Privacy Policy

Through this Privacy Policy, the ATPA informs you of the personal data collected through our website and the services described therein, how we process them, as well as the rights regarding your personal data and its processing granted by the regulations on Personal Data Protection applicable to us.

Applicable law

Specifically, are applicable:

  1. Law 29/2021, of October 28, on Qualified Personal Data Protection (hereinafter, “LQDP”),
  2. Decree 391/2022, of September 2022 approving the Regulations for the application of the LQDP, and
  3. Regulation (UE) 679/2016 of the European Parliament and of the Council of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter, the “RGDP”).

We have structured the information in the following dropdowns to facilitate the access to the points of your interest, although we recommend that you read entirely this Privacy Policy.

1. To whom does this Privacy Policy apply?

This Privacy Policy applies to our website visitors and all persons whose personal data is provided to us in the context of the professional services described on this website, without prejudice to other provisions foreseen in contracts and/or specific forms related to the ATPA services. This includes not only the parties in an arbitration proceeding, but their representatives, if any, lawyers, arbitrators, experts, witnesses and any other person from whom the ATPA may require any personal data for the purpose of carrying out its services.

2. How do we collect your personal data?

In general, you will be, directly and consciously, providing us with your personal data, for example through the forms available on this website. The only exceptions to this general rule are:

  • Your personal data that may appear in documents that, whatever their support may be, including forms and templates available on this website, provide information on the parties, their representatives, lawyers, experts or any information that other natural or legal personal is entitled to provide to us in relation to a case.
  • Your personal data that may appear, for example as a beneficiary, in emails or services requests addressed to the ATPA; and

Cookies on this website (on which you may obtain more information in our Cookies Policy.

For the management of an arbitration procedure

We collect the personal data that you voluntarily provide to us through, among others, the arbitration agreement, the legal representation power, the request, the answer to the request, the counterclaims, the Terms of Reference, the challenge of an arbitrator, the comments made by the ATPA for the award or the requests for rectification, clarification or complement, as well as possible recourse against the award, and other documents, files or complementary evidence that are submitted in relation to the case, with the purpose to process and manage the entire arbitration proceedings, including the confirmation, appointment and/or replacement of arbitrators, the investigation of the case, and the communications or notices to the parties.

The legal basis for the processing of the parties’ personal data of is the provision of an arbitration clause included in a contract, or in any other agreement between the parties that constitutes an arbitration agreement.

The legal basis for the personal data processing of the parties’ representatives, their lawyers and any other person of whom the parties provide personal data to the ATPA is the express consent that the relevant party undertakes to obtain prior to deliver such personal data to the ATPA. In cases in which a party (or its representative or lawyer) adequately establishes that it is not possible to collect the consent of the interested party but that he has a legitimate interest to process such personal data, which prevails over such third-party possible interest, the legal basis to process the personal data of the interested third party shall be the legitimate interest of the party providing the personal data.

To provide you with accessory services that you may request from us

At the occasion of your stay in the Principality of Andorra during the arbitration proceedings or in relation thereto, we may collect the necessary personal data to book or contract on your behalf services and products that you may request such as, for example, hiring a private vehicle or other means of transport, hiring translation services, or booking hotels or restaurants.

The legal basis thereof shall be the services agreement that specifies what we can do for you.

To communicate professionally with you or the entity you represent

We collect your professional contact details (such as your email and phone number) so that we may contact you and/or the entity you may represent, in our legitimate professional interest.

To address your requests and claims

We collect the contact personal data you provide us in emails, by telephone, or through the contact form in this website, or in requests to exercise your rights, in order to handle pleas and claims in relation to our services or your personal data rights.

The legal basis for this process is the explicit consent given by you when sending such personal data, our legal obligation to address your legal requests, and our legitimate interest to handle them. Therefore, sharing your personal data is voluntary, but if you do not share it with us, we will not be able to handle your request, query or claim. You are entitled to withdraw your consent, but the withdrawal shall prevent the treatment of your request, query or claim.  

To handle eventual future claims

We keep necessary personal data to handle your, or our, possible claims, based on our legitimate interest to safeguard our rights. 

To recruit and hire our staff

We process the data found in your CV, together with the data mentioned in your professional profile in social media, such as LinkedIn, as well as data that we may collect during interviews and tests that you voluntary accept to carry on, in order to manage our dealings in relation to your candidacy for a professional position at the ATPA, including the search, filter and storage process of the CV as potential candidate, and contacting you during the selection and hiring process.

To cover events

If you participate in our events, the independent press and our professionals may register your image and, if previously agreed, your voice, during the event. 

The legal basis to process your image is our legitimate interest to cover our own or sponsored events, to use the recordings in our promotional materials, including our website and social media profiles.

You are not obliged to appear in the recordings. You are entitled to object our legitimate interest and request to withdraw the material where you are identified. You will be requested to state where you saw them.

To help our audits

If requested, we shall give access to your personal data to entities who audit us. The ATPA does not control the audit, and, for their part, the entities are obliged to audit objectively and independently. Therefore, the ATPA shall make available documents, which may include your personal data, to the audit entity only, while the audit entity shall be responsible of any subsequent processing, as well as the audit data storage. 

Our legal obligation to carry out periodic audits legitimates the personal data processing.

To improve your use of our website

We use cookies to collect information about your visits on our website and its content interaction. We use this information for various purposes, such as improving your use of our website, extracting statistics, and showing you content based on your browsing habits. Please visit our Cookie Policy to clearly and precisely know our cookies, their purposes and how you can manage or disactivate them.

The process that aims at improving your use has a legal basis in our legitimate interest to offer you the best service.

Statistical cookies are not used. If we would need to use them at some point, we shall request your explicit consent

Likewise, we shall not use advertising cookies.

To communicate with you and manage potential security breaches

To communicate with you and manage potential security breaches

TAPA takes security measures appropriate to the level of risk to protect personal information against loss, misuse and unauthorised access, disclosure, alteration and destruction, taking into account the risks involved in the processing and nature of personal information; However, if we determine that your data has been misappropriated (including by an employee or former employee of TAPA), has been exposed by a security breach or has been improperly acquired by a third party, exposing you to a high risk, we will promptly inform you of this security breach, misappropriation or acquisition, and of the steps we have taken and the steps we recommend you to take to ensure that the breach does not affect you.

The legal basis for these measures is the obligation provided for in article 37 of the LQDP, and our legitimate interest in preventing the security breach from harming you.

To other purposes not incompatible with the aforementioned

We may use your personal data for other purposes that are not incompatible with the aforementioned (such as archiving purposes due to public interest, scientific or historical research purposes, or statistical purposes) provided that it is enforceable under the data protection regulation in force.

4. Who is responsible for the processing of your personal data?

The ATPA shall be the sole responsible for the personal data processing activities described herein. You can contact us through any of the following means:

By post or in person, contacting the Arbitration Tribunal of the Principality of Andorra, C/Prat de la Creu 8, Edificio Le Mans, AD500 Andorra la Vella, Principat d’Andorra.

By phone, calling (+376) 88 06 80.

By email, contacting

If you wish to contact us to share issues regarding our privacy policy, your personal data or address any question, at any time, or you want us to stop processing your personal data or exercise other rights, you can contact our external Data Protection Officer – the Andorran entity Win2Win, S.L.U., specialized in privacy and personal data protection – through our email

Additionally, if you are in the European Union, you can go to our representative in the European Union for questions related to the processing activities mentioned herein:

Compliance Gap Mitigation, S.L.

Address: c/Ferraz 28, 2º Izq., 28008 Madrid, España

ID number: B88402227

Phone numbers: (+34) 917589441 o (+34) 915482701 / (+376) 683086


The ATPA is not responsible for the activities that other natural or legal persons may carry out during or in the context of arbitration proceedings. For example, we are not responsible for the privacy policies and practices of other websites, even if you access them through links on our website. Therefore, we strongly recommend you to carefully read the information provided by these natural or legal persons (especially the privacy and cookie policies of each website you visit) before providing your personal data and communicate with their manager if you have any concerns or queries.

5. With whom can we share your personal data?

The ATPA shall not transfer your personal data unless:

  • You request it,
  • We are under a legal obligation to do so (for example, if required, we are obliged to provide copy of invoices to the Tax and Borders Department of the Government of Andorra),
  • We need to protect your rights, ours, those of our employees, or third-party rights (including transfer to the police due to security reasons or to the health authorities to prevent diseases spread, for example, for contact tracing purposes),
  • We need our suppliers to process them on our behalf (for example, for the management and maintenance of our information systems),
  • We need our auditors to process them, or
  • We need to protect our rights or the ATPA’s property.

Any international transfer that we may need to carry out shall comply with all the applicable regulations in force that applies to the ATPA. 

6. How long do we keep your personal data?

The ATPA shall only keep your personal data for as long as the processing period  requires and, later, to comply with tax, accounting, or other legal obligations applicable at the relevant time.

For example, we will destroy your CV when it is more than five years old, considering  it outdated in relation to the purpose for which it was provided.

We will destroy, as soon as possible upon receipt, any unnecessary or disproportionate personal data about you that may appear in emails, in instant messages or in forms on our website.

We will destroy (or rectify) any personal data, as and when we find out about their inaccuracy.

If you send us a copy of an identity document, we will destroy it upon verification that it meets the purpose for which it was sent.

If we do not have a legitimate need to keep your personal data, we will delete or anonymize it and, should this not be possible (for example, because it is in backup copies), we will store it securely and isolate it from any further processing until its deletion becomes possible.

7. What rights do you have?

You have the right to obtain confirmation as to whether or not the ATPA has collected any of your personal data.

See below what other rights you have and how to exercise them.

Rights deriving from the Principality of Andorra’s regulations

If you are physically in the Principality of Andorra or outside the European Union when visiting or using the services on our website, the following rights are granted to you by the LQDP:

Where and how you can exercise your rights

The ATPA provides you with the following ways to exercise your rights:

  1. By sending to the ATPA a written and signed request, at its postal address, stating in the subject “Personal Data Protection Rights Exercise”.
  2. By sending a scanned and signed form to the ATPA’s email address, stating in the subject “Personal Data Protection Rights Exercise”.

In both cases, if your identity is unable to be verified, we shall request you to provide a copy of your passport or of your national identity card to ensure we only reply to the person whose data are concerned or his or her legal representative. In the latter case, the document evidencing the representation will have to be provided.

If the person sending the request is acting in the capacity of representative of the interested person, the representative’s accreditation must be done through documents or legal instruments that properly identify the interested person and the representative and specify the matter or procedure for which representation is granted.

If you are not fully satisfied with the exercise of your rights, you are entitled to lodge a complaint before the national data protection authority of your country (if not the Principality of Andorra), or before the Andorran Data Protection Agency (ADPA).

Forms to exercise your rights

Please find hereafter the links to the various request forms for the exercise of each of you rights:

8. What responsibilities do you have?

By providing us with your data, you warrant that you are of legal age and that the data provided is accurate and complete. Furthermore, you confirm that you are responsible for the veracity of the personal data communicated to us and that you will keep it appropriately updated so that it reflects your real situation. Therefore, you will be held responsible of any false and inaccurate personal data provided to us, as well as for any direct or indirect damages or losses that may arise from its misrepresentation or inaccuracy.

You shall not provide us with third parties personal data unless it is justified in relation to the services you have requested or have hired us for. In any case, if you provide us with third parties personal data, you will bear responsibility to inform such third parties about all the provisions set out in this Privacy Policy before providing us with their personal data, and will be responsible for their accuracy.

In cases where you provide us with personal data of a minor or a person with limited rights, you must have the authorization of the holders of their parental authority or guardianship. Without this permission, providing any personal data is forbidden.

9. How do we protect your personal data?

We are fully committed to protect your privacy and personal data. The ATPA maintains a record of its processing activities, has analysed the risk that each of these activities may entail, and has implemented the legal safeguards and appropriate technical and organisational measures to prevent, as far as possible (since there is no such thing as zero risk), the alteration, misuse, loss, theft, access or unauthorised processing of your personal data.  

We keep the privacy and cookies policies of this website duly updated to ensure that we provide you with all information in relation to the processing of your personal data. We have signed data protection clauses and data processor contracts with all our service providers in view of the personal data processing needs of each one. We shall restrict personal data access to employees who really need to perform the processing contemplated herein. We have trained and made our employees aware of the importance of confidentiality and the maintenance of the privacy and security of your information, as well as of the disciplinary measures that would entail any possible infringement on this matter.

10. Amendments to this Privacy Policy

We shall update this Privacy Policy when necessary to reflect any changes that may occur. If substantial changes affect this Policy or the way in which the ATPA process your personal data, we shall notify you before changes come into force by serving a notice or posting a prominent notice on this website, so you can exercise your rights as provided in the previous section. In any case, we recommend you to periodically review this Privacy Policy to know how we protect your personal data.

If you have any questions about this Privacy Policy, do not hesitate to contact us by sending an email to

Last updated: December 12th, 2022