Data Subjects’ Rights Management Procedure

Current data protection legislation regulates both the rights that the data subject may exercise and the mechanisms for exercising such rights towards the Controller. This request should be sent:

o By post to the following address: Madrid, calle Fernando el Santo número 3, Piso 3, 28010.

o By e-mail to the following address:

1.-The rights that the Data Subject may exercise are as follows:

The right of access, commonly referred to as subject access, gives individuals the right to obtain a copy of their personal data, as well as other supplementary information. It helps individuals to understand how and why you are using their data, and check you are doing it lawfully.

The right of rectification: data subject shall have the right to have inaccurate personal data concerning him corrected without undue delay by the controller. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data supplemented, including by an additional declaration.

Right to restriction of processing: The data subject shall have the right to obtain from the Privacy Officer the restriction of the processing of the data.

Right to erasure (Right to be forgotten): The data subject shall have the right to obtain from the controller the erasure of personal data  concerning  him or her without undue delay and the controller shall  have the obligation to erase personal data without undue delay” if one of a number of conditions applies.

Right to data portability:  The data subject shall have the right to have his or her data transmitted by the Privacy Officer to another Data Processor or to the data subject himself or herself, in a structured format for normal use and mechanical reading, when processing is carried out by automated means.

-. Right of objection: the data subject have the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data relating to him or her for the purposes of fulfilling a public interest or legitimate interest, including profiling on the basis of such provisions.

2.- Reply deadlines

The deadlines available to the Controller for resolving the exercise of the above rights by the data subject are set out below:

– The Controller shall provide the data subject with the exercise of his or her rights and information on the actions requested and carried out without delay and, at the latest, within one month of receipt of the request..

This period may be extended beyond one month, but in such cases CG CAPITAL EUROPE shall carry the burden of proving that the request is manifestly unfounded or excessive.

The data subject may exercise his or her data protection rights free of charge.

In any case, all applications must be accompanied by:

– Name, surname(s) of the Data Subject and a copy of the National Identity Document (DNI). In the exceptional cases in which representation is admitted, it will also be necessary to identify the person representing the Data Subject by the same means, as well as the document accrediting the representation. The photocopy of the National Identity Number may be substituted provided that the identity is accredited by any other legally valid method.

– Request in which the application is made. (Exercise requested or information to which access is sought):

If you do not refer to a specific filing system, you will be provided with all the information held by the company in your name.

If you request information on a specific filing system, only the information on this filing system.

If you request information relating to a third party, it will never be provided.

If you request it by telephone, you will be instructed to do so in writing and you will be informed of how to do so and the address to which you should send it. You will never be given information by telephone.

– Address for notification purposes.

– Date and signature of the applicant.

– Documents accrediting the request being made.