Privacy Policy

We protect your data and respect your privacy

📄 Our privacy policy

At Bounsel we want to let you know in a really precise and clear way about how we gather and treat your personal data through our website and its subdomains (the Website), according to General Data Protection Regulation (GDPR) and Law 3/2018 on Personal Data Protection and Guarantee of Digital Rights (LOPDGDD). If you browse through the Website or use the Platform, as a User you may want to know about this regulation.

👤 Who is responsible for the treatment of your personal data?

Bounsel S.L., with tax identification number B-40556524 and legal address at Avenida Blasco Ibáñez 134– 99, 46022, Valencia, Spain, is the data controller of your personal data, all collected from our Website. You can get in touch with us by sending an email to

🔐 How do we use your personal data?

📅 When ?🔎 For what ?📚 Legal basis📊 Which type of data ?
When you access and browse through our WebsiteTo improve your user experience through cookies. You may want to learn more at our Cookie PolicyArticle 6.1.a) GDPR: Express consentIP Address, Location, Data regarding your behavior, Data of your device (digital fingerprint)
When you use the Bounsel PlatformTo access our Service and improve itArticle 6.1.b) GDPR: Rendering of contractual servicesIP Address, Location, Data regarding your behavior, Data of your device (digital fingerprint), Email, First Name and Last Name, Username (alias), Profile Picture (avatar), Vat Number, Language of Preference, Time zone, Biometric Signature
When you contact us through our WebsiteTo deal with and answer your questions as well as have pre-contractual relationshipsArticle 6.1.a) and b) GDPR: Express consent and rendering of pre-contractual servicesFirst Name and Last Name, Email, Company, Mobile number, LinkedIn profile
When you visit Bounsel social media profiles (LinkedIn, Instagram, Facebook, Twitter and YouTube)To offer you information whenever you ask for it through social media, improve your user experience and carry out statsArticle 6.1. a) GDPR: Express consentUsername, IP Address, Data regarding your behavior, Data of your device (digital fingerprint)
When you contact us because you are interested in a job offerTo manage a selection process or interest enquiry to work with usArticle 6.1. a) GDPR: Express consentLinkedIn profile

⏳ For how long do we keep your personal data?

We will keep the personal data that you have provided us just for the necessary time to fulfill each one of the provided by law purposes. In particular:

  • Your User data of the Platform

We will keep your data for the time you use the Platform as a Guest or as long as your User account in Bounsel remains active. After one year, if you are a Guest and you don’t use the Platform anymore, we will delete your data. If you decide not to use Bounsel in the future, we will get rid of your personal data permanently, except for the data we still have to preserve due to specific legal obligations.

  • Your browsing data in the Website or social media

We will preserve the data collected from the use of cookies for one year. After that year, when you access again our Website, we will ask you again for your consent of the use of cookies. For more information, you can have a look at our Cookie Policy.

  • Your contact data

We will keep your contact data only for answering your enquiries about our Services until you decide to become of one of our Clients. If you finally don’t turn into a Bounsel Client, we will delete all the data you had previously given us.

  • Your professional data

We will preserve the data collected through LinkedIn as long as we manage the open selection process.

👥 Do we share your personal data?

You can keep calm. We don’t share your personal data with others, except for the suppliers we work with to provide you the Service and to comply with legal obligations and deal with judicial or administrative and Armed Forces requests, only if they ask us to. We don’t perform any international transfers to countries that aren’t part of the European Economic Area, whose level of protection may not be equivalent to the granted by GDPR.

👩🏼‍⚖️ What are your rights regarding the treatment of your personal data?

As a User of Bounsel, you are entitled to:

  • Ask for access to your personal data;
  • Ask for the amendment or elimination of your personal data;
  • Ask for the limitation of the treatment of your personal data;
  • Oppose to the treatment of your personal data;
  • Request the portability of your personal data; and
  • Revoke whenever you want the consent you gave us.

You can exercise your rights by sending us an email to or a letter by mail to Bounsel address with the subject “Exercise of rights”. You may also present a complaint to the Spanish Data Protection Agency on its website

📄 We present you our Data Processing Contract:

The Client shall act as data Controller and Bounsel as data Processor according to the following obligations:

  • Processor Obligations:

    1. Process personal data following the instructions given by the Controller, complying with Data Protection rules in force, ensuring all necessary security measures.
    2. Register in writing all the data processing categories made on behalf of the Controller.
    3. Do not communicate personal data to third parties unless: they have express authorization of the Controller, when it’s necessary for rendering the Services, for a legal obligation or public interest reasons.
    4. Outsource only the services of the Contract that refer to the use of auxiliary services necessary for the operation of the commissioned Service. In this case, the subcontractor, who acts as the data Processor, is also obliged to comply with these obligations and the instructions issued by the Controller. The Processor will regulate the new relationship, so that the sub-processor is subject to the same conditions (instructions, obligations, security measures, etc.) and with the same formal requirements as him, with regard to the proper processing of personal data and the guarantee of the rights of the interested parties. In the event of breach by the sub-processor, the Processor will continue to respond directly to the Controller regarding compliance to the aforementioned obligations.
    5. Maintain the confidentiality of personal data carried out by the Processor, even when the Contract is finished.
    6. Guarantee that people authorized to process personal data undertake, expressly and in writing, to respect confidentiality and comply with the corresponding security measures, informing themselves appropriately, guaranteeing their necessary training in data protection matters.
    7. Help Controller respond to the exercise of rights by interested parties. When interested parties exercise their rights before the Processor, he shall immediately notify the Controller.
    8. Provide by the Controller information right when data is gathered.
    9. Notify the Controller, within a maximum period of 24 hours, the known violations of the security of the personal data under his charge, with all the material information for the documentation and communication of the incident.
    10. Offer the Controller sufficient and appropriate guarantees to correctly apply the technical and organizational measures that allow meeting the requirements of current Spanish regulations and GDPR, including the appropriate security measures.
    11. Ensure that the processing of personal data will have the appropriate security measures that are relevant in each case in accordance with article 32 of GDPR.
    12. Delete or return, at the option of the Controller, all personal data when the rendering of the data processing ends, and delete all existing copies unless they have to be kept by an imperative rule.
    13. Make available to the Controller all information necessary to demonstrate compliance with the obligations contracted here.
  • Controller Obligations:

    1. Indicate to the Processor the technical and organizational security measures required to comply with the obligation set forth in number 11.
    2. Collaborate with the Processor in those obligations that require such collaboration.
    3. Inform the Processor about the results of the impact assessment carried out by the Controller in relation to the data processing.

Last Update: 03/16/2021

Sello finalistas South Submit
Logo de Injuve
Logo de Injuve
Logo de Injuve
Logo de Fondo Europeo de desarrollo Regional