Where do we get your data from?

We may obtain your data by using technical data capture procedures and security procedures on your devices and from your own declaration when taking a positive or negative, explicit, previously informed action on our website or on a website owned by a previously declared business partner.

Why we process your data

Because you have expressly consented to it, or you have signed a contract with our organization or your company or organization, or we simply have a legitimate interest in storing them, always protecting your fundamental right to privacy against our own interests. Please also note that we may have to store and process them due to public interest or legal obligation, such as security data.

Why do we process your data?

To fulfill our contractual obligation to record your consent (or refusal) and ensure that we have previously fulfilled our duty to inform you, we provide you with a copy of the consent at all times, so that you can exercise your rights at any time and file a complaint against us if we ever fail to meet our obligations.

Who we share your data with

Your personal data is not shared with third parties, other than with the data controllers when we carry out the registration under their mandate as data processors.

International transfers

International transfers are not planned.

How we protect your data

Access control and access keys. Encryption. Pseudonymization. Firewall. SSL connection. Data minimization principle. Insertion of confidentiality clauses. Proportionality principle. Backup and restoration systems. Training and awareness of human resources. Contracts with data processors and/or joint controllers.

How long do we keep your personal data?

At most 1 year, always taking into account that the treatment will be for the shortest possible time for the purpose of processing, except where applicable laws, contracts and regulations require otherwise.

Where do we get your data from?

We may obtain your data by using technical data capture procedures and security measures on devices, and from your own activity when performing actions on our website or a website owned by a business partner, and even when they have generated cookies and/or tracking scripts with your consent, they may monitor your activity on the internet.

Why we process your data

Because our business partners provide services and have a legal interest in ensuring the technical security of their services, recording usage, improving performance, and statistically analyzing usage. The collected data cannot be combined with other databases without a legitimate basis of consent or a legal or contractual obligation, and we currently have no evidence that they are carrying out illegal processing, therefore its use is lawful.

Why do we process your data?

Our external services may process your data to implement technical security measures, record service usage, improve service delivery, and statistically analyze service usage. The data collected by these business partners is governed by the privacy policy of the linked service provider. We recommend that you read and exercise your data protection rights within those policies.

Who we share your data with

Your personal data is not shared with third parties.

International transfers

International transfers are not planned.

How we protect your data

Access control and access keys. Encryption. Pseudonymization. Firewall. SSL connection. Data minimization principle. Insertion of confidentiality clauses. Proportionality principle. Backup and restoration systems. Training and awareness of human resources. Contracts with data processors and/or joint controllers.

How long do we keep your personal data?

1 year, unless we have a legal, contractual or administrative obligation that requires us to keep this data for a longer period, in which case it will be the legally stipulated period plus one year.

What personal data do we process?

LEX PROGRAM will process the following categories of data:

• Identification data: first name, last name, national identity document or foreigner identification number, and image.
• Contact details: address, landline phone, mobile phone, email address.
• Personal characteristics data: nationality.
• Bank details: account number, account holder, SEPA mandate.
• Other data: data provided by the users themselves in open fields of the forms available on the Website.
• Navigation data.

Where do we get your data from?

We may obtain your data by using technical data capture procedures and security procedures and from your own activity when performing actions on our website or a website owned by a business partner, and even when they have generated cookies and/or tracking scripts with your consent they may monitor your activity on the internet.

Why we process your data

We can process your personal data since the processing of data from the Website is necessary for the fulfillment of the purposes arising between the user and LEX PROGRAM, in this case we will always have a legitimate interest in doing so.

However, the processing of your data for marketing purposes, relating to LEX PROGRAM's own goods and services and similar services for its clients, will be based on your consent. Failing that, it may be based on legitimate interest or when there is a prior contractual relationship or pre-contractual request.

The processing of data for statistical purposes will be based on legitimate interest as long as the data is not transferred to third parties in a non-anonymized form. If the data is transferred to third parties or if data processors are used who may use the data for themselves or other third parties, the processing will necessarily be based on consent.

The sending of commercial communications from third-party entities with which LEX PROGRAM collaborates is based on the user's consent.

We have made an effort to minimize the processing of personal data by applying the principle of data minimization.

Withdrawing consent to any of the treatments will not affect the lawfulness of the treatments carried out previously.

To revoke consent or exercise rights, the User may contact LEX PROGRAM by: Letter addressed to the Privacy Officer of LEX PROGRAM at the address indicated in our Legal Notice or by email to info@lexprogram.com.

Why do we process your data?

We may process the data for the following purposes:

1. Manage your contact requests with LEX PROGRAM through the channels provided for this purpose on the LEX PROGRAM Website.
2. Manage purchases made within the framework of the Website, including payment management and order delivery.
3. Contact the User to finalize the order if they have saved their shopping cart or have saved products in their shopping cart without completing the payment process.
4. Manage the newsletter subscription, made through the channel provided on the LEX PROGRAM Website.
5. To analyze website usage and check user preferences and behavior.
6. Manage the sending of commercial communications about LEX PROGRAM products and services, unless the user indicates otherwise by checking the corresponding box, or expresses their opposition to such processing.
7. Send commercial communications (offers, promotions, etc.) to the user by electronic and/or conventional means, about products and services of third-party companies with which LEX PROGRAM collaborates, if the user gives their consent for this by checking the corresponding box.
8. Manage the sending of satisfaction surveys based on the purchase of the LEX PROGRAM product or service, to improve the experience of our customers every day.
9. The data will be kept for the time necessary to fulfill the purposes for which it was collected, and for the limitation period of any legal actions that may arise from it. Notwithstanding the foregoing, the user may request to unsubscribe from LEX PROGRAM, object to its processing, revoke their consent, and even request the deletion of their data.

Who we share your data with

Your personal data is not shared with third parties, except for:

• Public Administrations and competent national and/or European authorities, in the cases provided for by Law.
• Our data processors include our accounting, financial, and administrative advisors. This also includes labor advisors and the banking institutions we collaborate with, as well as those responsible for maintaining our computer equipment and systems, and those responsible for information security.

International transfers

International transfers are not planned.

Our data processors hold your data within the European Union, and their data processing will always be carried out in compliance with legal obligations and in accordance with the purposes and legal bases indicated above. These providers will not process your data for their own purposes that have not been previously disclosed to you by LEX PROGRAM.

How we protect your data

In our treatments we apply the following technical and organizational security measures:

Access control and access keys. Encryption. Pseudonymization. Firewall. SSL connection. Data minimization principle. Insertion of confidentiality clauses. Proportionality principle. Backup and recovery systems. Training and awareness of human resources. Contracts with data processors and/or joint controllers.

How long do we keep your personal data?

1 year, unless we have a legal, contractual or administrative obligation that requires us to keep this data for a longer period, in which case it will be the legally or contractually stipulated period, which will be longer than one year.

What rights do you have?

Your personal data is YOURS; you entrust it to us, and we store and process it because you wish it, or alternatively, because we have a contractual obligation, a legal obligation, a public interest to satisfy, or a legitimate interest that will in no case prevail over your right to privacy. Consequently,

Can

• You can request access to your personal data whenever you want to know what data we store, its categories, the legal basis and purpose of its processing, the processing activities carried out, whether we have sold, assigned, transferred, rented, or shared it, who the recipients are, and what our data sources are. The information included in the Records of Processing Activities provides much of this data, including the recipients of your data in the last twelve months. You can also request explanations of the Privacy Policy or Notice from the Data Controller, as well as any essential information about our storage and processing of your personal data.
• Tell us that we have them incorrectly registered and that they contain errors, and therefore request their modification and rectification.
• You can request that we stop processing your data by withdrawing your consent or requesting that we delete it; you can ask us for a copy of the data we have, and take it for yourself or another organization.
• Limit our storage and processing in such a way that we do not process any of your data or data of a sensitive or special category; nor carry out profiling, database combinations, mass processing or processing that serves for automated decision-making and to limit your monitoring, including geolocation.
• Expressly prohibit us from advertising to you and from transferring, sharing, renting, or selling your data.

Always remember that if you exercise your privacy rights as a user, consumer, employee, or job seeker, you can never be discriminated against, retaliated against, or prevented by the owner of a website and/or its Data Controller from accessing and remaining on it or from receiving products and services.

How do you exercise these rights?

You can exercise your right to see what data we record and store about you, what you have consented to, and when you gave that consent. If you have subsequently modified or corrected your consent, or if you have objected to or restricted our processing of your data, and if you wish to data portability, you can receive your data in a structured CSV format. If you wish to withdraw your consent, we will delete your data directly. You can also write to us and tell us which data is incorrect and needs to be corrected.

You can request the remaining personal data from our processing activity records by email or letter to the Privacy Officer, specifying which right you wish to exercise and your request. We are committed to responding and fulfilling your rights within the legally established timeframe. If we fail to address your concerns, you may file a complaint with the relevant supervisory authority (your habitual residence or place of work, or the supervisory authority in the location of the alleged infringement). We provide you with the address of the authority corresponding to your residence. If there is no such authority in your area, we provide you with the address of the website publisher:

Supervisory authority

If we cause you harm in the execution of our privacy and data protection policy, you can claim individually, and perhaps collectively, in the ordinary courts of your jurisdiction.

International transfers

We do not transfer your data internationally. However, when we reply to your emails, we send files to the cloud or to a server or service you have contracted. Unbeknownst to you, you may be sharing your personal data and authorizing Google (Gmail), Microsoft (Hotmail, Outlook), Facebook (WhatsApp), Telegram, and all their business partners to read and store this data. We recommend that you review their privacy policies because they will use this data for the adtech industry.

Protection of children and young people

Our website is aimed at all audiences.

If you are a parent, guardian, or educator, and you know that we have captured and stored data of minors, please contact us to proceed with its deletion.

Security incidents and breaches

We are not infallible. As part of our proactive commitment, we adopt all reasonably necessary technical and organizational security measures to protect your information. However, the internet and the world of electronic communications are inherently risky cyber environments, and human error, coding errors, or simply an attack, unauthorized access, theft, or unauthorized disclosure—whether intentional or caused by hackers—can lead to security incidents and breaches.

In this case, you should know that we are required to maintain an incident log that records the location, date, and time the incident was detected, the type of attack, its origin, the nature of the security breach, and the affected systems, data, and equipment. We are obligated to resolve security incidents and breaches and document the solutions implemented in the log.

If an incident results in a security breach that jeopardizes your rights and freedoms, affects your sensitive or special category personal data, could facilitate identity theft, or poses a risk of fraud, reputational damage, or loss of confidentiality of your specially protected data, we are obligated to notify the Supervisory Authorities. In such cases, we will notify them within the legally mandated timeframe of the nature of the security breach, the affected data subjects, the data and data categories affected, the security measures implemented to resolve the incident, and the measures taken to mitigate risks to those affected. However, if the data affected by the security breach is encrypted, or if we reasonably conclude that there is no risk, we are not obligated to notify. We are also not obligated to notify if we issue a public statement advising those affected to take their own preventative measures.

Social networks

• We use social media.
• Facebook, social network owned by Meta Platforms, Inc., 1601 Willow Road, Menlo Park, CA 94025 (USA). The main page is https://www.facebook.com/ and its privacy policy can be read at https://www.facebook.com/privacy/explanation. Contact: +1 (650) 543-4800. Meta Platforms Ireland Limited, registered office at 4 Grand Canal Square, Grand Canal Harbour, Dublin, Ireland.
• Instagram, social network of Meta Platforms, Inc., 1601 Willow Road, Menlo Park, CA 94025 (USA). The main page is https://www.instagram.com/ and its privacy policy can be read at https://help.instagram.com/519522125107875. Contact: +1 (650) 543-4800. The European representative is Meta Platforms Ireland Limited, located at 4 Grand Canal Square, Grand Canal Harbour, Dublin, Ireland.
• LinkedIn, social network of the Microsoft Group, operated by LinkedIn Ireland Unlimited Company. Wilton Place, Dublin 2, Ireland. Identification Number at the Companies Registration Office of the Republic of Ireland: 477441. VAT ID: IE 9740425P Attn: Legal Dept. (Privacy Policy and User Agreement). Contact form: https://www.linkedin.com/help/linkedin/ask/. Privacy Policy: https://www.linkedin.com/legal/privacy-policy.
• Twitter, Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103 (USA). The main page is: https://twitter.com/ and its privacy policy can be read at https://twitter.com/es/privacy. The European representative is Twitter International Company, located at One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland.

The legal basis is contractual and your express consent to the Social Network. You share your data voluntarily and publicly, or through your guardian or legal representative, on our social network account or in media outlets and audiovisual networks and channels in a public and notorious manner, and through data voluntarily shared via forms, surveys, and contests created by our organization, employees, sales representatives, or marketing agencies.

The data you share will be recorded and stored by the social network and will identify you, your browser, computer, and related devices. All the information you share may be captured by third parties, and the SOCIAL NETWORKS will process it for profiling and advertising segmentation, combining it with their own or third-party databases to create new databases of potential customers, profiled for the sale or offering of segmented products and services. Your personal data may be transferred internationally. Furthermore, the SOCIAL NETWORKS may monitor your activity while you are on their platform.

Social media treatments are especially invasive.

They perform:

1. Tracking and monitoring of individuals, their IP addresses, their geolocations, their actions, etc.
2. Segmentation or profiling for personalized and behavioral advertising;
3. Data processing with behavioral, segmentation and profiling algorithms.
4. Use of artificial intelligence for reading, storing and extracting data for subsequent profiling, segmentation and behavioral analysis.
5. Massive data processing.
6. Analysis, extraction, and application of behavioral and statistical algorithms on large databases.
7. International transfers.

This is a HIGH-RISK DATA environment, where DESTRUCTION IS DIFFICULT.

In our sections, we will process your data to answer and process inquiries, requests, suggestions, and comments; manage the company's social media; create a community of people; promote our products and services; carry out affiliate programs and memberships; provide offers and discounts; extract information from social media for user segmentation and profiling for marketing; discover trends; carry out actions and measurements of our branding and reputation level; and add value to the user through our brand, services, or products.

The social network boasts a high level of security, with established access controls and passwords; secure cloud storage; backup and restoration systems; information security systems and firewalls; and activated intrusion detection.

The data subject may exercise their rights of access, rectification, erasure, objection, restriction of processing, and data portability, without any limitation or exception. Furthermore, the data subject may withdraw their consent at any time and directly delete the information provided to the social network. They may also object to the automated processing of their data.

Contact us if you have any questions

We have done our best to keep our explanations brief and easy to understand. However, if you require additional information or have any questions or concerns about our information security and data protection practices, please contact us.

Copyright © 2026 Lex Program Online S.L. All rights reserved.