PAP TECNOS Innovación SAU appreciates your visit to our website and your interest in our company and products. We take the protection of your personal data seriously and want you to feel comfortable visiting our web pages. We attach great importance to protecting your privacy while processing personal data, and take it into account in our business processes. We process personal data collected during visits to our websites in accordance with the applicable data protection and data security laws.
§ 1 CONTROLLER AND SCOPE OF APPLICATION
The controller in the sense of the General Data Protection Regulation and other national privacy laws of Member States as well as other privacy law provisions is
PAP Tecnos Innovación SAU
Av. de las Estaciones, 8
28850 Torrejón de Ardoz, Madrid
Phone: +34 91 662 3236
E-mail: [email protected]
Commercial Register: Registro Mercantil de Madrid, Tomo: 9.522, Libro: 0, Folio: 214, Sección: 8, Hoja: M-132050, Inscripción: 10
VAT registration number: A80923139
§ 2 PRIVACY OFFICER
The controller’s data privacy officer can be contacted at: [email protected]
§ 3 WHAT ARE PERSONAL DATA?
Personal data are individual details about personal or factual situations of a specific or identifiable natural person (data subject). This includes information such as your name, address, phone number, date of birth, or e-mail address. Information with which we cannot (or can only with a disproportionate effort) establish a reference to your person, e.g. by making the information anonymous, is not personal data.
§ 4 GENERAL INFORMATION ON DATA PROCESSING
We only collect and use our users’ personal data if and to the extent needed to provide a functional website as well as our contents and services. We use your personal data to provide the services you need, to answer your questions and to operate and improve our websites and applications.
Your personal data is not used for any other purpose, especially not for advertising purposes. Your personal data shall not be transferred to third parties without your consent, except in the cases described below, unless we are legally obliged to provide the data.
b) Legal basis
If we obtain the consent of the data subject to his/her process personal data, Art. 6, Section 1a, of the EU General Data Protection Regulation (GDPR) shall serve as the legal basis for processing said data. Art. 6, Section 1b, of the GDPR serves as legal basis for processing the personal data required to execute a contract to which the data subject is a party. Article 6, Section 1c, of the GDPR serves as legal basis for processing the personal data required to fulfil a legal obligation of our company.
If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6, Section 1f, of the GDPR shall serve as legal basis for processing.
c) Data erasure and storage time
Your personal data shall be erased or blocked as soon as the purpose of storage ceases to apply. However, the data may be stored if provided for by European or national laws or other statutory provisions to which the controller is subject. The data shall be blocked or erased at the end of a storage period prescribed by the aforementioned standards, unless the data needs to be stored further in order to conclude or implement a contract.
§ 5 INDIVIDUAL PROCESSING OPERATIONS
You can use a large part of our website without providing your personal data. Access data without personal reference, such as the name of your Internet service provider, the page from which you are visiting us, the names of the files required and their retrieval date are stored. These data are exclusively evaluated for the purpose of improving our website and do not allow any conclusions regarding your person. These data are:
Browser type and version
The operating system used
Host name of the computer used for access
Names of the requested files
Date and time of server request
If you contact us via the e-mail address provided, your personal data sent in by e-mail will be stored. In this context, the data is not disclosed to third parties. The data is used exclusively for processing the conversation.
The legal basis for processing the data transmitted alongside an e-mail is Art. 6, Section 1a, of the GDPR.
§ 6 USING COOKIES
The legal basis for processing personal data using technically necessary cookies is Art. 6, Section 1f of the GDPR. If the user has given his or her consent in this regard, the legal basis for processing personal data using cookies for analysis purposes is Art. 6, Section 1a, of the GDPR.
The user data collected by technically necessary cookies are not used to create user profiles.
Most browsers are pre-set to automatically accept cookies. However, you can deactivate the storage of cookies or set your browser so that it informs you before cookies are stored. Users who do not accept cookies may not be able to access certain areas of our websites.
Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website in full.
§ 7 GOOGLE ANALYTICS
This website uses Google Analytics, a web analysis service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as: Google). Google Analytics uses various technologies, including so-called cookies (see §6 above) that are stored on your computer and allow an analysis of the use of this website by its visitors. The information obtained by Google Analytics regarding your use of this website will be transferred to Google servers which may be located in countries outside of the member countries of the European Union and may also be outside of the signatories of the agreements regarding the European Economic Area. Your IP address will be anonymised by Google through the activation of the IP anonymisation within the Google Analytics tracking code on this internet page prior to transferring.
This website uses a Google Analytics tracking code that has been expanded by the operator ‘gat._anonymiselp()’ in order to ensure that IP addresses can only be stored anonymously (so-called IP masking). On behalf of the operator of this website, Google will use this information in order to evaluate your visit to this internet page, compile reports about the website activities and provide additional services related to the website usage and the internet usage to the website operator. The IP address transferred from your browser by Google Analytics will not be combined with other Google data. You can prevent the storing of Google cookies via corresponding configurations of your browser software. However, we expressly inform you that in this case you may not be able to use all functions of this website to their full extent. You can prevent the recording of your data by Google Analytics by clicking on the following link.
Click here to opt-out of Google Analytics
You can find the security and data protection guidelines of Google Analytics at:
§ 8 PLUG-INS AND TOOLS
Facebook plugins (Like & share button)
Our pages may include plug-ins from the social network Facebook. Provider: Facebook Inc, 1 Hacker Way, Menlo Park, California 94025, USA. You can recognise the Facebook plug-ins through the Facebook logo or the “Like” button on our page. An overview of the Facebook plug-ins can be found here: https://developers.facebook.com/docs/plugins/ .
If you do not want Facebook to associate your visit to our pages with your Facebook account, please log out of your Facebook account.
§ 9 SECURITY MEASURES TO PROTECT THE DATA STORED WITH US
We undertake to protect your privacy and to treat your personal data confidentially. To prevent the loss or misuse of data stored by us, we take extensive technical and organisational safety precautions which are regularly checked and adapted to technological progress. However, we would like to point out that due to the structure of the Internet, it is possible that the data protection rules and the above-mentioned safety measures may not be observed by other persons or institutions outside our field of responsibility. In particular, unencrypted data transmitted by e-mail, for instance, can be read by third parties. We have no technical influence on this. It is the user’s responsibility to protect the data provided by him/her against misuse through encryption or in any other way.
§ 10 HYPERLINKS TO EXTERNAL WEBSITES
Our website contains so-called hyperlinks to other providers’ websites. When these hyperlinks are activated, you are redirected from our website directly to other providers’ websites. You can recognise this, for example, by the change of URL. We cannot assume any responsibility for the confidentiality of your data on these third-party websites, as we have no influence on these companies’ compliance with data privacy policies. You can find out how these companies handle your personal data directly on these websites.
§ 11 YOUR RIGHTS AS A DATA SUBJECT
If your personal data are processed, you are concerned in the sense of the General Data Protection Regulation (GDPR) and you have the following rights vis-à-vis the controller:
1. Right to information
You can ask the controller to confirm whether your personal data are processed by us.
If this is the case, you can ask the controller for the following information:
(1) the purposes for which the personal data are processed;
(2) the categories of personal data processed;
(3) the recipients or categories of recipients to whom your personal data have been or are still being disclosed;
(4) the planned duration of the storage of your personal data or, if specific information on this is not possible, the criteria for determining the storage period;
(5) the existence of a right to rectify or erase your personal data, a right to have the processed data restricted by the controller, or a right to object to such processing;
(6) the existence of a right to appeal to a supervisory authority;
(7) all available information about the origin of the data if the personal data are not collected from the data subject.
You have the right to request for information as to whether your personal data is transferred to a third country or to an international organisation. In this connection, you may request that the appropriate guarantees pursuant to Art. 46 of the GDPR in connection with the transmission of data shall be made available to you.
2. Right to correction
You may ask the controller to rectify and/or complete your personal data if your personal data are incorrect or incomplete. The controller shall make the correction without delay.
3. Right to restrict the processing
You may request that the processing of your personal data be restricted on the following terms and conditions:
(1) if you contest the accuracy of your personal data;
(2) if the processing is unlawful and you reject the deletion of the personal data and instead demand the restriction of the use thereof;
(3) if the controller no longer needs the personal data for the purposes of processing, but you do need them to assert, exercise or defend legal claims, or
(4) if you have filed an objection to the processing pursuant to Art. 21, Section 1, of the GDPR and it has not yet been determined whether the controller’s legitimate reasons outweigh your reasons.
If the processing of your personal data has been restricted, such data may only be processed – apart from being stored – with your consent or for the purpose of asserting, exercising or defending rights or protecting the rights of another natural or legal person or on grounds of an important public interest of the Union or a Member State.
If the processing restriction has been limited on the above conditions, we shall inform you before the restriction is lifted.
4. Right to deletion
a) Deletion obligation
You may ask to delete your personal data without delay and we are obliged to delete this data without delay if:
(1) Your personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
(2) You revoke your consent, on which the processing was based pursuant to Art. 6, Section 1a or Art. 9, Section 2a of the GDPR, and there is no other legal basis for the processing.
(3) You file an objection against the processing pursuant to Art. 21, Section 1, of the GDPR and there are no overriding legitimate reasons for the processing, or you file an objection against the processing pursuant to Art. 21, Section 2, of the GDPR.
(4) Your personal data have been processed unlawfully.
(5) Deleting your personal data is necessary to fulfil a legal obligation under EU law or the law of the Member States to which we are subject.
(6) Your personal data have been collected regarding the services offered by the information company pursuant to Art. 8, Section 1, of the GDPR.
b) Information to third parties
If we have made your personal data public and are obliged to delete it pursuant to Art. 17, Section 1, of the GDPR, we shall take appropriate measures, including technical measures, considering the available technology and the implementation costs, to inform the processors of the personal data for which you as the data subject have asked for the deletion of all links thereto or of copies or replications thereof.
The right to deletion does excluded if and to the extent as the processing is required
(1) to exercise the freedom of expression and information;
(2) to fulfil a legal obligation required for processing under EU law or the law of Member States to which the controller is subject or for the performance of a task in the public interest or in the exercise of official authority conferred on the controller;
(3) for reasons of public interest in the field of public health pursuant to Art. 9, Sections 2h and i, and Art. 9, Section 3, of the GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89, Section 1, of the GDPR, insofar as the law referred to under a) is likely to render impossible or seriously impair the attainment of the objectives of such processing, or
(5) to assert, exercise or defend legal claims.
5. Right to information
If you have asked us to correct, delete or restrict the processing of your personal data, we must inform all recipients of your personal data about this correction or deletion of the data or restriction on processing, unless this proves impossible or entails a disproportionate effort.
You have the right to be informed of such recipients.
6. Right to data portability
You have the right to receive the personal data you have made available to the controller in a structured, accessible and machine-readable format. Moreover, you have the right transmit this data on to another controller, provided that
(1) processing is based on consent pursuant to Art. 6, Section 1a, of the GDPR or Art. 9, Section 2a, of the GDPR or on a contract pursuant to Art. 6, Section 1b, of the GDPR, and
(2) processing is carried out automatically.
While exercising this right, you also have the right to request that your personal data be transferred directly from us to another controller, so far as this is technically feasible.
Other persons’ freedoms and rights must not be affected by this.
The right to portability shall not apply to the processing of personal data needed to perform a task in the public interest or to exercise official authority conferred on the controller.
7. Right to object
You have the right to object at any time, on the grounds of your particular situation, to the processing of your personal data in accordance with Article 6(1)(e) or (f) of the GDPR; this also applies to profiling based on these provisions.
We shall no longer process your personal data, unless we can prove protection-worthy compelling reasons for the processing, which outweigh your interests, rights and freedoms, or unless the processing is used to assert, exercise or defend legal claims.
You have the possibility to exercise your right of objection in connection with the use of the services of an information company by means of automated procedures based on technical specifications, notwithstanding Directive 2002/58/EC.
8. Right to revoke the data protection consent
You have the right to revoke your data protection consent at any time.
The revocation of consent shall not affect the legality of the processing carried out on the basis of the consent until revocation.
9. Right to appeal to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right of appeal to a supervisory authority, in particular in the Member State where you reside, work or where the alleged infringement has been made, if you believe that the processing of your personal data is contrary to the stipulations of the GDPR.
The competent supervisory authority in Spain, is:
Agencia Española de Protección de Datos
C/ Jorge Juan, 6