1. USER INFORMATION 

Who is responsible for the processing of your personal data?

Carla Maluenda Campos is responsible for the processing of the user’s personal data and informs you that these data will be processed in accordance with the provisions of Regulation (EU) 2016/679 of 27 April (GDPR) and the Organic Law 3/2018 of 5 December (LOPDGDD).

What type of data do we request and process?

Depending on the form or mode of obtaining your data, we always ask for the minimum necessary to fulfill the purposes detailed in each case.

What do we process your personal data for and why do we do it?

Depending on the form where we have obtained your personal data, we will treat them confidentially to achieve the purposes:

In the Contact form

• To respond to queries or any type of request made by the user through any of the contact methods made available on the website of the controller (for the legitimate interest of the controller, art. 6.1.f GDPR).
• Send commercial advertising communications by e-mail, fax, SMS, MMS, social networks or any other electronic or physical means, present or future, that enable commercial communications. These communications will be made by the responsible party and will be related to its products and services, or those of its collaborators or suppliers, with whom it has reached a promotional agreement. In this case, third parties will never have access to personal data (by consent of the data subject, 6.1.a GDPR).
• Conduct statistical analysis and market research (for the legitimate interest of the data controller, art. 6.1.f GDPR).

In the Newsletter form

• To send newsletters, news, offers and promotions online (with the consent of the data subject, 6.1.a GDPR).

In the Resume form

• Involve the interested party in the personnel selection processes and analyze the applicant’s profile with the objective of selecting a candidate for the vacant position of the manager.(by the data subject’s consent, 6.1.a GDPR) 

In the Testimonial form

• Moderate and publish on the website the user’s experiences, opinions and suggestions about a product or service.(by the data subject’s consent, 6.1.a GDPR) 

In the User Registration form

• Manage the user’s account to provide personalized access to the website and the interactive services it offers (by consent of the data subject, 6.1.a GDPR).

In the Appointments form

• Schedule appointments and meetings with the person in charge.(for the legitimate interest of the data controller, art. 6.1.f GDPR) 

Social Networking

• Contact through Social Networks in order to maintain a relationship between the User and the Responsible that may include the following operations: – To process your requests and queries. – Inform about activities and events. – Inform about products and/or services. – Interact through official profiles. The user has a profile on the same social network and has decided to join the social network of the Responsible, thus showing their interest in the information published therein, therefore at the time of requesting to follow our official page, they provide us with their consent to the processing of their data. The User can access at any time to the privacy policies of the social network itself, as well as configure your profile to ensure your privacy. Once the User is a follower or has joined the social network of the Responsible, he/she may publish comments, links, images, photographs or any other type of content supported by the same. The User, in all cases, must be the owner of the content published, enjoy the copyright and intellectual property rights or have the consent of the third parties concerned. – Sending commercial communications relating to the activities of Group companies, as well as external companies with which commercial agreements of collaboration or intermediation have been established (with the consent of the interested party, 6.1.a GDPR).

Instant Messaging

• Schedule appointments and meetings with the person in charge.(for the legitimate interest of the data controller, art. 6.1.f GDPR) 
• Send commercial advertising communications by e-mail, fax, SMS, MMS, social networks or any other electronic or physical means, present or future, to customers, which enable commercial communications regarding products or services that are similar to those that were initially contracted with the customer (art. 21.2 LSSI).
  (for the legitimate interest of the responsible, art. 6.1.f GDPR) 
• To manage, maintain, improve or develop the services provided.
  (for the execution of a contract or pre-contract, 6.1.b GDPR)
• To manage your online purchase or order, process the payment and proceed with the shipment or activation of the same, based on the general terms and conditions of contract.
  (for the execution of a contract or pre-contract, 6.1.b GDPR).
• Send commercial quotations about products and services.
  (for the execution of a contract or pre-contract, 6.1.b GDPR).
• Send commercial advertising communications by e-mail, fax, SMS, MMS, social networks or any other electronic or physical means, present or future, that enable commercial communications. These communications will be made by the responsible party and will be related to its products and services, or those of its collaborators or suppliers, with whom it has reached a promotional agreement. In this case, third parties will never have access to personal data.
  (by consent of the data subject, 6.1.a GDPR)
• To respond to queries or any type of request that is made by the user through any of the forms of contact that are made available on the website of the responsible.
  (for the legitimate interest of the data controller, art. 6.1.f GDPR).

Video surveillance

• Purpose Security and access control, labor and internal activity control Legitimation Public interest for security and access control and Legitimate interest of the Controller based on Art. 20.3 of the Workers’ Statute Conservation A maximum of 30 days (by consent of the data subject, 6.1.a GDPR)

Images and recordings

• File with static and/or dynamic images. Includes publication in the media of the data controller or third parties (by consent of the data subject, 6.1.a GDPR).

Customers and suppliers

• Commercial management with customers and suppliers (for the legitimate interest of the responsible party, art. 6.1.f GDPR).

Advertising exclusion

• Data management to avoid sending commercial communications to those who have expressed their refusal or opposition to receiving them (to comply with a legal obligation, 6.1.c GDPR).

Commercial advertising

• Advertising management and commercial prospecting. Includes data from legitimate publicly available sources (for the legitimate interest of the data controller, art. 6.1.f GDPR).

Rights of interested parties

• To comply with requests from citizens in the exercise of rights under the GDPR (for compliance with a legal obligation, 6.1.c GDPR).

Prevention of Money Laundering

• Data management for the prevention of money laundering and terrorist financing.(for compliance with a legal obligation, 6.1.c GDPR)

Web users, apps and other responsa platforms

• Identification data of users accessing the corporate website.(for the legitimate interest of the data controller, art. 6.1.f GDPR) 

Training, courses, workshops, activities or similar

• Management of the conditions of access and use (for the legitimate interest of the responsible party, art. 6.1.f GDPR).

Wifi network connection

• – To carry out statistical analysis and market research (for the legitimate interest of the responsible party, art. 6.1.f GDPR).
• – Conduct satisfaction and quality surveys ( for the legitimate interest of the data controller, art. 6.1.f GDPR ) (for the consent of the data subject, 6.1.a GDPR).

Child or vulnerable data

• The data controller will not collect or process personal data of minors under fourteen years of age, without giving full compliance with the requirements established in the applicable data protection regulations, in relation to compliance with the duty to inform and obtaining those consents that may be necessary. The data collected will be processed for the management of the purposes reported. The data controller has the appropriate security measures for the security of these data.
  (by consent of the data subject, 6.1.a GDPR)

Legal representatives and contact persons

• In the event that you are a legal representative or contact person of one of the entities or persons with which the Foundation has a relationship, the data controller will process your data to monitor the development of the intended relationship (by consent of the data subject, 6.1.a GDPR).

CREDIT INFORMATION

• Credit information policy *Before hiring our services, we will necessarily process the personal data that you have provided to us. as well as those we obtain from the Asnef File. During the client registration process, we will process your personal data for the following purposes: 1- Manage your client registration request and proceed to apply the appropriate measures to manage the contracting of the service. 2- Assess your financial and credit solvency by consulting the Asnef, Cirbe and similar File, where we will assess the ability to meet the intended financial obligations. 3- Assist you during the process of contracting the intended services. 4- Analyze your current income and your current economic situation, all your assets and liabilities, including the data you provide us about your family unit or others that you provide us, as well as the data that we may request such as payrolls, tax returns, etc. . . Likewise, the information you provide us as guarantor or guarantor during the mortgage contracting procedure will also be analyzed.(by the consent of the interested party, 6.1.a GDPR)

How long will we keep your personal data?

They will be kept for no longer than necessary to maintain the purpose of the treatment or there are legal requirements that dictate their custody and when it is no longer necessary for this, they will be deleted with appropriate security measures to guarantee the anonymization of the data or the total destruction of the same.

Who do we provide your personal data to?

No communication of personal data to third parties is planned except, if necessary for the development and execution of the purposes of the processing, to our service providers related to communications, with whom the controller has signed confidentiality and data processor contracts. treatment required by current privacy regulations.