Privacy and data protection policy
The Ministry of Economy, Commerce and Business is the entity responsible for the processing of personal data provided by users on the Web Portals and Electronic Sites.
In accordance with the provisions of the General Data Protection Regulation, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, the Ministry undertakes to comply with its obligation of secrecy with respect to personal data and the duty to treat them confidentially. For these purposes, it will take the necessary measures to prevent their alteration, loss, unauthorized processing or access.
This legal notice applies to the pages of the Web Portals and Web Sites, is not guaranteed access through links to these sites, or links from these sites to other websites.
You can contact the Data Protection Officer at: firstname.lastname@example.org
Data protection policy
Personal data collection
In order to provide the services to which it is entitled, the Ministry may request personal data through forms, which will generally be processed in accordance with the provisions of the General Data Protection Regulation, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016. (RGPD) and to the Law Organic Law 3/2018 on the Protection of Personal Data and Guarantee of Digital Rights, approved on December 5, 2018 (LOPDyGDD).
The Ministry will report and may collect data from the following categories of personal data:
- Identification and contact information (including postal and/or e-mail addresses).
- Identification codes or passwords for access and operation in the Portal and the Electronic Headquarters.
- Transactional data, that is, any operation, movement and query associated with any of the services and administrative procedures that a user maintains with the Ministry.
- Socio-economic and labor data.
- Data of legal representation.
Responsible for the treatment
Personal data processing activities are carried out by different data controllers, depending on the service provided by the Ministry of Economy, Commerce and Business. The Register of Processing Activities (RAT), published and downloadable on this site, identifies those responsible for all processing registered with the Ministry.
Purposes of the processing activities and their legitimacy
No personal data is collected through the Web Portals and Electronic Sites without due legitimacy. The data provided by the interested party will be used, solely and exclusively, for the purposes foreseen in each procedure or action.
The general purpose of the collection and processing of personal data is the management, provision and improvement of services and the processing of administrative procedures related to the Ministry of Economy, Commerce and Business as well as any other service requested at any time by the user and the monitoring and response to queries raised by them.
The processing of personal data collected by the Ministry may have additional purposes, all justified by the explicit consent of the user or by the legitimacy conferred on the Ministry by the laws and regulations governing the services offered and the respective procedures, in accordance with the cases of lawfulness of the processing provided for by art. 6 of the Regulation (RGPD).”
The different purposes and their legitimacies can be consulted in the access to each of the services and procedures offered by the Ministry; and in general, in the RAT published in compliance with the provisions of art. 31.2 of the Organic Law 3/2018 (LOPDyGDD).
Once informed of the type of data required for the provision of services and associated administrative procedures, the processing activities to be carried out, their purpose and their legitimacy, express consent will be sought when necessary for the Ministry to carry out the processing activities of the personal data provided by the user of the services.
Recipients, assignment and transfer of data
In general, the Ministry of Economy, Commerce and Business is the sole recipient of the data collected. In no case will the aforementioned data be processed or transferred to third parties, except with the express consent of the affected party, except with legal authorization, according to the cases provided for by current legislation.
When the service provided or its associated procedure includes legal obligations derived from the legitimacy of the processing that require the assignment or transfer to third parties, the third parties receiving such data and the purposes of their processing activities shall be indicated.
Where appropriate, the express consent of the user will be sought for such assignments and transfers of data. Consent will be requested separately and specifically when the data transfer is international.
Period of data retention
The data will be kept for the time necessary to provide the services offered by the Ministry on the basis of administrative legislation regarding the prescription of responsibilities.
The user may exercise at any time the rights regarding the data provided for any of the administrative procedures and services. To do this you can send a request through the following link or by any means that provides proof of delivery and receipt, to:
- Ministry of Economy, Commerce and Business
- Paseo de la Castellana, 162 - 28046 Madrid
You may also contact the Spanish Data Protection Agency , where you can consult more information about obligations and rights related to the Protection of Personal Data.
Complaints & Claims
In exercising your rights, you may file a complaint with the Ministry when you are not satisfied with the response received. More information at Electronic office.
Register of Personal Data Processing Activities
- Register of Personal Data Processing Activities (Download Register). Date updated: 09/26/2023.
- More information regarding the protection of personal data:
The Ministry uses a web analytics service that installs cookies temporarily for the sole and exclusive purpose of preparing statistical reports. Cookies are files created in the user's browser to record their activity on the website. A cookie does not identify a person, but a combination of computer-browser-user, have a limited temporary validity and in no case are used to collect personal information.