With this Privacy Policy, BDR Informàtica (hereinafter, BDR or we) informs you about the personal data we collect through the services we offer, which are reflected on this website, how we process them, and the rights you have concerning your personal data and our processing, as granted by the applicable Personal Data Protection regulations.

Applicable Regulations

  1. Law 29/2021, of October 28, on the Qualified Protection of Personal Data of the Principality of Andorra (hereinafter, LQPD)
  2. Organic Law 3/2018, of December 5, on the Protection of Personal Data and the Guarantee of Digital Rights (hereinafter, LOPDPGDD).
  3. Decree 391/2022, of 28-9-2022, approving the Regulation implementing the LQPD, and
  4. Regulation (EU) 679/2016 of the European Parliament and the Council, of April 27, 2016, regarding the protection of natural persons concerning the processing of personal data and the free movement of such data (hereinafter, “GDPR”).

In the following table, you will find links to facilitate access to the points of this policy that may be of interest to you; however, please read all the sections of the Legal Notice and this privacy policy before using this website:

  1. To whom does this Privacy Policy apply?
  2. Who is responsible for processing your personal data?
  3. How do we obtain your personal data?
  4. For what purposes do we use your data and on what legal basis?
    • To initiate and maintain a relationship with our suppliers
    • To initiate and maintain a relationship with our clients
    • To select and hire our staff
    • To provide estimates and offer our services
    • To respond to your requests, inquiries, or complaints
    • To manage potential future claims
    • To safeguard and return lost items found on our premises
    • To ensure the functionality of our website (functional cookies)
    • To generate aggregated statistics on the use of our website (analytical cookies)
    • To enhance the relevance of the advertisements you receive (advertising cookies)
    • To utilize Google services
    • To inform you of security breaches
    • For other purposes that are not incompatible with the above
  5. With whom may we share your personal data?
  6. How long do we retain your personal data?
  7. What are your rights?
    • Your rights
    • Where and how you can exercise your rights
    • Forms for exercising your rights
  8. What are your responsibilities?
  9. How do we protect your personal data?
  10. Changes to this Privacy Policy
  11. To whom does this Privacy Policy apply?

This Policy applies to individuals who interact with BDR through this website, to users of the services BDR offers for the purposes described in section 4 of this policy (the Services), and to all individuals whose personal data (for example, their images) may appear on our website or in the context of the Services.

  1. Who is responsible for processing your personal data?

The sole entity responsible for processing your personal data as described in this policy is:

BDR Informàtica, located at c/ Baixada del Moli, 20 1-1 – AD500 ANDORRA LA VELLA (ANDORRA), NRT L-707599-R, registered with the Commerce Registry under number 920400X, and can be contacted via email at info@bdrinformatica.com.

We have an external Data Protection Officer – Win2win, SLU, an Andorran company specializing in privacy and personal data protection – whom you can contact at any time via email at DPDextern@win2win.ad.

Additionally, if you are located in the European Union, you should know that our representative for data protection matters is COMPLIANCE GAP MITIGATION, located at Calle Ferraz 28, 2º Izq. 28008 Madrid, (Spain), whom you can contact via phone at (+34) 917589441 and (+34) 915482701, or preferably via email at ESTA-ENTIDAD@compliancegapmitigation.com.

BDR is not responsible for the activities of other websites, even if accessed through links on our website. Therefore, we strongly recommend that you carefully read the information provided by these other controllers before providing them with your personal data (especially the privacy and cookie policies of each website you visit), and contact the controller if you have any concerns or questions.

  1. How do we obtain your personal data?

Generally, you provide us with your personal data directly – for example, through the forms on this website. The only exceptions to this rule are:

  • Data provided by third parties who purchase our services on your behalf (either because you are the beneficiary or to represent you);
  • Contact data provided by our service and product suppliers when you represent them;
  • Data of individuals whose image or other personal data is published on our website;
  • Personal data about you that may appear in the emails we receive; and
  • Cookies from this website, for which you can find more information in our cookie policy.
  1. For what purposes do we use your data and on what legal basis do we process it?

To initiate and maintain a relationship with our suppliers

If you represent a product or service supplier, we collect your contact details and signature to:

a) Manage our various relationships with the supplier you represent. b) Manage the relevant record in our list of authorized suppliers. c) Manage the quotes and invoices of the supplier you represent.

The processing related to purposes a) and b) is legitimized by the employment or service contract you have signed with the supplier you represent and our legitimate interest in contacting them. The processing related to purpose c) is legitimized as necessary for the execution of the contract(s) you have signed with us.

To initiate and maintain a relationship with our clients

We collect the data you provide orally or in writing directly from you, a third party you represent, or of which you are a beneficiary when they contract a service with us to manage that contract.

The processing of this data is legitimized as necessary for the execution of the service contract in which you are an interested party.

To select and hire our staff

We process the data from the CV you voluntarily send us to manage the relationship with you regarding your candidacy for a position at BDR, including the search, filtering, and storage of the CV as a potential candidate, the recruitment process, and the hiring process.

The legal basis for this processing is your consent, which you express by sending us your CV, the execution of pre-contractual measures, and if we do not have an open recruitment process or you are not hired and we believe you may fit into future recruitment processes, our legitimate interest in retaining your CV for inclusion in these future processes. You can withdraw your consent or object to our legitimate interest as outlined in section 7 of this policy, and if you do so, the only effect will be the destruction of your CV (if you withdraw consent) or limiting its retention to the recruitment process for which you sent us your CV.

To provide estimates and offer our services

We collect the data you provide at our offices, by phone, or via email to offer you a quote for the service you request and, if you accept, to provide the corresponding service.

Sometimes, we collect additional information about our potential clients and/or their effective beneficiaries through KYC (Know Your Customer) forms, which are primarily aimed at preventing individuals or entities from using legitimate services for illegal activities.

The legal basis for processing the data to manage the quote is the consent you give by providing us with the data needed to prepare it. The legal basis for processing associated with the provision of services is the necessity for the execution of the contract that regulates the terms and conditions of use of these services. The legal basis for processing associated with managing the KYC is our legal obligation under Law 14/2017, of June 22, on the prevention and fight against money laundering or the financing of terrorism.

To respond to your requests, inquiries, or complaints

We collect the personal data you provide in your emails, by phone, or through the contact form on the website or the rights request form to address your requests, inquiries, or complaints regarding our services or your rights concerning your personal data.

The legal basis for this processing is the consent you express by sending us or giving us this data, our legal obligation to address your rights requests, and our legitimate interest in assisting you. Providing your personal data is voluntary; however, if you do not provide it, we cannot process your request, inquiry, or complaint. You may withdraw your consent at any time, but this will also make it impossible to continue processing your request, inquiry, or complaint.

To manage potential future claims

We retain data that may be necessary to manage your possible claims or ours based on our legitimate interest in defending our rights.

To ensure the functionality of our website (functional cookies)

We use functional cookies to collect, store, consult, and process personal information (linked to you through unique identifiers or IP addresses) from your device’s browser to ensure the proper functioning of our website.

As these cookies are necessary for the proper functioning of the website, their use does not require your express consent. However, you may object to their use through the website’s cookie settings. Please note that if you do this, we will not be able to guarantee that the website will function as intended.

To generate aggregated statistics on the use of our website (analytical cookies)

We use analytical cookies, including those provided by Google Analytics, to collect, store, consult, and process personal information (linked to you through unique identifiers or IP addresses) from your device’s browser to generate aggregated statistics on the number of users who visit our website, the pages they visit, and how they interact with our content.

The legal basis for using analytical cookies is your consent. You may object to this processing by configuring the website’s cookies. If you do so, your visit to the website will not be affected, but we will be less able to know what content interests our users and improve it.

To improve the relevance of the advertisements you receive (advertising cookies)

We use cookies to collect, store, consult, and process personal information (linked to you through unique identifiers or IP addresses) from your device’s browser to present you with advertisements that are more relevant to your preferences.

The legal basis for using advertising cookies is your consent. You may object to this processing by configuring the website’s cookies. If you do so, you will not stop seeing advertisements, but the ads you see will not necessarily reflect your preferences.

To use Google services

Google services are used on this website. If you accept the use of cookies from Google Analytics or other services provided by Google, it is possible that Google will also process your data to track your online browsing and present you with advertisements according to your browsing habits, to cross-reference your browsing habits with other personal data that Google has collected from you (for example, if you have a Google account), or to share this data with other parties. To learn more about how Google processes your personal data and your options for configuring how it uses your data, we recommend that you consult their privacy policy: https://policies.google.com/technologies/partner-sites.

If you do not want your data to be processed by Google, we recommend that you configure your browser’s cookie settings to block cookies from Google Analytics and Google Tag Manager.

To inform you of security breaches

BDR will notify you of security breaches affecting your rights and freedoms without undue delay, and where possible, within 72 hours of becoming aware of the breach.

The legal basis for this processing is our legal obligation to inform you of security breaches.

For other purposes that are not incompatible with the above

We may use your personal data for purposes other than those listed above, provided that the new purpose is compatible with the initial purpose for which we collected it, we have informed you of the change in purpose, and the processing complies with applicable legal requirements.

  1. With whom may we share your personal data?

We do not share your personal data with anyone, except as required by law or for any of the following reasons:

a) If you have given your consent, your data may be shared with the companies or individuals whose products or services we offer, always with your prior knowledge and in accordance with the conditions you have authorized. b) We may share data on the use of our website with Google (see section 4 above). c) If your data is necessary for the management of claims or is requested by the authorities, your data will be shared in compliance with the law.

We have contracts with our suppliers that contain the appropriate safeguards to ensure that your data is not processed for any purpose other than those indicated in this policy.

  1. How long do we retain your personal data?

We retain your data for as long as necessary to fulfill the purpose for which we collected it. The criteria we use to determine the retention period include:

a) The purpose of processing the personal data and whether we can achieve that purpose in another way. b) The legal and regulatory obligations we must comply with. c) The need to retain personal data for the defense of our rights or the management of claims.

In general, once the purpose for which we processed your data has been fulfilled, we will block it so that it cannot be used again, except for making it available to judges and courts, the Public Prosecutor’s Office, or the competent Public Administrations for the management of any claims that may arise from the processing of the data, and only for the period necessary to achieve this purpose. Once this period has elapsed, we will securely destroy the data.

  1. What are your rights?

Your rights

You have the following rights in relation to the personal data we process about you:

a) Right of access: You have the right to obtain confirmation of whether or not we are processing your personal data, to know what data we process, the purpose of the processing, and whether we share the data with others, either because we are legally obliged or because you have consented to it. b) Right of rectification: You have the right to request the correction of any inaccurate data about you that we process and to have incomplete data completed. c) Right to erasure: You have the right to request the deletion of your personal data if the processing is not necessary for the purposes for which it was collected, if you withdraw your consent, if you have successfully exercised your right to object to the processing, or if we are legally obliged to delete your data. d) Right to object: You have the right to object to the processing of your personal data based on our legitimate interest or the legitimate interest of a third party. We will no longer process your data unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms or for the defense of legal claims. e) Right to restrict processing: You have the right to request the restriction of the processing of your personal data if you contest the accuracy of the data, if the processing is unlawful, or if we no longer need the data for the purposes of the processing but you require it for the establishment, exercise, or defense of legal claims. f) Right to data portability: If the legal basis for processing your data is your consent or the execution of a contract, you have the right to receive the personal data you have provided us in a structured, commonly used, and machine-readable format, and to transmit this data to another data controller without hindrance from us. g) Right not to be subject to automated decision-making: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.**

Where and how can you exercise your rights?

You can exercise your rights by submitting a written request to the postal or electronic addresses indicated in section 2 of this policy. Your request must specify which right you wish to exercise. If we have reasonable doubts about your identity, we may request additional information to confirm your identity.

Forms for exercising your rights

You can request a form to exercise your rights by emailing info@bdrinformatica.com or DPDextern@win2win.ad.

We will respond to your request as soon as possible, and in any case within one month of receiving it, unless we need to extend this period by a further two months due to the complexity of the request or the number of requests received. In such a case, we will inform you of the extension and the reasons for it within one month of receiving your request.

If you believe that your rights have not been adequately addressed, you may file a complaint with the competent authority.

  1. What are your responsibilities?

You are responsible for ensuring that the personal data you provide is accurate, truthful, and up-to-date. You must not provide us with personal data about others unless you are legally entitled to do so.

You must also take responsibility for ensuring that any data you provide to us is done so in compliance with the law, and you must inform us immediately if you become aware that the data you have provided is inaccurate or outdated.

If you provide us with personal data about others, you must ensure that you have informed them of this policy and that you have obtained their consent, if necessary, before providing us with their data.

We are not responsible for any damages or losses arising from the use of inaccurate, incomplete, or outdated data, or from the provision of data about others without their consent or legal authorization.

  1. How do we protect your personal data?

We take appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, alteration, or destruction.

These measures include:

a) Encryption of personal data where necessary. b) Access controls to ensure that only authorized personnel have access to your personal data. c) Regular monitoring of our systems for potential vulnerabilities and attacks. d) Implementation of regular security updates.

We also require our service providers to implement appropriate security measures to protect your personal data and to comply with applicable legal requirements.

  1. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the services we offer.

Any changes we make to this policy will be posted on this page, and where appropriate, notified to you by email or other means.

We encourage you to review this policy regularly to stay informed about how we process your personal data and the options available to you.

If you have any questions about this policy, please feel free to let us know by emailing us at DPDextern@win2win.ad.

Scroll to Top