PLEASE READ THE INFORMATION BELOW CAREFULLY
Pursuant to the General Data Protection Regulation (GDPR), Organic Law 3/2018, of 5 December, on personal data protection and guarantee of digital rights, and Law 34/2002, of 11 July, on the information society services and e-commerce, we inform you the following:
WHO IS THE CONTROLLER OF YOUR PERSONAL DATA?
CTI TECNOLOGÍA Y GESTIÓN, S.A. (S.M.E.) –CTI–, holder of Taxpayer ID (NIF) A28065480, with registered offices at Avenida de la Industria, 32, Alcobendas, Madrid, phone number 91 3728335, and e-mail: email@example.com.
Additionally, CTI has a Data Protection Officer, who may be reached at the following e-mail address: firstname.lastname@example.org.
The user warrants that he/she is over 16, and shall be exclusively liable for this representation and for proper access and use of the website, subject to these terms and conditions.
WHICH DATA IS PROCESSED AND FOR WHAT PURPOSE?
From our customers and providers, we request:
- In case of an artificial person, name and surname of one or several contact persons (depending on their role), position at the company, corporate e-mail and contact phone.
- In case of a natural person, the following data will be additionally requested: NIF (Taxpayer ID), postal address, and personal bank account data.
CTI does not gather data regarded as especially sensitive under the GDPR, such as race or ethnic origin, political opinions or philosophical or religious beliefs, trade union membership, health, sexual activity or orientation, and biometric or genetic data.
The data subject is expected to provide true, accurate, complete and updated data, and shall be exclusively liable for any damage or loss directly or indirectly caused by breach of this obligation.
GUARANTEES REGARDING THE PROVIDED DATA
The user warrants that the data provided by him/her is true, accurate, complete and updated, and shall be exclusively liable for any damage or loss directly or indirectly caused by breach of this obligation. Consequently, the user must report any change in his/her personal data to CTI for proper management, maintenance and control of the service.
If the data provided by a user belongs to a third party other than the person providing the data, the user must inform the third party about the content of this Policy and obtain their authorisation to provide their data to CTI.
The personal data collected by CTI is necessary to answer your request or execute the service agreement, and therefore, providing it is mandatory, since if such data regarded as necessary were not provided, CTI would not be able to process the user’s participation in the relevant website service.
LEGAL BASIS FOR PROCESSING
- Executing a contract between you and CTI or applying pre-contractual measures
- Answering any request submitted by the data subject.
CTI’s legitimate interests:
- Non-customers: CTI may process your contact data (as needed for professional contact), and data of individual entrepreneurs or independent professionals with the purpose of maintaining any relation with the legal entity for which the data subject works, or in case of individual entrepreneurs or independent professionals, to contact them in such capacity and not as natural persons.
- To subscribe to CTI’s newsletter and receive both this and other commercial communications from CTI that may be of your interest.
- Non-customers: To receive information and advertising on CTI products and services, by any means, including electronic or similar communications.
-Fulfilling a legal obligation
- Assisting the data subject in exercise of his/her rights under Articles 15-22 of the GDPR, and processing any received request within a one-month term pursuant to the GDPR, Organic Law 3/2018, of 5 December, on personal data protection and guarantee of digital rights, and any other applicable legislation on data protection.
- Disclosing information to public, regulatory or government authorities as and when required by any law, local rule or regulation.
DATA STORAGE TERM
If you are a customer, we will keep your personal data as long as our contractual relationship remains in effect and you do not request its erasure. After termination of the contract, CTI will keep your personal data blocked for the maximum legal term, which, for accounting and tax purposes, is 6 years, pursuant to Section 30 of the Commercial Code. On expiration of that term, your data will be destroyed.
Data provided by the user through forms or requests for service will be kept for 1 year since the last time the user confirms his/her interest, renewing calculation of that term on each new contact or relation with CTI. However, if the user has given his/her consent to be sent commercial information, his/her data will be kept as long as he/she does not object to it.
WITH WHOM WILL WE SHARE YOUR DATA?
We will not transfer your personal data to third parties, unless required by law.
- Service providers outside the European Economic Area (International Data Transfers - IDT). In these cases, CTI requires them to apply the necessary measures to protect personal data and, with that purpose, we use EU-approved mechanisms to carry out transfers.
- Mailchimp: company located in USA that operates sending electronic communications. Provides appropriate guarantees in personal data transfers, thanks to the inclusion of standard data protection clauses on its data processor contract.
RIGHTS OF DATA SUBJECTS
The user may exercise the rights of access, rectification, erasure, restriction of processing, objection and/or portability. He/She may also revoke his/her consent at any time.
To correctly exercise your rights, please send your request writing to: CTI Tecnología y Gestión S.A. (S.M.E.) Avda. Industria, 32, 28108 Alcobendas (Madrid), or by e-mail to: email@example.com.
CTI may request additional information necessary to confirm your identity if it has reasonable identification doubts.
If you think CTI has not processed your personal data in accordance with the applicable data protection regulations, among others, you can contact the Data Protection Officer at firstname.lastname@example.org– Subject: Data Protection Claim.
Additionally, you can obtain more information about your rights whenever you deem it appropriate by addressing the Spanish Data Protection Agency, located in calle Jorge Juan, 6, 28001, Madrid (www.agpd.es), before which you will be able to file a claim.
If you think we have not handled your personal data in compliance with the laws, you may contact the Data Protection Officer by e-mail to: email@example.com – Subject: Reclamación Protección de Datos (Data Protection Complaint).
Additionally, you may obtain more information on your rights, and even file a formal complaint, at the Spanish Data Protection Agency (AEPD, in Spanish), located at C/Jorge Juan, 6, 28001, Madrid (www.aepd.es).