Specifically, are applicable:
- Law 29/2021, of October 28, on Qualified Personal Data Protection (hereinafter, “LQDP”),
- Decree 391/2022, of September 2022 approving the Regulations for the application of the LQDP, and
- Regulation (UE) 679/2016 of the European Parliament and of the Council of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter, the “RGDP”).
In general, you will be, directly and consciously, providing us with your personal data, for example through the forms available on this website. The only exceptions to this general rule are:
- Your personal data that may appear in documents that, whatever their support may be, including forms and templates available on this website, provide information on the parties, their representatives, lawyers, experts or any information that other natural or legal personal is entitled to provide to us in relation to a case.
- Your personal data that may appear, for example as a beneficiary, in emails or services requests addressed to the ATPA; and
Cookies on this website (on which you may obtain more information in our Cookies Policy.
We collect the personal data that you voluntarily provide to us through, among others, the arbitration agreement, the legal representation power, the request, the answer to the request, the counterclaims, the Terms of Reference, the challenge of an arbitrator, the comments made by the ATPA for the award or the requests for rectification, clarification or complement, as well as possible recourse against the award, and other documents, files or complementary evidence that are submitted in relation to the case, with the purpose to process and manage the entire arbitration proceedings, including the confirmation, appointment and/or replacement of arbitrators, the investigation of the case, and the communications or notices to the parties.
The legal basis for the processing of the parties’ personal data of is the provision of an arbitration clause included in a contract, or in any other agreement between the parties that constitutes an arbitration agreement.
The legal basis for the personal data processing of the parties’ representatives, their lawyers and any other person of whom the parties provide personal data to the ATPA is the express consent that the relevant party undertakes to obtain prior to deliver such personal data to the ATPA. In cases in which a party (or its representative or lawyer) adequately establishes that it is not possible to collect the consent of the interested party but that he has a legitimate interest to process such personal data, which prevails over such third-party possible interest, the legal basis to process the personal data of the interested third party shall be the legitimate interest of the party providing the personal data.
At the occasion of your stay in the Principality of Andorra during the arbitration proceedings or in relation thereto, we may collect the necessary personal data to book or contract on your behalf services and products that you may request such as, for example, hiring a private vehicle or other means of transport, hiring translation services, or booking hotels or restaurants.
The legal basis thereof shall be the services agreement that specifies what we can do for you.
We collect your professional contact details (such as your email and phone number) so that we may contact you and/or the entity you may represent, in our legitimate professional interest.
We collect the contact personal data you provide us in emails, by telephone, or through the contact form in this website, or in requests to exercise your rights, in order to handle pleas and claims in relation to our services or your personal data rights.
The legal basis for this process is the explicit consent given by you when sending such personal data, our legal obligation to address your legal requests, and our legitimate interest to handle them. Therefore, sharing your personal data is voluntary, but if you do not share it with us, we will not be able to handle your request, query or claim. You are entitled to withdraw your consent, but the withdrawal shall prevent the treatment of your request, query or claim.
We keep necessary personal data to handle your, or our, possible claims, based on our legitimate interest to safeguard our rights.
We process the data found in your CV, together with the data mentioned in your professional profile in social media, such as LinkedIn, as well as data that we may collect during interviews and tests that you voluntary accept to carry on, in order to manage our dealings in relation to your candidacy for a professional position at the ATPA, including the search, filter and storage process of the CV as potential candidate, and contacting you during the selection and hiring process.
If you participate in our events, the independent press and our professionals may register your image and, if previously agreed, your voice, during the event.
The legal basis to process your image is our legitimate interest to cover our own or sponsored events, to use the recordings in our promotional materials, including our website and social media profiles.
You are not obliged to appear in the recordings. You are entitled to object our legitimate interest and request to withdraw the material where you are identified. You will be requested to state where you saw them.
If requested, we shall give access to your personal data to entities who audit us. The ATPA does not control the audit, and, for their part, the entities are obliged to audit objectively and independently. Therefore, the ATPA shall make available documents, which may include your personal data, to the audit entity only, while the audit entity shall be responsible of any subsequent processing, as well as the audit data storage.
Our legal obligation to carry out periodic audits legitimates the personal data processing.
The process that aims at improving your use has a legal basis in our legitimate interest to offer you the best service.
Statistical cookies are not used. If we would need to use them at some point, we shall request your explicit consent
Likewise, we shall not use advertising cookies.
To communicate with you and manage potential security breaches
TAPA takes security measures appropriate to the level of risk to protect personal information against loss, misuse and unauthorised access, disclosure, alteration and destruction, taking into account the risks involved in the processing and nature of personal information; However, if we determine that your data has been misappropriated (including by an employee or former employee of TAPA), has been exposed by a security breach or has been improperly acquired by a third party, exposing you to a high risk, we will promptly inform you of this security breach, misappropriation or acquisition, and of the steps we have taken and the steps we recommend you to take to ensure that the breach does not affect you.
The legal basis for these measures is the obligation provided for in article 37 of the LQDP, and our legitimate interest in preventing the security breach from harming you.
We may use your personal data for other purposes that are not incompatible with the aforementioned (such as archiving purposes due to public interest, scientific or historical research purposes, or statistical purposes) provided that it is enforceable under the data protection regulation in force.
The ATPA shall be the sole responsible for the personal data processing activities described herein. You can contact us through any of the following means:
By post or in person, contacting the Arbitration Tribunal of the Principality of Andorra, C/Prat de la Creu 8, Edificio Le Mans, AD500 Andorra la Vella, Principat d’Andorra.
By phone, calling (+376) 88 06 80.
By email, contacting email@example.com.
Additionally, if you are in the European Union, you can go to our representative in the European Union for questions related to the processing activities mentioned herein:
Compliance Gap Mitigation, S.L.
Address: c/Ferraz 28, 2º Izq., 28008 Madrid, España
ID number: B88402227
Phone numbers: (+34) 917589441 o (+34) 915482701 / (+376) 683086
The ATPA is not responsible for the activities that other natural or legal persons may carry out during or in the context of arbitration proceedings. For example, we are not responsible for the privacy policies and practices of other websites, even if you access them through links on our website. Therefore, we strongly recommend you to carefully read the information provided by these natural or legal persons (especially the privacy and cookie policies of each website you visit) before providing your personal data and communicate with their manager if you have any concerns or queries.
The ATPA shall not transfer your personal data unless:
- You request it,
- We are under a legal obligation to do so (for example, if required, we are obliged to provide copy of invoices to the Tax and Borders Department of the Government of Andorra),
- We need to protect your rights, ours, those of our employees, or third-party rights (including transfer to the police due to security reasons or to the health authorities to prevent diseases spread, for example, for contact tracing purposes),
- We need our suppliers to process them on our behalf (for example, for the management and maintenance of our information systems),
- We need our auditors to process them, or
- We need to protect our rights or the ATPA’s property.
Any international transfer that we may need to carry out shall comply with all the applicable regulations in force that applies to the ATPA.
The ATPA shall only keep your personal data for as long as the processing period requires and, later, to comply with tax, accounting, or other legal obligations applicable at the relevant time.
For example, we will destroy your CV when it is more than five years old, considering it outdated in relation to the purpose for which it was provided.
We will destroy, as soon as possible upon receipt, any unnecessary or disproportionate personal data about you that may appear in emails, in instant messages or in forms on our website.
We will destroy (or rectify) any personal data, as and when we find out about their inaccuracy.
If you send us a copy of an identity document, we will destroy it upon verification that it meets the purpose for which it was sent.
If we do not have a legitimate need to keep your personal data, we will delete or anonymize it and, should this not be possible (for example, because it is in backup copies), we will store it securely and isolate it from any further processing until its deletion becomes possible.
You have the right to obtain confirmation as to whether or not the ATPA has collected any of your personal data.
See below what other rights you have and how to exercise them.
If you are physically in the Principality of Andorra or outside the European Union when visiting or using the services on our website, the following rights are granted to you by the LQDP:
The ATPA provides you with the following ways to exercise your rights:
- By sending to the ATPA a written and signed request, at its postal address, stating in the subject “Personal Data Protection Rights Exercise”.
- By sending a scanned and signed form to the ATPA’s email address firstname.lastname@example.org, stating in the subject “Personal Data Protection Rights Exercise”.
In both cases, if your identity is unable to be verified, we shall request you to provide a copy of your passport or of your national identity card to ensure we only reply to the person whose data are concerned or his or her legal representative. In the latter case, the document evidencing the representation will have to be provided.
If the person sending the request is acting in the capacity of representative of the interested person, the representative’s accreditation must be done through documents or legal instruments that properly identify the interested person and the representative and specify the matter or procedure for which representation is granted.
If you are not fully satisfied with the exercise of your rights, you are entitled to lodge a complaint before the national data protection authority of your country (if not the Principality of Andorra), or before the Andorran Data Protection Agency (ADPA).
Please find hereafter the links to the various request forms for the exercise of each of you rights:
- Exercise of the right of access (LCPDP version) (GDPR version)
- Exercise of the right to rectification (GDPR version)
- Exercise of the right to object (LQPD versions: A y B) (GDPR)
- Exercise of the right of deletion (“right to be forgotten”) (LCPDP) (GDPR)
- Exercise of the right to restriction of processing
- Exercise of the right of data portability
- Exercise of the right to object to automated individual decision-making
By providing us with your data, you warrant that you are of legal age and that the data provided is accurate and complete. Furthermore, you confirm that you are responsible for the veracity of the personal data communicated to us and that you will keep it appropriately updated so that it reflects your real situation. Therefore, you will be held responsible of any false and inaccurate personal data provided to us, as well as for any direct or indirect damages or losses that may arise from its misrepresentation or inaccuracy.
In cases where you provide us with personal data of a minor or a person with limited rights, you must have the authorization of the holders of their parental authority or guardianship. Without this permission, providing any personal data is forbidden.
We are fully committed to protect your privacy and personal data. The ATPA maintains a record of its processing activities, has analysed the risk that each of these activities may entail, and has implemented the legal safeguards and appropriate technical and organisational measures to prevent, as far as possible (since there is no such thing as zero risk), the alteration, misuse, loss, theft, access or unauthorised processing of your personal data.
We keep the privacy and cookies policies of this website duly updated to ensure that we provide you with all information in relation to the processing of your personal data. We have signed data protection clauses and data processor contracts with all our service providers in view of the personal data processing needs of each one. We shall restrict personal data access to employees who really need to perform the processing contemplated herein. We have trained and made our employees aware of the importance of confidentiality and the maintenance of the privacy and security of your information, as well as of the disciplinary measures that would entail any possible infringement on this matter.
Last updated: December 12th, 2022