Privacy policy

Privacy and Data Protection Policy

ACTO GESTIÓ I ASSESSORAMENT DE CONGRESSOS SL (hereinafter the Entity) is committed to due diligence and compliance with the Data Protection regulations.

Below is detailed information on the privacy policy and Protection of Personal Data in compliance with the provisions of Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and the free movement of such data (General Data Protection Regulation or GDPR) and Article 11 of the Organic Law 3/2018 on the Protection of Personal Data and Guarantee of Digital Rights (LOPD GDD).

Data of the Data Controller and contact details of the Data Protection Officer / Data Protection Delegate (DPO / DPO):


√ Address / C. P. / C. P.: Carrer d'Ernest Lluch, 32 Parc TecnoCampus Mataró-Maresme Edifici TCM2 Planta 2. O3. 08302 Mataró

√ Telephone : 93 755 23 82

√ E-mail :

√ DPO / DPO contact details :

√ Data Protection Channel : _ √ To manage the provision and performance of the services and products contracted √ Informative and commercial communications : processing of your data for the purpose of informing you about activities, articles of interest and general information related to our activity and the services / products contracted.

√ Manage any type of request, suggestion or request about our professional services made by the interested parties.

√ Informative and commercial communications : treatment of your data with the purpose of informing you about activities, articles of interest and general information related to our activity and services / products contracted.

√ Manage data provided by candidates for a job through the Curriculum Vitae (CV) or other means for the purpose of selection and recruitment process.

√ Ensure the security of offices, facilities and people through access controls, video surveillance systems and other access control/identification systems.

√ Comply with the legal provisions that apply to the Entity and its activities in health and occupational risk prevention.

√ Manage and control the operation of internal mechanisms, policies and protocols established by the Entity with fines for regulatory compliance and management of complaint channels for this purpose .

√ All those treatments that are not applicable for due compliance with regulations and official / sectoral requirements to which it is subject to our activity .

For the good purpose and development of your attention and management of the above purposes, the processing of your data for the purposes that correspond to those mentioned above will be carried out under the strictest compliance with the Data Protection regulations and the Policy that we are detailing. You may exercise your rights at any time (see specific section).

Data retention criteria

√ Management of services / products contracted with the Entity: the personal data provided in contracts, offers and / or proposals for services during, as well as those of other persons whose intervention is necessary, will be retained for as long as the contracted services are in force. At the end of the provision of the contracted service/s, the personal data will be kept in the cases that could result in liabilities with the Entity and/or in compliance with other regulatory frameworks that are applicable to the Entity or a regulation with the rank of law that requires the conservation of these. The personal data will be kept in a way that allows the identification and exercise of the rights of those affected and, under the legal and organizational technical measures necessary to ensure the privacy and integrity of these.

√ Curriculum Vitae Management : the Entity, as a rule, retains its Curriculum Vitae for a maximum period of one year; at the end of this period, it will be automatically destroyed, in compliance with the principle of data quality.

√ Management of Employment Contracts : personal data will be kept, in any case, during the time the employment relationship is in force and, at the end of the same, in cases that could result in liabilities between the parties and when required by a regulation with the rank of law.

√ Others: the rest of the data and information provided by the user by any means, will be retained for as long as necessary to fulfill the purpose for which they were collected.


The legal basis that enables the Entity to be able to process the personal data of users, customers, potential customers under the following titles:

√ The consent of the persons concerned for the processing and management of any request for information or inquiry about our services and products.

√ The consent given by job candidates with selection and recruitment fines.

√ The framework for the provision and/or contracting of services / products with the Entity.

√ The legitimate interest to send you informative communications, commercial and/or promotional offers related to the activity of the Entity and the services / products contracted via email or any other means.

√ Compliance with legal obligations and internal regulatory compliance procedures.

√ The legitimate interest to ensure the security of offices, facilities and people.

The destinations

personal data are not disclosed to third parties, except as provided by law.


Personal data are obtained directly from the persons concerned and from our partners. The categories of personal data guaranteed to us are:

√ Identification data.

√ Postal or electronic addresses.

√ Data provided and/or consented by the interested parties themselves related and necessary for the management and realization of the requested service / product.


Right of Access, Rectification and Deletion : interested persons have the right to obtain confirmation as to whether or not the Entity is processing personal data concerning them. Individuals have the right to access their personal data, as well as to request the rectification of inaccurate data or request deletion when, among other reasons, the data are no longer necessary for the purposes for which they were collected.

Right to Limitation and Opposition: in certain circumstances, the interested parties may request the limitation of the processing of their data, in which case we will only keep them for the exercise or defense of claims. In certain circumstances and for reasons related to their particular situation, data subjects may object to the processing of their data. The Entity will stop processing the data in this case, except for compelling legitimate reasons, or for the exercise or defense of possible claims.

Right to revoke consent: data subjects have the right to withdraw their consent at any time, except in the case of processing of personal data provided for in the Data Protection regulations or necessary for the provision of the contracted service, which do not require such consent. However, this withdrawal does not have retroactive effects, so it will not affect the lawfulness of the processing based on a previously granted consent.

These rights may be exercised in our Channel (see specific section).

Security and Control Measures


In compliance with data protection regulations, the Entity will treat personal data by applying the appropriate technical, legal, organizational and security measures, in order to ensure the confidentiality and integrity of the information it manages in accordance with the provisions of current regulations.

Please inform the Data Protection Officer / Delegate by means of the contact details / Channel established in this Privacy Policy, of any security risk, of which you have indications or knowledge, which may damage the integrity and confidentiality of personal data and / or confidential information, in order to take the necessary measures to prevent unauthorized processing, loss, destruction or accidental damage.


As a specific and complementary concept to the above, the Entity applies cybersecurity measures to prevent and manage possible attacks and fraud by cybercriminals that threaten the privacy and protection of the data that our Entity treats and accesses in the scope of its activities and operations.

In this, we want to alert that in case of possible risk situations by communications whose content sense and / or format generate doubts of authenticity, we recommend omitting them and contact the Responsible / Data Protection Officer through the contact details indicated in this Privacy Policy.

Likewise, any request you receive from our Entity regarding changes in payment methods, requests for contact details or persons or confidential (non-public) information, bank and/or credit card details and/or other official data, should not be answered without direct confirmation from our Entity by an alternative means. We appreciate and need your cooperation with the communication and reporting of any notification in relation to such requests and other possible situations of risk of cyber-attacks in which our Entity may be used, as well as any possible security risk that you may be aware of.


The Entity has implemented a Channel, contemplating the highest commitment, rigor and professionalism in terms of security, experience, independence and knowledge in the treatment of the communications received.

The Channel, which includes the use in the field of Data Protection, has been implemented through a web platform, developed and managed by an independent external expert, to provide and guarantee our previous commitments.

Through the Channel, you may communicate and process the exercise of your Rights (see previous section) and communicate any indication or knowledge you may have of possible security breaches (breaches), cyber-attacks and/or possible breaches or irregularities regarding the Data Protection regulations and the present Policy of the Entity.

The Channel access data are detailed at the beginning of this Policy.

Supervisory Authority

In case of disagreement with the Entity in relation to the processing of your data, you have the right to file a complaint with the corresponding Data Protection Control Authority. In Spain, this Authority is the Spanish Data Protection Agency (

Attention and support

Interested parties may communicate to the Entity any questions regarding the processing of their personal data or interpretation of our Policy, by contacting the Data Protection Officer / Data Protection Delegate (DPO / DPO) at the address indicated at the beginning of this Policy.

We use our own and third-party cookies to improve our services and show you advertising related to your preferences by analyzing your browsing habits.

Following article 22.2 of Law 34/2002, of July 11, on services of the information society and electronic commerce, we ask for your permission to obtain statistical data on your browsing on this website.

Accept all | Aceptar seleccionadas | Cookies policy

Necessary | Statistics | Cookies used
Name Supplier Utility Expiration Category
PHPSESSID Identifier associated with the user's session. Used to preserve the user's state while browsing the web Session Necessary
cookie-config Save cookie settings 1 month Necessary
_ga_# Google Analytics Maintain session state 2 years Statistics
_ga Google Analytics Distinguish users 2 years Statistics
_gid Google Analytics Stores and counts page views 1 day Statistics
_gat Google Analytics Read and filter bot requests 1 minute Statistics