This Privacy Policy has been drawn up taking into account the provisions set out by the Organic Law on the Protection of Personal Data, as well as by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, hereinafter referred to as the GDPR.
This Privacy Policy sets out to inform data subjects, from whom information is being collected, about specific aspects relating to the processing of their data, such as for example the purposes of processing, contact information to exercise their rights, the storage periods for information and security measures.
Data Controller
In terms of data protection, JONEL, S.L. shall be considered the data controller in relation to the files/processing set out in this policy, specifically in the data processing section.
Below are the details of the owner of this website:
Data Controller: JONEL,S.L.
Email address:

Data processing
The personal data requested, where appropriate, shall be confined to data strictly necessary to identify and handle the request made by its owner, hereinafter referred to as the data subject. This information shall be processed lawfully, fairly and in a transparent manner in relation to the data subject. Furthermore, personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
The data collected from each data subject shall be adequate, relevant and not excessive in relation to the relevant purposes for each case, and shall be updated whenever necessary.
The data subject shall be informed, prior to the collection of their data, of the general purposes regulated in this policy in order to give their express, specific and unambiguous consent for the processing of their data, in accordance with the following aspects.
Purpose of the processing.
The explicit purposes for which each type of processing is carried out are included in the information clauses within all data collection channels (website forms, paper forms, voice messages, posters and information notes).
However, the data subject’s personal data shall be processed for the sole purpose of responding effectively and handling the requests made by the user, specified along with the option, service, form or data collection system which the data subject uses.

Legitimate basis
As a general rule, prior to personal data processing, JONEL, S.L. shall obtain the express and unambiguous consent of the data subject by adding informed consent clauses to the various information collection systems.

However, if the data subject’s consent is not required, the legitimate basis under which JONEL, S.L. processes data is a specific law or regulation authorising or requiring processing of the data subject’s data.

As a general rule, JONEL, S.L. shall not transfer or disclose any data to third parties, unless required by law. However, if necessary, the data subject shall be informed of any such transfers or disclosures of data via the consent clauses included in each personal data collection channel.

As a general rule, personal data are always collected directly from the data subject. However, under certain exceptions data may be collected through third parties, entities or services other than the data subject. In this sense, once the data have been collected, the data subject shall be informed of this purpose within a reasonable time, at the latest within one month, via the informed consent clauses included in the data collection channels.

Storage periods
The information collected from the data subject shall be stored for as long as it is necessary to fulfill the purpose for which the personal data were collected. Therefore, once the purpose has been fulfilled, the data shall be erased. This act of erasing shall result in the blockage of all data except those which are available to public authorities, judges and courts, to handle any possible legal action arising from the processing and for a predetermined period of time. Once the aforementioned period has elapsed, the information shall be destroyed.
For information purposes, below are the legally established storage periods for information in relation to various areas:


Occupational or social security documents 4 years Article 21 of the Royal Legislative Decree 5/2000 of 4 August, approving the recast text of the Law on Labour Offences and Penalties
Accounting and tax documentation for commercial purposes  6 years Art. 30 Commercial Code
Accounting and tax documentation for tax purposes  4 years Articles 66 to 70 of the General Tax Law
Building access control 1 month  Instruction 1/1996 of the Spanish Data Protection Agency
Video surveillance 1 month Instruction 1/2006 of the Spanish Data Protection Agency
Organic Law 4/1997


Browsing data
Regarding browsing data which may be processed via this website, please refer to the Cookie Policy on our website if data covered by the regulation are collected.
Rights of data subjects
Data protection regulations provide data subjects, users of this website and users of JONEL, S.L. social media profiles with a series of rights.
The rights of data subjects are as follows:
– Right of access: right to obtain confirmation as to whether or not their personal data is being processed, the purposes of the processing, the categories of data concerned, the recipients or categories of recipient, the storage period and the source of said data.

– Right to rectification: right to obtain the rectification of any inaccurate or incomplete personal data.

– Right to erasure: right to obtain the erasure of data where one of the following applies:
o When data is no longer necessary in relation to the purposes for which they were collected;
o When the data subject withdraws consent;
o When the data subject objects to the processing;
o When personal data have to be erased for compliance with a legal obligation;
o When personal data have been collected in relation to the offer of information society services referred to in Art. 8(1) of the European General Data Protection Regulation.

– Right to object: right to object to a certain processing based on the data subject’s consent.

– Right to restriction: right to obtain restriction of processing where one of the following applies:
o When the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
o When the processing is unlawful and the data subject opposes the erasure of the personal data;
o When the controller no longer needs the personal data for the purposes for which they were collected, but they are required by the data subject for the establishment, exercise or defence of legal claims;
o When the data subject has objected to processing pending the verification whether the legitimate grounds of the controller override those of the data subject.

– Right to portability: the right to obtain data in a structured, commonly used and machine-readable format, and to transmit those data to another data controller when:
o The processing is based on consent;
o The processing is carried out by automated means.

– The right to lodge a complaint with the competent supervisory authority
Data subjects may exercise the rights stated above by emailing JONEL, S.L. at, and stating the right they wish to exercise in the subject line.
In this sense, JONEL, S.L. shall handle their request as soon as possible and taking into account the periods set out by data protection regulations.
The security measures put in place by JONEL, S.L. are those required by the provisions of Article 32 of the GDPR. In this sense, JONEL, S.L. has taken into account the state of the art, the costs of implementation, and the nature, scope, context and purposes of processing, as well as the risks to the rights and freedoms of natural persons, which are of varying likelihood and severity, and has implemented the appropriate technical and organisational measures to guarantee the risk-appropriate level of security.
In any case, JONEL, S.L. has implemented sufficient mechanisms to:
a) Ensure the ongoing confidentiality, integrity, availability and resilience of the processing systems and services;
b) Restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
c) Regularly test, assess and evaluate the effectiveness of technical and organisational measures for ensuring the security of the processing;
d) Pseudonymise and encrypt personal data as needed.