Skip to main content
Lares Gestión y Consultoría
ServicesAboutBlogContact
ES Book a diagnostic →
  • Services
  • About
  • Blog
  • Contact
  • Español
Book a diagnostic →

Privacy policy.

Last updated: 24 May 2026 · GDPR + LOPDGDD (Spanish GDPR implementation)

How Lares Gestión y Consultoría S.L. processes the personal data of the user who interacts with this Website, in compliance with the General Data Protection Regulation (GDPR) and the Spanish Organic Law on Personal Data Protection and Digital Rights (LOPDGDD).

1. Data controller

  • Identity: Lares Gestión y Consultoría S.L.
  • NIF (Spanish tax ID): B75692889
  • Address: Albacete, Spain.
  • Data protection contact email: info@laresgestion.com
  • Phone: +34 623 13 07 92

Given the volume of processing and the nature of the activities, Lares Gestión y Consultoría S.L. is not legally required to appoint a Data Protection Officer (DPO). Even so, any query related to the processing of personal data can be sent to the email above.

2. Purposes of processing

The personal data collected through the Website is processed for the following purposes:

Purpose 1 - Handling enquiries and communications. Responding to enquiries that the user submits by email, phone or WhatsApp. This includes the follow-up of the conversation until it closes, as well as scheduling the initial diagnostic video call through the Google Calendar booking page, if the user requests it.

Purpose 2 - Managing the contractual relationship. If the user becomes a client, administrative, accounting and fiscal management of the contractual relationship, including billing, payments, technical support and operational communications tied to the contracted services.

Purpose 3 - Compliance with legal obligations. Compliance with applicable legal obligations, especially in fiscal, commercial and employment matters.

3. Legal basis for processing

The legal basis for processing varies by purpose:

  • For enquiry handling: pre-contractual measures taken at the data subject's request (art. 6.1.b GDPR), and legitimate interest of the Controller to respond and continue the conversation (art. 6.1.f GDPR).
  • For contractual management: performance of the contract to which the data subject is party (art. 6.1.b GDPR).
  • For compliance with legal obligations: compliance with a legal obligation applicable to the Controller (art. 6.1.c GDPR).

4. Retention period

  • Enquiries that do not become a contractual relationship: for as long as needed to handle and follow up on the enquiry and, at most, up to 24 months from the last interaction, unless the data subject expressly requests earlier deletion.
  • Client data: for the full duration of the contractual relationship and, once it ends, for the legal periods applicable in commercial, fiscal and accounting matters (generally 6 years under the Spanish Commercial Code).
  • Data for compliance with legal obligations: for the periods required by the relevant regulations.

Once those periods elapse, the data will be deleted or kept blocked, available solely to competent authorities for the prescription periods of any potential liabilities.

5. Data recipients

Personal data is not transferred to third parties except:

  • When there is a legal obligation to disclose (tax, judicial or administrative authorities).
  • To processors providing services to the Controller that are strictly necessary for service provision: web hosting providers, email platforms, administrative and accounting management platforms, calendar and video call platforms. All are bound by the corresponding data processing agreement under article 28 GDPR.

In addition, when the user chooses, on their own initiative, to use any of the external services linked from the Website (the Google Calendar booking page, WhatsApp or LinkedIn), they share their data directly with Google, WhatsApp/Meta or LinkedIn, which act as independent controllers under their own privacy policies. Those services are only activated when the user clicks the corresponding link; simply browsing the Website does not transmit any data to those third parties.

The Controller does not carry out international data transfers outside the European Economic Area. International transfers can only occur if the user chooses to use the third-party services mentioned above (Google, WhatsApp/Meta, LinkedIn), and are handled by those providers under their own privacy policies and the safeguard mechanisms provided for in the GDPR.

6. Rights of the data subject

Any individual has the right to:

  • Access their personal data to know which data is being processed.
  • Rectify inaccurate or incomplete data.
  • Delete the data when it is no longer necessary for the purposes for which it was collected.
  • Object to the processing on grounds related to their particular situation.
  • Restrict the processing in certain circumstances.
  • Request portability of the data in a structured, commonly used format.
  • Withdraw consent at any time, for any processing that may be based on it, without affecting the lawfulness of processing prior to its withdrawal.

7. Exercising rights

To exercise any of these rights, the data subject can send a written request to:

  • Email: info@laresgestion.com

The request must include first and last name, the right being exercised and an address for notifications. Additional information to confirm identity will only be requested where there are reasonable doubts about it (art. 12.6 GDPR). Lares Gestión y Consultoría S.L. will respond within a maximum of one month from receipt of the request, extendable by two additional months in cases of particular complexity.

8. Right to lodge a complaint with the supervisory authority

The data subject has the right to lodge a complaint with the Spanish Data Protection Agency (AEPD, the Spanish supervisory authority for data protection) if they consider that the processing of their personal data infringes the GDPR. The AEPD can be contacted through its electronic site at www.aepd.es.

9. Automated decision-making and profiling

No automated decisions with legal effects on the data subject are made, and no profiling is carried out using the personal data processed.

10. Changes to the privacy policy

This privacy policy may be amended to adapt to legislative changes, service improvements or changes in the Controller's practices. Any amendment will be published on the Website and communicated to data subjects where legally required.

Lares Gestión y Consultoría A layer of clarity on the owner's side
Services About Blog Contact
© 2026 Lares Gestión y Consultoría S.L. · NIF B75692889 · Albacete
Legal notice Privacy policy Cookie policy