Privacy Policy



The present Privacy Policy has been developed taking into account the provisions of the current Organic Law on Personal Data Protection, as well as the Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, hereinafter GDPR.

This Privacy Policy aims to inform the owner of the personal data, with respect to which information is being collected, the specific aspects regarding the processing of their data, among others, the purpose of the processing, contact information in order to exercise their corresponding rights, data storage periods and security measures, among others.

Processing Controller

In terms of data protection, UNGRIA PATENTES Y MARCAS S.A. should be considered the Processing Controller, in relation to files/processes identified in this policy, specifically contained in the section "Data processing".

The identifying data of the owner of the present website is indicated below:

Processing Controller: UNGRIA PATENTES Y MARCAS S.A.
Mailing address: Avenida Ramón y Cajal, 78, 28043, MADRID, (Madrid).
Email address:

Data processing

Personal data that is requested, if applicable, shall only be that strictly necessary to identify and deal with the request made by the owner of the same, hereinafter the interested party. Said information shall be processed fairly, legally and transparently in relation to the interested party. Moreover, personal data shall be collected for specified, explicit and legitimate purposes, and not further processed in a way incompatible with those purposes.

The data collected from each interested party shall be adequate, relevant and not excessive in relation to the purposes for which they were collected, and shall be updated whenever necessary.

The owner of the data shall be informed, prior to the collection of their data, of the general points regulated in this policy so they may provide express, precise and unequivocal consent for the processing of their data, according to the following aspects.

Purpose of the processing

The explicit purposes for which each processing is carried out is set forth in the informative clauses included in each of the data collection means (web forms, paper forms, voice messages or notices and informative notes).

However, the personal data of the interested party shall be processed with the sole purpose of providing them with an effective response and dealing with the requests made by the user, which are specified along with the option, service, form or service for data collection used by the owner.


Generally, before processing personal data, UNGRIA PATENTES Y MARCAS S.A. obtains express and unequivocal consent from the owner thereof through the incorporation of informed consent clauses in the different data collection systems.

However, if the consent of the interested party is not required, the legal basis of the processing that protects UNGRIA PATENTES Y MARCAS S.A. is the existence of a specific law or rule that authorises or requires the processing of the interested party's data.

Generally, UNGRIA PATENTES Y MARCAS S.A. does not transfer or communicate the data to third party entities, except those legally required, although if necessary, the interested party shall be informed of said data transfers or communications through the informed consent clause contained in the different personal data collection means.

Generally, personal data is always collected directly from the interested party. However, in certain exceptions, the data can be collected through third parties, entities or services that are not the interested party. In this regard, this matter shall be conveyed to the interested party through the informed consent clauses contained in the different data collection means and within a reasonable period of time, once the data is obtained, and one month at the latest.

Storage periods

The data collected from the interested party shall be stored while it is needed to fulfil the purpose for which the personal data was collected, such that the data shall be cancelled once the purpose has been fulfilled. Said cancellation shall block the data, which shall only be kept available to the Public Authorities, Courts and Tribunals in order to deal with possible liabilities arising from the processing, during the limitation period thereof, and once the aforementioned period has passed the information shall be destroyed.

By way of information, the legal periods for storing data in relation to different matters are provided below:

Labour documents or related to social security 4 years Article 21 of the Royal Legislative Decree 5/2000, of 4 August, in which the consolidated text of the Law on Labour Infringements and Penalties
Tax and accountancy documents for mercantile purposes 6 years Art 30 Commercial Code
Tax and accountancy documents for tax purposes 4 years Articles 66 to 70 General Taxation Law
Control of building access 1 month Directive 1/1996 of the Spanish Data Protection Agency
Video surveillance 1 month Directive 1/2006 of the Spanish Data
Protection Agency Organic Law 4/1997

Browsing data.

In relation to browsing data that may be processed through the website, if data is collected that is subject to the regulation, we recommend that you consult the Cookies Policy published on our website.

Rights of the interested parties.

The data protection rules grant a series of rights to the interested parties or owners of the data, users of the website or users of the profiles of the UNGRIA PATENTES Y MARCAS S.A. social networks.

These rights of interested persons are the following:

  • Right of access: right to obtain information on whether their personal data is being processed, the purpose of the processing that is taking place, the types of data processed, the recipients or types of recipients, the storage period and origin of said data.
  • Right of rectification: right to obtain the rectification of incorrect or incomplete personal data.
  • Right of erasure: right to obtain the erasure of data in the following cases:

    • When the data is no longer necessary for the purpose for which it was collected
    • When the owner thereof removes consent
    • When the interested party opposes the processing
    • When it must be deleted in compliance with a legal obligation
    • When the data has been obtained by virtue of an information society service based on the provisions of art. 8 section 1 of the European Regulation on data protection
  • Right of opposition: right to oppose a specific processing based on the consent of the interested party.
  • Right of limitation: right to obtain the limitation of the data processing in the event of one of the following cases:

    • When the interested party challenges the accuracy of the personal data, during a period that enables the company to verify the accuracy of the same.
    • When the processing is illegal and the interested party opposes the erasure of the data.
    • When the company no longer needs the data for the purposes for which it was collected, but the interested party needs them for the formulation, exercise or defence of claims.
    • When the interested party has opposed the processing while it is verified whether the legitimate reasons of the company take precedence over those of the interested party
  • Right of portability: right to obtain the data in a structured, commonly used and machine-readable format, and transfer the data to another processing controller when:

    • The processing is based on consent
    • The processing is carried out by automated means
  • Right to file a claim before the competent control authority

The interested parties may exercise the indicated rights by writing to UNGRIA PATENTES Y MARCAS S.A. at the following address: stating the right they wish to exercise in the Subject line.

In this regard, UNGRIA PATENTES Y MARCAS S.A. shall deal with the request as quickly as possible and taking into account the period provided in the regulations regarding data protection.


The security measures adopted by UNGRIA PATENTES Y MARCAS S.A. are those required in accordance with the provisions of article 32 of the GDPR. In this regard, UNGRIA PATENTES Y MARCAS S.A., taking into account the state of the art, application costs and the nature, scope, context and purposes of the processing, as well as the likelihood of risk and varying severity for the rights and freedoms of natural persons, has established the technical and organisational measures necessary to ensure the suitable level of security against the existing risk.

In any case, UNGRIA PATENTES Y MARCAS S.A. has implemented adequate mechanisms to:

  1. Ensure the continued confidentiality, integrity, availability and resilience of the processing systems and services.
  2. Quickly restore the availability and access to personal data in the event of a physical or technical incident
  3. Regularly verify, evaluate and assess the effectiveness of the technical and organisational measures implemented for ensuring the security of the processing.
  4. Pseudonymise and encrypt personal data, if applicable.