Who is responsible for the processing of MdF customer data?

Michavila de Fernando Family Partners, S.A., an independent financial, wealth and family strategy consultancy with registered office in Madrid, Calle Serrano, 1, 3rd floor CP:28001 (hereinafter “MDF”) will be responsible for the processing of your data. For this purpose, MDF has a Data Protection Officer in charge of supervising compliance with data protection, whose email address is:

How does MdF obtain customer data?

MdF may obtain personal data: (i) directly provided by its clients, either those provided when contacting us or through the contractual relationship itself arising from the information necessary for advisory services, (ii) through public records or other public means of information such as social media or the internet, (iii) browsing data when visiting our Website, and finally (iv) from third party databases for money laundering and fraud prevention purposes.

In the course of our contractual relationship, the customer may provide MdF with data of third parties, such as legal representatives, shareholders, beneficiaries or family members. In this regard, you confirm that you have informed and, where applicable, obtained the consent of any other individuals whose personal data you will provide to us.

What does MdF process your data for?

There are two different types of processing of personal data carried out by MdF:

1.- On the one hand, MdF, as Data Controller, processes the personal data of its customers, their legal representatives, shareholders, employees, agents, or other collaborators for the management of the contractual relationship with them, such as: (i) the identification of contact details for the management of the relationship, maintenance of meetings, telephone and email contact, (ii) billing management and (iii) sending relevant information and monitoring of contracted services. MdF also processes personal data in order to comply with legal obligations, such as issues of prevention of money laundering or requirements arising from tax regulations.

2.- On the other hand, as Data Processor, and as a result of the provision of advisory, organisational and consulting services, MdF may have access to data under the responsibility of its clients. With respect to this type of data, MdF will process such data in accordance with the order made and under the instructions of its clients, and MDF may not process such data beyond that purpose.

In this respect, MdF is committed to:

Process personal data only in accordance with your documented instructions.

Taking into account the nature of the processing, MdF will, to the extent possible, inform its customers of any requests it may receive concerning the rights of data subjects so that the customer can act on them.

All persons authorised to access or process personal data are under a relevant legal obligation to preserve confidentiality or have undertaken to do so. This obligation to preserve confidentiality shall remain in force even after the termination of the relationship with MdF, for whatever reason.

MdF will keep this information secret and secure, whereby MdF takes appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including, but not limited to, the following: (a) the pseudonymisation and encryption of personal data; (b) the ability to ensure the continued confidentiality, integrity, availability and resilience of processing systems and services; (c) the ability to restore availability and access to personal data in a timely manner in the event of any physical or technical incident; (d) a process to regularly test, analyse and evaluate the effectiveness of the technical and organisational measures in place to ensure the security of the processing.

MdF provides you with all the information necessary to demonstrate compliance with data protection obligations, and allows audits to be carried out.

In the event of contracting another Data Processor, MdF will inform you of the specific services that it has subcontracted.

Upon completion of the provision of the services related to the processing, at the customer’s choice, MdF will delete or return all personal data and existing copies thereof, with the exception of data that must be retained as a result of the provision of the services or in support thereof or by law, which will be duly blocked for as long as liability may arise.

Communication of personal data

MdF may disclose personal data to: (i) regulatory authorities and (ii) in order to prevent fraudulent conduct, personal data may be forwarded to individual MdF Group companies or centralised information systems. In addition, MdF has third party service providers who may access personal data in the course of providing their services, such as auditors, consulting services, advisors, IT maintenance, potential buyers or investors, administrative services and document destruction, among others. MdF pre-selects these suppliers based on data protection compliance criteria, has signed data protection contracts with all of them and monitors their compliance with their data protection obligations.

Retention period for personal data

Personal data to which access is gained will be processed for as long as the contractual relationship is maintained. In this regard, MdF will retain personal data after the end of the contractual relationship, duly blocked, for the period of limitation of actions that may arise from the relationship with customers. In any case, MdF shall retain the information that it is required by the Prevention of Money Laundering and Terrorist Financing regulations to obtain for a period of 10 years from the termination of the business relationship or the execution of the transaction.

Security measures

MdF shall establish security measures for personal data in order to prevent their alteration, loss, processing or unauthorised access, taking into account the state of technology, the nature of the data stored and the risks to which they are exposed, whether from human action or from the physical or natural environment. Specifically, MDF undertakes to adopt, update and maintain all organisational and technical measures necessary to ensure the security and confidentiality of personal data, preventing any alteration, loss, treatment, processing or unauthorised access.

MdF will not apply or use personal data for purposes other than those set out in this contract, nor will it communicate them, even for storage purposes, to other persons.

Confidentiality and duty of secrecy

The parties agree that any proprietary information, regardless of the medium in which it is held, will be considered as confidential information and will be treated as secret, confidential and restricted, and will be processed in accordance with the provisions of this contract.

MdF will at all times ensure that the above personal data are accurate, complete and up to date, are not used for purposes other than those related to this contract and are kept strictly confidential.

Exercising data protection rights

The client may exercise their rights of access, rectification, suppression, opposition, as well as request that the processing of their personal data be limited, portability of their data, and not being subject to automated individual decisions, in relation to the data provided at any given time, by writing to the Data Protection Delegate in Madrid, Calle Serrano, 1, 3rd floor, CP:28001 (enclosing a copy of their ID card or official identification document), or via the address

To whom can you lodge data protection complaints?

In the event that the customer’s data protection rights have been violated or if they have any complaint regarding their personal information, they may contact the Data Protection Delegate by e-mail at In any case, interested parties may contact the Spanish Data Protection Agency, the supervisory authority for data protection at C/ Jorge Juan 6, 28001, Madrid. Tel. 901.100.099/


For more information, please visit:

Legal Notice and Privacy Policy

MdeF Gestefin Data Protection Policy

Cookies Policy

Sustainable Finance