Privacy policy

By means of this Privacy Policy, Q-CMIM intends to demonstrate its commitment to compliance with the regulations and legislation arising from the processing of the information necessary for the provision of its services, and the use of Information and Communication Technologies.

In particular, Q-CMIM is committed to complying with the regulations on the protection of personal data. In this sense, the following are considered as a reference framework, mainly:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (GDPR).
  • Organic Law on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD)
  • Law 34/2002, of 11 July, on information society services and electronic commerce (LSSI).

This statement applies to any website, application, product, software, or service owned or operated by Q-CMIM that is linked to it (collectively, our "Services"). Occasionally, a service will link to a separate privacy statement, which will list the particular privacy practices for that service.

This policy may be updated from time to time and we encourage you to access and review it. If we make changes that we consider important, we will notify you by posting a notice on the relevant services or by communicating with you by other means such as email.


Q-CMIM we are a company from Malaga, dedicated to the consultancy for obtaining the CMIM marking of products, according to the current Moroccan legislation.

Our address for notification, communication and contact purposes is C/Juan Cabanilles, 11, oficina 409, 29018, Málaga. In addition, Q-CMIM has set up the following e-mail address for communications and notifications related to the processing of information and personal data, including the exercise of the rights indicated in this Policy:

Furthermore, in compliance with data protection regulations, and in order to improve and ensure the proper management of personal data, Q-CMIM has appointed a Data Protection Officer (with the functions indicated in this Privacy Policy), who can be contacted by writing to the address indicated, or via the e-mail address indicated above.


Personal information refers to any information which relates to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, online identification, or to one or more factors specific to the physical, psychological, genetic, mental, economic, cultural or social identity of that person.

We collect, store and process information (and in particular personal data) necessary for the provision of our services. In particular, the information we collect is:

  • Information about our clients necessary for the provision of our services, consulting for CMIM product marking, including identifying and contact information, professional, financial and banking data, data relating to the product under study, necessary for the provision of our services and for our operational and business purposes. Although most of this information is of a business nature, it may include data of a personal nature, mainly concerning the contact personnel of our client companies.
  • For the proper performance of these financial intermediation services, the staff of Q-CMIM staff may have access to information and personal data contained in the files of our client companies. In these cases, Q-CMIM will undertake to maintain the confidentiality and security of said data, for which it will adhere to the necessary confidentiality commitments and external processing contracts.
  • Similarly, we will collect information, including personal data (mainly identification and contact data), through our website, whenever the contact or information request mechanisms are used, and only for the action requested by the customer, unless the customer expressly consents to its use for another purpose.
  • We also collect personal information from third parties such as our partners, collaborators, service providers and publicly available websites, to provide services that we believe may be of interest to you and to help us maintain data accuracy and provide and improve services. In addition, our servers, logs and other technologies collect certain information automatically to help us administer, protect and improve our services, analyse usage and improve the user experience.
  • Internally, Q-CMIM collects, stores and processes personal data of its employees and collaborators, necessary to maintain the working relationship with the employees, and to comply with the legal obligations in this area.

On Q-CMIM we are highly committed to the security of the information we handle, and to compliance with the legal requirements that apply to us. In this sense, to ensure the confidentiality, availability and integrity of both the information we handle (and, in particular, of personal data), and of the systems, networks, applications and databases used to process it, at Q-CMIM:

  • We regularly carry out risk assessments of the risks associated with information security and personal data protection, analysing our risk situation and defining action plans accordingly.
  • An Information Security and Data Protection Policy has been defined and must be complied with by the different parties involved in the processing of information.
    • Procedures have been developed for Access Control, Systems and Communications Security, Incident and Security Breach Management, and Information Backup.
      • The necessary awareness-raising and training actions have been developed to ensure compliance with these policies and procedures.

In the event that, as a user or affected party, you detect any security incident or breach, or any vulnerability that may be affected, Q-CMIM makes available to those affected the address info@cmim.euthrough which any communications considered appropriate or necessary for the improvement of the security of our information and systems can be made.


Q-CMIM has provided the necessary means to comply with the right to information and with the obtaining of consent in cases where this is necessary to ensure the lawfulness of the processing of personal data. At the time of obtaining or collecting the information, Q-CMIM undertakes to inform those affected of the identity of the data controller, the purpose, possible communications or transfers, and the possibility of exercising the rights set out in the regulations.

Q-CMIM recognises and guarantees the possibility of exercising the rights of access, rectification, cancellation, opposition, limitation of processing and portability, as set out in the data protection regulations. You, as the interested party or data subject, may:

      • RIGHT OF ACCESS: To obtain confirmation as to whether your data is being processed and, if so, you have the right to access the following information concerning the processing of your data:
        • the purposes of the processing;
        • the categories of personal data concerned;
        • the recipients or categories of recipients to whom personal data may be disclosed;
        • the envisaged retention period for personal data 
        • the existence of the right to request rectification, erasure, opposition of data, or restriction of data processing 
        • the right to lodge a complaint with a supervisory authority;
        • where the personal data have not been obtained from the data subject, any available information on their source
        • the existence of automated decisions, including profiling and meaningful information on the logic applied, and the significance and expected consequences of such processing for the data subject.
        • Where personal data are transferred to a third country or to an international organisation, the data subject shall have the right to be informed of the appropriate safeguards pursuant to Article 46 concerning the transfer.
      • RIGHT OF DELETION: Obtain the deletion of your data when any of the following circumstances occur (provided that the data do not meet any of the requirements set out in the regulations: that they are data of general interest, necessary for compliance with a legal obligation, or to exercise the right to freedom of expression,...): 
        • the personal data are no longer necessary for the purpose for which they were collected
        • the data subject withdraws the consent given for the processing of the data;
        • the data subject objects to the processing and no other legitimate grounds for the processing prevail
        • the personal data have been processed unlawfully;
        • the personal data must be deleted in order to comply with a legal obligation that may be established; 
      • RIGHT OF RECTIFICATION: To modify inaccurate, erroneous or incomplete data. 
      • RIGHT OF PORTABILITY: To receive from Q-CMIM the personal data concerning him or her and to transfer them to another controller where: 
        • the lawfulness of the processing is based on the data subject's consent or on the performance of a contract 
        • the processing is carried out by automated means. 
      • RIGHT TO OPPOSE: To object to the processing of personal data concerning him/her based on the fulfilment of purposes of public interest, or of legitimate interest for the data controller.
      • RIGHT OF LIMITATION OF PROCESSING: Obtain from the data controller the limitation of the processing of data when any of the following conditions are met: 
        • the data subject challenges the accuracy of the personal data, within a period of time which allows the controller to verify the accuracy of the personal data; 
        • the processing is unlawful and the data subject objects to the erasure of the personal data and requests instead the restriction of their use; 
        • the controller no longer needs the personal data for the purposes of the processing but the data subject needs them for the purposes of making, pursuing or defending claims; 
        • the data subject has objected to the processing pursuant to the right of objection

For the exercise of these rights, Q-CMIM has set up the following e-mail address e-mail address:, through which you may contact the organisation to request the exercise of the rights recognised by the regulations. Similarly, these rights may be exercised through the postal address indicated in the first section.

For a proper exercise of these rights, we urge you to use as a reference the templates and models for the exercise of the rights that can be found on the website of the Data Protection Agency. (

Furthermore, we inform you of the possibility, in the event that you consider that your rights have been violated, or that we have not acted adequately with respect to the requests for rights that you may have made, to file the corresponding complaint with the Data Protection Agency, which you can contact through the electronic office accessible from your web site (


As a general rule, from Q-CMIM we only communicate personal data to third parties, or provide them with access to the same, in the cases necessary to develop an adequate provision of the requested service, to comply with legal, fiscal and corporate obligations, or for the development of certain processes or activities of the organisation in a subcontracted manner (Access to Data on Behalf of Third Parties).

In particular, we communicate and exchange information with banking institutions, based on the services provided, to manage the collection and invoicing of the services provided, the management of payments to service providers, or in compliance with legal, fiscal and public duty requirements. Likewise, in compliance with these public duties, communications are made to other administrative bodies, such as the Social Security or Tax Administration.

On the other hand, in Q-CMIM we establish agreements, alliances or collaborations with other entities that provide us with certain services or that collaborate in the development of certain activities, and they may have access to the personal data that we manage. This is the case, for example, of tax and labour consultants who are granted access to the personal data of our employees for the management of payroll, compliance with public duties, or prevention of occupational hazards.

In addition, we have certain outsourced services on which we rely for the provision and development of our services. This is mainly the case of external housing or web hosting services. The corresponding external processing contracts have been signed for the provision of these services, ensuring compliance with regulatory requirements. It may be the case that these services are provided or require the intervention of entities or systems hosted in third countries. From Q-CMIM we ensure that, in cases where international data transfers are required, these are carried out to countries that accredit a level of security comparable to that of European regulations. In this sense, the decisions of adequacy of the European Data Protection Committee will be considered, or, failing that, certificates, corporate standards, contractual clauses or any other recognised mechanism that accredits an adequate level of protection.


As a general rule, in Q-CMIM we only keep the information and personal data for the time necessary to fulfil the purpose for which the data was obtained, as well as to deal with any possible claims or liabilities that may arise as a result of the processing of the data. In general, once the service has been provided, the data will be blocked and no further processing will be carried out on them beyond keeping them at the disposal of the Public Administrations, Judges and Courts, in order to attend to any possible liabilities arising from the processing, during the period of limitation of these, after which they must be cancelled. On the other hand, in order to determine the data retention periods, Q-CMIM takes into account local laws, contractual obligations and the expectations and requirements of our customers. When we no longer need personal information, we securely delete or destroy it.

Scroll to Top