Privacy Policy

In compliance with Regulation (EU) 2016/679 of 27 April 2016, (hereinafter “GDPR”, the Organic Law 3/2018 on Data Protection and guarantee of digital rights, as well as the rest of the applicable legal regulations, you are provided with the following information about our processing of your personal data on this website.

Personal data

(1) of the GDPR, “personal data” means “any information relating to an identified or identifiable natural person”; “and an identifiable natural person is any person whose identity can be established, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person”.

Responsible for data processing

LLORENTE & CUENCA MADRID, S.L. (“LLORENTE & CUENCA” or “the Company”) has its registered office at Calle Lagasca 88, 28001 Madrid, Spain and C.I.F. number B-82894122 is registered in the Mercantile Registry of Madrid, Volume 16.152, Folio 92, Section 8ª, Page M-273.715, 1st inscription.

Purposes of the processing of your personal data

In general, with your consent we will process your personal data for the following purpose(s):

  1. Send you our customized value-added content specific to you.
  2. Personalize our proposals based on the observation of your browsing habits.
  3. Manage your request for specialists to participate in an event or help you manage a challenge.
  4. Manage and respond to your requests for information, suggestions or comments to our content hosted on the web, as well as respond to any inquiry or suggestion made through the fields provided.
  5. To take into account your candidacy to hire you, when you register in the offer published in our job portal, as well as to keep, in case you specifically consent us, your data for future job calls.
  6. Management of the operation and maintenance of the website.
  7. Check that you are a shareholder of the company to send you information of interest and added value in this area. It will only be applicable to those shareholders who, after being informed of this fact and giving their consent, consider it appropriate by subscribing to this service on the website or form provided for this purpose.

Retention period of your data

The Company will process your personal data for the essential time, depending on each case.

  •       In connection with the delivery of our value-added content, we will process your data until three years have elapsed since your last interaction with us or until you indicate your wish to unsubscribe (whichever is sooner).
  •       In connection with your inquiries and complaints, we will retain your blocked data once we have answered or resolved the inquiry.
  •       We will retain your CV and related personal data for a period of two years from receipt, destroying those that are clearly not of interest for recruitment purposes.

After these periods have elapsed, we will retain your blocked data for the legally established periods and the statute of limitations for possible liability claims arising from the corresponding processing.

Data update

Please inform us immediately of any changes to your data so that the information contained in our files is always up to date and contains no errors. In this sense, we understand that the information and data you have provided us are accurate, current and truthful.

Legitimate bases for our processing of personal data

The Company processes your personal data for various purposes. Each processing of personal data must be based on a legitimate basis, among those provided for in the regulations. The Group companies use the following bases:

  • Consent: You have given your unequivocal and specific consent to the processing of your personal data for a specific purpose (e.g. subscription to the sending of content).
  • Legal obligation: The law requires them to be processed and sometimes transferred to certain institutions (e.g. State Security Forces and Corps).
  • Legitimate interest of the Company, provided that its interests, rights or freedoms do not prevail over such interests.

A.- Consent

The Company sometimes collects your personal data with your prior and unequivocal consent. For example, when you request the sending of our contents to your email. For example, to manage your comments and respond to any queries or suggestions made through the form itself. Consequence of failure to provide data The data (and consents) that we request are necessary for the treatments and purposes indicated, so that the omission of any of them will prevent us from executing the aforementioned purpose. The acceptance of these treatments is absolutely voluntary and your refusal will not entail any negative consequence for you.

 B.- Legal obligation

The Company is obliged in some cases, by virtue of different legal regulations (regardless of whether or not you give your consent), to process and/or transfer certain personal data to different entities.

 C.- The Company’s Legitimate Interest

In addition to the above assumptions (legal obligation, consent), there are a number of reasons that allow us to use your personal data. This legal basis for processing is “legitimate interest”. Generally speaking, the legal basis of “legitimate interest” means that we may process your personal data if we have a real and legitimate interest in doing so and our processing does not prejudice your rights and interests (indeed, in many cases, as we will see, our interests and yours are aligned, i.e., they coincide in whole or in part).

Examples of our legitimate interests and the processing we conduct based on those interests:

We refer to personal data that you have provided to us directly, or that we have observed or collected in the course of our dealings or interaction with you.

The potential impact on you and your rights and interests has been carefully assessed by the company and, where deemed necessary, we have implemented specific protective measures to mitigate such impact on your person and interests. For example, we will store your IP address as a preventive measure and to protect our computer security on the website. For example, based on our legitimate interest in offering you new services, we may send you commercial communications related to services or content similar to those you have already requested. This legitimate interest is recognized in art. 21.2 of the Law of Services of the Information Society.

For example, our legitimate interest in ensuring that information of interest and value to LLYC shareholders is effectively forwarded to those individuals who hold such status, thereby mitigating the risk of identity theft.


The Company will transfer your personal data to third parties in the following cases:

a.-Consent In cases where you give your consent to do so.

b.- Assignment due to legal obligation: In those cases in which the Company is obliged by law.

c.- Legitimate interest:


Provision of third-party services with access to personal data

 In some cases we have external companies or suppliers, who access your personal data, to collaborate with us by providing specific services, for example, computer support or hosting of information in the “cloud”, backup in the cloud. With all these companies, the Company signs the corresponding confidentiality and personal data protection contract to ensure that the use of the data to which we give them access for the provision of the service is carried out in accordance with current legislation on data protection.

Your data may be transferred to third countries outside the EU, such as the United States of America, as a result of having external service providers. The transfer is covered by the selected providers’ adherence to the Data Privacy Framework signed between the European Union and the United States (Article 45 of the GDPR – Adequacy Decision). For the remaining providers that have not subscribed to this framework, it is covered by the adoption of updated standard contractual clauses (2021) approved by the European Commission (article 46.2.c of the GDPR).

Comment moderation

User comments to the content published on this website will be public. Llorente y Cuenca reserves the right to moderate, suspend or remove any comments that violate the respect to the dignity of the person, that are discriminatory, xenophobic, racist, pornographic, that attempt against youth or childhood, socially accepted values, or that, to the best of its knowledge and belief, are not appropriate for their disclosure in a web of these characteristics. In any case, LLORENTE Y CUENCA will not be responsible for the opinions expressed by the users through these comments or any other participation tool.


LLORENTE & CUENCA takes all necessary technical and organizational security measures to protect your personal data against loss or misuse. For example, your data is stored in a secure operating environment with no public access. Your personal data is encrypted, using Secure Socket Layer (SSL) technology during transmission. This means that an approved encryption procedure is used for communication between your computer and LLORENTE & CUENCA’s servers.

If you wish to contact LLORENTE & CUENCA by e-mail, please note that we cannot guarantee the confidentiality of the information sent. The contents of the e-mail messages may be read by third parties. Therefore, we recommend you to send us confidential information only by ordinary mail.

Your rights in connection with our processing of your personal data

 In relation to your data processed by the Company, you have: In any case the following rights:

  • Transparency about how we use your personal data (right to be informed). Right that we satisfy, for example, through this legal text.
  • Right to request a copy of the information we hold about you, which will be provided to you within one month (right of access).
  • The right to update or change information we have about you if it is incorrect (right to rectification).
  • The right to request that we stop using your information while a complaint filed by you is being resolved, among other things (the right to have the processing limited).

In addition, when we process your personal data based on your consent or on our contractual relationship with you:

  • The right to request that we remove your personal data from our records (right of removal or “right to be forgotten”).
  • The right to obtain and reuse your personal data for your own purposes (right to data portability).
  • The right to revoke at any time your previously given consent to any of our processing of your personal data.

Or, when we process your personal data based on our legitimate corporate interests:

  • The right to object to the processing of your personal data based on our legitimate interests by invoking circumstances based on your personal situation (right to object).

Form of exercise

You may exercise your applicable rights in each case by notifying the Company by any of the following means:

  1. By writing to the following e-mail address [email protected], accompanied by a scan of your ID card.
  2. You can also send us your request by letter with a copy of your ID card and making visible reference to “LOPD” on the envelope to:

 LLORENTE & CUENCA MADRID, S.L., A/A of Legal Department. Calle Lagasca 88, 3rd floor. 28001 Madrid, Spain You can access the information necessary to exercise all the above mentioned rights (with detailed explanations and forms) on this website provided by the regulatory body: the Spanish Data Protection Agency ( You also have the right to file a complaint before the Spanish Data Protection Agency (or AEPD) especially in the case that you consider that you have not obtained satisfaction in the exercise of your rights.

Changes in the data protection declaration

LLORENTE & CUENCA reserves the right to modify its data protection statement. LLORENTE Y CUENCA will notify or announce the new content and the dates in which a revision of the present terms will take place, for the information of its users.

 Last revision: October 2023