Category: Business

The management of Limited Liability Companies in Spain

The management of Limited Liability Companies in Spain

Applicable Law

The organic power of representation of a Spanish Limited Liability Company (“Sociedad Limitada or S.L.) is regulated in: RDLeg. 1/2010 de 2 de Jul (TR. de la Ley de Sociedades de Capital), the Spanish law on companies. It concerns the management of Limited Liability Companies in Spain.

Director(s)

The power of representation of a company before third parties and the capacity of making decisions relating to the management of the company resides with the directors. The difference of the management body compared to the shareholders is that the former is a permanent body.

Bylaws

The bylaws should decide on how the company is to be managed and on how the management maybe composed. The bylaws can foresee the following possibilities:

  • A sole director, who will have the power to manage and represent the company;
  • Two or more directors who both, separately, have the power to manage and represent the company;
  • Two or more directors who jointly have the power to manage and represent the company. Jointly may mean at least two together. It does not necessarily mean all of them together;
  • Board of Directors. In this case the Board as a whole has the power to manage and represent the company. However the bylaws will often designate a few Board members to be able to manage and represent the company on their own (either separately or jointly). The Board shall consist of 3 to 12 members. The bylaws will also determine how decisions can be validly adopted, how meetings are to be organized, announced. Its decisions are to be recorded in a ledger and signed by the President and secretary of the board.

In order to be valid, management and decisions should always be taken within the scope of the social purpose of the company.

The bylaws may record the different modes of management as previously mentioned and the shareholder(s) may decide to change the mode of management without having to modify the bylaws.

Not all people or companies can be directors or board members. There are certain criteria that need to be met.

The director´s position is not remunerated unless the bylaws determine differently.

Directors have different duties towards the company they represent. A few of them are:

  • Obligation of loyalty;
  • Obligation of diligence.

Directors are responsible towards the company for the management and actions and omissions that caused damage to the company.

Contact

Would you like to know more about the management of Limited Liability Companies in Spain? Contact us at jschoevers@businessadvicespain (Jochem Schoevers is a Spanish lawyer with Dutch nationality) or dial direct 0034 610 739 364 if you would like to discuss what could be the adequate form of governance for your company.

COVID Furlough ERTE Spain Update

COVID Furlough ERTE Spain Update

COVID Furlough ERTE Spain Update

During this COVID crisis companies in Spain of all sectors and sizes are turning to furlough or ERTE procedures (“Temporary Employment Regulation Files” or furloughs) to face the situation. Almost four million employees got furloughed under these procedures until the first half of April according to data released by the Spanish Government. This post provides an Update on the COVID Furlough ERTE Spain procedures.

Through an ERTE the company suspends the employee’s employment contract or reduces his workday (with the subsequent proportional salary cut) because of force majeure or for economic, technical, organizational or production reasons. The employee is not fired, but the employment contract is temporarily suspended, i.e. furloughed.

How does that affect the employee? How much and when will he earn? Will he be entitled to vacation? Here are some questions and answers for those affected, employers and employees alike.

We adressed furloughs and ERTEs in earlier posts here and here.

Continue reading “COVID Furlough ERTE Spain Update”

Spanish tax benefits for pilots

Spanish tax benefits for pilots

Pilots in the broadest sense

People resident in Spain having an employment relationship with a company not resident in Spain could enjoy an exemption of up to €60,100. Most commonly referred to as Spanish tax benefits for pilots, as these professionals seem to use this regime the most. The exemption and its conditions were confirmed in the binding consultation issued by the tax authorities. The authorities issued the consultation in respect of a professional motor cyclist (in Spanish also a “piloto” or pilot). Continue reading “Spanish tax benefits for pilots”

ERTE Furlough COVID19 Spain

ERTE Furlough COVID19 Spain

The Temporary Suspension of Employment (or “ERTE” abbreviated in Spanish or furlough in English) procedure has been the tool of choice to suspend employment quickly during the Covid19 crisis in Spain. We published an earlier post explaining the ERTE procedure. In this post we provide an update on the situation the furloughs are provoking. After the first Royal Decree that provided for furloughs or ERTEs in its articles 22 (ERTE because of Forece Majeur) and article 23 (ERTE because of economical, technical, organisational and productional causes), a second Decree was issued. The second Decree contains amongst others complimentary measures to facilitate the processing of ERTEs and unemployment benefits that are due during the furlough.

Update on 2 April 2020

According to the Spanish government 620,000 workers have been suspended by Spanish companies from work since the COVID19 crisis began. Sindicates however estimate that more than 1,8 million workers are affected by furloughs. We wrote more on furlough here and here.

Continue reading “ERTE Furlough COVID19 Spain”

COVID19 Limitations on foreign investment in Spain

COVID19 Limitations on foreign investment in Spain

The Covid19 crisis has provoked various countries, amongst which Spain, to put in place limitations on foreign investments in Spain. In other words the liberalization of the foreign investment regime is suspended until further notice.

Spain

The Spanish government requires to previously authorise the following investments that are: 1) foreign and 2) direct investments in Spain and in 3) strategic sectors.

Under “foreign” is understood coming from residents outside the European Union or European Free Trade Association (EFTA) region.

Under direct investments is understood: 1) acquire more than 10% of the shareholding and or 2) obtain the right to partcipate in management.

Affected Sectors

The strategic sectors are: Continue reading “COVID19 Limitations on foreign investment in Spain”

ERTE – Temporary Suspension of Employment

ERTE – Temporary Suspension of Employment

(This article was updated here and here) Due to the Corona virus crisis, many Spanish companies (think of airlines, hotels, restaurants, leisure sectors) are now proceeding to suspending employment temporarily. The so called ERTE, or Temporary Suspension of Employment procedure allows employers to suspend work or reduce working hours in case of Force Majeur (the Spanish Ministry of Labor has qualified the Covid19 crisis as such). This procedure is not to be confused with the so called ERE, which has a definitive character, i.e. the employment finishes. In the UK a similar procedure is furlough. Continue reading “ERTE – Temporary Suspension of Employment”

Soft Landing and the Beckham law in Spain

Soft Landing and the Beckham law in Spain

A Spanish non resident tax law

This article is about our soft landing services in combination with the application of Beckham´s law in Spain. In 2005 Spain adopted the Beckham law. Its purpose was to offer a mild tax climate to attract talented and highly skilled foreign physical persons in order to further internationalize and increase competitiveness of Spanish companies. The law got its nick name after David Beckham who transferred in 2003 from Manchester United in England to go and play for Real Madrid in Spain. His transfer fee amounted to 37,5 million Euro and his salary was said to be 17 million GBP per year. He was supposedly one of the first to apply for this special tax regime and benefit from it.

Eligibility

To be eligible for its application one needs to comply with the following: Continue reading “Soft Landing and the Beckham law in Spain”

Soft Landing Services in Spain

Soft Landing Services in Spain

Business Advice Spain has specialized in so called “soft landing” services in Spain. It concerns services that help foreign companies and individuals to establish themselves in Spain. Often a company is already doing business in Spain buts has identified the need, or the wish, to establish and grow. How to go about that?

Soft Landing Services

Generally these services consist of accounting/ tax, legal and employment & payroll. A client needs to register its presence in Spain; It will have to declare taxes and carry on accounting. In what corporate form will the company do that? That “form” might need to be legally incorporated before a notary and registered in the Companies Registry. It needs a registered address and a director or board. Then that company need to employ personnel or freelance contractors and pay them through pay roll or invoices. Continue reading “Soft Landing Services in Spain”

Brexit Spain Reciprocity Citizens rights

Brexit Spain Reciprocity Citizens rights

Brexit is looming and things are getting serious. In this article: “Brexit Spain Reciprocity Citizens” it is set out that Spain threatens to prejudice the rights of UK citizens resident in Spain, if the UK doesn’t treat Spanish citizens resident in the UK in the same way. The principle of reciprocity: “You will do the same to me as I do to you”.

Decree Law for English residents in Spain

Spain has adopted a Decree Law which is to guarantee the rights of the English citizens in Spain after a “hard” Brexit. It however points out that the UK hasn’t done the same as yet, adopting the measures fro Spanish residents into law. That will have to be the case in order for Spain to apply the Decree Law to its English residents. On October 1st the representatives of the countries will meet again to “dot the Is”.

Numbers

However there are far more British (365K) living in Spain than there are Spanish (108K) living in Britain.

Registered British citizens resident in Spain – Source INE 1 January 2019 – provisional data.

Continue reading “Brexit Spain Reciprocity Citizens rights”

FACEAPP & THE TERRITORIAL SCOPE OF GDPR

FACEAPP & THE TERRITORIAL SCOPE OF GDPR

Faceapp

Faceapp has been all over the news recently. The app has been around for a couple of years, but has gained sudden popularity over the last few weeks. With the popularity came the privacy concerns. The company behind Faceapp is based in Russia, or at least so it seems. It however subjects its terms to Californian law and chooses that state as venue for dispute resolution. How will European Data Protection Autorities (DPA) react to Russia based Faceapp & the territorial scope of GDPR.

Faceapp

Russia

Our question is how the EU regulators or the European Data Protection Board (EDPB) will deal with this (Russian) app? The governing body has elaborated on the territorial scope of GDPR and in our opinion this app would qualify to fall within that scope. It seems that Faceapp has all the intention to provide services to European citizens and that it places cookies on their browsers to monitor behavior.

The result would be that it needs to comply with GDPR and if it doesn’t it may be subject to disciplinary powers (including fines) of data protection agencies (“DPAs”).

Paper Tiger

How will European DPA´s enforce any action that it may take against this app and all other apps (or services providers) that fall within the scope of GDPR but are located in countries where enforcement is difficult? If the DPA´s do not take any action, how will that look when other companies do get fined and enforced over similar offences. The GDPR runs the risk that it will become a paper tiger for these kinds of cases.

Contact

If you are interested to know more about the material and or territorial scope of the GDPR and if your activities would fall within that scope and if so, what you should be complying with. Do contact us for further information and counsel or call +34 610 739 364.

No-deal Brexit and Data Transfers. The EDPB issues a note of guidance.

No-deal Brexit and Data Transfers. The EDPB issues a note of guidance.

The European Data Protection Board (“EDPB”) has issued a note on how to approach overseas personal data transfers with the United Kingdom in case there would be a no-deal Brexit.

No- Deal Brexit

First of all what is understood under a no-deal Brexit? We explained that in our earlier post: what “a hard Brexit” actually meant. In short: if the UK and the European Union do not reach a Withdrawal Agreement before the 29 March 2019. There will be no transition period for the UK to leave the European Union in an orderly fashion. The UK will leave the EU with all current trading and regulatory links ending immediately as it departs.

EDPB on Data Transfers in case of a No- Deal Brexit

The EDPB distinguishes two possible transfers, those from the EEA (European Economic Area) to the UK and transfers from the UK to the EEA. Where it must be noted that if there is no deal, the EDPB does not have any authority over what the UK government decides with respect to the personal data of its citizens.

The start date for possible safeguards to be in place is 30 March at 00.00 AM.

Data Transfers to The United Kingdom

In case of a no deal, the transfer can only be made under (one of) the following safeguards:

– Standard or ad hoc Data Protection Clauses;
– Binding Corporate Rules;
– Codes of Conduct and Certification Mechanisms;
– Derogations (which can only be used of none of the above are in place).

If you haven´t got any safeguards in place yet, the most likely to use are the Standard Contractual Clauses. Those clauses cannot be negotiated and are therefore very quick and easy to apply.

The rest of the options are, although valid, more time consuming and it is doubtful that you will have these in place on time. However you can rely on these safeguards if you already had them in place.

Derogations are described in article 49 GDPR (the General Data Protection Regulation) and can be used if you don´t have other safeguards in place. But the issue with derogations is that they can only be used for punctual, non repetitive, transfers.

Preparation data transfers to the UK in case of a no- deal

The EDPB has identified five steps organisations should follow if the transfer to the UK:

  1. identify what data processing involves a transfer to the UK;
  2. determine the appropriate safeguard (which at this moment in time will probably be the Standard Contractual Clauses);
  3. Implement that safeguard before the 30 of March (13 working days to go);
  4. Update your internal documents and privacy notice to inform your Data Subjects.

Data Transfers from the UK

It is up to the UK government to decide on what measures should be taken when transferring personal data to the EEA. At the moment transfers may be effectuated as previously when the UK was still a member of the Union.

The entire note can be found here: EDPB on Data Transfers in case No-Deal Brexit.

If you would like to discuss what our Data Protection Officers can do for you, please contact us.

Territorial scope of GDPR –  Representative or DPO?

Territorial scope of GDPR – Representative or DPO?

Territorial scope of GDPR. Representative or DPO? We help answering that question for many of our clients. It is an important one because of the considerable fines that maybe imposed if a company gets it wrong.

Article 3 of GDPR sets out the territorial scope of the Regulation:

  • If the processing of personal data takes place in the context of the activities of an establishment or organization in the EU, regardless of whether the processing itself takes place in the EU.
  • If the personal data of individuals who are in the EU is processed by an organization not established in the EU and the processing concerns the offering of goods or services to individuals in the EU, or  monitoring the behavior of individuals that takes place in the EU.

In November 2018, the European Data Protection Board (the “EDPB”) issued guidelines on the territorial scope of General Data Protection Regulation. According to the EDPB, this new scope represents a significant evolution of the EU data protection law compared to the framework defined by the old Directive.

For example, if your company is not caught under the establishment principle of 3.1 GDPR it still mighty fall within the extraterritorial reach of 3.2 GDPR. Therefore your company will have to appoint a representative in the EU.

In practice, the function of representative in the Union can be exercised based on a service contract concluded with an individual or an organisation. It can therefore be assumed by a wide range of
commercial and non-commercial entities, such as law firms and consultancies. Such entities however need to be established in the European Union. A representative can also act on behalf of several non-EU controllers and processors.

It is interesting to note that the representative is different from the data protection officer. The first should have a written mandate to represent the company. The second should be in a position to perform their duties and tasks in an independent manner.

Representative or DPO? We serve as the data protection officer for various of our clients. And we are also the representative for another set of clients. Please contact us if you would like information on the various possibilities we offer.

The new Spanish Data Protection Act 2018

The new Spanish Data Protection Act 2018

In November 2018 Spanish Parliament adopted the new data protection act with a 93% positive vote. It adapts the Spanish legal framework to the General Data Protection Regulation and develops its topics.

The Spanish Data Protection Agency issued a press release on the contents of the new Act. It further regulates issues like the rights of data subjects. For example it demands that the means to exercise such rights are easy to access.

It also regulates in more detail the right to be forgotten, for example, there is no obligation to suppress such data when they had been obtained through a third person who processed them for domestic or personal activities.

If you would like to know more, please contact us.

Almost 60,000 Data Breaches since May 2018

Almost 60,000 Data Breaches since May 2018

Almost 60,000 Data Breaches Reported since GDPR Implementation in May 2018

In the Netherlands 15,400 data breaches have been reported up to 29 January 2019; in  Germany – 12,600; in the UK 10,600; and in Spain 670(!).

To date, 91 reported fines have been imposed under the new GDPR regime. The highest GDPR fine imposed to date is €50 million, by the CNIL to Google, notably not relating to a personal data breaches.

Many organizations have taken notice the new breach notification rules, no doubt in part due to concerns about the high sanctions for not notifying. It has lead to more than 59,000 personal data breaches being notified across Europe in the eight months since GDPR’s introduction. Not notifying data breaches has become a risky strategy under GDPR.

If you want to understand all about data breaches and or need a DPO, contact us, here.

The study was performed by DLA and can be found here.

Brexit – what does “hard Brexit” actually mean?

Brexit – what does “hard Brexit” actually mean?

Background

The UK triggered Article 50 of the Treaty of the European Union on 29 March 2017.

As set out under that treaty, the UK has two years to negotiate a Withdrawal Agreement and framework for a future relationship with the EU before the point of the UK’s exit from the EU at 11pm GMT on 29 March 2019.

The EU and the UK have agreed a draft of this withdrawal agreement, but Theresa May faces big problems getting approval from the House of Commons for it.

Hard Brexit

A no deal scenario is one where the UK leaves the EU and becomes a third country at 11pm GMT on 29 March 2019 without a Withdrawal Agreement and framework for a future relationship in place between the UK and the EU.

In a no deal scenario there would therefore be no agreement to apply any of the elements of the Withdrawal Agreement described above. As such there will be no transition period and the UK will crash out of the EU at 11pm GMT on 29 March 2019, with all current trading and regulatory links with the EU ending immediately as it departs. This could be chaotic and carry a considerable risk for for the UK  and EU member states.

Contact us if you would like to discuss what Brexit scenarios might impact you.

Art. 27 GDPR – Representatives of companies not established in the Union

Art. 27 GDPR – Representatives of companies not established in the Union

Do I need a representative?

For many companies outside of the European Union it is not clear whether they need to appoint a representative for data protection purposes.

You will NOT need to fulfill this requirement when:

  1. processing which is occasional, and does not include, on a large scale, processing of special categories of data as referred to in Article 9(1) or processing of personal data relating to criminal convictions and offences referred to in Article 10 And is unlikely to result in a risk to the rights and freedoms of natural persons, taking into account the nature, context, scope and purposes of the processing; or
  2. you are a public authority or body.

If you concluded that you do need to appoint a representative and you would like that to be an experienced firm in data protection matters, do contact us. We can be your representative in the EU.

Tasks of the representative

The representative shall be established in one of the Member States where the data subjects, whose personal data are processed in relation to the offering of goods or services to them, or whose behavior is monitored, are.

The representative shall be mandated by the foreign company to act as contact point for supervisory authorities and data subjects. And for all issues related to processing for the purposes of ensuring compliance with this Regulation.

The designation of a representative by the company shall be without prejudice to legal actions which could be initiated against the company itself.

Contact us if you would like to discuss whether you need a representative.

The Data Protection Officer (“DPO”). Do you need one?

The Data Protection Officer (“DPO”). Do you need one?

Article 37 of the General Data Protection Regulation entails:

If your company processes special (i.e. health data, religious data, racial data, criminal offences, etc) categories of information on a large scale you must appoint one and communicate the details of that Officer to the authorities. Article 37 of the General Regulation of Data Protection lays down under what conditions exactly you need to appoint a DPO.

You may appoint an external data protection officer. That data protection officer can work on the basis of a free lance contract. If you would like the discuss the possibility of us becoming your DPO, do contact us. We are the DPO´s for healthcare  and insurance companies and as such have experience in the protection of special categories of sensitive data.

The contractual relationship between Processor and Controller

The contractual relationship between Processor and Controller

The General Data Protection Regulation (“GDPR”) establishes in its article 28 the rules around the “Processor”. The Processor processes Personal Data on behalf of the Controller.

The Controller has a duty of diligence when selecting the Processor and has to be able to prove it has been diligent in its choosing. It should, logically, only select a Processor that is able to guarantee compliance with GDPR.

The Processor should not subcontract without the written permission of the Controller. This because it is the Controller who is firstly responsible/ liable for the processing done by the Processor and its subcontractors.

The relationship between Controller and Processor should be governed by a contract which details the following obligations for the processor:

  • processes the personal data only on documented instructions from the controller, including with regard to transfers of personal data to a third country or an international organisation, unless required to do so by Union or Member State law to which the processor is subject; in such a case, the processor shall inform the controller of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest;
  • ensures that persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;
  • takes all security measures required pursuant to Article 32 GDPR;
  • respects the conditions referred to in paragraphs 2 and 4 for engaging another processor;
  • taking into account the nature of the processing, assists the controller by appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the controller’s obligation to respond to requests for exercising the data subject’s rights;
  • assists the controller in ensuring compliance with the obligations pursuant to Articles 32 to 36 taking into account the nature of processing and the information available to the processor;
  • at the choice of the controller, deletes or returns all the personal data to the controller after the end of the provision of services relating to processing, and deletes existing copies unless Union or Member State law requires storage of the personal data;
  • makes available to the controller all information necessary to demonstrate compliance with the obligations laid down in article 28 of GDPR and allow for and contribute to audits, including inspections, conducted by the controller or another auditor mandated by the controller.

If a subcontractor is engaged by the Processor, the contract between them shall have the same clauses as between Controller and Processor.

The Processor shall be fully liable for its subcontractors.

If the Processor has “official” (quality) certifications or adheres otherwise to an approved code of conduct as mentioned in article 40 GDPR, it will count towards a positive judgment whether the controller has done its due diligence when selecting.

Please bear in mind that this is just a summary of the clause(s) that affect the processor and controller under GDPR. We can help you to determine whether you are a Controller, processor or both and we can help draft and or review legal clauses that govern these relationships.

Contact us.

Data breach – the obligation to inform the authorities

Data breach – the obligation to inform the authorities

If the General Data Protection Regulation (“GDPR”) is applicable to you, as of 25 May 2018 you will be obliged to inform the relevant authorities within 72 hours as of becoming aware of a data breach that you committed or your data processors on your behalf, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons.

These notification must include:

  • description of the nature of the personal data breach including where possible, the categories and approximate number of data subjects concerned and the categories and approximate number of personal data records concerned;
  • communicate the name and contact details of the data protection officer or other contact point where more information can be obtained;
  • describe the likely consequences of the personal data breach;
  • describe the measures taken or proposed to be taken by the controller to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects.

Where the notification to the supervisory authority is not made within 72 hours, it shall be accompanied by reasons for the delay.

Contact us if you would like us to consult us, perform an audit with respect this new obligation, or see if the GDPR applies to your business. We will be glad to be of help.

GDPR, the legal obligation to inform your customer.

GDPR, the legal obligation to inform your customer.

The General Data Protection Regulation is about to come into force on the 28th of May 2018. We are getting a lot of requests for advice and notice that although companies are willing to comply, a lot of new details are generally not known. For example: you become are aware that you had a data breach. Do you tell the person affected? Or do you have the legal obligation to inform your customer?

Yes, when: 

  1. When the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons*, the controller shall communicate the personal data breach to the data subject without undue delay.

And the notification shall describe in clear and plain language the nature of the personal data breach and contain at least the following information and measures:

  • communicate the name and contact details of the data protection officer or other contact point where more information can be obtained;
  • describe the likely consequences of the personal data breach;
  • describe the measures taken or proposed to be taken by the controller to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects.

No, when: any of the following conditions are met:

  1. the controller has implemented appropriate technical and organisational protection measures, and those measures were applied to the personal data affected by the personal data breach, in particular those that render the personal data unintelligible to any person who is not authorised to access it, such as encryption;
  2. the controller has taken subsequent measures which ensure that the high risk to the rights and freedoms of data subjects referred to in paragraph 1 is no longer likely to materialise;
  3. it would involve disproportionate effort. In such a case, there shall instead be a public communication or similar measure whereby the data subjects are informed in an equally effective manner.

* These are (high) risks to the rights and freedoms of natural persons: The risk to the rights and freedoms of natural persons, of varying likelihood and severity, may result from personal data processing which could lead to physical, material or non-material damage, in particular: where the processing may give rise to discrimination, identity theft or fraud, financial loss, damage to the reputation, loss of confidentiality of personal data protected by professional secrecy, unauthorised reversal of pseudonymisation, or any other significant economic or social disadvantage; where data subjects might be deprived of their rights and freedoms or prevented from exercising control over their personal data; where personal data are processed which reveal racial or ethnic origin, political opinions, religion or philosophical beliefs, trade union membership, and the processing of genetic data, data concerning health or data concerning sex life or criminal convictions and offences or related security measures; where personal aspects are evaluated, in particular analysing or predicting aspects concerning performance at work, economic situation, health, personal preferences or interests, reliability or behaviour, location or movements, in order to create or use personal profiles; where personal data of vulnerable natural persons, in particular of children, are processed; or where processing involves a large amount of personal data and affects a large number of data subjects.

Are you ready?!

Do contact us if you would like more information on the subject. Business Advice Spain is highly experienced in Data Protection matters. It has helped American companies for the last 15 years establish themselves in Europe.

Establishing a Rep Office in Spain

Establishing a Rep Office in Spain

Activities of a representative office

Many American companies have doubts on whether a Representative office would be a good corporate legal form to start business in Spain. And how to establish it. A representative office is a fixed place of business set up by a foreign company. The Rep Office only pursues marketing or informational activities related to commercial matters but doesn’t  do any actual business in Spain. Of course there are alternatives to the Rep Office and all have their pros and cons.

Requisites for a Rep Office:

  1. Representative offices do not have separate legal personality from their parent;
  2. The nonresident company is liable for all debts assumed by the representative office;
  3. Representative offices are considered permanent establishments for tax purposes.
  4. Representative offices cannot themselves conduct commercial transactions;
  5. In general, no commercial requirements need to be met for a representative office to be opened, although mainly for tax, employment and social security purposes a public deed (or document executed before a foreign notary public, duly legalized with the Hague Apostille or any other applicable form of legalization) may have to be executed, recording the opening of the representative office, the allocation of funds, the identity of the tax representative (an individual or legal entity resident in Spain) and its powers.
  6. Representative offices need not be recorded at the Commercial Registry;
  7. Representative offices have no formal directors or managing bodies; the representative of each office performs the activities of the representative office by virtue of the powers granted to that representative.

It is a simple form, set up quickly without having to comply with too many legal formalities and allows investors to obtain all kinds of information on which they can base their investment decision.

A representative office serves the purpose for conducting market and competition research before investing or for example negotiating the acquisition of a local company.

Do contact us if you would like more information on the subject. Business Advice Spain is highly experienced in overseas Corporate matters. It has helped American companies for the last 15 years establish themselves in Europe.

Heineken sells Beer & Food, including Cruz Blanca, Gambrinus and the Carl´s Jr franchise

Heineken sells Beer & Food, including Cruz Blanca, Gambrinus and the Carl´s Jr franchise

Abac Capital acquires Heineken´s Beer & Food portfolio in Spain. Beer & Food was the brewer´s on trade division that included brands as Gambrinus, Indalo Tapas, La Chelinda and the Official Irish Pub and has approximately 400 outlets throughout Spain. Although the purchase price hasn´t been revealed it is said that the deal was worth more than 50 million Euro. With the spin off Heineken regains its focus on selling beer and Abac is following into the footsteps of other venture capitalists that have acquired food and drinks companies.

Would you like to discuss franchising in Spain, please do contact us.

Spain´s ex president Aznar leaves DLA Piper

Spain´s ex president Aznar leaves DLA Piper

Spain´s ex president Aznar, leaves DLA Piper. Aznar who studied law at Madrid´s Complutense university was a senior advisor for Latin America to the firm´s global committee.

Big question apparently is whether he will follow his good friend Juan Picón, who left DLA Piper earlier to move to Latham Watkins, another (american) firm in Madrid, to become its managing partner.

BAS collaborates with a network of (international) law firms in order to be of service wherever you need it. Please contact us to discuss options.

 

 

GDPR – Rules for Privacy Policies

GDPR – Rules for Privacy Policies

The GDPR has set a couple of new rules for privacy policies. One of those conditions is a necessary mention that data subjects (the people whose personal data is being processed) can seek support from their local data protection authority when dealing with a data controller or processor who is not being helpful when a data subject asserts his rights with respect to the processing of his personal data.

Contact us if you would like us to review your data protection policy and make it compliant with the GDPR. We have vast experience in data protection matters. When it comes to American companies we have more than 15 years of experience in helping them establishing in Europe.

 

International transfers breaches fines

International transfers breaches fines

Transfers of personal data to third countries outside the EU are only permitted where the conditions laid down in General Data Protection Regulation are met.

In contrast to the current regime where sanctions for breaching transfer restrictions are limited, failure to comply with GDPR’s transfer requirements attract the highest category of fines of up to 20 million Euros or in the case of undertakings up to 4% of annual worldwide turnover.

If you would like to understand the grounds and mechanisms that allow you to transfer personal data to countries that do not offer adequate protection, please do contact us. When it comes to American companies we have more than 15 years of experience in helping them establishing in Europe.

Non EU companies should appoint a DPO in Europe

Non EU companies should appoint a DPO in Europe

The new General Data Protection Regulation (“GDPR”) that will come into force in May 2018 requires companies that the accessibility of the Data Protection Officer (“DPO”) should be effective for Data Subjects and other players. To ensure that the DPO is accessible, the Working Party 29 (the cluster of European data protection authorities) recommends that the DPO be located within the European Union, whether or not the controller or the processor is established in the European Union. However, it cannot be excluded that, in some situations where the controller or the processor has no establishment within the European Union 25, a DPO may be able to carry out his or her activities more effectively if located outside the EU.  You may appoint an external company to be your Data Protection Officer. We can become your DPO and/ or help you find one.

Contact us if you would like us to review your data protection policy and make it compliant with the GDPR. We have vast experience in data protection matters. And when it comes to American companies we have more than 15 years of experience in helping them establishing in Europe.

Germany and The Netherlands, leaders in data protection in Europe

Germany and The Netherlands, leaders in data protection in Europe

The Netherlands leads with reporting requirements on data leaks

Germany and The Netherlands are the leaders in data protection in Europe. It means they are the front-runners in terms of reporting requirements on data leaks, Privacy Impact Assessments (an instrument for determining privacy risks of data processing in advance – PIA), the societal debate and information campaigns. The budgets, staffing levels and powers of the supervisory authority (the Personal Data Authority) to impose fines are in line with European norms. The supervisory authority is a familiar institution among Dutch people. If you would like further information on Data Protection in Spain or throughout Europe, we can help. Leiden University, the oldest in The Netherlands, investigated 8 European countries on these topics.

Contact us if you would like us to review your data protection policies and make them compliant with the GDPR. We have vast experience in data protection matters. When it comes to American companies we have more than 15 years of experience in helping them establishing in Europe.

 

Reverse charge mechanism for VAT within Europe

Reverse charge mechanism for VAT within Europe

Principle:

If a company in a certain member state renders services to another company in another member state, instead of the receiving company paying VAT on the received services, it has to withhold the VAT and pay it in its own country. The invoice it receives from the company that rendered the services should mention that the invoice is subject to the reverse charge mechanism and therefore no VAT is charged. The receiver has to withhold and pay the VAT in its own country at the rate of the receiver´s country. That is different from what one would normally expect when the company that renders the service issues an invoice with VAT.

We come into play

Contact us if you would like us to review your tax situation. We have vast experience in overseas tax matters for american companies. When it comes to American companies we have more than 15 years of experience in helping them establish in Europe.

In need of a Spanish or international contract?

In need of a Spanish or international contract?

A wide variety of contracts, including franchising, distribution, agency, lease, sale, employment, executive, free lance, real estate, rental, shareholder and consultancy agreements have been drafted and reviewed by our lawyers over time.

 

B.A.S. adds value in your contractual stages as it quickly grasps your needs, understands perfectly your language and works efficiently to getting you a neat contract that will allow you to get the deal done quickly. Contact us for any kind of issue and lets discuss how we can help. Our lawyers will assist you with a quick, business and no nonsense approach.

Board or joint and several directors?

Board or joint and several directors?

Foreign companies often ask what the best form of governance/ management is for their subsidiary in Spain. A “Board of Directors or joint and several directors of a limited liability company in Spain?” Of course this depends on the trust relationship the mother company (the shareholder) has with the management of the Spanish company. Most efficient would be the joint and several director system, that director will be able to manage most the daily business of the Spanish company without having to recur to other directors (in case there are more directors. In case there is only one, it would be a “sole director” automatically having the same faculties as a joint and several director). The same can however be achieved through a board of directors appointing from their midst a managing director (a “consejero delegado” established in article 249.2 of the Spanish “Ley de Sociedades de Capital” – Law of Capital Companies). Sometimes the impression is created that a board of directors guarantees more control over the operations of the Spanish sub. That is not necessarily true.

We have set up and worked with many Boards of Directors and or joint and several directors, or sole directors. Feel free to contact us to discuss what a suitable governance body would be for your subsidiary company in Spain. It all depends on the circumstances.

You may appoint foreign directors (individuals or companies) without any problem, they will need a Spanish tax number though. A so called Numero de Identificación Fiscal (a “NIF”) and in case of foreigners, a NIE, a Numero de Identificación de Extranjeros. We can help in obtaining that number.

Next time you ask yourself, Board or joint and several directors? Contact us or dial direct 0034 610 739 364 if you would like to discuss what could be the adequate form of governance for your company. Also see this article.

The use of Data Breach and other Data Protection Policies

The use of Data Breach and other Data Protection Policies

Background

It could happen to anyone a leak, a hack or a loss in their personal data storage system which imposes a risk to the rights and freedoms of natural persons. But how to react to a breach? Although probably everybody advocates transparency in data processing, the majority of reactions to such a breach is to try and hide it. the Equifax case shows that once again. The obligation to report and fines will come into force on May 25, 2018 under the General Data Protection Regulation of the European Union. Data breach and other data protection policies can help counter such issues.

The use of policies

Policies and procedures in general help to identify and to react to situations where action is needed. Once you have a policy, you can make your employees aware and train on how to react, and to resolve or escalate the issues. If you need help defining your personal data breach reporting policy, whistle blowing policy or need to understand when to report and to whom, we will be glad to be of assistance. 

Do contact us if you would like more information on the subject. Business Advice Spain is highly experienced in Data Protection matters. It has helped American companies for the last 15 years establish themselves in Europe.

In need of an N.I.E. or a C.I.F.? We can help you

In need of an N.I.E. or a C.I.F.? We can help you

Do you need a In need of an N.I.E. or a C.I.F.? We can help you, easily. Obtaining a (tax) identification number (N.I.E. is for physical persons and C.I.F. for companies) is often necessary for all kinds of  procedures in Spain. You will need one for example for buying real estate or starting a company. Let us help you getting it for reasonable fees and time frame.

Do contact us if you would like more information on the subject. Business Advice Spain is highly experienced in corporate and personal tax matters. It has helped American companies and its employees for the last 15 years establish themselves in Europe.