Privacy policy


Identity of the Data Controller for your data


Tax Identification Code (CIF) B-81527863

Address: Av. Osa Mayor 158C, 28023 Madrid



PAPYRUM commitments

PAPYRUM management is fully committed to complying with the new data protection regulation, in order to provide the most suitable protection for the right to honour and right to privacy of the data subjects.

In this respect, it fully adopts the accountability principle of the European Data Protection Regulation which entails the adoption of suitable technical and organizational measures to measure, detect and eliminate potential risks, as well as those that make it possible to demonstrate compliance of the duties established by the applicable legislation and the putting in place of appropriate controls to avoid possible damage, in line with the particular circumstances of each case and the state of the art.

This privacy and data protection policy will apply to all the personal data processing processes that are carried out at PAPYRUM and, to the extent possible, will be extended to those others carried on by its branches in third countries. With respect to the foregoing, we must point out that the aforesaid branches do not process personal data obtained and processed by the headquarters in Spain, as there are no communications of personal data from Spain to its branches in Argentina or Peru.

In accordance with the aforementioned regulations and commitment, PAPYRUM and those that comprise it process the data that are strictly necessary to satisfy its legitimate purposes:

  • managing the employment relations of its employees,
  • commercial relations with current and potential customers,
  • management of a video-surveillance system,

purposes protected by the law to legitimize processing of the data. In addition, it is committed to updating the data processed, as soon as possible and the deficiency is known, as well as to secrecy and confidentiality of the information in question, without assuming in any way whatsoever any damage arising out the misinformation provided by the data subjects.

In line with the principle of transparency and information, PAPYRUM will inform the data subjects clearly and precisely, at the time the data are collected or later as the case may be, of the circumstances of the processing established in the Spanish Data Protection Act (Ley Orgánica de Protección de Datos). PAPYRUM will not process data of minors or special categories of data referring to ideology, religion, beliefs, ethnic or racial origin, sexual orientation or criminal offences.

PAPYRUM will not transfer the data to third parties, except in the following cases:

  • those authorized by the law relating to compliance with Social Security obligations and obligations with regard to the tax authorities (Hacienda) and other public organizations.
  • with other processors, with PAPYRUM verifying the professionalism and preparedness of said data processors and including the corresponding clauses in the corresponding contracts.
  • When so required by the competent authorities and the State security forces and bodies.

No international transfer of data to third countries is planned.

PAPYRUM does not adopt decisions in an automated manner.

PAPYRUM undertakes to respect the exercise by the data subjects of the rights recognized by the Spanish Data Protection Act (Ley Orgánica de Protección de Datos), to which end it provides forms and internal procedures that facilitate said exercise by the data subjects.

In order to facilitate appropriate application of the foregoing commitments, PAPYRUM undertakes to design and implement all the procedures, resources, tools, applications and other elements whose purpose is or which carry out processing of personal data from a perspective of full respect for the data protection regulations and principles. In this respect, in those cases in which there are various options applicable, PAPYRUM will apply the most respectful one to those cases.

PAPYRYM performs the task of processor in the majority of the services it provides to its customers. In this respect, PAPYRUM undertakes to enter into contractual clauses which are totally compliant with the data protection regulations. PAPYRUM also substantiates it is qualified to perform such processing tasks, as is demonstrated by its certifications, as well as its professional track record and the reputation it has achieved in its business sector.

In addition, it undertakes to implement the security measures required by the applicable regulations and to destroy or return the data and storage media to the Data Controller as the latter prefers, with the exceptions laid down by the law; adapting its services, at all times, to the requirements and instructions of the Data Controller.


What are your rights when you provide us with your data?

  • Any person is entitled to obtain confirmation as to whether or not we are processing personal data relating to him or her.
  • Data subjects are entitled to access their personal data, as well as to request that any inaccurate data be corrected or, where appropriate, to request they be erased when, amongst other reasons, the data are no longer necessary for the purposes for which they were collected.
  • In certain circumstances, data subjects may request the restriction of the processing of their data, in which case we will only keep them for exercising or defending claims.
  • Under certain circumstances, and for reasons related to their particular situation, data subjects may object to the processing of their data. We will stop processing the data, except for compelling legitimate grounds, exercise or defence of any claims.
  • As from 25 May 2018, data subjects will also be entitled to the portability of their data.
  • Data subjects are also entitled to withdraw the consent they have given and to file a complaint with the Supervisory Authority.

To exercise your rights, you can send an email, attaching a copy of your National Identification Document number, passport or another valid document that identifies you, to the following address: You can obtain more information on exercising these rights on the website of the Spanish Data Protection Agency (Agencia Española de Protección de Datos).


Likewise, if you consider that there is a problem with the way in which your data is being handled, you can address your complaints to the Controller at PAPYRUM or to the corresponding data protection authority, which in the case of Spain is the Spanish Data Protection Agency (Agencia Española de Protección de Datos) through the aforementioned website.