30/09/2025 PRIVACY POLICY
DATA PROCESSING
Data Controller
Who are we?
We are the data controller responsible for processing your personal data. Therefore, we hereby inform both the data subjects and the competent authorities, in a clear, precise and unequivocal manner, of the following information:
KOSMOS LINGUA S.L.
Tax ID (NIF): B75399733
Address: C/Infanta Mercedes No. 98, 1ºD
28001 MADRID
Email: a.panarello@kosmos-lingua.com
What processing activities do we carry out with your personal data?
In compliance with Regulation (EU) 2016/679 (GDPR) and the Organic Law on the Protection of Personal Data, we inform you that your personal data may be subject to the following processing activities:
| Code | Processing Activity | Legal Basis |
|---|---|---|
| TR04 | Advertising campaigns | Law 34/1988, General Advertising Law |
| TR08 | Collecting feedback from data subjects | GDPR and Spanish Data Protection Law |
| TR03 | In-house recruitment | Royal Legislative Decree 3/2015, Employment Law |
| TG01 | Accounting management | Royal Decree 1514/2007, General Accounting Plan |
| TG25 | Tax data collection | Law 58/2003, General Tax Law |
| TG12 | Labor management and data collection | Royal Legislative Decree 1/1994, Social Security Law |
| TR09 | Software security measures | GDPR and Spanish Data Protection Law |
| TE08 | Personal data protection | GDPR and Organic Law 3/2018 |
| TE02 | Occupational risk prevention | Law 31/1995, Occupational Risk Prevention |
| TE07 | Document destruction | GDPR |
| TV01 | Sales / Service provision | Commercial and tax legislation |
| TE03 | Shipping and delivery services | Commercial Code (1885) |
| TR05 | Email communications | Commercial Code and applicable legislation |
| TR01 | Handling information requests | Commercial Code and related laws |
| TR07 | Incident/security breach management | GDPR and Spanish Data Protection Law |
| TE04 | Legal affairs management | Applicable commercial and labor legislation |
| TE01 | IT system maintenance | Commercial Code |
Purposes
What do we use your personal data for?
We may process your personal data for the following purposes:To verify that all necessary technical measures are in place for proper data management using the applied software.
To send commercial and/or promotional information via email.
To manage requests for information received about our products or services.
To manage internal incidents in compliance with GDPR requirements.
To conduct advertising campaigns for our products and/or services.
To collect feedback from data subjects.
To recruit staff for open job positions.
To comply with all obligations under the Occupational Risk Prevention Law.
To manage shipping and delivery of correspondence and packages.
To manage any legal issues affecting the company.
To maintain, manage, and repair IT storage systems.
To manage employment-related processes.
To manage tax and accounting obligations.
To comply with data retention limitation principles.
To ensure compliance with GDPR and Organic Law 3/2018.
Administrative management of individual clients.
Legal Basis
Why do we use your data?
We are legally permitted to process your data based on the following grounds:
Your express, informed, and unequivocal consent, where required by law. Withdrawal of this consent shall not affect the lawfulness of prior processing, nor shall it affect the legitimacy of other processing activities based on different legal grounds.
A legal obligation applicable to the data controller.
Execution of a contract for service provision or product purchase, entered into by you.
Legitimate interest of the data controller, after conducting a balancing test to ensure that such interest does not override your rights and freedoms. This includes:
Interest analysis
Impact evaluation
Equilibrium assessment
Implementation of safeguards
If the balancing test favors the controller, the processing will proceed in accordance with data protection laws. For questions or clarifications, contact us via the email provided above.
Recipients
Who may receive your personal data?
Your personal data may be shared with the following entities or organizations:
Spanish Tax Agency (Agencia Tributaria)
State Public Employment Service
Social Security General Treasury
Spanish Data Protection Agency (AEPD)
Banks and financial institutions
International transfers:
Your personal data will not be transferred to any third country or international organization.
Data Origin and Types
What data do we process and how do we collect it?
Your personal data will be included in the following internal files:
FG01 – Accounting management
FG02 – Labor management
FG15 – Tax data collection
FE01 – IT maintenance
FE02 – Occupational risk prevention
FE03 – Shipping and delivery
FE04 – Legal affairs
FR01 – Information requests
FR03 – Recruitment
FR04 – Advertising campaigns
FR05 – Email management
FR07 – Incident and/or security breach management
FR08 – Feedback collection
FR09 – Software and hardware security
FE07 – Document destruction
FE08 – Personal data protection
FP01 – Client records
Data sources:
The data we process is obtained directly from you as the data subject.
Data Subject Rights
What rights can you exercise?
We guarantee your rights in accordance with applicable data protection laws. You have the right to:
Confirm whether we are processing your data
Access your personal data, including details on purpose, categories, recipients, retention period, data origin, and any profiling or automated decisions.
Rectify inaccurate or outdated data. You are responsible for providing accurate data and notifying us of any changes.
Object to processing, based on your particular situation, unless legitimate reasons override your objection.
Request erasure when data is no longer necessary or legitimate for processing.
Request data portability, where applicable, in a structured, commonly used, machine-readable format, or direct transfer to another controller.
Request restriction of processing, in certain circumstances, where we will retain your data solely for legal claims.
Object to automated decisions and profiling.
You may exercise your rights free of charge (unless legally exempted) by submitting a signed written request, either in person at our offices or via the contact details provided in the “Data Controller” section.
You also have the right to:
File a complaint with the Spanish Data Protection Agency (AEPD): https://www.agpd.es/
Appeal to the Courts of Justice for damages
Withdraw your consent at any time via our website or by emailing the controller at the address provided
We also inform you that we assess potential risks and impacts for each data processing activity and apply appropriate security measures, which are regularly reviewed for effectiveness.
Our internal control system ensures compliance with data processing principles such as:
Purpose limitation
Data retention limitation
Data minimization
Integrity and confidentiality
Finally, you may periodically receive surveys to assess your satisfaction and gather suggestions about our data protection practices, in line with our commitment to transparency and accuracy.
For further questions or clarification, please contact us using the email provided above.
Kind regards,
The Controller
