Privacy Policy
Last updated: 3 May 2026
1. Data controller
In accordance with Regulation (EU) 2016/679 (hereinafter, the "GDPR"), and Organic Law 3/2018 of 5 December (hereinafter, the "LOPDGDD"), the user is hereby informed that the personal data provided shall be processed by:
Company name: Servicios de traducción jurada y jurídica, S.L.
Tax ID (NIF): B22732143
Registered address: Plaza de España 4, 1.º B, 28231 Las Rozas de Madrid, Spain
Commercial registry: Registered at the Commercial Registry of Madrid, Spain, electronic folio of the General Companies Section records, sheet M-859685, 1st entry, VAT no. ESB22732143
E-mail: contacto@juradayjuridica.es
Website: https://www.juradayjuridica.es
The Company acts as an independent data controller in respect of the personal data submitted in the course of providing sworn translation services. For further information on this legal position, please refer to our informative note on the Company's position as an independent data controller.
2. Personal data collected
2.1. Data provided directly by the client
- Identification data: name, surname, postal address, telephone number and e-mail address, provided by the client via the online quote tool, e-mail, instant messaging or other communication channels.
- Data contained in the documents submitted for translation (via e-mail, instant messaging or other means), which may include, among others: date and place of birth, marital status, nationality, passport or identity document number, criminal records, academic records, health data, financial data and any other data appearing in the original documents.
2.2. Payment data
Payments are processed through an external payment processing platform. The client may place orders and make payments directly through the Company's online quote tool. During the payment process, the client is asked to provide the following details: full name or company name, email address, postal address and tax identification number, which are required for the purposes of issuing the relevant invoice. The company does not store complete credit or debit card details. Only the last digits of the card number and the transaction status are accessible, for accounting and payment tracking purposes.
2.3. Browsing data (website)
The website juradayjuridica.es does not collect personal data directly through contact or registration forms. However, a third-party web analytics tool is used which collects browsing data automatically through cookies. The data collected includes, among others: IP address (anonymised), browser and device type, pages visited, duration of the visit and approximate geographical origin. For further information, see section 8 (Cookie policy).
2.4. Data processed through the online quoting tool
The Company provides an online quoting tool accessible at presupuesto.juradayjuridica.es, which allows clients to upload documents and obtain an instant quote. The documents are processed in real time and are not permanently stored. The data processed includes the content of the uploaded document and the email and, where applicable, the postal address provided by the client.
2.5. Acceptance data (consent record)
When a client uploads documents to the online quote tool, they must expressly accept, by means of a specific checkbox, the processing of the personal data contained in the documents — including, where applicable, the special categories under Article 9 of the GDPR — in accordance with this policy. Each acceptance is recorded in an internal audit file containing the exact date and time, the browser's IP address and the user agent (browser and device type). This record is kept for the sole purpose of being able to demonstrate the provision of explicit consent in the event of an inspection by the Spanish Data Protection Agency (AEPD), in accordance with Article 7(1) of the GDPR (duty of demonstrability). The record does NOT contain the content of the documents or any client identification data beyond the technical data indicated.
3. Purposes and legal basis for processing
| Purpose | Legal basis | GDPR Article |
|---|---|---|
| Receipt of quote requests and preparation of the quote | Performance of pre-contractual measures at the request of the data subject | Art. 6(1)(b) |
| Provision of the sworn translation service | Performance of a contract or pre-contractual measures | Art. 6(1)(b) |
| Retention of correspondence with clients and prospective clients as documentary evidence | Legitimate interests of the data controller | Art. 6(1)(f) |
| Administrative, accounting and invoicing management | Legal obligation | Art. 6(1)(c) |
| Compliance with tax and commercial obligations | Legal obligation | Art. 6(1)(c) |
| Statistical analysis of website traffic through analytics cookies | User consent | Art. 6(1)(a) |
| Processing of special categories of data contained in documents | Explicit consent of the data subject | Art. 9(2)(a) |
| Processing of special categories of data contained in archived correspondence | Defence of legal claims | Art. 9(2)(f) |
| Retention of the consent acceptance record (auditable log of the online quote tool) | Legal obligation (duty to demonstrate consent) | Art. 6(1)(c), read with Art. 7(1) GDPR |
4. Special categories of data
Given the nature of the service, documents submitted by clients may contain special categories of personal data within the meaning of Article 9 of the GDPR (including, without limitation, data concerning health, genetic or biometric data, religious beliefs, trade union membership, racial or ethnic origin, or data concerning a person's sex life or sexual orientation), as well as data relating to criminal convictions and offences within the meaning of Article 10 of the GDPR.
The processing of all such data is carried out for the purposes specified in Section 3, and is based on the following legal grounds, which apply cumulatively:
- Performance of a contract (Article 6(1)(b) of the GDPR): it is the data subject who voluntarily submits the documents to the company for the purpose of obtaining an official translation, so that the processing of the data contained therein is strictly necessary for the performance of the contract requested.
- Explicit consent (Article 9(2)(a) of the GDPR) for the special categories referred to in Article 9 that may appear in the documents. This consent is obtained specifically when documents are uploaded to the online quote tool, by means of a dedicated checkbox, and covers the processing of such data for the sole purpose of preparing the quote requested and, where applicable, providing the sworn translation service contracted, including its processing through the professional tools described in section 5.2 subject to the safeguards set out therein.
- Defence of legal claims (Article 9(2)(f) of the GDPR) for special categories of data that may be contained in documents submitted via e-mail, instant messaging or other bilateral channels and retained as part of client correspondence, in accordance with the periods indicated in section 7.
- Safeguards under Article 10 of the LOPDGDD for data relating to criminal convictions and offences, in full compliance with the duty of professional secrecy inherent to the status of Sworn Translator.
Processing is strictly limited to what is necessary for the provision of the service requested. The client may withdraw their consent at any time by contacting the company at the address indicated in section 1, without affecting the lawfulness of processing carried out prior to withdrawal.
5. Data processors and data recipients
In order to provide the service, the company engages various categories of data processors that may access personal data in the performance of their duties:
| Processor category | Purpose | Location | Safeguards |
|---|---|---|---|
| Web hosting and infrastructure providers (including virtual private server) | Hosting of the website and of the internal infrastructure (online quote tool, internal management database and secondary backup copy of project files) | EU | GDPR / SCC |
| Web analytics providers | Statistical analysis of website traffic | EU / US | DPF |
| Translation support tools | Translation assistance, linguistic review and document analysis | EU / US | GDPR / DPF / SCC |
| Cloud storage services | Secure storage of documents and files (primary storage and secondary backup copy) | EU / Switzerland | GDPR / Adequacy decision |
| Email services | Client communications and transactional emails | EU / US / Switzerland | GDPR / DPF / SCC / Adequacy decision |
| Invoicing and accounting/tax advisors | Invoicing, accounting and tax compliance | Spain (EU) | GDPR |
The company undertakes to enter into the corresponding data processing agreements in accordance with Article 28 of the GDPR and Article 33 of the LOPDGDD. Access to data by data processors does not constitute a disclosure of data to third parties, as they act solely on behalf of and under the instructions of the company.
The data subject may request the updated list of specific data processors by contacting the company at the address indicated in section 1.
5.1. Communications to independent data controllers
In the course of providing the service, personal data may also be communicated to the following independent data controllers:
- Instant messaging platforms: The company uses instant messaging services (such as WhatsApp, operated by Meta Platforms, Inc.) solely as a general communication channel with clients (enquiries, coordination and follow-up of assignments). The company does not request documents or sensitive personal data to be sent through these channels and recommends the use of e-mail or the online quote tool for the submission of documentation. Nevertheless, where the client, on their own initiative, sends documents through these platforms, the providers of the same shall act as independent data controllers with respect to the data processed on their servers, in accordance with their respective privacy policies. Once received, documents are incorporated into the company's internal systems and processed in accordance with this privacy policy. Applicable international data transfers are supported by the relevant frameworks (DPF, standard contractual clauses or other appropriate safeguards).
- Financial institutions and payment gateways: Payments made by bank transfer, card or POS terminal involve the disclosure of the client's identification and financial data to the relevant bank and payment gateway, which act as independent data controllers under applicable financial, payment services and anti-money laundering laws.
- Postal operator: Where the client requests the postal delivery of physical translations, the identification and postal data necessary for delivery shall be communicated to the relevant postal operator. The postal operator acts as an independent data controller within the framework of Spanish Law 43/2010 on the universal postal service, the rights of users and the postal market, and its implementing legislation, deciding on the purposes and means of processing within its specific legal framework.
- Sworn translator collaborators: Where the volume of work so requires, the company may engage external sworn translators for the provision of the translation service. Sworn translators act with full professional autonomy and independence and are therefore independent data controllers in respect of the personal data contained in the documents entrusted to them. They are subject to the duty of professional secrecy inherent to their status as sworn translators appointed by the Spanish Ministry of Foreign Affairs, European Union and Cooperation.
- Tax administration and other public authorities: The client's identification and tax data, as well as invoiced amounts, are communicated to the competent tax administration in compliance with the tax and commercial obligations established under the Spanish General Tax Law and the Spanish Commercial Code, and, where applicable, to the competent Social Security body. Likewise, data may be communicated to courts, tribunals and other competent authorities in compliance with duly issued legal requirements. These authorities act as independent data controllers within the framework of their specific legislation.
These communications of data are based on the performance of a contract for the provision of services (Article 6(1)(b) of the GDPR) and do not constitute a controller-processor relationship. Outside these circumstances, data shall not be disclosed to independent third parties except where required by law.
5.2. Professional translation support tools
As is standard practice in the translation profession, the company uses specialised tools to support document analysis, terminology management and computer-assisted translation. These include tools based on artificial intelligence, used for tasks such as terminology research, linguistic review and the preparation of drafts. The same tools are also used in the company's online quoting tool for the processing of documents uploaded by clients (word count and quote preparation).
These tools are used in their professional versions. Their providers act as data processors within the meaning of Article 28 of the GDPR, under the relevant data processing agreements which ensure that client data is not retained beyond the time necessary to provide the service, is not used to train models and, where applicable, are covered by appropriate safeguards for international data transfers provided for in Chapter V of the GDPR (European Commission standard contractual clauses or other equivalent mechanisms).
The company does not carry out automated decision-making within the meaning of Article 22 of the GDPR: the professional involvement of the Sworn Translator is decisive and continuous in the production of every official translation.
6. International data transfers
Some of the data processors and independent data controllers referred to in the previous section are based outside the European Economic Area. These international transfers are supported by the following appropriate safeguards:
- European Commission adequacy decisions: Switzerland benefits from an adequacy decision ensuring a level of protection equivalent to that of the EEA.
- EU-US Data Privacy Framework (DPF), adopted by European Commission Adequacy Decision of 10 July 2023.
- Standard contractual clauses approved by the European Commission (Implementing Decision 2021/914).
The user may request further information on the safeguards applicable to international transfers by contacting the company at the address indicated in section 1.
7. Data retention periods
| Data category | Retention period |
|---|---|
| Original documents and translations | During the provision of the service and, thereafter, for the applicable statutory limitation periods (tax and commercial law) |
| Invoicing and accounting data | 4 years (General Tax Law) and 6 years (Commercial Code) |
| Web analytics data | 14 months (anonymised data) |
| Client contact data provided through the online quote tool or the payment process | During the commercial relationship + applicable statutory limitation periods |
| Records of acceptance of the processing (date, IP, user agent) | 3 years from acceptance, in accordance with the limitation periods applicable to actions arising from the processing of personal data (Art. 78 LOPDGDD) |
| Correspondence with clients and prospective clients via e-mail, WhatsApp or other messaging channels (including documents voluntarily and/or spontaneously submitted by the client outside the online quote tool) | Up to 6 years from the last active contact, in accordance with the applicable statutory limitation periods (Article 1964 of the Spanish Civil Code and Article 30 of the Spanish Commercial Code). After that period, communications are deleted or archived in anonymised form |
Once the above periods have elapsed, the data shall be deleted or irreversibly anonymised.
8. Cookie policy
The website juradayjuridica.es uses third-party cookies for analytical purposes. The online quote tool, hosted at presupuesto.juradayjuridica.es, does not use cookies.
8.1. Types of cookies used
| Cookie | Purpose | Duration | Type |
|---|---|---|---|
_ga | Distinguish unique users | 2 years | Analytics (third-party) |
_ga_<ID> | Maintain session state | 2 years | Analytics (third-party) |
8.2. Cookie management
When accessing the website, an information banner is displayed allowing the user to accept or reject analytics cookies. The user may change their cookie settings at any time through their browser settings or via the cookie settings link available on the website.
Disabling analytics cookies does not prevent browsing the website or using its features.
9. Data subject rights
In accordance with Articles 15 to 22 of the GDPR and Articles 12 to 18 of the LOPDGDD, the data subject may exercise the following rights:
Right of access
To know what personal data is being processed.
Right to rectification
To request the correction of inaccurate or incomplete data.
Right to erasure
To request the deletion of data when it is no longer necessary.
Right to restriction
To request the restriction of processing in the circumstances provided for in Art. 18 of the GDPR.
Right to data portability
To receive data in a structured, commonly used and machine-readable format.
Right to object
To object to the processing of data in certain circumstances.
Withdrawal of consent
To withdraw consent at any time without affecting the lawfulness of prior processing.
Automated decisions
Not to be subject to automated individual decision-making, including profiling.
To exercise these rights, the data subject may contact the company by e-mail at the address indicated in section 1, enclosing a copy of their identity document. The company shall respond within a maximum period of one month from receipt of the request, which may be extended by a further two months in cases of complexity.
The data subject also has the right to lodge a complaint with the Spanish Data Protection Agency (AEPD), located at C/ Jorge Juan, 6, 28001 Madrid (www.aepd.es).
10. Security measures
In accordance with Article 32 of the GDPR and Article 28(2)(d) of the LOPDGDD, the company has implemented appropriate technical and organisational measures to ensure a level of security commensurate with the risk:
- Encrypted connections (HTTPS/TLS)
- Secure storage with restricted access
- Deletion per retention schedule
- Strong passwords and authentication
- Professional duty of confidentiality
11. Professional duty of confidentiality
Sworn translation is subject to a strict duty of confidentiality. All documents received and translations produced are treated with the utmost discretion. The content of documents shall not be disclosed to persons unconnected with the service, without prejudice to access by the data processors identified in section 5, who act under the instructions and control of the company, and to any disclosures required by law.
12. Amendments to the privacy policy
The company reserves the right to amend this privacy policy in order to adapt it to legislative, case-law or business practice developments. In the event of a material amendment, users shall be duly informed through the website. Users are advised to review this page periodically to stay informed about how their data is protected.
13. Applicable legislation
This privacy policy is governed by the following legislation:
- Regulation (EU) 2016/679 (GDPR)
- Organic Law 3/2018 of 5 December (LOPDGDD)
- Law 34/2002 of 11 July (LSSI-CE)