top of page

Privacy Policy

Medialis Solucions SL is committed to protecting the privacy of users who access this website and/or any of its services. The use of the website and/or any of the services offered by Medialis Solucions SL implies the user's acceptance of the provisions contained in this Privacy Policy and that their personal data will be processed as stipulated herein. Please note that although our website may contain links to other websites, this Privacy Policy does not apply to other companies' or organizations' websites to which the website may be redirected. Medialis Solucions does not control the content of third-party websites nor does it accept any responsibility for the content or privacy policies of such websites.

Information on Data Processing (Regulation (EU) 2016/679 and Organic Law 3/2018)

Data Controller
Medialis Solucions SL
Avda. Sant Jordi, 168 17800 Olot
Email: info@medialissolucions.cat

Purpose of Processing
To provide and manage our advisory services in mediations or negotiations, and in the administration and management of real estate assets and leased properties.

Legal Basis

  • Consent obtained from the data subject.

  • Execution of the service contract.

Recipients
Data will not be communicated to third parties, unless required by law or necessary to fulfill the purpose of processing.

Rights of Individuals
Data subjects have the right to exercise the rights of access, rectification, restriction of processing, erasure, portability, and objection by sending their request to our address.

Data Retention Period
As long as the business relationship is maintained or for the years necessary to comply with legal obligations.

Complaints
Data subjects may contact the Spanish Data Protection Agency (AEPD) to file any complaint they deem appropriate.

Additional Information
You can consult additional and detailed information below in the "Privacy Questions" section.

Privacy Questions

In compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR) and Organic Law 3/2018 of 5 December, on Personal Data Protection and Guarantee of Digital Rights (LOPDGDD), we provide the following information regarding the processing of your personal data:

Who is the Data Controller?
The company providing the services is:

  • Identity: MEDIALIS SOLUCIONS SL

  • Services: mediation and negotiation services, administration of real estate assets and leased properties.

  • Tax ID: B22654537

  • Address: Avda. Sant Jordi, 168 17800 Olot

  • Phone: 622 581 846

  • Email: info@medialissolucions.cat

For what purposes do we process your personal data?

We process the information provided to manage our mediation and negotiation services, as well as the administration of real estate assets and leased properties.

  • If you contact us via our website contact form, we process your data to handle your query.

  • If you consent, we may also process your data to send you information about our activities, products, or services.

  • When you access our premises, your image may be recorded by CCTV for security purposes.

  • If you send us a CV, we process your data to manage our CV database for staff recruitment.

How long will we keep your data?

  • Personal data will be kept as long as you are a user of our services or wish to receive information, and afterwards for the periods required to comply with legal obligations.

  • Accounting and tax documentation: 6 years (per Art. 30 of the Commercial Code).

  • Tax obligations: 4 years (per Articles 66–70 of the General Tax Law).

  • CCTV images: 1 month.

  • CVs: 1 year.

What is the legal basis for processing your data?

  • Execution of the service contract.

  • Your consent.

For minors under 16, parental, guardian, or legal representative consent is required for processing personal data.

For visitor registration and CCTV images, the legal basis is the legitimate interest of ensuring the security of people and property.

Who will your data be communicated to?

Data will not be disclosed to third parties, unless required by law or necessary to fulfill the purpose of processing.

What are your rights when you provide us with your data?

  • Confirmation whether your data is being processed.

  • Access to your personal data.

  • Rectification of inaccurate data.

  • Deletion of data when no longer needed for their purpose.

  • Restriction of processing in certain circumstances (data kept only for legal claims).

  • Objection to processing for personal reasons, except for compelling legitimate grounds or legal claims.

  • Data portability.

  • Not to be subject to automated decisions, including profiling, that produce legal or significant effects.

  • File a complaint with the relevant Supervisory Authority.

How can you exercise your rights?

By sending us a written request with a copy of an identification document, either to our physical or email address.

How did we obtain your data?

From the data subject directly. The data subject guarantees that the information provided is accurate and will notify us of any changes. Data marked with an asterisk are mandatory to provide the requested service.

What data do we process?

  • Identifying data.

  • Personal characteristics.

  • Social circumstances.

  • Academic and professional data.

  • Employment details.

  • Financial, insurance, and economic data.

  • Commercial information.

  • Transactions of goods and services.

  • Image.

  • Special category data: health.

Only necessary data for providing our services and managing our activity are processed.

Do we use cookies?

Yes, we use cookies while browsing our website with the user's consent.
The user can configure their browser to be notified of cookies or block their use. Please see our cookie policy.

What security measures do we apply?

We apply the security measures established in Article 32 of the GDPR, adopting the necessary actions to guarantee an adequate level of security of the processed data, ensuring confidentiality, integrity, availability, and resilience of processing systems and services.

Some measures include:

  • Staff information on data processing policies.

  • Regular backups.

  • Data access control.

  • Regular verification and evaluation processes.

How do we process data on behalf of third parties?

When providing our services, if we process personal data for which our clients are responsible, we act as Data Processors, in accordance with Article 28 of the GDPR.

We therefore:

  1. Process personal data only under documented instructions from the Controller, including for international transfers, unless required by EU or Member State law.

  2. Ensure that authorized personnel are committed to confidentiality.

  3. Apply all necessary security measures per Article 32 of the GDPR.

  4. Respect the conditions of Article 28 regarding subcontractors.

  5. Assist the Controller with data subject rights.

  6. Assist the Controller in compliance with Articles 32–36 (security and breach obligations).

  7. Delete or return all personal data after the service, unless legally required to retain them.

  8. Provide all necessary information to demonstrate GDPR compliance and allow audits.

Types of data processed on behalf of clients:

  • Identifying data.

  • Personal characteristics.

  • Academic and professional data.

  • Social circumstances.

  • Employment details.

  • Financial, insurance, and economic data.

  • Commercial information.

  • Goods and services transactions.

  • Health.

Categories of data subjects:

  • Clients.

  • Suppliers.

  • Staff.

Data processing activities:

  • Collection.

  • Recording.

  • Organization.

  • Structuring.

  • Storage.

  • Modification.

  • Consultation.

  • Use.

  • Incorporation of documentation.

bottom of page