PRIVACY POLICY
With this Privacy Policy, Econòmic & Jurídic Consulting JPB, S.L. (hereinafter, we/us or Totsegur) informs you of the personal data that we collect through the services offered and displayed on this website, how we process said data, and your rights in relation to your personal data and our processing according to the applicable data protection regulations.
Law 29/2021 of 28 October on the Protection of Personal Data in the Principality of Andorra (hereinafter, the LQPD, as per its acronym in Catalan), and its implementing regulations, and
Regulation (EU) 679/2016 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter, the GDPR).
The table below contains links to the points of this policy which may be of interest to you. However, please read all the sections of the Legal Notice , the Cookie Policy and this Privacy Policy before using this website:
1. To whom does this Privacy Policy apply?
2. Who is the data controller?
3. How do we collect your personal data?
4. What do we use your data for and on which lawful basis do we do it?
To extract aggregate statistics on the use of our website (analytics cookies)
To better tailor the adverts you receive to your interests (advertising cookies)
5. Who can we share your personal data with?
6. For how long do we keep your personal data?
7. What rights do you have?
8. What responsibilities do you have?
9. How do we protect your personal data?
10. Changes to this Privacy Policy
This Policy applies to people who interact with Totsegur via this website, to users of the services which Totsegur offers for the purposes described in Section 4 of this policy (the services), and to all people whose personal data (for example, their images) may appear on our website or in the context of the services.
The sole data controller in charge of your personal data in accordance with the provisions of this Privacy Policy is:
Econòmic & Jurídic Consulting JPB, S.L. (Totsegur), with tax code L-712876-M and registered office at INGENI, Passatge de Europa 1, 4th floor, Edificio el Bolet, AD500 Andorra la Vella ( Principality of Andorra).
We have a Data Protection Officer who you can contact by sending an email to protecciodades@totsegur.ad.
Additionally, if you are in the European Union, our representative for data protection purposes is the company COMPLIANCE GAP MITIGATION, with registered address at Calle Ferraz 28, 2º Izq. 28008 Madrid (Spain), which you can contact by telephoning (+34) 917589441 and (+34) 915482701, or (preferably) by sending an email to Totsegur@compliancegapmitigation.com .
We are not responsible for activities carried out by other websites, even if they are accessed via links on our website. This is why we strongly recommend that you carefully read the information provided by these other data controllers before giving them your personal data (especially the privacy and cookie policies of each website you visit), and that you contact this controller if you have any concerns or questions.
In general, you directly provide us with your personal data, for example, via the forms on this website. The only exceptions to this rule are:
Data provided to us by third parties who request our services on your behalf (as a beneficiary);
Contact details provided to us by our service and product providers when you represent them;
Personal data about you that may appear in the emails and instant messages which we receive, or via the forms on our website; and
Cookies on this website, as described in our Cookie Policy .
We collect optional data that you voluntarily provide to us on forms so that we can give you a more personalised service in relation to the purpose for which the form is specifically intended.
The lawful basis for us to process this data for this purpose is the consent that you give when you provide us with said data. You may withdraw your consent at any time, with the only effect being that we will no longer use this data and, therefore, the services associated with the form will be less personalised from that time on.
If you represent a product or service provider, we collect your contact details and signature in order to:
Manage all types of relationships with the provider you represent.
Manage our list of authorised providers.
Manage the quotes and invoices of the provider you represent.
Processing linked to purposes a) and b) has a lawful basis due to the employment or service contract you have signed with the provider you represent and our legitimate interest in contacting them. Processing linked to purpose c) has a lawful basis as it is necessary to execute the contract or contracts that you have signed with us.
We process data on your CV that you voluntarily send to us in order to manage the relationship with you regarding your application for a job at Totsegur, including the process of searching, filtering and storing the CV as a potential candidate, the staff selection process and the recruitment process.
The lawful basis for the above-mentioned processing is your consent, which you give by sending us your CV, the execution of pre-contractual measures, and if we do not have an open selection process or you are not recruited and we consider that you could be suitable for future selection processes, our legitimate interest in keeping your CV to include it in these future processes. You may withdraw your consent or object to our legitimate interest as set out in Section 7 of this policy. If you do so, there will be no effect other than the destruction of your CV (if you withdraw your consent from us) or the limitation of its storage to the selection process for which you have submitted your CV.
We collect the data you provide via the questionnaires on our website, at our offices, by phone, by email or by WhatsApp to identify which types of insurance respond to your needs and to send you a comparison of all types to the email or WhatsApp number that you have indicated. Questionnaires ask for a contact phone number in case we need to clarify any of your answers.
The lawful basis for this processing is the consent that you give when providing us with the data we need to prepare your comparison. As always, you may withdraw your consent at any time, with the only effect being that we will no longer use this data and, therefore, we will not be able to send you the comparison.
We collect the data that you provide us via this website, our telephone number or contact email, or directly to our offices, to offer you assistance on signing a contract with the insurance company and managing the policy once it has been signed.
The lawful basis for this processing is the need for the data in order to execute the contract regulated by the terms and conditions of the service you request from us.
Likewise, the lawful basis allowing us to send your data to the insurance company or other necessary agents is that this data transfer is essential to prepare the insurance policy stipulated in the above-mentioned contract.
We collect the personal data you provide to us in emails, in instant messages, by phone, or via requests for the exercise of rights in order to respond to your requests, enquiries or complaints regarding our services or your rights vis-à-vis your personal data.
The lawful basis for this processing is the consent you give when sending us or giving us this data, our legal obligation to respond to your requests to exercise your rights, and our legitimate interest in responding to you. Providing your personal data is therefore voluntary, but if you do not provide it, we will not be able to process your request, enquiry or complaint. You may withdraw your consent at any time, although this will make it impossible to continue processing your request, enquiry or complaint.
We retain data that may be necessary to deal with your potential complaints, or ours, based on our legitimate interest in defending ourselves to safeguard our rights.
We use analytics or statistics cookies to identify the most and least visited pages, analyse which content is most interesting for our visitors, and measure the success of our information campaigns, all with a view to improving the services we offer on the website. All these purposes provide aggregated results, in which it is not possible to identify the interests of any particular person.
When it comes to analytics cookies, we will not use them until we have your consent. Not giving us your consent or withdrawing your consent will have no effect other than to hinder our purpose of improving the website by analysing aggregate statistics on our visitors' browsing habits.
You can find more information about these cookies in our Cookie Policy .
We download third-party advertising cookies. These files help us deduce your interests based on the pages you visit, the content you click on, and other actions you take online.
As these cookies are not necessary, we will not use them until we have your consent. Not giving us your consent or withdrawing your consent will have no effect unless your visit to our website cannot be used to better tailor the adverts you receive to your interests.
You can find more information about these cookies in our Cookie Policy .
Additionally, as an obligation that Google LLC, a company of which Google Ireland Ltd is a subsidiary, imposes on companies which, like us, use Google Analytics tools, please note that these two services are operated by Google Inc., with registered address at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, and that Google Inc. is a beneficiary of these.
The information generated by cookies about your use of this website and your advertising preferences is generally transferred to and stored on a Google server in the USA. If you would like further information, you can refer to the page that describes how Google uses information from our website and/or Google's privacy policy regarding the above-mentioned services.
Please note that we have enabled the IP anonymisation feature in the Google service to add additional safeguards to the standard contractual clauses which protect this international transfer of data to the USA. With this, Google will shorten your IP address before transferring it to the US (identity masking process). Only in exceptional cases will the full IP address be sent to a Google server in the USA and shortened there. Google guarantees that the IP address transferred by your browser to Google Analytics will not be processed in conjunction with any other data held by Google.
You can view the categories of personal data that these services process at privacy.google.com/businesses/adsservices.
At Totsegur, we take security measures appropriate to the level of risk to protect personal information against loss, misuse and unauthorised access, disclosure, alteration and destruction, taking into account the risks involved in processing and the nature of the personal information. However, if we determine that your data has been misappropriated (even by an employee or former employee of Totsegur), has been exposed to a security breach or has been improperly acquired by a third party, exposing you to a high risk, we will immediately inform you about this security breach, appropriation or improper acquisition, and about the measures we have taken and the recommended measures so that the breach does not affect you.
The lawful basis for this processing is the legal obligation provided for in Article 37 of the LQPD, and our legitimate interest in preventing this security breach from affecting you.
We may use your personal data for other purposes that are not incompatible with those indicated above (such as filing for reasons of public interest, scientific or historical research purposes, or statistical purposes) provided that it is permitted by current regulations on the protection of personal data, and of course, acting in accordance with this and other applicable regulations.
We do not transfer your personal data to anyone, unless:
You request it yourself.
We have a legal obligation to do so.
You have contracted the services of insurance brokers with us, for the execution of which it is necessary to share your data with insurance companies and other agents.
You contract our services through intermediaries (for example, your company or a benefactor) when they take out a policy of which you are a beneficiary, and manage and execute it with your consent, or for them to legally represent you.
We are jointly responsible for collecting data so that other entities can process it on their own behalf, but always with your consent. This is the case with:
Google Ireland Ltd, with registered office at 4 Gordon House Street, Barrow, Dublin (Ireland), which we have contracted to process the data from the cookies required to use its Analytics services. Google Ireland Ltd acts as an independent data controller for all processing carried out on your behalf, in accordance with its privacy policy. We transfer data to Google Ireland Ltd on the basis of the data protection agreement that this EU company includes in the addendum to the standard contract for the countries suitable for the GDPR, as is the case of Andorra, to which we add the additional safeguard of activating the anonymisation of IPs that collect cookies. In our Cookie Policy you will see which analytics and advertising cookies we use and how to configure them.
We need to protect your rights, our rights, those of our employees, and those of third parties (which may need to be transferred to the police for safety reasons or to health authorities to prevent the spread of diseases, for example, for contact tracing purposes). For example:
If our video surveillance cameras record a robbery on our premises, or
If a third party requests video surveillance images from us on the basis of their legitimate interest in requesting effective judicial protection with respect to a crime or compensation for damages caused by the transferred images, and with the commitment of said third party to use them exclusively for reporting this crime or for claiming for the damages experienced, while minimising the transfer of images to those necessary for compliance with the initial purpose.
A company subcontracted by us needs to process the data on our behalf (for example, payment processing services or an external Data Protection Officer, who will have to respond to your questions and requests for rights in this matter), under the terms and conditions of the relevant data processor contract.
A company subcontracted by us may have access to the personal data on our website or our systems on an occasional basis, even if they do not need to process it on our behalf. This is the case, for example, of the web development and maintenance company, or of some of the services of our IT or hosting service providers. Given that they could access Totsegur data, they have signed a service provision contract that obliges them to maintain the same level of privacy that we have at Totsegur.
Any international transfer that we possibly need to make will comply with the provisions of the applicable regulations in force.
Totsegur retains your personal data exclusively for the duration of the required processing and then for as long as it takes to stipulate the legal responsibilities that apply to us at any given time, derived from the processing in question (including the obligation to demonstrate that we have responded to your request for the destruction of your personal data).
For example:
In accordance with Article 15 of Law 37/2021 of 16 December, amending Law 14/2017 of 22 June on the Prevention and Fight against Money or Securities Laundering and the Financing of Terrorism, for a period of five years (calculated from the end of our relationship, or if it is an one-off operation, from the date of said operation), we will keep all the required documents, data and information pursuant to this law, as well as the supporting documents and records of transactions and operations, account information and business correspondence, and the results of all the analyses carried out, including, where appropriate, the information obtained by relevant electronic identification means in accordance with the current Electronic Certification and Confidence Law.
We will retain video surveillance recordings for a maximum of thirty days if they do not contain incidents, and, if exceptionally there has been a security incident during this period or there is evidence of a crime (for example, a theft), we will extract a copy of the part of the recording that reflects the incident, which will be kept until it is given to the police or the data subject who requires it to prove their request for judicial protection.
We will destroy your CV when it is more than five years old, as we will consider that it is outdated in relation to the purpose to which it was designed.
As soon as we receive it, we will destroy any unnecessary or disproportionate personal data about you that may appear in the emails and instant messages we receive, or via the forms on our website.
We will destroy (and rectify) any personal data that we find inaccurate as soon as we verify its inaccuracy.
If we do not have a legitimate purpose to process some of your personal data, we will erase or anonymise it, and if this is not possible (for example, because it has been backed up), we will store it securely and encrypt it for isolation from any further processing until it can be erased.
You have the right to obtain confirmation as to whether or not we have any personal data about you.
Please remember that when we share personal data with other data controllers, you will have to exercise your rights directly with these data controllers by following the instructions provided in their own privacy policies. Specifically, regarding the data that our cookies share with Google, you can install the add-on not to send data from Google Analytics or Google Ads to Google Inc. in your Chrome, Internet Explorer, Safari, Firefox and/or Opera browser.
Below are your other rights and how to exercise them.
You may ask us to exercise the following rights:
Rectification of your personal data, specifying the reason.
Restriction of the processing of your data, specifying the reason for the restriction.
Portability of your data when the lawful basis for its collection was consent or a contract.
Right not to be subject to automated individual decision-making.
The consent given, both for the processing and for the transfer of data subjects’ data, may be withdrawn at any time by communicating it to us, as well as any other right, as indicated in the following section. Under no circumstances will said withdrawal be retroactive.
You may exercise your rights:
By sending a written request to Totsegur to our postal address, indicated in Section 2 of this policy, indicating a means of contacting you in order to respond to your request, or ask you for further information if necessary. Please write "Exercise of Data Protection Rights" on the envelope.
By sending the form associated with the right you wish to exercise to the email address protecciodades@totsegur.ad, indicating in the subject "Exercise of Data Protection Rights". You will find these forms below in this section of the Privacy Policy.
In both cases, if it is not possible for us to verify that you are who you say you are, we will ask you to provide us with proof of your identity, so that we can make sure that we respond only to the data subject or their legal representative.
However, and especially if you consider that you are not fully satisfied with the attention given to the exercise of their rights, you may lodge a complaint with the national supervisory authority of your country, or by contacting the Andorran Data Protection Agency (APDA).
In order to make it easier for you to exercise your rights, we recommend using the relevant forms below:
By providing us with your data, you guarantee that it is accurate and complete. Likewise, you confirm that you are responsible for the truthfulness of the personal data that you have communicated to us and that you will keep it suitably updated so that it reflects your real situation. You are therefore responsible for false or inaccurate personal data that you may provide to us, as well as for direct or indirect damages that may derive from your inaccuracy.
You may not provide us with other people's personal data unless it is justified in relation to the services you are requesting from us. In any case, if you provide us with the personal data of third parties, you assume the responsibility of informing said third parties prior to providing us with their personal data. This information provided to third parties must include all the provisions covered by this Privacy Policy, and you are responsible for the lawfulness of this personal data and for informing its owners of their rights in relation to their personal data.
In cases where you must provide us with personal data of a child under sixteen years of age or a person who has limited rights, by doing so you guarantee that you have the authorisation of their parents or guardians. Without this authorisation, you are prohibited from providing us with any personal data about these individuals.
We are fully committed to protecting your privacy and personal data. We have prepared a record of all the personal data processing activities that we carry out, we have analysed the risk that each of these activities may pose to you, and we have implemented the appropriate legal, technical and organisational safeguards to prevent, as far as possible, the alteration of your personal data, its misuse, loss, theft, unauthorised access, or unauthorised processing. We keep our policies suitably updated to ensure that we provide you with all the information we have about the processing of your personal data, and to ensure that our staff receive the appropriate guidelines on how they should process your personal data. We have signed data protection clauses and data processor contracts with all our service providers, keeping in mind the need that each of them has to process personal data.
We restrict access to personal data solely to employees who need to know it in order to carry out any of the processing referred to in this policy, and we have trained them and made them aware of the importance of confidentiality and the guaranteed integrity and availability of the information, as well as the disciplinary measures that any possible violation in this matter would imply.
However, if Totsegur determines that your data has been misused (even by a Totsegur employee), exposed to a security breach or improperly acquired by a third party, we will immediately inform you of this misuse, security breach or improper acquisition.
We will update this policy whenever necessary to reflect any changes to regulations or our processing. If the changes are substantial, we will notify you before they become effective by sending you a notification or posting a prominent notice on this website, and you will have the option to exercise your rights as per the section above. In any case, we recommend that you regularly review this Privacy Policy to know how we protect your personal data.
If you have any questions about this policy, please let us know by sending an email to protecciodades@totsegur.ad.
(+376) 610
435
info@totsegur.ad
Passatge
d’Europa, 1, 4t. Andorra la Vella - Ingeni Coworking Andorra
