Privacy Policy


This Privacy Policy has been developed taking into account the Spanish Organic Act on Personal Data Protection in force, as well as Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, hereinafter the GDPR.

The aim of this Privacy Policy is to inform personal data subjects, about whom information is being gathered, of the specific aspects relating to the processing of their data, including the purposes of the processing, the contact details for exercising their rights, the periods of conservation of the information and the security measures.

Data Controller

In terms of data protection, SHEBEL CONSULTORÍA Y SERVICIOS, S.L.U., ., is to be regarded as the Data Controller in relation to the files/processing identified in this policy, specifically the Data Processing section.

Below are the identification details of this website’s owner:

  • Postal address: Calle Martínez Villergas, 52, Edificio A, 6ª Planta, 28027, Madrid
  • Email:

Data Processing

Any personal data requested shall only consist of data that is strictly necessary to identify and process the request by the data subject, hereinafter referred to as the applicant. This information will be processed faithfully, lawfully and transparently in relation to the applicant. Furthermore, the personal data will be collected for specific, explicit and legitimate purposes. They will not be processed subsequently in a manner that is incompatible with those purposes.

The data gather from each applicant will be adequate, relevant and not excessive in relation to the purposes corresponding to each case, and they will be updated whenever necessary.

The data subject will be informed, before collecting their data, about the general premises regulated in this policy so that they can give express, precise and unequivocal consent to the processing of their data, in accordance with the following aspects.

Purposes of the processing:

The explicit purposes for which each processing is carried out are contained in the informative clauses incorporated into each of the ways data is gathered (web forms, paper forms, announcements or posters and informative notes).

However, the applicant’s personal data will be processed only for the purpose of providing them with an effective response and processing the requests made by the user, specified together with the option, service, form or system of data acquisition that the data subject uses.


However, if the applicant’s consent is not required, the legitimate basis for the processing by which SHEBEL CONSULTORÍA Y SERVICIOS, S.L.U. is covered is the existence of a specific law or rule that authorises or demands the processing of the applicant’s data.

As a rule, SHEBEL CONSULTORÍA Y SERVICIOS, S.L.U. does not assign or communicate the data to third parties except as legally required. Nevertheless, if it were necessary, the applicant is informed of these assignments or communications of data through the informed consent clauses contained in the various methods of personal data collection.


As a rule, the personal data are always collected directly from the applicant. However, in certain cases, the data may be collected through third parties, entities or services other than the applicant. In this regard, this fact will be conveyed to the applicant through the informed consent clauses contained in the various information collection methods and within a reasonable term, once the data are obtained, and within one month at the latest.

Preservation periods:

Por regla general, los datos personales se recogen siempre directamente del interesado, no obstante, en determinadas excepciones, los datos pueden ser recogidos a través de terceras personas, entidades o servicios diferentes del interesado. En este sentido, este extremo será trasladado al interesado a través de las cláusulas de consentimiento informado contenidas en las diferentes vías de recogida de información y dentro de un plazo razonable, una vez obtenidos los datos, y a más tardar dentro de un mes.

Plazos de conservación:

The information collected form the applicant will be preserved for as long as is necessary to fulfil the purpose for which the personal data were received. Once the purpose is fulfilled, therefore, the data will be cancelled. This cancellation will give rise to the blocking of the data, which will be left available only to the government administrations, judges and courts, to look at potential liabilities originating from the processing, until these liabilities become time-barred, after which the information will be destroyed.

For information purposes, the legal periods for preserving the information in relation to different subjects are mentioned below:

Employment or social security-related documentation4 yearsArticle 21 of Spanish Legislative Royal Decree 5/2000 of 4 August, approving the recast text of the Act on Social Policy Infractions and Penalisations
Accounting and tax documentation for business purposes6 yearsArt. 30 Spanish Code of Commerce
Accounting and tax documentation for tax purposes4 yearsArticles 66 to 70 of the Spanish General Tax Act


Browsing data.

In relation to browsing data that may be processed through the website, if data subject to the regulations are gathered, we recommend consulting the Cookie Policy posted on our website.

Rights of applicants.

The regulations on data protection grant a series of rights to applicants or data subjects, users of the website or users of the profiles of social networks of SHEBEL CONSULTORÍA Y SERVICIOS, S.L.U.

These applicants’ rights are as follows:

  • Right of access: right to obtain information as to whether your data are being processed, the purpose of the processing being performed, the categories of data in question, the recipients or categories of recipients, the preservation period and the origin of those data.
  • Right of rectification: right to have inaccurate or incomplete personal data rectified.
  • Right of erasure: right to have the data erased in the following cases:
    • When the data are no longer needed for the purpose for which they were collected.
    • When the subject of the data withdraws the consent.
    • When the applicant objects to the treatment.
    • When they must be erased in order to comply with a legal obligation.
    • When the data have been obtained by virtue of an information society service based on the provisions of Article 8 Part 1 of the European Data Protection Regulation.
    • Right to object: right to object to a given processing based on the applicant’s consent.
    • Right of limitation: right to limit the processing of the data in any of the following cases:
    • When the applicant challenges the accuracy of the personal data, for a period that will enable the company to verify the accuracy of them.
    • When the processing is unlawful and the applicant objects to the erasure of the data.
    • When the company no longer needs the data for the purposes for which they were collected, but the applicant needs them to draw up claims or to pursue them or defend against them.
    • When the applicant has objected to the processing until it is decided whether the legitimate reasons of the company prevail of those of the applicant.
    • Right to portability: right to obtain the data in a commonly-used structured format for mechanical reading, and to transmit them to another data controller when:
      • The processing is based on consent.
      • The processing is done by automated means.
      • Right to submit a claim to the competent control authority

Applicants may exercise the rights mentioned by contacting SHEBEL CONSULTORÍA Y SERVICIOS, S.L.U. in writing at the following address: C/ Martínez Villergas, 52, Edificio A, 6ª Planta, 28027 Madrid. In addition, you can also exercise your right by sending an email to, and stating the right you wish to exercise in the subject line.

SHEBEL CONSULTORÍA Y SERVICIOS, S.L.U. will process your request as quickly as possible, bearing in mind the periods laid down in the data protection regulations.


The security measures adopted by SHEBEL CONSULTORÍA Y SERVICIOS, S.L.U. are those required under Article 32 of the GDPR. SHEBEL CONSULTORÍA Y SERVICIOS, S.L.U. bearing in mind the state of the art, the application costs and the nature, scope, context and purposes of the processing, as well as the variable risks of probability and seriousness for the rights and freedoms of natural persons, has established appropriate technical and organisational measures to ensure the safety level is consistent with the existing risk.

In any event, SHEBEL CONSULTORÍA Y SERVICIOS, S.L.U. has implemented sufficient mechanisms to:

  • Ensure the ongoing confidentiality, integrity, availability and resilience of the processing systems and services.
  • Quickly restore the availability and access to personal data, in the event of a physical or technical incident.
  • Regularly check, evaluate and appraise the efficacy of the technical and organisational measures implemented to ensure the security of the processing.




image8 C/Martínez Villergas, 52

 28027, Madrid (España)

image6 +34 91 635 36 75



image8 Obarrio. Sortis Business Tower.

 BC3000. Piso 14, Panamá

image6 +507 202 3023



Abrir chat
Hola 👋
¿En qué podemos ayudarte?