PRIVACY AND DATA PROTECTION POLICY
1.- Responsible – Who processes the data?
The data controller is:
Responsible / Company name: JOSÉ MARÍA LÁZARO S.A.
VAT ID: A50168798
Address: Avenida Pascual Marquina s / n – 50300 – Calatayud – ZARAGOZA
Web domain: www.taisi.es
The Data Protection Delegate has been appointed, whose data are the following: SANTACRUZ & GAMÓN ASSOCIATED CONSULTING, SL, with VAT ID. B99527541 and address at Vicente Berdusán, D-1 – Centro Empresarial Parque Roma – 50010 – Zaragoza – ZARAGOZA and with email email@example.com.
The processing of personal data will be carried out in accordance with the provisions of Regulation (EU) 2016/679 of April 27, 2016 (GDPR) regarding the protection of natural persons with regard to the processing of personal data and the free circulation of data and Organic Law 3/2018, of December 5, on Protection of Personal Data and Guarantee of Digital Rights (LOPD-GDD).
2.- Purpose – Why do we process the data?
The communication of personal data by clients and / or users through the forms can only be understood to take place when they voluntarily use the website and the contact and subscription form service to contact JOSÉ MARÍA LÁZARO SA, since in these cases the treatment of the data is inevitable and implicit in the consultation and / or contracting system. For these cases, the processing of personal data will be necessary for the fulfillment of the following purposes:
1. Provision of the contracted or requested service, maintenance, development, compliance and management of the contractual or commercial relationship. The personal data will be processed to process your request, your registration as a user, provide the requested services and attend and respond to your doubts, queries and / or claims.
2. Sending communications and / or commercial offers, relating to products and services related to the provision of the service or commercial relationship, in which you have given consent. If you give your consent, we may send you commercial information related to the provision, improvement and updating of our products and services through any electronic or non-electronic channel. As well as, personalized shipments of promotional campaigns, subscription to newsletters, communications of commercial offers, invitations to events and / or surveys of different kinds. Uses anonymously, without any characteristic that can identify you, in order to carry out statistical analysis and study of your own or of third parties.
At any time, you can oppose and revoke your consent free of charge and not receive new offers and promotions by indicating it through postal mail to the postal address or email indicated in the identification data of the person responsible for the treatment. Likewise, in all electronic commercial communication you will be informed, once again, of your right to revoke your consent.
1. For the legitimate interest of JOSÉ MARÍA LÁZARO SA, to improve your expectations and increase your degree of satisfaction as a customer and / or user by developing and improving the quality of own or third-party products and services, as well as carrying out statistics, surveys or market studies that may be of interest. Courtesy communications.
2. Compliance with legal obligations, which implies communicating data to public authorities, or governmental or jurisdictional bodies when the regulations so require.
Regarding the collection and processing of personal data of minors, in any case, the consent of the minor’s legal guardians will be required in accordance with the provisions of article 7.2 of Organic Law 3/2018, of December 5 , Protection of Personal Data and Guarantee of Digital Rights (LOPD-GDD).
Conservation period – How long do we keep the data?
Personal data will be kept as long as they are necessary for the development of the contractual relationship and provision of the service. After this period, the data will be deleted in accordance with the provisions of the data protection regulations, which implies its blocking, for the purposes of possible responsibilities, being available only at the request of Judges and courts, the Public Prosecutor’s Office or the competent Public Administrations during the limitation period of the actions that could derive to be subsequently eliminated.
The conservation of the data for the indicated times is based on the legal obligation of the person responsible for the treatment.
All the processing of personal data will be carried out in accordance with the provisions of Regulation (EU) 2016/679 of April 27, 2016 (GDPR) regarding the protection of natural persons with regard to the processing of personal data and the free circulation of data, Organic Law 3/2018, of December 5, Protection of Personal Data and Guarantee of Digital Rights (LOPD-GDD) and, only when they are strictly necessary for the provision of the service, provided that other rights and freedoms of the user do not prevail.
3.- Legitimation – What data is processed?
The personal data to be processed and requested are those strictly necessary to fulfill the established purposes.
There are necessary treatments that are based on regulatory compliance, or on the fulfillment and execution of your request or contract. There may be voluntary treatments based on a legitimate interest or rules, unless you have previously opposed and voluntary treatments based on your consent, which you can always revoke without prejudice to you.
For the provision of the service and other purposes, the following categories of data may be processed (identification data: name, surname, VAT ID, postal address, email address, telephone; personal characteristics data: date of birth, sex, occupation, nationality ; bank details; academic data; professional data; other data provided by the interested parties themselves).
Therefore, if they are not provided or are not provided correctly, they will not be able to be attended to.
There is no obligation on your part to provide the required data, however it is possible that we are unable to offer the service.
Guarantees – What guarantees apply?
The personal data collected will be treated with absolute confidentiality, committing ourselves to keep them secret and guaranteeing the duty to keep them by adopting all the necessary security measures (technical and organizational) to avoid their alteration, loss and unauthorized treatment or access, of in accordance with the provisions of the applicable legislation.
The treatment of files with personal data, of which JOSÉ MARÍA LÁZARO S.A. is responsible, it takes place in:
- Data Processing Center of the web hosting provider, www.taisi.es, located in Spain.
- Main headquarters of JOSÉ MARÍA LÁZARO S.A. in Avenida Pascual Marquina s / n – 50300 – Calatayud – ZARAGOZA – SPAIN.
4.- Recipients – With whom do we share the data?
The personal data will only be processed by the person responsible for the treatment, unless they consent to the transfer of data to other entities, or this is imposed by law or the communication of data is mandatory or legitimate.
In this way, the personal data subject to treatment for the fulfillment of the service provision may be communicated to the following entities:
- Organizations and Public Administrations that by law correspond.
- Banks and financial entities for the collection of the services provided.
- Suppliers, necessary for the adequate fulfillment of contractual obligations.
Any other transfer of data that must be made, will be made known when provided for by current legislation, informing you expressly, precisely and unequivocally of the recipients of the information, of the purpose for which the data will be used, and of the nature of the data transferred, or where appropriate, when so established, prior unequivocal, specific and informed consent will be requested.
5.- Rights – What rights do I have regarding my personal data?
The data protection regulations confers on you a series of rights in relation to the processing of personal data, which you can exercise at any time and, which we can summarize in the following:
- Right of access: Know what type of data we are treating and the characteristics of the treatment we are carrying out.
- Right of rectification: To be able to request the modification of your data because it is inaccurate, incomplete or not truthful.
- Portability right: To be able to obtain a copy in an interoperable and self-sufficient format of the data that is being processed.
- Right to the limitation of the treatment in the cases included in the Law.
and. Right of deletion: Request the deletion of your data when the treatment is no longer necessary.
- Right of opposition: Request the cessation of sending commercial communications or that the data is not processed for certain purposes.
- Right to revoke the consent given at any time.
Rights – How can I exercise my rights?
You can exercise your rights, requesting it in writing, through any of the following channels, indicating the right to exercise and accompanying a copy of the National Identity Document or equivalent document that proves your identity, in addition to any other documentation that you consider appropriate:
- Through email, addressed to the email indicated in the identification data of the person responsible for the treatment.
- Through postal communication, addressed to the postal address indicated in the identification data of the person responsible for the treatment.
On the website of the Spanish Data Protection Agency (AEPD) you can find a series of models that will help you in the exercise of your rights.
Likewise, we inform you that you have the right to file a claim with the control authority (in Spain, the AEPD) in case you consider your rights have been violated.
6.- Origin – Where does the data come from?
The data processed come from the information provided by yourself, or from third parties to whom you have given your authorization, for which you request a product or service. In addition to those obtained as a result of the execution of contracts or provision of the service.
They also come from publicly accessible sources or from entities with which collaboration agreements are established.
The categories of data that are processed are:
- Identifying data.
- Personal information.
- Bank data.
- Academic data.
- Professional data.
- Other data provided by the interested parties.
Última actualización 21/07/2021.