top of page

Privacy Policy

Legal notice

Cookie Policy

Medialis Solucions SL is committed to protecting the privacy of users who access this website and/or any of its services. Use of the website and/or any of the services offered by Medialis Solucions SL implies the user’s acceptance of the provisions contained in this Privacy Policy and that their personal data will be processed as stipulated herein. Please note that although our website may contain links to other websites, this Privacy Policy does not apply to websites of other companies or organizations to which the site may be redirected. Medialis Solucions does not control the content of third-party websites nor does it accept any responsibility for the content or the privacy policies of those websites.

Information on Data Processing (Regulation (EU) 2016/679 and OL 3/2018)

Data Controller
Medialis Solucions SL
Avda. Sant Jordi, 168 17800 Olot
Email: info@medialissolucions.cat

Purpose of Processing
To offer and manage our advisory services in mediations or negotiations and in the administration and management of real-estate assets and leased properties.

Legal Basis

  • Consent obtained from the data subject.

  • Performance of the service contract.

Recipients
Data will not be communicated to third parties, unless required by law or necessary to fulfill the purpose of the processing.

Rights of Individuals
Data subjects have the right to exercise the rights of access, rectification, restriction of processing, erasure, portability and objection by sending their request to our address.

Data Retention Period
For as long as the commercial relationship is maintained or for the years necessary to comply with legal obligations.

Complaint
Data subjects may contact the Spanish Data Protection Agency (AEPD) to lodge any complaint they deem appropriate.

Additional Information
You can consult additional and detailed information below in “Privacy Questions”.

Privacy Questions

In compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016 (GDPR), and Organic Law 3/2018, of 5 December, on Personal Data Protection and guarantee of digital rights (LOPDGDD), we provide the following information on the processing of your personal data:

Who is the controller of your data?
The company providing the services is:

  • Identity: MEDIALIS SOLUCIONS SL

  • Services: mediation and negotiation services, and administration of real-estate assets and leased properties.

  • Tax ID: B22654537

  • Address: Avda. Sant Jordi, 168 17800 Olot

  • Tel.: 622 581 846

  • Email: info@medialissolucions.cat

For what purpose do we process your personal data?

We process the information provided to manage our mediation and negotiation services and the administration of real-estate assets and leased properties.

If you contact us through the contact form on our website, we will process your data to handle your inquiry.

If you give us your consent, we may also process your data to send you information about our activities, products or services.

When accessing our premises, your image may be recorded by CCTV for security-control purposes.

If you send us a résumé/CV, we will process the data to manage the CV database for staff recruitment.

How long will we keep your data?

Personal data will be kept while you are a user of our services or wish to receive information and, thereafter, for the periods established to comply with our legal obligations, which for accounting and tax documentation for commercial purposes will be 6 years pursuant to Art. 30 of the Commercial Code, and for tax purposes 4 years in accordance with Articles 66 to 70 of the General Tax Law.

CCTV images will be kept for one month.

CVs will be kept for one year.

What is the legal basis for processing your data?

The legal basis lies in the performance of the service contract and the consents you provide.

For information sent by minors under 16, it is essential to have the consent of a parent, guardian, or legal representative so that personal data can be processed. Otherwise, the minor’s legal representative must notify us as soon as they become aware.

With respect to the visitor log and the capture of images by the CCTV system, the legal basis is the legitimate interest in safeguarding the security of people and property.

Who will your data be disclosed to?

Data will not be disclosed to third parties, unless required by law or necessary to fulfill the purpose of the processing.

What are your rights when you provide us with your data?

Any person has the right to obtain confirmation as to whether or not we are processing their personal data.

Data subjects have the right to access their personal data and to request the rectification of inaccurate data or, where appropriate, request their erasure when, among other reasons, the data are no longer necessary for the purposes for which they were collected.

In certain circumstances, data subjects may request the restriction of processing, in which case we will only keep the data for the exercise or defense of claims.

Also, in certain circumstances and for reasons related to their particular situation, data subjects may object to the processing of their data. In this case, we will cease processing, except for compelling legitimate grounds or for the exercise or defense of possible claims.

Data subjects also have the right to data portability.

Any data subject has the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects on them or similarly significantly affects them.

Finally, data subjects have the right to lodge a complaint with the competent Supervisory Authority.

How can you exercise your rights?

By sending us a written request together with a copy of an identification document, to our physical or email address.

How did we obtain your data?

The personal data we process come from the data subject, who guarantees that the personal data provided are true and is responsible for communicating any changes. Data marked with an asterisk are mandatory in order to provide the requested service.

What data do we process?

Categories of data we may process:

  • Identifying data

  • Personal characteristics

  • Social circumstances

  • Academic and professional data

  • Employment details

  • Economic, financial and insurance data

  • Commercial information

  • Transactions of goods and services

  • Image

  • Special category data: Health

Data are limited, as we only process those necessary to provide our services and manage our activity.

Do we use cookies?

We use cookies while you browse our website with the user’s consent.

The user can configure their browser to be notified of the use of cookies and to prevent their use. Please visit our cookie policy.

What security measures do we apply?

We apply the security measures established in Article 32 of the GDPR; therefore, we have adopted the necessary measures to ensure an appropriate level of security for the data processing we carry out, with mechanisms that guarantee the confidentiality, integrity, availability and ongoing resilience of processing systems and services.

Some of these measures are:

  • Informing staff about data-processing policies.

  • Regular backups.

  • Data access control.

  • Regular verification, assessment and evaluation processes.

How do we process data on behalf of third parties?

When, in the provision of our services, we process personal data for which our clients are the controllers, we act as processors in accordance with Article 28 of the GDPR and, therefore, for such processing:

  1. We will process personal data only following the controller’s documented instructions, including with respect to transfers to a third country or an international organization, unless required to do so by Union or Member State law to which we are subject. In such a case, we will inform the controller of that legal requirement before processing, unless such law prohibits this on important public-interest grounds.

  2. We ensure that persons authorized to process personal data are committed to confidentiality.

  3. We have adopted all necessary security measures pursuant to Article 32 GDPR, implementing mechanisms to:

    • Ensure the confidentiality, integrity, availability and ongoing resilience of processing systems and services.

    • Restore availability and access to personal data in a timely manner in the event of a physical or technical incident.

    • Regularly verify, assess and evaluate the effectiveness of the technical and organizational measures to ensure processing security.

    • Pseudonymize and encrypt personal data, where appropriate.

  4. We will respect the conditions indicated in paragraphs 2 and 4 of Article 28 GDPR to engage another processor.

  5. We will assist the controller, where possible, given the nature of the processing and with appropriate technical and organizational measures, in responding to requests to exercise data-subject rights under Chapter III GDPR.

  6. We will help the controller ensure compliance with the obligations on data security set out in Articles 32 to 36 GDPR, considering the nature of the processing and the information made available to us.

  7. At the controller’s choice, we will delete or return all personal data after the end of the provision of processing services and delete existing copies unless Union or Member State law requires storage.

  8. We will make available to the controller all information necessary to demonstrate compliance with Article 28 GDPR and allow for and contribute to audits, including inspections, conducted by the controller or another auditor mandated by the controller.

As processors, the types of data, categories of data subjects and processing operations we may carry out on behalf of our clients are as follows:

Types of personal data we may process:

  • Identifying data

  • Personal characteristics

  • Academic and professional data

  • Social circumstances

  • Employment details

  • Economic, financial and insurance data

  • Commercial information

  • Transactions of goods and services

  • Health

Categories of data subjects affected

  • Clients

  • Suppliers

  • Staff

Processing operations we may perform:

  • Collection

  • Recording

  • Organization

  • Structuring

  • Storage

  • Modification

  • Consultation

  • Use

  • Incorporation of documentation

bottom of page