Our data protection policy is constructed and published in accordance with applicable regulations, especially as regards Regulation EU 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter GDPR) and Spanish Law 3/2018 of 5 December on the Protection of Data and the Guarantee of Digital Rights (hereinafter LOPDGDD).

RED LEAF, S.L. (hereinafter THE COMPANY) has adopted the measures, both technical and organisational, needed to guarantee the confidentiality and security of personal data, avoiding its unauthorised alteration, loss, processing and access. This is in accordance with that stipulated in the applicable regulations and, in any case, it complies with the level of security that is appropriate to the level of the data processed.

THE COMPANY manages the data of physical persons in the performance of a job or professional function, as well as personal data in the private sphere. Both categories were addressed when establishing this privacy policy. The Company may act as DATA PROCESSOR or DATA CONTROLLER. This privacy policy covers both activities.

This policy may vary over time due to possible changes in legislation. If any modification is made, we shall keep you informed through this page.


IdentityRED LEAF, S.L.
Postal AddressC/ Claudio Coello, 76 semisótano, Madrid 28001, España
Telephone+34 91 547 9367

DPO: Gema González García. E-mail: GGonzalez@afianza-ac.es, You can also contact her in the addresses indicated above.

Purpose of processing

For what purpose do we process your personal data?

THE COMPANY processes the information provided by interested parties for the following purposes:

  1. PURPOSES OF A CONTRACTUAL NATURE: to facilitate the management of the agreed service provision, to maintain the commercial relationship and for any other services contracted at a later date.
  2. CONSENT-BASED PURPOSES: for marketing, distribution of newsletters and technical notifications related to our activity.
  3. PURPOSES BASED ON LEGITIMATE INTEREST, under the scope of that established in Article 19 of the Spanish LOPDGDD (Organic Law 3/2018 of 5 December) and Article 6.1.f of Regulation EU 2016/679, in matters regarding the contact data, function or job performed by physical persons who provide services in a legal person. This refers solely to the data required for their location and to maintain relationships of any type with the legal person in which the affected party provides their services.

PERSONAL DATA is used as DATA CONTROLLER when the COMPANY collects and use the data.

PERSONAL DATA is used as DATA PROCESSOR when the Company use personal data to provide services to a third party who is the DATA CONTROLLER.

For how long will we keep your data?

The provided personal data shall be kept:

  1. During the time required for compliance with the purpose for which it was collected, or the time required for the trade relationship, including the time required, in accordance with applicable regulations, to comply with the relevant obligations that may arise from it.
  2. Data related to the academic records will be of 10 years, on indefinite in the cases indicated in articles 2 and 6 of Spanish Organic Act 6/2001, dated December 21 st .
  3. Until the interested requests that it be suppressed.

It shall be blocked when either of the three aforementioned events occurs, whichever occurs first. From that moment on, it shall be available exclusively to Judges and Courts, the Public Prosecutor and the competent Public Administrations, particularly the data protection authorities, in order to address any possible liabilities arising from its processing, during the limitation period. After said period has expired, the data shall be suppressed.

Are profiles created?

No profiles are created.

Legal Processing

What is our legal standing for the processing of your data?

The legal basis for our processing of your data is based on:

  1. Our contractual relationship and the execution of the contract you signed with us.

  2. Your express and written consent.

  3. Legitimate interest according to Art 19 of the LOPDGDD.


To which recipients is your data sent?

The data is sent to our collaborators who carry out services, including subcontractors, collaborating legal firms and/or those responsible for data processing.

Under Commission Decision 2002/2/EC of 20 December 2001 on entities subject to the scope of application of the Canadian Personal Information Protection and Electronic Documents Act, data controllers and processors may carry out international data transfers without authorisation from the Spanish Data Protection Agency, provided that the data processing complies with the provisions of the GDPR and other applicable regulations.

Regarding any transfer of your personal data to countries outside of the EEA, the Company will implement the specific measures needed to guarantee an appropriate level of protection of said personal data.


What are your rights?

  1. All persons have the right to obtain confirmation about whether THE COMPANY is processing personal data which may or may not concern them.

  2. Interested parties have the right to access their personal data, to request the rectification of incorrect data and, if applicable, to request its suppression when, among other reasons, the data is not required for the purposes for which it was gathered.

  3. In certain circumstances established in Article 18 of the GDPR, interested parties can request the limitation of the processing of their data. In this case, we would only keep the data for the filing or defence of grievances.

  4. Interested parties can object to the processing of their data for marketing purposes, including the creation of profiles. THE COMPANY will stop processing said data, unless there are compelling legitimate grounds or in the exercise or defence of possible grievances.

  5. By virtue of the right to portability, interested parties have the right to obtain the personal data which concerns them (it will be supplied in a structured, commonly used, machine-readable format) and to transfer it to another data processor.

How can you exercise your rights?

By writing to THE COMPANY at the addresses indicated above. 

What channels are there for complaints?

In the event that you believe that THE COMPANY has not fulfilled your request correctly, you can request protection from the Spanish Data Protection Agency, the details of which can be consulted at www.agpd.es.

Categories of data

What categories of data do we process?

  1. Identification data.
  2. Economic-financial information.
  3. Data about health.
  4. Labour and work information.

Special categories of Articles 9 and 10 of the GDPR may be process. In the event of exceptional processing, the Company will comply with the requirements of Article 9 and explicit consent will be obtained. 

Personal data is processed confidentially in accordance with the privacy and security policies established by the Company. 

The data we receive or gather is that required for fulfilling the indicated purposes.


How did we obtain your data?

As DATA CONTROLLER, the personal data we process comes from the information which you provide us when you hire THE COMPANY, when you access our website or when you establish any type of relationship with us, either directly or indirectly. 

 As DATA PROCSSOSR, the personal data is received from the DATA CONTROLLER, or they are collected during the provision of the services entrusted by the DATA CONTROLLER.