Digitus Legal

Welcome to Digitus Legal’s website!

At Digitus, we value your privacy, we want to be transparent and want you to feel confident about how we handle your personal data since privacy and data protection are not only our expertise, but these are also core values of our business.

This privacy notice explains the following topics:

Who we are and how to get in touch with us
Some relevant definitions and roles under the GDPR
What personal data we collect
Why we collect it
How we use the collected data
What legal grounds for processing we use
Your rights as a data subject and how to exercise them

This privacy notice is based - and complies – with:

The good practices laid out by the OECD Fair Information Practices (FIPs), a set of internationally recognized principles and guidelines designed to protect personal data and privacy
The obligations and good practices laid out by the General Data Protection Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data ("GDPR" from now on).

By entering and navigating on Digitus Legal’s website, you acknowledge that you have read this privacy notice and consent to the collection and processing of your personal data as will be described below.

Who We Are and How to Get in Touch with Us

Digitus Legal is a data protection consultancy based in Madrid, Spain, that helps individuals and organizations understand and navigate data protection, privacy and digital regulations across the U.S., the European Union and Latin American countries.

If you have questions about how we handle personal data, or if you want to exercise any of your rights as a data subject, you can contact us by email at: [email protected] and address your inquiries to Adriana Schnyder, our founder.

We kindly ask you to indicate the motive of your request in the subject of the email.

What Data We Collect and Why.

When you visit our website, contact us, or request a meeting, we may collect:

Contact Information (like your name, job title, company name, email address, phone number, social media page if applicable, other information related to your inquiry) – With this information, we can respond to your inquiry and schedule and prepare a meeting.

When you become a client or a potential client of Digitus Legal, we may collect:

Name and job position; Contact information, including the company you work for and your email address; Payment information; Information you provide to Digitus in connection with our provision of Services, depending on the nature of your instructions; Information you provide to us in order to attend meetings and events, including dietary requirements which may reveal information about your health or religious beliefs.
If you are a client or potential client, we might collet information regarding your areas of interest or additional information about webinars or events organized by us in which the client or potential client took part. We might use this information to send promotional information with consent of the data subject.

Other information relevant to the provision of the Services.

Digitus works with individuals and corporate clients (i.e., other businesses). Companies, or legal persons are not considered “data subjects” under data protection legislation. However, we may be provided with personal information (e.g., personal information related to, for example, the executives or staff of our corporate clients or prospective clients, any personal information of an opponent, supplier, or buyer, including personal information relating to their legal advisors or staff, as applicable, or similar information). If we receive this kind of information, it will be treated under the applicable data protection rules.
We may also need to process personal information relating to other third parties in accordance with instructions from our own clients or from other individuals or entities involved in the provision of services to our clients (e.g., other law firms, experts, etc.).
This is a non-exhaustive list that reflects the varied nature of the personal information processed in the context of the legal consulting services provided by Digitus Legal.

At Digitus, we collect only the data necessary to respond to your requests, give access to our blog if applicable, send informative emails about promotions and deliver our services, all in line with the principle of data minimization under the GDPR.

Cookies in our webpage

Digitus Legal’s web page does NOT use cookies. If this situation changes in the future, this notice and internal policies will be updated, and all interested parties will be duly notified.

How We Use Your Data

We use your data to:

Respond to your inquiries
Provide information about our services / solutions (like types of services, scope of services, pricing etc.)
Schedule and manage meetings
Provide the legal consulting services / solutions we offer in matters of European and International data protection regulations.

Digitus Legal does not sell your data or use it for automated decision-making or profiling.

If this case changes in the future, the privacy notice and internal policies of Digitus Legal will be updated and duly notified to all interested parties.

Legal Basis for Processing

Under the GDPR, we process your personal data based on:

Your consent – As stated in article 6 (1)(a) of the GDPR. when you fill in a contact form or request a meeting, you provide your consent to process your personal data for the purposes mentioned above in this notice. When filling and sending your contact form, you are also agreeing to have read and understood this privacy notice. If you have any questions about the content of this privacy notice, please contact [email protected] with your inquiries.
To perform a contract: To carry out all activities related to the performance of the contract for the legal services/solutions contracted by clients with Digitus Legal.
Our legitimate interest – GDPR Article 6(1)(f) provides legitimate interest as one of the lawful bases for processing personal data. This means that a business, like Digitus Legal, can process data if it has a legitimate interest, and the processing is necessary for that interest. In our case, our legitimate interest is to run our business, provide services of legal consulting and communicate with you to provide those services.
Compliance with legal obligations and business administration – when we’re required to keep certain records, for example, to maintain information relevant to the tax Administration or in case of judicial proceedings.

How Long We Keep Your Data

We retain personal data only as long as needed to fulfil the purpose it was collected for, or as required by law. If you’ve contacted us but do not become a client, we will delete your data within a maximum of 24 months after the last interaction with the client or potential client, unless we are legally required to keep it longer.

Who Has Access to Your Data

Your data is handled only by our team and trusted service providers, who are bound by strict confidentiality and data protection obligations.

Any information we collect about you or that you provide to us may be shared with and processed by some of the following categories of third parties, as necessary:

Our external professional advisors, such as lawyers and accountants.
Government or regulatory authorities, such as tax or commercial authorities.
Third parties to whom we outsource certain services, including but not limited to document processing and translation services, software or IT system providers, IT support service providers, and document and information storage providers.
Third parties involved in the services we provide to clients, such as specialist lawyers or professionals in cybersecurity/information technology.
Third-party mail or courier providers who assist us in delivering marketing campaigns by mail or in sending documents related to legal consultancy services.

Please note that this list is not exhaustive, and in other circumstances, we may need to share data with other parties in order to deliver the Services as effectively as possible. If that is the case, this notice will be updated and the interested parties will be notified.

Your Rights

Chapter III of the GDPR provides a range of rights that you, as a data subject, can exercise. You have the right to:

Access your data – You can ask us if we hold personal data from you, how we use it, and ask for a copy of all the personal data we have collected from you.
Correct inaccurate data – You can request corrections if your personal data is wrong or incomplete. Digitus might even ask its clients to update their information annually to ensure the accuracy and integrity of the information we manage.
Request deletion of your data – Also known as the "right to be forgotten", you can ask us to delete your data when it's no longer needed. Digitus will proceed with the deletion of the data unless we are legally required to maintain it. If a third party holds your data, we will communicate with them to ask them to delete your data or provide you with their contact information so that you can directly exercise your rights.
Object to or restrict processing – You can object to certain uses of your data or ask us to limit how we use it, for example, if we are correcting your data, you might also aks us not to share it with third parties until the data is corrected.
Withdraw your consent – If you gave us consent, you can take it back at any time. This won’t affect past processing based on your consent.
Data portability – You can ask to receive your data in a structured, commonly used format and have it transferred to another provider.
File a complaint – You can lodge a complaint with your local Data Protection Authority if you believe your rights have been violated.

To exercise these rights, contact us at [email protected] and we will address your request in a timely manner.

Please note that under the GDPR, when a data subject exercises any of the rights listed above, the controller (Digitus Legal in this case), has one month from the date of receiving the request to respond.

Digitus Legal can extend this period by up to two additional months if the request is complex or if we are dealing with many requests, if that happens, Digitus will inform the individual within the first month of receiving the request and explain in a transparent manner why the extension is necessary.

Digitus will treat the requests received with all seriousness, complying within the time indicated by current regulations, and respecting the principle of transparency.

Changes to This Notice

Digitus revises all internal data protection and privacy policies, and all external privacy notices every 6 months. During these revisions, we may update this notice to improve our data protection practices, comply with regulatory changes, or to make sure that the internal policies and public notices are cohesive, clear and transparent at all times. When we update our privacy notice, we will post the updated version on our website with the date of the latest revision.

Thank you for trusting us with your personal data.