Privacy Policy

By means of this Privacy Policy, Q-CMIM intends to show its commitment to compliance with the regulations and legislation arising from the processing of the information necessary for the provision of its services, and the use of Information and Communication Technologies.

In particular, Q-CMIM is committed to complying with the regulations regarding the protection of personal data. In this sense, the following are considered as a frame of reference, mainly:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR).
  • Organic Law on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD)
  • Law 34/2002, of July 11, 2002, on information society services and electronic commerce (LSSI).

This statement applies to any website, application, product, software or service owned or operated by Q-CMIM that is linked to it (collectively, our "Services"). Occasionally, a service will link to a separate privacy statement, which will list the particular privacy practices of that service.

This policy may be periodically updated and we encourage you to access and review it. If we make changes that we consider important, we will notify you by posting a notice on the relevant services or by communicating with you by other means such as email.


Q-CMIM we are a company of Malaga origin, dedicated to the consultancy for obtaining CMIM marking of product, according to the current Moroccan legislation.

Our address for notification, communication and contact purposes is C/Juan Cabanilles, 11, office 409, 29018, Málaga. In addition, Q-CMIM has enabled the following e-mail address for communications and notifications related to the processing of information and personal data, including the exercise of the rights indicated in this Policy:

Furthermore, in compliance with data protection regulations, and in order to improve and ensure the proper management of personal data, Q-CMIM has appointed a Data Protection Officer (with the functions indicated in this Privacy Policy), who can be contacted by writing to the address indicated, or through the e-mail address indicated above.


Personal information refers to any information that relates to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier, whether a name, an identification number, location data, online identification, or to one or more factors specific to that person's physical, psychological, genetic, mental, economic, cultural, or social identity.

We collect, store and process information (and in particular personal data) necessary for the provision of our services. In particular, the information we collect is:

  • Information of our clients necessary for the provision of our services, consulting for CMIM product marking, including identifying and contact information, professional, economic and banking data, data relating to the product under study, necessary to provide our services and for our operational and business purposes. Although most of this information is of a business nature, it may include data of a personal nature, mainly concerning the contact personnel of our client companies.
  • For the proper development of these financial intermediation services, the staff of Q-CMIM may have access to information and personal data contained in the files of our client companies. In these cases, Q-CMIM will undertake to maintain the confidentiality and security of such data, for which it will adhere to the necessary confidentiality commitments and external processing contracts.
  • Similarly, we will collect information, including personal data (mainly identification and contact), through our website, whenever the contact or information request mechanisms are used, and only for the action requested by the client, unless he/she expressly consents to use it for another purpose.
  • We also collect personal information from third parties, such as our partners, collaborators, service providers and publicly available websites, to provide services that we believe may be of interest to you and to help us maintain data accuracy and provide and improve services. In addition, our servers, logs and other technologies collect certain information automatically to help us administer, protect and improve our services, analyze usage and enhance the user experience.
  • Internally, Q-CMIM collects, stores and processes personal data of its employees and collaborators, necessary to maintain the labor relationship with the employees, and to comply with the legal obligations in the matter.

At Q-CMIM we are highly committed to the security of the information we handle, and to the fulfillment of the legal requirements that apply to us. In this sense, to ensure the confidentiality, availability and integrity of the information we handle (and, in particular, of personal data), as well as of the systems, networks, applications and databases used for its treatment, at Q-CMIM:

  • We periodically carry out risk assessments of the risks associated with information security and personal data protection, analyzing our risk situation and defining action plans accordingly.
  • An Information Security and Data Protection Policy has been defined and must be complied with by the different parties involved in the processing of information.
    • Procedures have been developed for Access Control, Systems and Communications Security, Incident and Security Violation Management, and Information Backup.
      • The necessary awareness and training actions have been developed to ensure compliance with these policies and procedures.

In the event that, as a user or affected party, you detect any security incident or breach, or any vulnerability that may be affected, Q-CMIM makes available to the affected parties the address info@cmim.euthrough which you can make any communication you consider appropriate or necessary to improve the security of our information and systems.


Q-CMIM has provided the necessary means to comply with the right to information and with the obtaining of consent in cases where it is necessary to ensure the lawfulness of the processing of personal data. At the time of obtaining or collecting the information, Q-CMIM undertakes to inform those affected about the identity of the person responsible, the purpose, possible communications or transfers, and the possibility of exercising the rights set out in the regulations.

Q-CMIM recognizes and guarantees the possibility of exercising the rights of access, rectification, cancellation, opposition, limitation of processing and portability, collected by the data protection regulations. You as a data subject or affected may:

      • RIGHT OF ACCESS: Obtain confirmation as to whether your data is being processed and if so, you have the right to access the following information regarding the processing of your data:
        • the purposes of the treatment;
        • the categories of personal data concerned;
        • the recipients or categories of recipients to whom personal data may be disclosed;
        • the expected retention period of the personal data 
        • the existence of the right to request rectification, erasure, opposition of data, or limitation of data processing 
        • the right to lodge a complaint with a supervisory authority;
        • where the personal data have not been obtained from the data subject, any available information on their source
        • the existence of automated decisions, including profiling and meaningful information about the logic applied, as well as the significance and expected consequences of such processing for the data subject.
        • Where personal data are transferred to a third country or to an international organization, the data subject shall have the right to be informed of the appropriate safeguards under Article 46 concerning the transfer.
      • RIGHT OF DELETION: Obtain the deletion of your data when any of the following circumstances occur (provided that the data does not meet any of the requirements set forth in the regulations: it is data of general interest, necessary for the fulfillment of a legal obligation, or to exercise the right of freedom of expression,...): 
        • the personal data are no longer necessary for the purpose for which they were collected
        • the data subject withdraws the consent given for the processing of the data;
        • the data subject objects to the processing and no other legitimate grounds for processing prevail
        • the personal data have been unlawfully processed;
        • the personal data must be deleted in order to comply with a legal obligation that may be established; 
      • RIGHT OF RECTIFICATION: To modify inaccurate, erroneous or incomplete data. 
      • RIGHT OF PORTABILITY: To receive from Q-CMIM personal data concerning him/her and to transmit them to another data controller when: 
        • the lawfulness of the processing is based on the data subject's consent or on the performance of a contract 
        • the processing is carried out by automated means. 
      • RIGHT TO OPPOSE: To oppose the processing of personal data concerning him/her based on the fulfillment of purposes of public interest or legitimate interest for the data controller.
      • RIGHT OF LIMITATION OF PROCESSING: Obtain from the data controller the limitation of data processing when any of the following conditions are met: 
        • the data subject challenges the accuracy of the personal data, for a period of time that allows the data controller to verify the accuracy of the data; 
        • the processing is unlawful and the data subject objects to the deletion of the personal data and requests instead the restriction of their use; 
        • the controller no longer needs the personal data for the purposes of the processing, but the data subject needs them for the formulation, exercise or defense of claims; 
        • the data subject has objected to the processing by virtue of the right of objection

For the exercise of these rights, Q-CMIM has enabled the following e-mail address e-mail:, through which you can contact the organization to request the exercise of the rights recognized by the regulations. Similarly, these may be exercised through the postal address indicated in the first paragraph.

For a proper exercise of these rights, we urge you to use as a reference the templates and models for the exercise of the rights that can be found on the web page of the Data Protection Agency. (

In addition, we inform you of the possibility, in case you consider that your rights have been violated, or that we have not acted adequately with respect to the requests for rights that you may have made, to file the corresponding claim before the Data Protection Agency, being able to contact the same through the electronic office accessible from your web page (


As a general rule, from Q-CMIM we only communicate personal data to third parties, or provide them with access to the same, in the cases necessary to develop an adequate provision of the requested service, to comply with legal, fiscal and corporate obligations, or for the development of certain processes or activities of the organization in an outsourced manner (Access to Data on Behalf of Third Parties).

In particular, we carry out communications and exchanges of information with banking entities, based on the services rendered, to manage the collection and billing of the services rendered, the management of payments to service providers, or in compliance with legal, tax and public duty requirements. Likewise, in compliance with these public duties, communications are made to other government agencies, such as the Social Security or the Tax Administration.

On the other hand, in Q-CMIM we establish agreements, alliances or collaborations with other entities that provide us with certain services or collaborate in the development of certain activities, being able to have access to the personal data we manage. This is the case, for example, of tax and labor consultants who are granted access to the personal data of our employees for the management of payroll, compliance with public duties, or prevention of occupational hazards.

In addition, we have certain outsourced services on which we rely for the provision and development of our services. This is mainly the case of external housing or web hosting services. For the provision of these services, the corresponding external processing contracts have been signed, ensuring compliance with regulatory requirements. It may be the case that these services are provided or require the intervention of entities or systems hosted in third countries. From Q-CMIM we ensure that, in cases where international data transfers are required, these are made to countries that accredit a level of security comparable to that of European regulations. In this sense, we will consider the adequacy decisions of the European Data Protection Committee, or, failing that, certificates, corporate standards, contractual clauses or any other recognized mechanism that proves an adequate level of protection.


As a general rule, in Q-CMIM we only keep the information and personal data for the time necessary to fulfill the purpose for which the data were obtained, as well as to meet possible claims or liabilities arising as a result of the processing of data. In general, once the service has been provided, the data will be blocked and no further processing will be carried out beyond keeping them at the disposal of the Public Administrations, Judges and Courts, for the attention of possible liabilities arising from the processing, during the period of limitation of these, after which the cancellation must be carried out. On the other hand, to determine the data retention periods, Q-CMIM takes into account local laws, contractual obligations and the expectations and requirements of our customers. When we no longer need personal information, we securely delete or destroy it.

Scroll to Top