Privacy Policy

In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council, of April 27, 2016, General Data Protection (RGPD), with Organic Law 3/2018, of December 5, of Data Protection and Guarantee of Digital Rights, and with the rest of the applicable legislation in Spain regarding the protection of personal data, we inform you of the following information:

Who is the data controller of your data?

The personal data provided when completing and sending the forms published on this website, will be processed by the entities that comprising the Grupo GAT in their capacity as Data Controller.

For what purpose and basis of legitimacy do we process your data?

  • Attention to general information inquiries directed by the client through the contact form. Basis of legitimation: Consent of the interested party (Art. 6.1 a) RGPD).
  • Hiring of professional services. Basis of legitimation: Consent of the interested party (Art. 6.1 a) RGPD)
  • Fulfillment of the obligations derived from the contracts for the provision of professional services entered into between the entities that are part of the Grupo GAT and their clients. Legal basis of legitimation: Execution of contract (Art. 6.1b) RGPD).
  • Compliance with legal obligations – accounting, tax and administrative – derived from the contractual relationship between entities that are part of the Grupo GAT and their clients. Legal basis of legitimation: Compliance with legal obligation (Art. 6.1 c) RGPD) in accordance with the General Tax Law; VAT Law; Commercial Code, among others.
  • Management of the commercial relationship established between each of the entities integrated in the GAT GROUP and their respective clients, including the sending of newsletters or other types of commercial formats, by any means -including electronic- referring to products / services similar to those originally contracted. Legal basis: Legitimate interest (Art. 6.1.f) RGPD; as well as for the sending of commercial information by any means -including electronic- related to products or services offered by other companies of the business group when consent has been obtained to do so. Legal basis of legitimation: Consent of the interested party (Art. 6.1 a) RGPD).
  • To manage to improve the quality of the service for the USER. Legal basis of legitimation: Legitimate interest (Art. 6.1.f) RGPD).
  • Management of resumes received according to the needs of the HR area of ​​Grupo GAT. Legal basis of legitimation: Consent of the interested party (Art. 6.1 a) RGPD).

To whom will your personal data be communicated?

The entities that are part of Grupo GAT will only communicate your personal data to external auxiliary service providers contractually linked as data processors, such as legal/tax/accounting consultancies, agencies, IT service providers, financial entities, collection managers, companies of advertising and marketing, printing and other possible auxiliary services. These types of entities will process your personal data under our instructions.
When legally appropriate, your personal data will be transferred to third parties such as Public Administration bodies or bodies and jurisdictional bodies in the exercise of their functions.
Only in the case that you have expressly consented, the different entities that are part of the Grupo GAT may exchange your data among themselves in order to send you commercial communications.

How long will we keep your data?

The personal data provided to comply with the obligations arising from the contractual relationship between any of the entities of Grupo GAT and their respective clients will be kept during the entire period of validity of the contractual relationship and, once it is terminated, they will be kept as long as the legally applicable statute of limitations.
The personal data obtained through the job application form and curriculum will be kept for a maximum period of one year.
The personal data obtained through the contact form will be kept only for the time necessary to meet the request for information.
However, if you have given your express consent for the sending of information and commercial prospecting, your data will be kept until the moment you express your wish to revoke said consent.

What security measures will be applied to your personal data?

The processing of the personal data provided will be carried out by adopting the technical and organizational measures necessary to avoid the loss, misuse, alteration and unauthorized access to them, taking into account the state of technology, the nature of the data, the risk analysis carried out and the measures derived from the management of the information system in accordance with the ISO / IEC 27001: 2013 and ISO / IEC 27002 standards.

How can you exercise your rights in relation to your personal data?

To revoke the consents granted, as well as to exercise the rights of access, rectification, cancellation, deletion, opposition, limitation, portability and non-submission to automated decisions, you may write to:

Grupo GAT
Calle Las Norias, 92, Planta Baja, Oficina I, 28221 Majadahonda, Madrid
[email protected]

In the event that the interested party considers that the above rights have not been met in accordance with current legislation, they may file the corresponding claim for protection of rights before the Spanish Agency for Data Protection.

Who can you contact to deal with issues related to the protection of your personal data?

To deal with questions related to your personal data, you can contact our Data Protection Officer (DPO): [email protected]

In addition, if you consider that your rights haven’t been properly attended, you can interpose a complaint to the Spanish Data Protection Agency (AEPD) through the website

Mandatory or optional nature of the requested data

The mandatory data of each form is identified as such in the forms. The refusal to supply said information may prevent communication with the user and, where appropriate, the impossibility of providing the information and / or service requested.

User commitments

The user guarantees that he is over 18 years of age and that the information provided is accurate and truthful. In addition, it undertakes to inform of any modification suffered by the information provided through an email to the address [email protected], specifying the information that must be modified .
Likewise, the USER undertakes to diligently guard their passwords and personal identification codes and to inform as soon as possible in the event of loss, theft or unauthorized access.
As long as this communication does not take place, the Data Controller will be exempt from any liability that may arise from the improper use by unauthorized third parties of such passwords and identification codes.
In the event that responsibilities arise for a breach of these conditions by the USER, they must answer for the consequences of said breach.