Privacy Policy

1. Purpose of the treatment request

In compliance with the provisions of the General Data Protection Regulations (hereinafter RGPD) and the current legislative framework on data protection, through these clauses ENTORNO DIGITAL, S.A. as the processor in charge of processing on behalf of the CLIENT, as the data controller, the personal data necessary to provide the service specified below.

2. Responsible and rights:

The person responsible for the personal data that you have given us is ENTORNO DIGITAL, S.A. CIF A61397212 (C / Santa Anna, 32 08290 Cerdanyola del Valles / nic@entorno.es) where you can go to exercise your rights of access, rectification, cancellation, opposition, right to transparency of information, right of suppression, limitation and portability. At the same time, we inform you that you have the right to direct your claims to the data protection control authorities.

3. Purpose:

The personal data that you have provided us, necessary to provide you with the contracted service, are confidential and will be used only for the following purposes: To provide domain registration services and / or hosting service and / or housing and / or web projects.

4. Legitimation:

The legitimacy for the processing of your data is the execution of this contract that you have signed with ENTORNO DIGITAL, S.A., with legal basis regulated according to the Commercial Code and complementary laws as well as those specific laws that may affect the specific activity.

5. Identification of the affected information

For the execution of the benefits derived from the fulfillment of the object of this assignment, the CLIENT, as responsible for the treatment, makes available to ENTORNO DIGITAL, S.A. the data necessary to provide the specified service.


In relation to the form and modalities of access to data for the provision of services, the following rules will apply:

  • When ENTORNO DIGITAL, S.A. must access the data processing resources in the facilities of the client responsible for the treatment, he will be responsible for establishing and implementing the policy and security measures and communicate such policies and measures to ENTORNO DIGITAL, SA, who undertakes to respect them and demand its compliance to the people in your organization who participate in the provision of services.
  • When ENTORNO DIGITAL, S.A. Access via remote data processing resources, responsibility of the client, this will be responsible for establishing and implementing the policy and security measures in their remote treatment systems and ENTORNO DIGITAL, S.A. will be responsible for establishing and implementing the security policy and measures in their local systems.
  • When the service was provided by ENTORNO DIGITAL, S.A. in their own premises, unrelated to those of the client responsible for the treatment, that person will collect in his security document the circumstances relating to the processing of data in the terms required by current legislation, incorporating the security measures to be implemented in relation to said treatment .
  • In all cases, access to data by ENTORNO DIGITAL, S.A. will be subject to the security measures contemplated in the current regulations on personal data security

ENTORNO DIGITAL, S.A. warns that, except for the existence of a legally constituted representation, no user and / or client may use the identity of another person and communicate their personal data, so at all times you must take into account that you must communicate to ENTORNO DIGITAL, S.A. personal data corresponding to your own identity and that are appropriate, pertinent, current, exact and true. For such purposes, the user and / or client will be solely responsible for any damage, direct and / or indirect caused to third parties or to ENTORNO DIGITAL, S.A. for the use of personal data of another person, or their own personal data when they are false, erroneous, not current, inadequate or irrelevant. Likewise, the user and / or client that communicates the personal data of a third party, will respond to the latter of the information obligation for when the personal data has not been collected from the interested party.

6. Duration

This agreement has a duration of 1 year, being renewed automatically unless decided against by any of the parties.


Once the present contract ends, the person in charge of the treatment must return the person responsible or transmit to another manager appointed by the person responsible for the personal data, and delete any copy that is in their possession. However, you may keep the data blocked to address possible administrative or jurisdictional responsibilities.

7. Obligations of the treatment manager

The person in charge of the treatment and all its personnel is obliged to:

  • Use the personal data object of treatment, or those collected for inclusion, only for the purpose of this assignment. In no case may you use the data for your own purposes.
  • Treat the data according to the instructions of the controller.
  • Keep, in writing, a record of all the categories of treatment activities carried out on behalf of the person in charge, which contains:
    • The categories of treatments carried out by the responsible party.
    • A general description of the appropriate technical and organizational safety measures that you are applying.
  • Not communicate the data to third parties, unless you have the express authorization of the controller, in the legally admissible cases. If the manager wants to outsource, he has to inform the person in charge and request his prior authorization.
  • Maintain the duty of secrecy regarding personal data to which you have had access under this order, even after the end of the contract.
  • Guarantee that the persons authorized to process personal data undertake, expressly and in writing, to respect confidentiality and to comply with the corresponding security measures, of which they must be informed accordingly.
  • Maintain at the disposal of the person in charge the documentation proving compliance with the obligation established in the previous section.
  • Guarantee the necessary training in terms of protection of personal data of the persons authorized to process personal data.
  • When the affected persons exercise the rights of access, rectification, suppression and opposition, limitation of the treatment and portability of data before the person in charge of the treatment, this one must communicate it by email to the address indicated by the person in charge. The communication must be made immediately and in no case beyond the working day following the reception of the request, together with, where appropriate, other information that may be relevant to resolve the request.
  • Notification of data security violations
    The person in charge of the treatment will notify the person responsible for the treatment, without undue delay and through the e-mail address indicated by the person in charge, of the security breaches of the personal data in his charge that he / she has knowledge of, together with all the information relevant for the documentation and communication of the incident.

    At least the following information will be provided:

    • Description of the nature of the violation of the security of personal data, including, when possible, the categories and the approximate number of interested parties affected, and the categories and the approximate number of personal data records affected.
    • Contact person data to obtain more information.
    • Description of the possible consequences of the violation of the security of personal data. Description of the measures adopted or proposed to remedy the violation of the security of personal data, including, if applicable, the measures adopted to mitigate the possible negative effects.
      If it is not possible to provide the information simultaneously, and to the extent that it is not, the information will be provided gradually without undue delay.

    ENTORNO DIGITAL, S.A. At the request of the data controller, he will communicate the data security breaches to the interested parties as soon as possible, when it is likely that the violation will pose a high risk to the rights and freedoms of natural persons.


    The communication must be made in a clear and simple language and must include the elements indicated in each case by the person responsible, at least:
    • The nature of the data breach.
    • Data from the point of contact of the person in charge or the manager where more information can be obtained.
    • Describe the possible consequences of the violation of the security of personal data. Describe the measures adopted or proposed by the controller to remedy the violation of the security of personal data, including, if applicable, the measures adopted to mitigate the possible negative effects.
  • Provide the responsible party with all the information necessary to demonstrate compliance with its obligations, as well as for the performance of audits or inspections carried out by the person in charge or by another auditor authorized by him.
  • Implement the necessary technical and organizational security measures to guarantee the confidentiality, integrity, availability and permanent resilience of the treatment systems and services.
  • Destination of the data
    Return to the data controller personal data and, if applicable, the media where they appear, once the service has been completed.

    The return must involve the total erasure of the existing data in the computer equipment used by the person in charge.

    However, the person in charge can keep a copy, with the data duly blocked, as long as responsibilities for the execution of the service can be derived.

8. Obligations of the controller

It corresponds to the person responsible for the treatment:

  • Deliver to the manager the necessary data so that he can provide the service.
  • Ensure, prior to and throughout the treatment, compliance with the RGPD by the person in charge.
  • Monitor the treatment.

9. Recipients and international transfers

ENTORNO DIGITAL, S.A. it will only transfer or communicate data in the cases that are strictly necessary to meet its obligations with the Public Administrations and, where appropriate, to other bodies, when required by the current Legislation.


In this regard and in compliance with the provisions of Law 25/2007, of October 18, on the preservation of data relating to electronic communications and public networks, ENTORNO DIGITAL, S.A. it must proceed to retain and preserve certain traffic data generated during the development of the communications, as well as, where appropriate, communicate said data to the competent bodies, provided that the circumstances provided for in said Act are present.

Likewise, in those cases in which it is applicable as a result of the provision of the services, and as a requirement established by ICANN or competent registrant organization, the holder of a domain name authorizes the publication of the data related to the ownership of the domain name in question and the administrative, technical and payment contacts that, according to the regulations, must be public and accessible from the whois of the competent registrars. In the event that the client is not the owner, he / she is obliged to obtain from the latter the authorization for the publication of the data and the transmission thereof.

As a result of all this, it is expressly informed that this type of international data transfers, necessary to be able to comply with the services derived from this contract, can be made to organizations that are located in a country that does not offer the adequate guarantees detailed in Article 46 of the RGPD.

10. Cloud computing

For the storage of personal data ENTORNO DIGITAL has a Cloud computing service, with which all the legal requirements have been formalized to comply with the current legal regulations on data protection and the RGPD.

11. Subcontracting

The client authorizes ENTORNO DIGITAL, SA, as the person in charge of processing, to subcontract, in the name and on behalf of the client, with third parties the storage services, custody of the backup copies of data and security, in those cases in which that it is necessary, respecting in all cases the obligations imposed by the RGPD and its development regulations. At any time, the client responsible for the treatment may contact ENTORNO DIGITAL, S.A. to know the identifying data of the entities that in their case are subcontracted by ENTORNO DIGITAL, S.A. for the provision of the indicated services. Said treatment will be subject to the same conditions (instructions, obligations and security measures). In case of non-compliance by the sub-manager, the initial manager will continue to be fully responsible to the controller for the fulfillment of the sub-manager's obligations.

12. Agents and distributors

The CLIENT accepts that the processing of the registration and management of the maintenance of his domain name under his consent may be carried out by the Agents and Distributors authorized by ENTORNO DIGITAL, the Client being subject to these Conditions in the same terms.

Also, regarding the personal data of third parties that the interested party has provided, the interested party declares under his responsibility that the third parties have been informed of the treatment and its purpose, all of which they have consented. It also states that third parties have been informed of the possibility of exercising their rights of access, rectification, cancellation and opposition as well as of the identity and address of the data controller.

*The Spanish version has preference over the others.