responsible.
7. Data retention periods
Personal data shall be retained for the periods required by the applicable legislation, depending on the type of relationship and processing involved. In particular:
Once the relationship has ended, the data will be kept blocked where it is necessary to retain them, either until the expiry of the applicable limitation periods for the sole purpose of handling potential claims or legal actions, as well as to comply with our legal obligations, for example:
Data Subjects | Processing Area | Legal Basis | Retention Period |
Customers Suppliers | Accounting | Art. 30.1 Royal Decree – Spanish Commercial Code | 6 years from the date of the last accounting entry |
Customers Suppliers | Tax | Art. 66 General Tax Law 58/2003 | General period: 4 years In the event of losses during the financial year: 10 years Invoices: 5 years |
Any person | General | Art. 1964.2 Spanish Civil Code | 5 years Personal actions without a specific limitation period expire after five years from the date when performance of the obligation may be required. For continuing obligations to act or refrain from acting, the period begins each time the obligation is breached. |
Job applicants | Employment | AEPD Employment Relations Guide | 1 year |
Visitors | Access control to our head offices | Access control to our head offices | 1 month |
Website users | Use of cookies | AEPD Guide on the Use of Cookies | Maximum 24 months |
Information requesters | Commercial Legal Disclaimer | Art. 20.1 (a) and (d) Spanish Constitution | For the shortest time possible or as established by law |
Customers Suppliers Visitors Job applicants Employees | Video surveillance | Art. 22.3 LOPDGDD – Personal Data Protection | 1 month |
Customers | User information held by internet service providers | Art. 5 Law 25/2007 – retention of data relating to electronic communications and public communications networks | 12 months from the communication date. The data to be retained are those established in Article 3 of the Law.
Following consultation with operators, this period may be extended by regulation up to a maximum of 2 years or reduced to a minimum of 6 months. |
Whistleblowers Affected persons | Internal Reporting Channel complaints | Art. 26.2 Law 2/2023 (internal information systems)
Art. 32.3 Law 2/2023
Art. 32.4 Law 2/2023 | If the reported facts are investigated, data shall not be retained for more than 10 years.
Data shall be retained only for the time strictly necessary to decide whether to initiate an investigation. If the information provided is proven to be false, it must be immediately deleted unless it may constitute a criminal offence, in which case it shall be retained while judicial proceedings are ongoing.
If no investigation is initiated within 3 months of receiving the report, the data must be deleted. |
Once the data are no longer necessary for the purposes for which they were collected, they will be securely and confidentially deleted or destroyed.
8. Profiling
We do not carry out profiling, nor are automated decisions made using your personal data. However, should this occur, you will be informed accordingly and your prior authorisation will be requested.
Likewise, you have the right to object to this type of processing at any time by writing to our entity at: dpdlocalcom@businessadapter.es
9. Disclosure of data
As a general rule, our entity does not disclose personal data to third parties without prior consent. However, disclosure of data may be necessary in the following cases:
In the case of customers or suppliers,their personal data may be disclosed to third-party entities where required by law (e.g. the Spanish Tax Agency), or to those entities necessary for the provision of our services or the payment of invoices (e.g. banks), or, in the case of delivery of goods, to transport companies collaborating with our entity.
Likewise, the personal data of customers or suppliers, suppliers may be processed by third parties to whom we delegate some of our obligations (e.g. accounting advisers). All such third parties have undertaken, through a data processing agreement, to comply with the same security measures implemented by our entity, as well as with duties of secrecy and confidentiality regarding the personal data processed, among other obligations relating to personal data protection.
In the case of job applicants,their data shall not be disclosed to third parties unless we are legally required to do so.
With regard to information requesters or users of our website,, their data shall not be disclosed to third parties except in the cases described above and communicated at the time of collection, and only with their express consent, unless our legitimate interest prevails or we are legally required to do so, in which case consent shall not be necessary.
In the case of whistleblowerstheir data may lawfully be processed by persons other than those responsible for the internal information system and may also be disclosed to third parties where necessary for the adoption of corrective measures within our entity or for the handling of any disciplinary, sanctioning, or criminal proceedings that may apply (Article 32.2 of Law 2/2023).
In general, we may disclose your personal data to judges, courts, the Public Prosecutor’s Office, and/or competent public authorities where we are legally required to do so.
10. International data transfers
In the event of disclosures to third-party entities located outside the European Economic Area, we shall inform the data subjects and request their prior express consent.
11. Security measures
Our entity has implemented all the technical and organisational measures necessary to protect the personal data processed, preventing its loss, theft, or unauthorised use.
Such measures have been established according to the type of data processed and the purposes for which such processing is carried out. They are periodically reviewed through our internal compliance controls regarding personal data protection regulations and through external audits.
12. Your Rights
As the data subject and acting in your own name or through your representative, you may contact our entity at any time and request the exercise of your rights relating to personal data protection.
We explain what these rights are:
12.1 Right of Access:
You have the right to know and request at any time the following information:
- Whether or not we are processing your personal data.
- The purposes of the processing, as well as the categories of personal data being processed.
- The origin of your data, in case you did not provide them yourself.
- The recipients or categories of recipients to whom your personal data have been communicated or will be communicated, including, where appropriate, recipients in third parties or international organizations.
- Information about the appropriate safeguards related to the transfer of your data to a third country or to an international organization, if applicable.
- The expected retention period, or if not possible, the criteria used to determine this period.
- Whether automated decisions, including profiling, are being made, and significant information about the logic applied, as well as the importance and consequences of such processing.
- A copy of your personal data being processed.
12.2. Right to rectification
You can request the rectification of your personal data when they are inaccurate, as well as the completion of incomplete data.
12.3. Right to object
You may object to the processing of your data when they are inaccurate or no longer necessary.
In the event that you are acting as a reported party or a person affected by a complaint under Law 2/2023, you will not be able to exercise your right to object, as it is presumed (unless proven otherwise) that there are legitimate reasons justifying the processing of your personal data, in accordance with Article 31.4 of the Law.
12.4. Right to erasure
You can request that your data be deleted for one of the following reasons:
- Your data is no longer necessary for the purposes for which it was collected or processed.
- You have not given consent for the processing of your data.
- You have exercised the right to object.
- The data has been processed unlawfully.
- The data must be deleted to comply with a legal obligation.
12.5. Right to restriction of processing
You can request to exercise this right when one or more of the following circumstances apply:
- When you contest the accuracy of your data, for a period that allows the controller to verify the accuracy of the data.
- When the processing is unlawful, and you oppose the deletion of your data and request instead the restriction of their use.
- When the data is no longer necessary for the purposes of processing, but you need it for the establishment, exercise, or defense of legal claims.
- When you have objected to the processing pursuant to Article 21(1), while it is verified whether the legitimate grounds of the controller override those of the data subject.
12.6. Right to data portability
This refers to the right to obtain your data in a structured, commonly used, and machine-readable format and to transmit it to another controller for further processing.
12.7. Right not to be subject to automated decision-making
You have the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects concerning you or significantly affects you in a similar way.
12.8. How to exercise your rights
To exercise any of your rights, you must write to LOCAL COMUNICACIONES, S.L., either by post to:
To exercise any of your rights, you must write to LOCAL COMUNICACIONES, S.L., either by post to: C/ Puerto de los Leones, 1, Oficina 309, CP 28220 Majadahonda (Madrid), Spain or by email to: dpdlocalcom@businessadapter.es You must indicate which right you wish to exercise. If you act on behalf of another person, you must prove your representation. If there are reasonable doubts as to the identity of the person submitting the request, we may request additional information necessary to confirm their identity. If you wish to submit any suggestion or query regarding the processing of your personal data, you may contact the Data Protection Officer at: BUSINESS ADAPTER, S.L. Ronda Guglielmo Marconi, 11, 26, (Parque Tecnológico) 46980 Paterna (Valencia), Spain Data Subject Request Form We also inform you that you have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD) at: C/ Jorge Juan 6, 28001 Madrid, Spain, or through its official website.
If you wish to submit any suggestion or query regarding the processing of your personal data, you may contact the Data Protection Officer at:
BUSINESS ADAPTER, S.L.
Ronda Guglielmo Marconi, 11, 26, (Parque Tecnológico) 46980 Paterna (Valencia).
Data Subject Request Form
We also inform you that you have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD) at: C/ Jorge Juan 6, 28001 Madrid, Spain, or through its official website. www.aepd.es.
13. Commitment to Personal Data Protection
Purpose and scope of application
This commitment is intended to comply with European and Spanish personal data protection and digital rights legislation (GDPR and LOPDGDD) and shall be binding on all departments and employees of our entity, as well as on third parties acting on our behalf.
Principles governing the processing of personal data
We shall process personal data lawfully, fairly, and transparently, in accordance with the principles of data minimisation, accuracy, storage limitation, integrity, confidentiality, and accountability. The processing of special categories of personal data is prohibited, in accordance with Article 9 GDPR and the LOPDGDD.
Record of processing activities
Our entity shall maintain a record of processing activities in order to assess the risks of processing and to implement the necessary security measures to guarantee the confidentiality, integrity, availability, and retention periods of the data.
Data Protection Impact Assessment
For each processing activity, the need to carry out a Data Protection Impact Assessment shall be analysed in order to determine whether there is a risk to the rights and freedoms of data subjects and whether additional technical and organisational measures are required to safeguard their fundamental rights.
Security measures and personal data breaches
All technical and organisational measures necessary for the personal data processed shall be applied. In the event of a personal data breach, the Security Breach Response Protocol designed for this purpose shall be implemented.
Data protection rights
Our entity shall handle and respond as quickly and diligently as possible to requests for the exercise of rights or to information concerning the infringement of such rights.
Guarantee of digital rights in the workplace
Policies shall be adopted to guarantee the digital rights of employees, and they shall be duly informed thereof. Such policies shall promote the right to reconcile working activity with personal and family life, and shall also guarantee the right to information and privacy. Our entity may exercise control over the performance of work duties, within the limits established in Article 20.3 of the Spanish Workers’ Statute.
Training
All necessary employees shall receive training both in personal data protection and in their digital rights in the workplace.
Monitoring
We have external consultants who advise and audit us in order to ensure compliance with the GDPR and the LOPDGDD.
14. Updates to this Policy
Our entity reserves the right to modify this Policy without prior notice. Therefore, we recommend reviewing it each time you visit our website.
Text updated on 29 December 2025.