This privacy policy applies to the processing of data for users of the www.serviling.com website
DATA CONTROLLER
Identity: JORDI BATLLE CASAS (hereinafter also referred to as the «Data Controller»)
Spanish identity number (NIF): 43626012A
Postal address: C. Sant Martí, 13, Baixos – L1 08560 Manlleu (Barcelona)
E-mail address: info@serviling.com
In accordance with EU Regulation 2016/679, of 27 Apr 2016 on the protection of natural persons with respect to the processing of personal data, and Organic Law 3/2018, of 5 December on the Protection of Personal Data and the Guarantee of Digital Rights, the owner of this website states that the personal data of its users, gathered by this website, will be included and processed in an automated file that belongs to him and that appears in his Processing Activities Record, and that this data will be managed solely in order to manage relations with interested parties.
The owner states that the personal data requested will be that which is strictly necessary for the provision of the services required. As the person responsible for the personal data file, he is obliged to maintain the secrecy and confidentiality of the personal data provided, and will implement all those security measures necessary to prevent its loss, any modifications undertaken without consent, or any unauthorized access, in accordance with the aforementioned regulations.
Furthermore, in accordance with the provisions of Law 34/2002 of 11 July, on the Services of the Information Society and Electronic Commerce, the owner agrees not to send advertising material by e-mail without having obtained the express authorization of the recipient beforehand.
The Purpose and the Legal Basis for the Processing
To maintain a business relationship with the user. The operations established for processing are as follows:
- Sending commercial advertising communications by e-mail, fax, WhatsApp, SMS, MMS, through social networks, or by any other electronic or physical means, existent in the present or future, that facilitate commercial communications. Such communications will be made by the Data Controller and will be related to the products and services he offers, or those of his partners and suppliers with whom he has reached a promotion agreement. In this latter case, third parties will never be provided with access to personal data.
- To process orders, requests, or any type of request made by the user by means of any of the contact forms available to them.
- To maintain contact with those users who opt to use the contact/estimate form.
The data controller, when planning to process personal data for any purpose other than that for which it was gathered, will, prior to processing, provide the interested party with information regarding the new purpose for which their personal data will be processed, in addition to any relevant statement, and will requesting their consent to this end.
Furthermore, when the Data Controller obtains personal data by any other means than those provided by the interested party, the latter will be informed of the origin of this data, the type of data in question, and the source from which it has been acquired.
Recipients
The personal data of the interested parties will be communicated to the recipients indicated below:
- To those Data Processors who are responsible for carrying out certain service provisions, such as translators with whom we work, in addition I.T. services and comprehensive assessment services.
- To those authorities and bodies responsible, to the extent required for compliance with legal obligations. These bodies are or may be: tax administration bodies, the social security, banks and financial institutions, state security forces and organisations.
Rights
Users are also informed that they may exercise their rights with respect to the access, rectification, and deletion of their data, to the limitation of processing, to portability and their rights to oppose processing, as established in current regulations, by notifying the owner of their wishes at any time. Owner data is provided in the heading of this document.
- Right of access (Art. 15 of the Spanish Data Protection Regulations (RGPD) and Art. 13 of the Spanish Law on Data Protection (LOPDGDD)): the right to obtain information on the processing of personal data, its purpose and origin.
- Right to data rectification (Art. 16 of the RGPD and Art. 14 of the LOPDGDD): the right to request the correction of your personal data in the event that the data is incorrect or incomplete.
- The right to the erasure, cancellation and the right to be forgotten (Art. 17 RGPD and Art. 15 LOPDGDD): the right to request the definitive elimination of personal data that is either excessive or inappropriate.
- The right to limitation (restriction) (Art. 18 of the RGPD and Art. 16 of the LOPDGDD): this concerns the right to request that the data should be marked by the Data Controller in such a way as to avoid any processing in the future. Requests for limitation may arise with respect to the accuracy of the data, illicit processing procedures where the interested party opposes erasure, or when the data is no longer necessary and is for the purpose of the processing, but where the interested party requires this data in order to file, exercise or defend a complaints procedure.
- Right of portability (transfer) (Art. 20 of the RGPD and Art. 17 of the LOPDGDD). This is the right for any company that processes the user’s personal data to provide or transfer it to another company in a structured, intelligent, understandable and automated format. If a copy of the data is requested, the Data Controller is required to process the data automatically in a “structured and commonly used format”. If a data transfer to another Data Controller is requested, the requirements are that the data should be processed automatically by the Data Controller, that the data has been provided by the interested party, or that the process is based on consent or is established in a contract.
- The right to oppose (Art. 21 of the RGPD and Art. 18 of the LOPDGDD): the right to request that a company does not make use of the user’s processed personal data or that it ceases to do so it if it undertakes marketing research.
- Not to be the subject of automated individualized decisions (Art. 22 of the RGPD and Art. 18 of the LOPDGDD): the right not to be the subject of a decision based solely on automated processing. This includes profiling, that may legally affect the user or significantly affect the user in a similar way.
The period established in which to exercise these rights is one month, or three months in more complex cases, however information must be provided on the reasons for delay within the first month.
In addition to all these rights, the interested party is entitled to file for claims proceedings with the supervisory authority of any state within the European Union, if the interested party considers that the processing of his personal data does not comply with the provisions of the RGPD or the LOPDGDD.
The Mandatory or Optional Nature of User-provided Information
Users, by marking the corresponding boxes and by entering data in the fields in the contact form, or those provided in the downloadable forms, expressly, freely and unequivocally accept that the provision of their data is necessary in order to fulfil their requests by the Data Controller. The inclusion of data in any other fields being voluntary. The user guarantees that the personal data provided to the Data Controller is true and is responsible for communicating any changes that should be made to them.
The Data Controller expressly informs users and guarantees that their personal data will not be transferred to third parties under any circumstances, and that whenever the Data Controller undertakes personal data transfers of any kind, the express, informed and unequivocal consent of the users will be requested beforehand. All the data requested on the website is mandatory in nature, as it is necessary to provide optimal service for users. No guarantee can be made that the information and services provided will be completely suited to the needs of the user if not all the data requested is provided.
Storage Periods
As a general rule, personal data will be kept until the end of the relationship between the website owner and the interested party, unless the latter requests its elimination beforehand.
Once the professional relationship has ended, and to the extent that the personal data of the interested parties is relevant for the purposes of the website owner responsibility with respect to Data Processors, this data will be stored and duly blocked, although it will remain at the disposal of judicial authorities or the pertinent public administration bodies, in order to fulfill those responsibilities that arise from processing during the prescribed legal period.