Responsible

SPAIRAL COMMERCE, S.L.U. (hereinafter SPAIRAL) with NIF B26512467 and street Valdegastea 2, 26007 Logroño (La Rioja), guarantees the protection of personal data voluntarily provided by the user when communicating with us, filling out data collection forms, formalizes a contractual relationship or uses any other service that involves the communication of data or access to data and treats them in accordance with the European Data Protection Regulation 679/2016, of 27 April, (RGPD) and the Organic Law 3/2018, of 5 December, on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD).

SPAIRAL makes this policy public to comply with the principle of proactive responsibility and transparency in information.

Any information on this matter will be sent to you through the email of your DPD: privacidad@spairal.com

Purpose of the treatment

The personal data collected and processed by SPAIRAL, will be adequate, pertinent and limited to what is necessary in relation to the purposes for which they are processed; mainly for:

  • respond to a specific request as a response to queries,
  • commercial contact,
  • conference registration,
  • in any case, commercial and/or advertising communications.
  • establish and maintain the contractual relationship
  • staff pick
  • for historical maintenance and research and development work.

Conservation terms

In all cases, the personal data will be kept in a way that allows the identification of the interested parties only for the time necessary for the purposes of the treatment.

In the case of CVs, the retention time will be 1 year.

These conservation periods will only be extended when the purposes are scientific, historical or statistical research.

Legitimacy

The legal basis or legitimacy of the data treatment of SPAIRAL depends on the different treatment activities, the type of personal data holders and purposes thereof, thus we have as a basis of legitimation:

  • Acceptance or consent when they voluntarily provide data.
  • Contract: clients or workers who give their consent through the formalization of the contract.
  • Legal obligation
  • Legitimate interests of the person in charge or third parties.

The data that will be processed by SPAIRAL are those collected in each case by the corresponding document and come from the interested party.

If they are not obtained directly from the interested party, SPAIRAL will inform the owner in the terms established in the RGPD, basically the source of origin and category of the data processed.

The interested party will be responsible, in any case, for the veracity of the data provided, reserving SPAIRAL the right to exclude any false or illegal data, without prejudice to other actions that proceed by law.

SPAIRAL warns that, except for the existence of a legally constituted representation, no interested party may use the identity of another person and communicate their personal data, so at all times you must take into account that you must communicate to < strong>SPAIRAL personal data corresponding to their own identity and that are adequate, pertinent, current, exact and true.

The interested party will be solely responsible for any direct and/or indirect damage caused to third parties or to SPAIRAL due to the use of another person's personal data, or their own personal data when they are false, erroneous, not current, inappropriate or irrelevant. Likewise, the person who communicates the personal data of a third party will be liable to the third party for the information obligation established in the RGPD for when the personal data has not been collected from the interested party, and/or for the consequences of not having informed him.

The services provided by SPAIRAL, in general, are aimed at adults.

The use of the services offered by minors must have been previously authorized by their parents, guardians or legal representatives.

Assignments or transfers

Transfers: SPAIRAL only transfers personal data to third parties to meet their contractual or legal obligations. In these cases, the owner consents to said assignments, and by exercising their rights, they can obtain information about them.

International Transfers: SPAIRAL communicates that in the development of its activity it uses the services of providers to whom it communicates data with domicile outside the European Economic Area, being carried out an international transfer of data, on the basis of the "EU_US Data Privacy Framework" of July 10, 2023.

The legal basis for making these transfers is consent and legitimate interest.

The providers used by SPAIRAL and whose privacy policy can be consulted are the following:

Google: https://policies.google.com/privacy?hl=es

Microsoft: https://devexpress.olivia.es/wp-content/uploads/2020/10/Servicios-en-Linea-de-Microsoft-Addendum-de-Proteccion-de-Datos.pdf

WhatsApp: https://www.whatsapp.com/legal/updates/privacy-policy/?lang=es

Rights of the interested parties and complaint procedures

The interested party may at any time exercise the recognized rights over their personal data, as well as the revocation of consent for the aforementioned uses, by means of a written communication with the request or right that they exercise addressed to the address of SPAIRAL or via email privacidad@spairal.com including sufficient identification document.

Your rights:

  • Access. Request if SPAIRAL is treating your data.
  • Rectification. Request the modification of the data if they are incorrect.
  • Deletion/forgetting. Request the deletion of the data in the legally established cases
  • Opposition. Stop processing the data, except for justified reasons.
  • Limitation of treatment, they will only be kept by SPAIRAL for the exercise or defense of claims.
  • Right to data portability: request the portability of your data to a new controller.

If you consider that the processing of your personal data violates the regulations, you can file a claim:

  • those responsible for SPAIRAL; either
  • before the Spanish Data Protection Agency, through its postal address: C/ Jorge Juan, 6, C.P. 28001, Madrid (Spain).

For more information, you can consult "the citizen's guide" published by the Spanish Data Protection Agency.

Security measures

The personal information provided or collected from the owners and for whom SPAIRAL is responsible is structured in files, automated or not.

SPAIRAL carries out the Record of Treatment Activities (RAT) with the exact circumstances of the data collected and processed, the communications made and other conditions of each of the treatments.

In each treatment carried out by SPAIRAL and detailed in its RAT, the appropriate technical and organizational measures are established that guarantee the confidentiality, integrity, availability, resilience of the data included in a treatment and that are necessary to guarantee its adequate security, including protection against unauthorized or unlawful processing and against loss, destruction or accidental damage.

Treatment Manager

In those cases in which SPAIRAL acts as treatment manager and, therefore, processes personal data for which its client is responsible, it undertakes to formalize a treatment manager contract, regulating the following aspects indicated in the regulations of data protection, article 28 RGPD and concordant of the LOPDGDD, by which SPAIRAL and all its staff are obliged, including but not exhaustive, to:

  • Process the data in accordance with the documented instructions of the client, not using it for a purpose other than that which appears in the Data Protection Policy and/or in the applicable contractual conditions.
  • Guarantee the confidentiality of the data.
  • Keep a written record of the personal data processing activities, including the types of personal data and categories of data subjects of the controller.
  • Inform the person in charge if you consider that any of the instructions violates the GDPR or any other provision regarding data protection.
  • Regulate the conditions so that the person in charge can give his prior authorization, specific or general, to subcontracting.
  • Report data security breaches.
  • Adopt the appropriate technical and organizational measures to guarantee the confidentiality, integrity, availability and resilience of the data.
  • Destroy or return the data, as agreed between the parties, after fulfilling the contractual provision.