It also aims to comply with the General Regulation on the protection of personal data 2016/679 (hereinafter GDPR) and the Organic Law 3/2018 on the protection of personal data and guarantee of digital rights (hereinafter LOPDGDD).
IDENTIFICATION OF THE DATA CONTROLLER / INFORMATION SOCIETY SERVICE PROVIDER.
PROCESSING OF PERSONAL DATA
The personal identification and contact data that you have provided us, through our contact forms, email, etc., will be treated confidentially and only by personnel authorized by our entity.
All categories and types of personal data processed will be duly identified in the corresponding processing activities owned by our company.
PERSON IN CHARGE OF PERSONAL DATA PROCESSING
The owner of the site and responsible for data processing is Federica Iozzia, with NIE Y8525516M, to contact you you can use the email address firstname.lastname@example.org.
In general, the processing of personal data carried out by our company aims to maintain the relationship with different groups of people, such as our customers, suppliers, staff of our staff, job applicants, users of our website/blog or social networks and interested parties in general who contact our company through our web forms, email, telephone or in person.
Such treatment is intended to comply with the maintenance of the existing relationship with each group of people. Depending on this relationship, the treatment of your data obeys to different purposes as it may be to respond to requests for information, complaints, claims and others that proactively send us the interested parties, also to comply with our contractual, commercial, legal obligations or for the attention to the exercise of rights.
If you are a customer or supplier, your personal data will be processed for the sole purpose of maintaining the business, contractual or commercial relationship, either for the provision of services, for accounting and billing management, or other purposes to which we are obliged to fulfill such relationship.
We do not send advertising without the prior consent of the interested parties, except to our customers with a current relationship and always about services or products related to those already provided or purchased.
If you are a potential customer or an applicant for information, we will treat your data exclusively to fulfill your requests, including in our reply commercial information related to your request.
If you are a job applicant, we will process your data to include you in our selection processes and job vacancies.
The purposes that motivate the processing of personal data will be duly identified in the corresponding processing activities owned by our company.
The processing of your personal data by our company is carried out on the following legitimate bases:
The fulfillment of the commercial or contractual relationship with you, in case you are a customer, supplier or part of our staff.
To comply with our legal obligations.
In the event that the user is under 14 years of age, it will be necessary to have the consent of parents, guardians or legal representative, to treat their data.
The user is solely responsible for the accuracy of the data he/she sends us.
CONSERVATION OF DATA
The personal data provided will be kept for the time necessary to fulfill the purpose for which they are collected, for the time required by law and as long as necessary to purge possible liabilities arising from the treatments mentioned in the purposes.
In the case of job applications, they will be kept for a maximum period of 1 year or until the interested party asks us to delete their data.
We do not create profiles using your personal data, but if we do, we will inform you and ask for your prior permission to do so.
Likewise, you have the right to object to this type of processing at any time.
TRANSFER OF DATA
As a general rule, our company does not transfer personal data to third parties, although there may be cases where this is necessary:
If you are a customer or supplier, your personal data may be transferred to third party entities by legal obligation (e.g. Tax Agency), or in those cases and entities necessary to provide you with our services or pay invoices (e.g. banking entities).
Also, your personal data as a customer or supplier may be processed by certain suppliers to whom we delegate some of our obligations (e.g. accountants). All of them have committed, by means of a data processor contract, to comply with the same security measures implemented by our company, as well as to submit to the duty of secrecy and confidentiality of the personal data processed, among other obligations regarding the protection of personal data.
If you are a job applicant, your data may be transferred to other companies in our group, although we will request your authorization to do so.
If you are an information seeker or user of our website, your data will not be transferred to third parties, unless we are legally obliged to do so.
In case of transfers to other entities or to other countries outside the EEA, we will inform you and ask for your prior express consent.
Our company has implemented all the necessary technical and organizational measures to protect the personal data processed, avoiding its loss, theft or unauthorized use.
These measures have been created according to the type of data processed and the purposes for which it is processed. These are periodically verified in our internal controls of compliance with personal data protection regulations and by means of external audits.
DATA SUBJECTS’ RIGHTS
You have the right to know whether our entity is processing your personal data; therefore, you have the right to access your data, rectify it if it is inaccurate or request its deletion when the data is no longer necessary, provided that it is legally possible.
You can also exercise your right of opposition, limitation or portability if you deem it appropriate and to do so you can do so in writing by email to email@example.com, attaching a copy of your ID to provide identification.
If you wish to make any suggestion, complaint or query about the treatment that our company performs on your personal data, you can contact our data protection consultants:
Form of attention to the interested party
If the person who wishes to exercise his/her rights is under 14 years of age, he/she may do so through his/her parents, guardians or legal representative.
If you want to make a claim for understanding that your rights have been violated, you can do so before the Spanish Data Protection Agency, C/ Jorge Juan, 6, 28001 Madrid or at www.aepd.es.
COMMITMENT TO PERSONAL DATA PROTECTION
Scope of application
Our commitment to the protection of personal data will be mandatory for all departments, employees of our company and those acting on our behalf.
We have established protocols for the processing of personal data, in accordance with the provisions of European and Spanish regulations on data protection.
Lawfulness, Loyalty, Transparency, Minimization of data, Accuracy, Limitation of the conservation period, Integrity, Confidentiality and Active responsibility.
Special category of data
The processing of personal data revealing ethnic or racial origin, political opinions, religious or philosophical convictions, trade union membership, the processing of genetic or biometric data, data concerning health or data concerning sexual orientation is prohibited, except in the legally authorized exceptions and with the prior consent of the data subject.
Rights of data subjects
Data subjects shall have the right of access to their personal data, as well as the right to rectify them when they are inaccurate, to delete them when they are no longer necessary or when their processing is no longer desired, to limit them to certain processing, to have the possibility of receiving their data easily and in structured formats commonly used by the controller, as well as to have their data used for profiling purposes and to object to the processing at any time.
Register of Activities, Impact Assessment and Security Measures
Our company will keep a record of processing activities and analyze the purposes of processing, categories of data subjects and data, recipients, international transfers, storage periods, etc., in order to assess the risks of processing and implement the necessary security measures to ensure the confidentiality, integrity and availability of personal data.
We have also analyzed the need to prepare an Impact Assessment and appoint a Data Protection Delegate, establishing, if necessary, that the person appointed to this position has sufficient knowledge and experience in accordance with the provisions of current legislation.
We also have external consultants who monitor any publication made by the competent control bodies and other European and Spanish entities related to data protection regulations, in order to comply with these regulations at all times.
UPDATING OF THIS POLICY
Our entity reserves the right to modify this Policy without prior notice. Therefore, we recommend that you consult it every time you visit our website.