Privacy Policy

With this Privacy Policy, BDR Informàtica (hereinafter referred to as BDR or “we”) informs you about the personal data we collect through the services offered and reflected on this website, how we process it, and the rights you are granted in relation to your personal data and our processing under the applicable Personal Data Protection regulations.

Applicable Regulations

  1. Law 29/2021, of October 28, Qualified Law on Personal Data Protection of the Principality of Andorra (hereinafter referred to as LQPD)
  2. Organic Law 3/2018, of December 5, on Personal Data Protection and Guarantee of Digital Rights (hereinafter referred to as LOPDPGDD)
  3. Decree 391/2022, of September 28, 2022, approving the Regulation implementing the LQPD
  4. Regulation (EU) 679/2016 of the European Parliament and of the Council, of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as “GDPR”)

In the following table, you will find links to facilitate your access to the sections of this policy that interest you. However, please make sure to read all parts of the Legal Notice and this privacy policy before using this website:

  1. To whom does this Privacy Policy apply?
  2. Who is responsible for processing your personal data?
  3. How do we obtain your personal data?
  4. For what purposes do we use your data, and on what legal basis do we do so?
    • To initiate and maintain relationships with our suppliers
    • To initiate and maintain relationships with our clients
    • To select and hire our staff
    • To estimate and offer our services
    • To handle your requests, inquiries, or complaints
    • To manage potential future claims
    • To safeguard and return any lost items at our facilities
    • To ensure the functioning of our website (functional cookies)
    • To extract aggregated statistics on the use of our website (analytical cookies)
    • To improve the relevance of the advertising you receive (advertising cookies)
    • To use Google’s services
    • To inform you of security breaches
    • For other purposes not incompatible with the above
  5. With whom can we share your personal data?
  6. How long do we retain your personal data?
  7. What rights do you have?
    • Your rights
    • Where and how can you exercise your rights
    • Forms for exercising your rights
  8. What are your responsibilities?
  9. How do we protect your personal data?
  10. Changes to this Privacy Policy 

1. To whom does this Privacy Policy apply?

This Policy applies to individuals who interact with BDR through this website, users of the services that BDR offers for the purposes described in section 4 of this policy (the Services), and all individuals whose personal data (e.g., their images) may appear on our website or in the context of the Services.

2. Who is responsible for processing your personal data?

The sole entity responsible for processing your personal data according to this policy is:

BDR Informàtica, located at c/ Baixada del Moli, 20 1-1 – AD500 ANDORRA LA VELLA (ANDORRA), NRT L-707599-R, with Trade Register number 920400X. You can contact us via email at info@bdrinformatica.com.

We have an external Data Protection Officer — Win2win, SLU, an Andorran company specializing in privacy and personal data protection. You can reach them at any time via email at DPDextern@win2win.ad.

Additionally, if you are in the European Union, you should know that our data protection representative is COMPLIANCE GAP MITIGATION, located at Calle Ferraz 28, 2º Izq. 28008 Madrid, Spain. You can contact them by phone at (+34) 917589441 and (+34) 915482701, or preferably via email at ESTA-ENTIDAD@compliancegapmitigation.com.

BDR is not responsible for the activities of other websites, even if you access them through links on our website. We strongly recommend that you carefully read the information provided by these other controllers before providing them with your personal data (especially the privacy and cookie policies of each website you visit) and contact them if you have any concerns or questions.

3. How do we obtain your personal data?

In general, you provide your personal data directly to us — for example, through the forms on this website. The only exceptions to this rule are:

  • Data provided by third parties who acquire our services on your behalf (either because you are the beneficiary or because they represent you);
  • Contact data provided to us by our service and product providers when you represent them;
  • Data of individuals whose images or other personal data are published on our website;
  • Personal data about you that may appear in emails we receive; and
  • Cookies from this website, which you can learn more about in our cookie policy.

4. What do we use your data for and on what legal basis?

To establish and maintain the relationship with our suppliers

If you represent a supplier of products or services, we collect your contact details and signature to:

a) Manage all types of relationships with the supplier you represent.

b) Manage the corresponding record in our list of authorized suppliers.

c) Manage the budgets and invoices of the supplier you represent.

The processing related to purposes a) and b) is justified by the employment or service contract you have signed with the supplier you represent and our legitimate interest in contacting them. The processing related to purpose c) is justified by being necessary for the execution of the contract(s) you have signed with us.

To establish and maintain the relationship with our clients

We collect the data you provide orally or in writing directly from you or from a third party you represent or are a beneficiary of when you contract a service with us, in order to manage that contract.

The processing of this data is justified by being necessary for the execution of the service contract in which you are a party.

To select and hire our staff

We process the CV data you voluntarily send us to manage your candidacy for a job at BDR, including the processes of searching, screening, and storing the CV as a potential candidate, the selection process, and the hiring process.

The legal basis for these processes is your consent, which you provide by sending us your CV, the execution of pre-contractual measures, and if we do not have an open selection process or you are not hired, our legitimate interest in retaining your CV for potential future selection processes. You can withdraw your consent or object to our legitimate interest as outlined in section 7 of this policy, and if you do so, the only effect will be the destruction of your CV (if you withdraw consent) or the limitation of its retention in the selection process for which you sent us your CV.

To budget and offer our services

We collect the data you provide at our offices, by phone, or via email to offer you a budget for the service you request and, if accepted, to provide the corresponding service.

Sometimes, we collect additional information about our potential clients and/or their actual beneficiaries through KYC (Know Your Customer) forms, which mainly aim to prevent individuals or entities from using legitimate services to engage in illegal activities.

The legal basis for processing related to budgeting is your consent, which you express by providing us with the data we need to prepare the budget. The legal basis for processing related to providing services is being necessary for the execution of the contract governing the terms and conditions of these services. The legal basis for processing associated with KYC management is our legal obligation under Law 14/2017, of June 22, on the prevention and fight against money laundering and terrorist financing.

To address your requests, inquiries, or complaints

We collect the personal data you provide in your emails, by phone, or through the contact form or requests for rights exercises, to address your requests, inquiries, or complaints regarding our services or your rights over your personal data.

The legal basis for this processing is the consent you express by sending us or providing this data, our legal obligation to address your rights requests, and our legitimate interest in assisting you. Providing your personal data is voluntary; however, if you do not provide it, we will not be able to process your request, inquiry, or complaint. You can withdraw your consent at any time, but such withdrawal will also make it impossible to continue processing your request, inquiry, or complaint.

To manage potential future claims

We retain data that may be necessary to manage potential claims, either yours or ours, based on our legitimate interest in defending ourselves to protect our rights.

To ensure the functioning of our website (functional cookies)

We use functional cookies to collect, store, consult, and process personal information (linked to you via unique identifiers or IP addresses) from your device’s browser to ensure the proper functioning of our website.

Since these are necessary cookies for the proper functioning of the website, their use does not require your explicit consent, and the legal basis for using them is our legitimate interest in providing you with the services of our website.

You can find more information about these cookies in our cookie policy.

To extract aggregated statistics of our website use (analytical cookies)

We use analytical or statistical cookies to identify the most and least visited pages, analyze which content is of most interest to our visitors, and measure the success of our informational campaigns, all with the aim of improving the services we offer through the website. All these purposes provide aggregated results, in which it is not possible to identify the interests of any specific person.

Since these are analytical cookies, we will not use them until we have your consent, and not giving or withdrawing consent will only have the effect of hindering our purpose of improving the website through aggregated navigation statistics.

You can find more information about these cookies in our cookie policy.

To enhance the relevance of the advertising you receive (advertising cookies)

We load third-party advertising cookies. These files help us infer your interests based on the pages you visit, the content you click on, and other actions you take online.

Since these are non-essential cookies, we will not use them until we have your consent, and not giving or withdrawing consent will only affect our ability to improve the relevance of the advertising you receive.

You can find more information about these cookies in our cookie policy.

To use Google services

Additionally, as required by Google LLC, a company of which Google Ireland Ltd. is a subsidiary, we inform you that these two services are operated by Google Inc., located at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, and Google Inc. is a beneficiary of these services.

The information generated by cookies about your use of this website and your advertising preferences is generally transmitted to a Google server in the USA and stored there. If you want more information, you can review the page describing how Google uses the information from our website and/or Google’s privacy policy regarding these services.

We inform you that we have activated the IP anonymization feature in Google’s service to add additional safeguards to the standard contractual clauses that protect this international data transfer to the USA. As a result, Google will shorten your IP address before transmitting it to the USA (process of obscuring your identity). Only in exceptional cases is the full IP address sent to a Google server in the USA and abbreviated there. Google guarantees that the IP address transmitted by your browser in Google Analytics will not be combined with any other data held by Google.

You can review the categories of personal data processed by these services at privacy.google.com/businesses/adsservices.

To communicate security breaches

At BDR, we implement security measures appropriate to the level of risk to protect personal information against loss, misuse, and unauthorized access, disclosure, alteration, and destruction, considering the risks of processing and the nature of personal information. However, if we determine that your data has been compromised (even by an employee or former employee of BDR), exposed due to a security breach, or wrongfully obtained by a third party, exposing you to a high risk, we will inform you immediately about this security breach, appropriation, or wrongful acquisition, and about the measures we have taken and those we recommend you take to mitigate the impact of the breach.

The legal basis for this processing is the legal obligation provided in Article 37 of the LQPD and our legitimate interest in preventing this security breach from causing you harm.

For other purposes not incompatible with the above

We may use your personal data for other purposes that are not incompatible with those mentioned above (such as archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes) as long as permitted by current personal data protection regulations, and of course, acting in accordance with these and other applicable regulations.

5. With whom can we share your personal data?

We do not share your personal data with anyone, except when:

  • You request it yourself.

  • We have a legal obligation to do so.

  • We act as intermediaries, for example, when we need to contract a final service on your behalf, such as an appointment with a notary.

  • We are joint controllers of the data collection, so, with your consent, other entities process it on their own behalf. This is the case with:

    • Google Ireland Ltd., located at Gordon House 4, Barrow – Dublin, Ireland, to whom we have entrusted the processing of necessary cookie data for their Analytics services. Google Ireland Ltd. acts as an independent controller for all processing it performs on your behalf in accordance with its privacy policy. We transfer data to Google Ireland Ltd. based on the data protection agreement this EU-based company includes in the standard contract addendum for countries compliant with the GDPR, such as Andorra, to which we add the additional safeguard of activating IP anonymization collected by cookies. In our cookie policy, you will see which analytical and advertising cookies we offer and how to configure them.

    • We need our service providers to process data on our behalf (for example, the company providing us with external Data Protection Officer services processes emails sent to DPDextern@win2win.ad). This processing is done on our behalf under the terms and conditions of the relevant data processing agreement.

    • They may occasionally have access even if they do not need to process personal data on our behalf. This is the case, for example, with web development and maintenance companies or some of our IT or hosting service providers. Since they might occasionally access BDR data, they have signed a service provision contract that obliges them to maintain the same level of privacy we have at BDR.

Any international transfer that we might need to carry out will comply with the regulations in force that apply to us at the time.

  1. How long do we keep your personal data?

BDR retains your personal data solely for the duration necessary to fulfill the purposes for which it was collected and, thereafter, for as long as required to fulfill any legal obligations arising from the processing in question (including the obligation to demonstrate that we have complied with your request for data deletion).

When we no longer have a legitimate purpose for processing some of your personal data, we will delete or anonymize it. If deletion or anonymization is not possible (e.g., due to backup copies), we will store the data securely and block it to prevent any further processing until it can be deleted.

  1. What rights do you have?

You have the right to obtain confirmation on whether we hold any of your personal data.

Please note that when we share personal data with other controllers, you will need to exercise your rights directly with them following their own privacy policies. Specifically, regarding data shared with Google through our cookies, you can install the Google Analytics Opt-out Browser Add-on in your Chrome, Internet Explorer, Safari, Firefox, or Opera browser.

Here are the other rights you have and how to exercise them:

Your rights

You can request the following rights:

  • Access to your personal data.
  • Rectification of any of your personal data, specifying the reason.
  • Deletion of some or all of your personal data.
  • Limitation of the processing of your data, specifying the reason for the limitation.
  • Objection to the processing of your personal data.
  • Data portability when the processing is based on consent or a contract.
  • The right not to be subject to automated individual decisions.

Consent given for processing and the sharing of data can be revoked at any time, as outlined in the following section. This revocation will not have retroactive effect.

Where and how you can exercise your rights

You can exercise your rights:

  • By sending a written request to BDR at our postal address provided in Section 2 of this policy, including a contact method for us to respond to your request or to request further information if needed. We would appreciate it if you mark the envelope “Exercise of Personal Data Protection Rights.”
  • By sending the form associated with the right you wish to exercise to the email address DPDextern@win2win.ad, with the subject line “Exercise of Personal Data Protection Rights.” These forms can be found later in this privacy policy.

In both cases, if we cannot verify your identity, we will ask you to provide proof of your identity to ensure we respond only to the interested party or their legal representative.

If someone is sending the email on behalf of the interested party, the representative’s credentials must be provided through legal documents that properly identify both the interested party and the representative and specify the mandate or procedure by which the representation is delegated.

Furthermore, if you believe you have not received satisfactory attention regarding the exercise of your rights, you can file a complaint with the national data protection authority in your country or with the Andorran Data Protection Agency (APDA).

Forms for exercising your rights

To facilitate the exercise of your rights, we recommend using the following request forms:

  • Access Rights Request Form
  • Rectification Rights Request Form
  • Objection Rights Request Form (Model A, and Model B)
  • Deletion Rights Request Form
  • Limitation of Processing Rights Request Form
  • Data Portability Rights Request Form
  • Rights Not to Be Subject to Automated Individual Decisions Request Form
  1. What responsibilities do you have?

By providing us with your data, you guarantee that it is accurate and complete. You also confirm that you are responsible for the accuracy of the personal data you have provided and that you will keep it updated to reflect your actual situation, taking responsibility for any false or inaccurate data and for any damages, direct or indirect, that may arise from such inaccuracies.

You may not provide us with personal data of other people unless justified in relation to the services you request. If you provide personal data of third parties, you are responsible for informing them beforehand. This information must include all provisions of this privacy policy, and you are responsible for ensuring the legality of these data and informing the data subjects of their rights regarding their personal data.

In cases where you need to provide personal data of a minor under 16 years of age or a person with limited rights, you must have the authorization of their guardians or custodians. Without this authorization, you are prohibited from providing any personal data of these individuals.

  1. How do we protect your personal data?

We are fully committed to protecting your privacy and personal data. We have created a record of all personal data processing activities, assessed the risks associated with each activity, and implemented appropriate legal, technical, and organizational safeguards to prevent, as much as possible, the alteration, misuse, loss, theft, unauthorized access, or unauthorized processing of your personal data. We keep our policies updated to ensure that you are provided with all information regarding the processing of your personal data and to ensure that our staff receives proper guidance on how to handle your personal data. We have signed data protection clauses and processing agreements with all our service providers, addressing the necessity for each to process personal data.

We restrict access to personal data to employees who need to know it to perform the processing activities described in this policy, and we have trained and made them aware of the importance of confidentiality and maintaining the integrity and availability of the information, as well as the disciplinary measures for any potential breaches.

However, if we determine that your data has been misappropriated (including by an employee or former employee of BDR), exposed due to a security breach, or improperly obtained by a third party, putting you at high risk, we will immediately inform you of this security breach, misappropriation, or improper acquisition, and the measures we have taken and recommend you take to mitigate the impact of the breach.

  1. Changes to This Privacy Policy

We will update this policy as necessary to reflect any changes in regulations or in our processing activities. If the changes are substantial, we will notify you before they take effect by sending you a notification or by posting a prominent notice on this website. You will then have the option to exercise your rights as described in a previous section. In any case, we recommend that you periodically review this privacy policy to understand how we are protecting your personal data.

If you have any questions about this policy, please feel free to let us know by sending an email to DPDextern@win2win.ad.