Legal information

“60dias” informs users of the website about its policy regarding the processing and protection of personal data of users and customers that may be collected by browsing, purchase of products or services through its website. In this sense, “60dias” guarantees compliance with current legislation on the protection of personal data, reflected in Organic Law 15/1999 of 13 December on the Protection of Personal Data and in Royal Decree 1720/2007 of 21 December, which approves the Regulation of Development of the LOPD, and the General Data Protection Regulation (RGPD) (EU) 2016/679.

SECURITY MEASURES

In compliance with current legislation on data protection, users are informed that, at “60dias”, technical and organisational measures have been adopted in accordance with the provisions of the aforementioned regulations. The personal data collected in the forms are processed only by the staff of “60dias” or by the data processors established herein. The appropriate security measures have been adopted for the data provided and, in addition, all the technical means and measures within their reach have been installed to prevent the loss, misuse, alteration, unauthorised access and theft of the data provided.

VERACITY OF THE DATA

The Client or User declares that all the data provided by him/her are true and correct and undertakes to keep them updated, informing “60dias” of any changes to them. The user is responsible for the veracity of their data and will be solely responsible for any disputes or litigation that may result from the falsity of the same. It is important that, so that we can keep the personal data updated, the user informs “60dias” whenever there has been any change in them. Otherwise, we cannot be held responsible for their veracity.

EXERCISE OF RIGHTS

The LOPD and the RGPD grant interested parties the possibility of exercising a series of rights related to the processing of their personal data. Insofar as the user’s data is processed by “60dias”, they may exercise their rights. To do so, the user must contact us, providing documentation proving their identity (ID card or passport), by e-mail to info@60dias.es, or by written communication to the address that appears in our legal notice. Said communication must include the following information: Name and surname(s) of the user, the request, address and supporting data.

The exercise of rights must be carried out by the user himself. However, they may be executed by an authorised person as the authorised person’s legal representative. In this case, the documentation accrediting this representation of the interested party must be provided.

The user may request the exercise of the following rights:

  • Right to request access to personal data.
  • The right to request their rectification (in the event that they are incorrect) or deletion.
  • Right to request the limitation of their processing, in which case they will only be kept by “60dias” for the exercise or defence of claims.
  • Right to oppose the processing: “60dias” will stop processing your data, unless for legitimate reasons or for the exercise or defence of possible claims, they must continue to be processed.
  • Right to data portability: in the event that you want your data to be processed by another company, “60dias” will facilitate the portability of your data to the new data controller.

In the event that consent has been granted for a specific purpose, the user has the right to withdraw consent at any time, without affecting the lawfulness of the processing based on the consent prior to its withdrawal.

If a user considers that there is a problem with the way in which “60dias” is handling their data, they may address their complaints to the Security Manager or to the corresponding data protection authority, the Spanish Data Protection Agency being the one indicated in the case of Spain.

RETENTION OF DATA

Disaggregated data will be retained without a deletion period. With regard to Client data, the period of conservation of personal data will vary depending on the service contracted by the Client. In any case, it will be the minimum necessary, and may be kept up to:

  • 4 years: Law on Infringements and Penalties in the Social Order (obligations regarding affiliation, registrations, cancellations, contributions, payment of salaries…); Arts. 66 et seq. General Tax Law (accounting books…)
  • 5 years: Art. 1964 Civil Code (personal actions without special time limit).
  • 6 years: Art. 30 Code of Commerce (accounting books, invoices…)
  • 10 years: Art. 25 Prevention of Money Laundering and Terrorist Financing Act.

Mailing list users or those uploaded by “60dias” to RRSS pages or profiles, will be kept until the user withdraws consent.

Candidate data (C.V.), if any: In the event that the candidate is not selected, “60dias” may keep their curriculum for a maximum of two years in order to incorporate it into future calls for applications, unless the candidate states otherwise.

COLLECTION AND PROCESSING OF DATA

“60dias” has the duty to inform users of its website about the collection of personal data that may be carried out, either by sending e-mails or by filling in the forms included on the website. In this sense, “60dias” will be considered to be responsible for the data collected by the means described above.

In turn, “60dias” informs users that the purpose of the processing of the data collected includes attending to requests made by users, inclusion in the contact agenda, the provision of products or services and the management of the commercial relationship. The operations, management and technical procedures that are carried out in an automated or non-automated manner and which enable the collection, storage, modification, transfer and other actions on personal data, are considered to be the processing of personal data.

“60dias” provides users with a series of telematic mechanisms for the collection and processing of their personal data, for the purposes set out above. The personal data provided telematically, either through email, contact forms on this website or online contracting will be used for the commercial and administrative management of customers and users of the company. These data will be processed through servers managed by Dinahosting, which is also the company providing email services, and which will be considered in charge of treatment.

For its part, the mail and name data will be incorporated into a database for sending commercial communications and manage the subscription to the services requested by the customer or user. You may unsubscribe at any time by clicking on the link that you will find in our communications, or by sending a request to exercise your right to the company in charge of processing or to “60dias”.

As established by the LSSICE, “60dias” undertakes not to send commercial communications without identifying them as such. For these purposes, information sent to customers for the maintenance of the existing contractual relationship will not be considered as commercial communication.

In any case, only the data necessary to carry out the contracted service, or to be able to respond appropriately to the request for information made by the user, will be obtained.

Occasionally, personal data will be provided through links to third party websites. In this case, at no time will “60dias” staff have access to the personal data provided by the Client to said third parties.

SOCIAL NETWORKS

“60dias” has a profile on the main social networks on the Internet (Facebook, Twitter, LinkedIn), recognising itself in all cases responsible for the processing of the data of its followers, fans, subscribers, commentators and other user profiles (hereinafter, followers) published by “60dias”. The treatment that “60dias” will carry out with said data within each of the aforementioned networks will be that which the social network allows the corporate profiles.

“60dias” may inform its followers, when the law does not prohibit it, by any means that the social network allows about its activities and offers, as well as providing personalised customer service. Under no circumstances will “60dias” extract data from the social networks, unless the user’s consent to do so is specifically and expressly obtained (for example, to carry out a competition).

PERSONNEL SELECTION

Applicants who send electronic communications to “60dias”, with the aim of accessing the Entity’s personnel selection processes, authorise us to analyse the documents they send (for example, their C.V.), all content that is directly accessible through Internet search engines (for example, Google), the profiles they maintain on professional social networks (for example, LinkedIn), the data obtained in the entrance tests and the information they reveal in the job interview, with the aim of assessing their candidacy and being able, if necessary, to offer them a position. In the event that the candidate is not selected, “60dias” may keep your C.V. stored for a maximum of two years, in order to incorporate it into future calls for applications, unless the candidate states otherwise.

COMMUNICATION OF INFORMATION TO THIRD PARTIES

“60dias” will not transfer or communicate your data to any third party, except in the cases provided for by law or when the provision of a service implies the need for a contractual relationship with a data processor, and always in accordance with the general conditions approved by the user prior to contracting the service. Thus, when contracting our services, the user accepts that some of the same may be, totally or partially, subcontracted to other persons or companies, who will be considered as Data Processors, with whom the corresponding confidentiality contract has been agreed, or who have adhered to their privacy policies, established on their respective web pages. The user also accepts that some of the personal data collected may be provided to these data processors, when necessary for the effective performance of the contracted service. The user may refuse the transfer of your data to the Data Processors, by means of a written request, by any of the aforementioned means.

CONFIDENTIALITY

The information provided by the client will, in any case, be considered confidential, and may not be used for purposes other than those related to the contracted services or products purchased from “60dias”. “60dias” undertakes not to disclose or reveal information about the client’s intentions, the reasons for the advice requested or the duration of its relationship with the client.

VALIDITY

This privacy and data protection policy has been drawn up by EXPERTOS LOPD®, a data protection company, on 25 May 2018, and may vary according to changes in regulations and jurisprudence that may occur. It is the responsibility of the owner of the data to read the updated document, in order to know his/her rights and obligations in this respect at all times.

Use of cookies on the website

In compliance with Law 34/2002, of 11 July, on Information Society Services and Electronic Commerce, we inform you of the use of cookies on the websites and applications of “60dias”, in order to facilitate and improve user navigation, remembering where you browsed the website, preferences and display settings, and offering each user information that may be of interest.

What are cookies?

A cookie is a file that is downloaded to your computer or the device you use (Smartphone, tablet, connected television ….) when you access certain web pages or applications. Cookies allow, among other things, the collection of statistical information, facilitate certain technical functionalities, store and retrieve information about browsing habits or preferences of a user or their equipment and, depending on the information they contain and the way you use your computer, they can be used to recognise the user. A cookie is stored on a computer in order to identify the browser while interacting with our websites or applications. A website may set a cookie on your browser if your browser preferences allow it. A browser only allows a website to access the cookies it sets, not those set by other websites.

Why are cookies important?

“60dias” uses these cookies for operational reasons (e.g. session cookies), and for ease of use, to make browsing the website easier and more user-friendly, e.g. remembering aspects of the user such as language, country, browser, etc… Certain cookies are essential for you to be able to use our services.

Types of cookies

Technical Cookies: to help improve the quality of our service, including storing user preferences, search results, as well as tracking user trends.

Statistical cookies: collect information about date of visit, the URL and title of the web page visited. The reports generated with this information will be purely statistical, providing information on browsing behaviour in an anonymous form.

Preference or personalisation cookies: these store information on the type of user, saving the user’s nickname to avoid entering it page by page, encrypted information and information on the user’s favourites is also saved.

Analytics or measurement cookies: these are used to track the search engine from which the website has been visited and what search terms were used to find it, they calculate the time spent on the website in each session and the number of times the user has visited the page.

Behavioural advertising cookies: these are cookies that store information on the behaviour of users obtained through the continuous observation of their browsing habits, which allows a specific profile to be developed in order to display advertising based on this.

The following cookies are used on this website:

Own Cookies (functional and essential)
Necessary
cookieyes-consent: CookieYes sets this cookie to remember users’ consent preferences so that their preferences are respected on subsequent visits to this site. It does not collect or store any personal information about site visitors.
 
_cfuvid: This cookie is set by the Google recaptcha service to identify bots and protect the website against malicious spam attacks.
 
rc::a: This cookie is set by the Google recaptcha service to identify bots and protect the website against malicious spam attacks.
 
rc::c: This cookie is set by the Google recaptcha service to identify bots and protect the website against malicious spam attacks.
 
Functional
pll_language: Polylang sets this cookie to remember the language the user selects when returning to the website and to obtain the language information when it is not otherwise available.
 
__cf_bm: Cloudflare sets the cookie to support Cloudflare Bot Management.
Analytics

_ga_*: Google Analytics sets this cookie to store and count page views..

_ga: Google Analytics sets this cookie to calculate visitor, session and campaign data and to track site usage for site analytics reporting. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
 
_gcl_au: Google Tag Manager sets the cookie to test the advertising effectiveness of the websites that use its services.
 
Types of cookies by expiry date

The cookies used in “60dias” are persistent, i.e. they are permanently installed in your browser and are activated each time you visit the site, as long as you do not deactivate their use.

Cookie configuration

To find out how to configure the management of cookies in your browser, you can consult the following links for the main browsers and devices:

-For Internet Explorer™ -For Safari™ -For Chrome™ -For Firefox™ -For Opera™ –For Edge™.

Acceptance of cookies

When you access this website or application for the first time, you will see a window where you are informed about the use of cookies and where you can consult this “Cookie Policy”. If you consent to the use of cookies, it will be understood that you have consented to our cookie policy and therefore to the installation of cookies on your computer or device.

If you “reject non-functional cookies”, only those cookies that are essential for the use of the website will be installed.

If you wish, you can change your cookie settings at any time (previous section), configuring your browser to accept, or not, the cookies you receive, revoke the consent previously given, delete the cookies installed or for the browser to warn you when a server wants to save a cookie. We inform you that in the case of blocking or not accepting the installation of cookies, it is possible that certain services may not be available without the use of cookies or that you may not be able to access certain services or take full advantage of everything our websites and applications offer you.

“60dias” thanks you for consenting to the acceptance of cookies, this helps us to obtain more accurate data that allows us to improve the content and design of our websites and applications to suit your preferences.

At 60dias we are committed to meeting the needs and expectations of our customers and stakeholders, ensuring compliance with their requirements, and the legal and regulatory requirements applicable to the services of:

  • VAT recovery on travel tickets for expenses and representation,
  • Automatic Posting of Supplier Invoices,
  • Digitalization and document archiving.

In 60dias, we understand the importance of the documentation entrusted to us, so we take care of the security and confidentiality of the information we manage and store, thus providing added value in the services we offer; supported by state-of-the-art technology and a skilled human resource committed to the continuous improvement of our quality management system.

1.- Purpose

This Policy sets out the governing principles on information security established by 60 Días, S.L., hereinafter referred to as 60dias, for all users (internal users and third parties) who access information systems owned by, or under the responsibility of, 60dias.

60dias shall ensure the protection of information, regardless of the way in which it is communicated, shared, displayed, or stored (hereinafter, the “Information”). This protection applies both to information existing within 60dias and to information shared with third parties.

For the purposes of this Policy, Information Security shall mean the safeguarding and protection of Information owned by 60dias, regardless of whether it is located on 60dias’ own systems or on third-party systems; and Information owned by third parties that is located on 60dias systems.

For the purposes of this Policy, Information Systems shall mean the set of technologies or technological means, whether owned by 60dias or by third parties, that manage, store, or transmit Information.

2.- Scope and Application

This Policy shall apply to 60dias and shall be binding on all its personnel, regardless of their position or function.

The application of this Policy may also be extended, in whole or in part, to any other natural or legal person linked to 60dias through a relationship other than employment, whenever this is possible due to the nature of the relationship and is appropriate for the fulfilment of the purpose of the Policy.

In accordance with this Policy, 60dias develops procedures and instructions to implement and comply with the obligations undertaken within an information security management system (ISMS), as well as to adapt it to the various local or national laws applicable to 60dias.

Likewise, the application of this Policy is complementary to other mandatory internal rules, such as the General Personal Data Protection and Privacy Policy, and any other rules governing matters related to 60dias Information.

The declared scope of this Policy and the information security management system covers all activities related to the design, delivery, and support of services for the review, management, and recovery of input VAT incurred by third parties, both domestically and internationally; travel expense management; local tax management; certified digitalisation; communications to public administration platforms with tax relevance; digital archiving and custody; and audit or forensic services relating to travel expenses, including, among others, the following business processes:

  • Commercial management, client relations, and user support (marketing, pre-sales, proposals, contracting, and account management).
  • Receipt, digitalisation, and classification of expense documentation and invoices provided by clients.
  • Extraction and review of the data obtained, validating it in accordance with client requirements.
  • Tax analysis and determination of recoverable VAT amounts, including interaction with national and international tax regulations and authorities.
  • Control and supervision of management processes.
  • Handling of cases before tax authorities and other involved third parties.
  • Issuance of reports and communications to clients, as well as the management of queries and claims related to the services.

 

3.- Objectives

This Policy constitutes the reference framework through which 60dias defines the guidelines for the effective protection of the Information managed by 60dias and has the following objectives:

  • To ensure the level of confidentiality required for each class of Information, in accordance with the classification established in internal procedures.
  • To maintain the integrity of the Information, so that it does not undergo alterations from the moment it was generated by its owners or those responsible for it.
  • To ensure the availability of Information, on all media and whenever needed, thereby ensuring business continuity and compliance with all obligations applicable to the Company.

4.- General Principles

The achievement of the objectives described in section 3 is based on the following general principles:

  • Information classification. Information shall be classified according to its value, importance, and criticality to the business, so that protection measures are adapted to the classification level of each information asset. Likewise, the classification of Information assets shall be carried out taking into account legal and operational requirements, as well as applicable good practices and standards.
  • Use of Information Systems. The use of the Systems shall be limited to lawful and strictly professional purposes, for the performance of tasks related to the employee’s position. Consequently, these means and systems are not intended for personal use and may not be used for any unlawful purpose.
  • Segregation of duties. Risk concentrations arising from the absence of segregation of duties and from single-person dependency in business-critical functions must be avoided.
    In this regard, formal procedures shall be established to control the assignment of privileges to Information Systems, so that users have access only to the resources and information necessary for the performance of their duties.
  • Information retention. Where necessary or appropriate, Information retention periods shall be established by category, based on operational, contractual, or regulatory compliance needs, together with the corresponding procedures for the destruction of Information.
  • Access to Information by third parties. Procedures shall be developed to control the disclosure of, and access by third parties to, Information relating to 60dias or to any other third parties associated with 60dias.
  • Information Security within Systems. Development and production environments shall be maintained on separate Systems. Likewise, the development and maintenance of Information Systems must include the controls and records necessary to ensure the correct implementation of security specifications.
    A continuity management process shall be established to ensure the recovery of Information critical to 60dias in the event of a disaster, reducing downtime to acceptable levels.
    60dias Information and communication Systems must be permanently adapted to the requirements of the legislation in force in all jurisdictions in which it operates, as well as to the applicable implementing internal regulations.

5.- Responsibilities

Responsibility for protecting Information and the Systems that process, store, or transmit it extends to all organisational and functional levels within 60dias, each to the extent applicable, as detailed below:

5.1 Responsibilities of 60dias personnel
  • All 60dias employees must be aware of, accept, and comply with this Policy, as well as the internal security and Systems use rules in force. They are required to maintain professional secrecy and the confidentiality of the Information handled in their working environment and must urgently report, in accordance with the established procedures, any possible security incidents or issues detected.
  • Employees who contract third-party services involving the use of, or access by, such third parties to Information must understand the risks arising from the outsourcing process and ensure effective management of those risks.
  • The use of Systems or digital services by employees, expressly including email and instant messaging services, shall be limited to lawful and strictly professional purposes, for carrying out tasks related to their position. Consequently, these means and systems are not intended for personal use and may not be used for any unlawful purpose.
5.2 Responsibilities in relation to suppliers and other third parties
  • In addition to section 5.1, contracts with third parties involving the use of, or access by, such third parties to Information, including service provision and outsourcing agreements, shall include specific security requirements relating to the technology and activities of those performing such services.
  • In this regard, such contracts must include provisions ensuring that suppliers or any external company that potentially or actually uses or accesses Information must be aware of and comply with this Policy insofar as it is applicable to them, and they shall be obliged to maintain professional secrecy and the confidentiality of the Information handled in their relationship with 60dias.
5.3 ISMS Manager

The ISMS Manager (Information Security Management System Manager) shall perform their control function independently and shall be responsible for implementing this Policy and monitoring compliance with it, as well as with all requirements arising from applicable laws, regulations, and good practices relating to Information Security. Accordingly, they shall be responsible for:

  • Implementing an Information Security strategy that ensures compliance with the basic principles of this Policy, and in particular covers the following aspects:
    • Appropriate access to Information, based on the principle of least privilege and the approval of the Information asset owner.
    • Adequate segregation of roles and functions within the Information Systems.
    • Proper configuration, administration, and operation of the infrastructure, services, and/or software used in the various business processes, both inside and outside 60dias premises, from a security standpoint.
    • Correct implementation of security requirements throughout the lifecycle of the Information Systems supporting the Company’s processes.
    • Adequate protection of the Systems and the Information they support against physical or environmental threats, according to their criticality, enabling the identification, assessment, prevention, and response to any risk that may compromise their security.
  • Establishing and reviewing the relevant controls to ensure compliance with this Policy and its implementing regulations, including the organisational and technological mechanisms necessary to facilitate continuous monitoring of activities involving access to and use of the Systems, services, or Information managed by 60dias.
  • Preventing, detecting, and responding to any Information Security incident and acting in accordance with internal procedures.
  • Promoting the regulatory development of this Policy through such procedures or instructions as may be necessary to define a global framework for Information Security across all areas. Likewise, they shall review, update, and communicate any changes resulting in amendments to this Policy.
  • Carrying out training and awareness activities relating to Information Security processes.
  • Establishing a continuous improvement approach.
  • Ensuring compliance with the legislation in force within the scope of the powers assigned to them under this Policy.
  1. Control and Audit

60dias expressly reserves the right to adopt, in a proportionate manner, the monitoring and control measures necessary to verify the proper use of the Systems made available to its employees, including the content of communications and devices, while in all cases respecting the legislation in force and guaranteeing the dignity of the employee. The communication and acceptance of this Policy shall have the effect of prior notice to the employee.

60dias shall be subject to periodic reviews and controls, as well as internal and external audits, to assess general compliance with this Policy.

The assessment of a possible breach of this Policy shall be determined in the corresponding procedure, in accordance with the provisions in force, without prejudice to any legal liabilities, including disciplinary liabilities in the employment sphere, which may, where appropriate, be enforceable against the party in breach.

6.- Communication of the Policy

This Policy shall be available on the internal network for all employees. Likewise, the Policy shall be the subject of appropriate communication, training, and awareness actions to ensure its proper understanding and implementation.

7.- Updating and Review of the Policy

This Policy shall be reviewed and updated whenever appropriate, in order to adapt it to changes that may arise in the business model or in the environment in which 60dias operates, while ensuring its effective implementation at all times.

8.- Applicable Legislation and Regulations

In order to align the content of this Policy and, in general, the documentation, processes, procedures, and instructions, the applicable legislation on Information Security has been identified. With regard to the management and protection of Personal Data, the relevant General Personal Data Protection and Privacy Policy is available and refers to the applicable legislation within its scope.

  • Law 6/2020, of 11 November, regulating certain aspects of electronic trust services.
  • Law 5/2014, of 4 April, on Private Security.
    Law 34/2002, of 11 July, on Information Society Services and Electronic Commerce.
    Law 9/2014, of 9 May, on Telecommunications.

 

Date: 2 January 2026

This website contains texts prepared for purely informative or divulgative purposes, which may not reflect the current state of legislation or jurisprudence, and which refer to general situations, so their content should not necessarily be applied by the user to specific cases.

This website details the services offered by “60dias”. Its use implies acceptance of the following conditions, declining to make any claim on them:

  1. The use of this website is aimed at people of legal age.
  2. “60dias” may modify the content of the website, its services, rates, guarantees, etc., at any time and without prior notice.
  3. “60dias” may make available to the user links or other elements that allow access to other websites belonging to third parties. We do not market the products and services of these linked pages, nor do we assume any responsibility for them, nor for the information contained in them, nor for their veracity or legality, nor for any effects that may derive from them. In any case, “60dias” declares that it will proceed to the immediate withdrawal of any content that could contravene national or international legislation, morality or public order, proceeding to the immediate withdrawal of the redirection to said website, informing the competent authorities of the content in question.
  4. The prices indicated on the website, if any, are valid except for typographical errors, and are subject to change without prior notice.
  5. It is not necessary to register on the website, or provide any personal data, to browse it.
  6. “60dias” cannot guarantee the uninterrupted or error-free operation of this website. Therefore, we are not responsible for any damage caused by the use of this site.
  7. “60dias” offers its services and products indefinitely, but may, however, suspend the provision of the same, unilaterally and without notice.
  8. “60dias” shall not be liable for any damages, either its own or to third parties, caused by misuse of this website by the customer.
  9. The user undertakes not to use this website or the services offered on it to carry out activities contrary to the law, public order or these conditions.
  10. “60dias” is not responsible for viruses originating in a telematic transmission infiltrated by third parties generated with the aim of obtaining negative results for a computer system.
  11. “60dias” is not responsible for the information and content stored, including but not limited to, forums, chat’s, blog generators, comments, social networks or any other means that allows third parties to publish content independently on the provider’s website. However, and in compliance with the provisions of art. 11 and 16 of the LSSI-CE, “60dias” is available to all users, authorities and security forces, and actively collaborating in the removal or blocking of all content that could affect or contravene national or international legislation, the rights of third parties or morality and public order. In the event that the user considers that there is any content on the website that could be susceptible to this classification, please notify the website administrator immediately.
  12. This website has been checked and tested to ensure that it functions correctly. In principle, it can be guaranteed to function correctly 365 days a year, 24 hours a day. However, “60dias” does not rule out the possibility of the existence of certain programming errors, or the occurrence of force majeure, natural disasters, strikes, or similar circumstances that make it impossible to access the website.
  13. The opinions expressed therein do not necessarily reflect the views of “60dias”. The content of the articles published on this website cannot be considered, under any circumstances, as a substitute for legal advice. The user should not act on the basis of the information contained in this Web Site without first seeking professional advice.

In short, the user is solely responsible for the use made of the services, contents and links included on this website.