1. Introduction

We maintain a strong commitment to individuals’ privacy, and therefore the protection of personal data is of great importance to us.
We process data in accordance with Regulation (EU) 2016/679, the General Data Protection Regulation (GDPR), Organic Law 3/2018 on the Protection of Personal Data and Guarantee of Digital Rights, and any other applicable legislation.

This Privacy Policy was reviewed in November 2025 to comply with the transparency and information obligations of this website and of the data controller in general, with the purpose of providing any interested party—not only website users—with the controller’s general terms regarding data protection. Variations may occur until its next review.

2. Who is the data controller?

Controller: IN AUDITO S.L.
Tax ID (NIF/CIF): B73846727
Address: C/ COLMENARICO, No. 22, BAJO. 30800 LORCA (MURCIA), Spain
Email: admin@calapanizoestudio.com

3. What is the origin and type of data we process?

The information we process may originate from any of the following:

  • Paper, electronic or digital forms.

  • Communication and messaging systems: email applications, messaging platforms, telephone, etc.

  • Other lawful sources and origins of information.

Depending on the category of the data subject (user, client, supplier, employee, etc.), the nature of the controller’s activity and the purpose of each processing operation, the categories of data we may process include:

  • Identification data: e.g. name and surname, image.

  • Identification codes or passwords: e.g. username, employee code.

  • Postal or electronic contact details: e.g. telephone number, email address, social media profile.

  • Personal and professional characteristics: e.g. age, date of birth, qualifications, professional experience, CV.

  • Economic, financial and insurance data: e.g. bank details, credit card information.

  • Payroll-related economic and non-economic data, and other employment-related information: e.g. job position, payslip.

  • Transaction data: e.g. goods and services supplied or received.

  • Special categories of data: e.g. health data, trade union membership, racial or ethnic origin.

  • Other data necessary or implicit for the development of our activities, services and purpose.

MANDATORY OR OPTIONAL NATURE OF THE INFORMATION PROVIDED BY THE DATA SUBJECT
By ticking the relevant boxes and entering data in fields marked as mandatory (for example, with an asterisk) in the contact form or any downloadable forms, the data subject expressly, freely and unequivocally accepts that such data are necessary for the controller to deal with their request, while the inclusion of data in the remaining fields is voluntary.

The data subject guarantees that the personal data provided to the controller are accurate and undertakes to notify any changes. Data marked as mandatory are essential for the provision of an optimal service. If such data are not provided, we cannot guarantee that the information and services offered will fully meet the user’s needs.

4. For what purpose do we process your personal data?

In general, data are processed to successfully carry out the actions inherent to the normal development and management of the controller’s business activity. Specific purposes may vary depending on the category of data subjects:

  • Clients and prospective clients: management and maintenance of commercial, pre-contractual and contractual relationships; internal administration; economic management; advertising and marketing; customer service.

  • Partners, creditors and suppliers: management and maintenance of commercial relationships, internal administration and economic management.

  • Employees: management, development and maintenance of employment relationships; human resources management; communications; training activities; occupational risk prevention; working time registration; and other purposes derived from legal obligations and the development of employment relationships.

  • Job candidates: management of received CVs, job offers and recruitment processes.

  • Website and social media users: user support and management of communications between the parties.

  • Visitors: visitor support and access control to premises.

  • Any other categories of data subjects: processing will be carried out within the framework of the controller’s activity, in strict compliance with applicable regulations and in line with the general criteria of this Privacy Policy.

Additional general purposes of processing may include:

  • Commercial profiling to improve user experience by personalising offers and communications. No automated individual decisions will be made based on such profiling, and processing will be based on legitimate interest.

  • Video surveillance for the security of people and property, and corresponding labour control based on legitimate interest.

  • Telephone switchboard recording for security, assurance and quality purposes, based on legitimate interest.

  • Financial management and control of monetary obligations. In the case of certain, overdue and enforceable debts, the controller may communicate such circumstances to creditworthiness systems, debtor files and debt collection services, based on legitimate interest.

  • Communications via available contact details and methods (email, instant messaging, etc.) with internal (employees) and external (clients, prospects, partners, suppliers, etc.) data subjects. Such communications may be informative, organisational, commercial or advertising in nature, based on informed consent and/or legitimate interest.

  • Any other purposes derived from the nature of the controller, related to the normal development and exercise of its activity, based on a valid legal basis.

 

5. How long will we retain your data?

Personal data will generally be retained for as long as the relationship with the data subject exists, unless erasure is requested, whilst liabilities may arise, or for as long as any legal provision requires retention.

Data from candidates or job seekers will be deleted immediately if they are not of interest to the controller.

The controller’s data protection plan includes an inventory of retention periods applicable to each type of processing. Data erasure will always be carried out ensuring confidentiality.

6. What is the legal basis for processing your data?

The controller observes and applies the legal bases applicable to each processing purpose, including:
a) Informed consent of the data subject.
b) Pre-contractual or contractual obligations.
c) Legitimate interest of the controller.
d) Applicable legal obligations.
e) Other legally required bases.

7. Who will your data be shared with?

Data will not be disclosed to third parties by default, except to:
a) auxiliary services, authorised processors or third parties implicit in the proper provision of goods and services;
b) competent authorities and public administrations in the exercise of their powers;
c) other legitimate data subjects and legally foreseen third parties.

8. What are your rights when you provide us with your data or when we process them?

Data subjects may at any time request the exercise of the following rights regarding personal data protection:

  • Right of access to confirm whether data concerning them are being processed and to obtain further information.

  • Right to rectification or erasure of inaccurate or unnecessary personal data.

  • Right to restrict processing in certain circumstances; in such cases data will only be retained for the exercise or defence of claims, to protect the rights of another person, or for reasons of public interest.

  • Right to data portability, to receive the personal data previously provided in a structured format where possible.

  • Right to object to processing in certain circumstances and for reasons relating to their particular situation. The controller will cease processing unless compelling legitimate grounds exist or for the exercise or defence of claims.

  • Right to withdraw consent, which may entail the cancellation or termination of any existing business or contractual relationship. Processing carried out prior to withdrawal will remain lawful.

To exercise these rights, simply contact us using the postal or email address indicated above.

Optionally, you may also contact our Data Protection Officer, if applicable, or the Data Protection Authority to learn more about your rights or request supervisory protection.

9. Data security

We implement the necessary technical and organisational measures to ensure an appropriate level of confidentiality, integrity, availability and resilience of data within our information system, in order to protect data subjects’ rights and freedoms.

The controller complies with the principles set out in the GDPR to ensure lawful, fair and transparent processing and that data are adequate, relevant and limited to what is necessary.

However, insofar as permitted by law, we do not accept liability for damages caused by third-party alterations to our information system. Any breach of security will be immediately reported to the competent authority and/or law enforcement bodies.

10. Sending communications or information

Our policy regarding the sending of information through telematic means (email, instant messaging, etc.) is to send only those communications that we consider of interest to users or data subjects relating to the company’s functions and activity, or communications that you have consented to receive.

Should you prefer not to receive such messages, we will always provide the option to exercise your right to cancellation and refusal, in accordance with Title III, Article 22 of Law 34/2002 on Information Society Services and Electronic Commerce (LSSI).

11. Social media

The controller may have a presence on social networks through official profiles. This section applies to any processing of data from users or data subjects who become followers or who interact with said profiles, along with the legal and privacy terms available on this website.

The purposes of using these profiles include communication, commercial development, marketing and advertising, handling queries submitted to the controller, user support, informing about actions, activities and events organised or attended by the controller, and interaction through official profiles.

The legal bases outlined in section 6 also apply here; additionally, when a user follows or connects with the controller’s profile, they show interest in the information published and thus provide consent for processing the data available on their profile.

Users may access the privacy policies of each social network at any time and configure their own privacy settings. Publications made by users will be visible to others, and therefore users themselves are primarily responsible for their privacy.

Followers and/or participants in our profiles must refrain from:
a) posting content or information contrary to law, morality or good faith; or engaging in illegal, inappropriate or disturbing behaviour that could generate negative opinions or infringe rights;
b) behaving in a manner contrary to the principles of legality, honesty, responsibility, human dignity, protection of minors, public order, privacy, consumer protection, or intellectual and industrial property rights.

The controller reserves the right to remove any inappropriate content without prior notice and accepts no responsibility for the safety measures of each platform. Users must be aware of each platform’s legal terms and conditions.

The controller is expressly exempt from liability arising from the use of social networks by minors or individuals with special needs. The controller’s social networks do not knowingly collect personal data from minors. If you are a minor, you must not register for, use, or provide personal data on our social networks. In Spain, personal data processing is only permitted from age 14. Where required by law, or where a user has special needs, authorisation from a parent, guardian or legal representative will be necessary.

12. Employment and candidate management

Individuals interested in applying for vacancies may provide their personal and professional information through various channels, preferably via available forms, email addresses and other tools designated for this purpose.

Such data will be processed in accordance with this Privacy Policy for the purpose of managing applications for job offers, internships or training within the controller’s organisation and any subsidiary or affiliated companies, where applicable.

Processing will be based on the candidate’s informed consent or another valid legal basis.

Data that are not of professional interest to the controller or that are no longer necessary for the purposes collected will be deleted, ensuring confidentiality and anonymisation.

Any candidate may withdraw their consent and exercise their data protection rights under the terms set out in this Privacy Policy.