Privacy Policy

1.The person responsible for the processing of your personal data.

Identity: Ceci Rules


2.Purpose and treatment.
our data will be processed in order to manage the provision of services contracted with Ceci Rules. Additionally, may process your personal data to comply with any legal obligation incumbent upon it.
Conservation period of the personal data: The personal data of the clients will be conserved as long as they are necessary for the provision of the services included in the contract. As soon as they are no longer necessary for this purpose, the data will be blocked for the period in which they may be necessary for the exercise or defense against administrative or judicial actions and may only be unblocked and processed again for this reason. After this period, the data will be definitively deleted.


3.Data collected.
Only the data strictly necessary to carry out the normal activity of the service will be collected. Adhering to the principle of data minimization.
In any case these data may be:
  • Identification data (nif, address, telephone, name, surname, etc).
  • Economic, financial and insurance data.
  • Data on personal characteristics (date of birth, sex, nationality, etc.).
  • Curricular data (academic and professional data) in those cases of personnel selection.
4. Recipients of personal data.
Your personal data may be transferred to Administrations, Authorities and Public Bodies, including Courts and Tribunals, when so required by the applicable regulations.
Additionally, they may also be transferred to third parties that provide services to Ceci Rules, under the regime of data processors.
5. Legitimation for the processing and transfer of personal data.
As already indicated, the legal basis for the development of the purposes included in the previous section will be the execution of a contract or the fulfillment of legal obligations that are applicable. Therefore, the refusal to provide the requested personal data, or the delivery of inaccurate or incomplete data, could result in the impossibility of providing the contracted services properly. The users are responsible for the veracity of the data provided, as well as for communicating to Ceci Rules any modification of the same. Likewise, Ceci Rules may contact candidates who have sent their curriculum, at any time and by any means, when it has an open selection of personnel to fill a specific position.
6. Security measures.
Ceci Rules. with the aim of making effective and efficient its Data Protection Policy, has adopted the necessary technical and organizational security measures to prevent alteration, loss, misuse, unauthorized access or theft of the same given the state of technology.
7.Rights of the interested party in relation to the processing of personal data.
You may exercise your rights of access, rectification, cancellation, limitation of processing and data portability in the cases and with the scope established by the applicable regulations at all times. You also have the right to withdraw consent if you have given it and to oppose receiving commercial communications.
To exercise these rights you may contact Ceci Rules. by any of the following channels:
  • E-mail to the Data Protection Delegate at with the following information: name and surname of the interested party, address for notification purposes, photocopy of the National Identity Card, passport or any other identification document and request specifying the request.

You are also informed of your right to file a complaint with the Spanish Data Protection Agency.

8. Origin of the data.
The personal data processed by Ceci Rules are collected directly from the data subject.
9. Data Protection Delegate.
If you have any questions regarding the purposes of the processing of your personal data or its legitimacy, you can contact the Data Protection Officer. Ceci Rules, to whom you can bring any questions regarding the processing of your personal data and whose contact details are as follows
10.Complaints channel.

Ceci Rules. has a whistleblower channel through which any individual or legal entity that has any kind of relationship with the organization can report past, present or future irregularities within the organization. Anonymous reports will not be accepted. All reports must include the identification data of the complainant and the accused, date, list of the facts reported and estimated date of the same. The complainant may be accompanied by as many documents as he/she deems necessary in relation to the facts denounced.
The main objective of the Whistleblower Channel is to know the irregularities that may exist in the organization, establishing the guarantees of confidentiality and indemnity of the whistleblower who acts in good faith when reporting using the external Whistleblower Channel that the organization makes available in this privacy policy, and which is managed by the Data Protection Delegate.

The complainant has the complaint form available on the organization’s website, which must be downloaded, completed and sent to the Data Protection Officer at the e-mail address If the complainant is unable to download the form, he/she can also request it to the Data Protection Delegate by means of the aforementioned e-mail.