1. Object
The purpose of this Privacy Policy is to inform the people (hereinafter, users or interested parties) who visit our website (hereinafter, website, website or the website), the way in which we collect, process and protect data. personal data that you decide to provide us by any means (forms, emails, telephone, contracts, etc.) and after reading it, you freely decide if you want us to process it. Additionally, it will serve to expand the information that we have previously provided to the interested parties, in the information clauses provided in the processes of collecting their personal data.
Likewise, this policy aims to comply with Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 regarding the protection of natural persons with regard to the processing of personal data and the free circulation of these. data (hereinafter RGPD) and Organic Law 3/2018, of December 5, on the Protection of Personal Data and guarantee of digital rights (hereinafter, LOPDGDD).
2. Who is responsible for the processing of your personal data?
Entity / Publisher: | CHICO PONCE, S.L. |
CIF/NIF: | B42543124 |
Postal address: | CALLE CASTALLA, 25, CP 03630, SAX (ALICANTE) |
Telephone: | 96 547 41 42 |
Email: | central@jchicoponce.com |
Business Purpose: | Manufacture of blinds or curtains for protection solar and against insects |
Website: | https://www.jchicoponce.com/ |
Registry data: | Registered in the Commercial Registry of Alicante Volume 4083, Page 9, Section 8, Sheet A 157733. |
3. What personal data will we process and how do we obtain it?
For the development of our business activity, it is essential to process personal data whose collection can be carried out by digital means (e.g. email, forms or web questionnaires), by completing paper documents (e.g. contracts or forms) or through conversations. in person or by telephone and in any of these cases the data will be treated in a loyal, lawful and transparent manner.
The categories of data that our entity will process about the interested parties are:
- Identification data: name and surname, ID or equivalent document and signature.
- Contact information: telephone, email, postal address.
- Commercial data: budgets, purchasing conditions, management and history of services and/or purchases, results of contacts (telephone, email, messaging and other communication channels).
- Accounting data: control of income and expenses, billing data.
- Bank details: bank accounts and cards.
- Transaction of goods and services: bank transfers and direct debits, amounts and concepts.
- Navigation data: analysis of the time spent on our website, pages visited, demographic data (e.g. age, sex, language).
Our entity will not collect special category data (e.g. health data, ethnic origin, political opinions or religious beliefs), but if it is necessary to process it, it will inform you and request prior and express consent.
Consequently, the data requested will be adequate, relevant, limited to what is strictly essential and necessary, processed only by staff and/or collaborators authorized by our entity, who will have signed a confidentiality commitment and agree to comply with security regulations. necessary to guarantee the confidentiality, integrity and availability of the data processed and other requirements legally established in the RGPD. Therefore, they will be treated within the law.
The data to be processed are provided by the interested party themselves or by their legal representative, although there may be the case in which we delegate some functions to certain collaborators and they are in charge of collecting their data, but they will always be processed with their prior consent and express.
In the event that an interested party does not provide the data we request or incomplete or incorrect data is provided, it will not be possible to fulfill and maintain the relationship with them.
The categories of data that we can process about a person will depend on the relationship they maintain with our entity, as shown below:
3.1. Customers:
Data of an identifying, contact, commercial, accounting, banking, transaction of goods and services, and financial nature will be processed and may be collected only if the client provides them to us, through our web form, email, telephone or in person.
3.2. Information requesters:
Whether the information requested is by telephone, in person or in writing (e.g. email or web forms), we will request and process your identification, contact and commercial data.
3.3. Suppliers:
Identification, contact, commercial, accounting, banking, transaction of goods and services and financial data will be processed. These data may be processed during all stages of the commercial relationship via web form, email, telephone or in person.
3.4. Job Seekers:
For this category of interested parties, curricular, identification, contact and other data related to their professional or personal characteristics will be processed, when you send us your application by any means (e.g. in person, email, web forms), they can also be collected in personnel selection interviews (in person or by videoconference), your job application may even reach us through a collaborator to whom we have delegated certain functions.
3.5. Social media users:
We are present on different social networks and may process identification, contact, commercial and other data that the user enables to be viewed or shared with the rest of the users of the social network, including curricular data (e.g. LinkedIn). For more information see our Social Media Policy.
3.6. Claimants:
Data of an identifying nature, contact data and personal information of your own or of third parties that you want to let us know related to the claim you send us will be processed.
3.7. Visitors:
Identification and contact data will be processed and collected when the interested party provides them to us when accessing our facilities or when their interlocutor in our entity provides them to us to allow them access to them.
3.8. Web users:
When visiting our website and only if the user expressly authorizes it, analytical data may be collected (e.g. visit time or pages viewed) including demographic data (e.g. gender, age, country or language). For more information visit our Cookies Policy.
3.9. More information for those interested:
The information legally established in the corresponding information clauses included in the different means of data collection will be made available to interested parties, so that you can freely and expressly decide whether you want the personal data requested to be processed by our entity.
All categories and types of personal data processed will be duly identified in the corresponding processing activities owned by our entity.
4. What will your data be processed for?
In general, the processing of personal data carried out by our entity has the purpose of fulfilling and maintaining the relationship with different groups of people, such as clients or suppliers. Also with other people who contact us proactively through our web forms, by telephone or in person, by email or postal mail, as would be the case of job seekers or information seekers, users of our website/blog or social networks and interested in general.
Depending on said relationship, the processing of your data is for different purposes and, by way of example and not limitation, we detail below:
4.1. Customers:
Your personal data will be processed to identify you, fulfill and maintain the pre-contractual and contractual relationship, including sending commercial communications by different means, answering queries, carrying out quality controls and commercial statistics, for the provision of our services and/or sale of goods. , for accounting and billing management, the transaction of goods and services, collection management, management of incidents, claims and exercise of rights, as well as for other purposes to which we are obliged to comply with said relationship, to the laws to which we are subject and to pursue our legitimate interests.
4.2. Information requesters:
We will process your personal data to respond to your requests for general information, to identify you, to send or deliver quotes and information about the goods and/or services of interest to you, including in our response (verbal, written or digital) the related commercial information. with the request. We will also make follow-up contacts, by different means, to learn about the decisions made regarding the commercial proposals that we have sent you.
4.3. Job Seekers:
Your data will be processed to include you in our selection processes and job pool, to identify you, as well as to contact you and inform you about vacancies, coordination of interviews and other matters related to your candidacy.
4.4. Suppliers:
Your personal data will be processed for the purpose of maintaining the commercial relationship, whether to request quotes, to purchase goods or contract services, to identify you, for accounting management, to transact goods and services, as well as for others. purposes necessary to comply with said relationship, with our legal obligations and legitimate interests.
4.5. Social media users:
We will process your personal data to maintain the relationship as users of the same social network, to identify you, to contact you, share news and other personal data that you allow to be shared with the rest of the components of the social network. For more information, consult our Social Media Policy.
4.6. Claimants:
Personal data will be processed to identify you, manage your claim and contact you about its situation, in addition to complying with our legal obligations and legitimate interests.
4.7. Visitors:
The data from visits to our facilities will be processed to identify you, to comply with our obligations regarding occupational risk prevention and for security and access control issues to our facilities.
4.8. Web users:
Data can also be processed for different purposes (e.g. analysis of visits) by accepting the installation of cookies when you visit our website. For more information visit our Cookies Policy.
4.9. More information for those interested:
The legally established information will be made available to interested parties in the corresponding information clauses included in the different means of data collection (e.g. forms, announcements, contracts, etc.) and in others that we will make available to them (e.g. badges, invoices, legal notices, etc.), so that you freely and expressly decide if you want the requested personal data to be processed by our entity.
If you do not provide the data we request or incomplete or erroneous data is provided, it will not be possible to respond to your request for information or relate to you.
The data will not be processed subsequently or for purposes other than those accepted by the interested parties.
The purposes that motivate the processing of personal data will be duly identified in the corresponding processing activities owned by our entity.
5. Why do we process your data (legitimation)?
The processing of your personal data by our entity is carried out with one or more of the following legitimizing bases:
- When you offer us your express, free, informed and unequivocal consent, after being informed at the time of collecting your data and in a more expanded manner with this privacy policy, that after reading it and agreeing, you can voluntarily authorize us to the processing of your data for one or more purposes, by checking the boxes provided for this purpose in our web forms, by giving your consent by signing the information clauses that we provide you at any time when requesting your personal data.
- For the execution of a contract in which you are a party or have requested pre-contractual measures from us.
- When the treatment is necessary for compliance with a legal obligation applicable to our entity.
- When the processing is necessary for the satisfaction of legitimate interests pursued by our entity or by a third party, provided that the interests or fundamental rights and freedoms of the interested party do not prevail over said interests. In this regard, we inform you that our entity has carried out an analysis weighing our legitimate interests with the rights and freedoms of the interested party, always respecting their fundamental rights.
In the event that the user is under 14 years of age, it will be necessary to have the consent of the parents, guardians or legal representative to process their data. The user is solely responsible for the veracity of the data they send us.
6. Data retention
The personal data provided will be kept as long as we maintain the relationship with you and for the time necessary to fulfill the purpose for which your data was collected.
Once this relationship has ended, we will keep them blocked in those cases where it is necessary to keep them until the expiration of responsibilities for the exclusive purposes of claims or legal actions, as well as to comply with our legal obligations, for example:
Stakeholders | Sector scope | Legal basis | Retention period |
-Clients -Suppliers | Accounting | Art. 30.1 R.D. Commercial Code | 6 years from the last entry |
-Clients -Suppliers | Fiscal | Art. 66 General Tax Law 58/2003 | -General term: 4 years
-In case of losses during the year: 10 years -Invoices: 5 years |
-Working people | Labor | Art. 21 of Royal Legislative Decree 5/2000- Social Order | 4 years |
-Job applicants | Labor | Guide to labor relations of the AEPD | 1 year |
-Working people | Prevention of occupational risks | Art. 4.3 of Royal Decree 5/2000 – Social Order | 5 years |
-Visitors | Access control to facilities | AEPD Instruction 1/1996 | 1 month |
-Web users | Use of cookies | Guide on the use of AEPD cookies | 24 months máximum |
-Job applicants | Job applications | Guide on labor relations – AEPD | 1 year |
-Clients
-Suppliers -Visitors -Job applicants -Working people |
Videosurveillance | Art. 22.3 LOPDGDD – protection of personal data | 1 month |
7. Profiling
We do not create profiles nor will automated decisions be made using your personal data, but if we do so you will be informed and request prior authorization to do so.
Likewise, you have the right to object to this type of processing at any time by writing to our entity at central@jchicoponce.com.
8. Data transfer
As a general rule, our entity does not transfer personal data to third parties without prior consent, although it will be necessary to do so in the following cases:
If you are a client or supplier, your personal data may be transferred to third parties due to legal obligation (e.g. Tax Agency), or in those cases and entities necessary to provide you with our services or pay invoices (e.g. banking entities).
Likewise, your personal data as a client or supplier may be processed by certain suppliers to whom we delegate some of our obligations (e.g. accounting advisors) and all of them have committed through a data processor contract to comply with the same measures. security measures implemented by our entity, as well as submitting to the duty of secrecy and confidentiality regarding the personal data processed, among other obligations regarding the protection of personal data.
If you are a job applicant, your data will not be transferred to third parties, unless we are legally obliged to do so.
If you are a requester of information or a user of our website, your data will not be transferred to third parties, except in the cases set out above and informed at each time of its collection and with your consent, unless our legitimate interest prevails or that we are legally obliged to do so, in which case your consent will not be necessary.
In general terms, we may transfer your personal data to Judges, Courts, the Public Prosecutor’s Office and/or the competent Public Administrations in the event of possible claims when we are obliged to do so.
9. International data transfer
In the case of transfers to third parties located in countries outside the European Economic Area, we will inform you and request your prior and express consent.
10. Security Measures
Our entity has implemented all the necessary technical and organizational measures to protect the personal data processed, preventing its loss, theft or unauthorized use.
These measures have been created based on the type of data processed and the purposes that motivate said processing. These are periodically verified in our internal controls for compliance with personal data protection regulations and through external audits.
11. Your Rights
You, as the owner of your personal data and acting on your own behalf or through your legal representative (e.g. people under 14 years of age) can contact our entity at any time and ask us to exercise your rights regarding the protection of personal data. .
We explain what these rights are:
Right of access:
You have the right to know and ask us at any time to know the following information:
- Whether or not we are processing your personal data.
- The purposes of the processing, as well as the categories of personal data processed.
- The origin of your data, if you did not provide it to us.
- The recipients or categories of recipients to whom my personal data have been communicated, or will be communicated, including, where appropriate, recipients in third parties or international organizations.
- Information on appropriate safeguards regarding the transfer of my data to a third country or international organization, where applicable.
- The expected conservation period, or if this is not possible, the criteria to determine this period.
- If there are automated decisions, including profiling, significant information about the logic applied, as well as the importance and anticipated consequences of said processing.
- Copy of your personal data that is subject to processing.
Right of Rectification:
Ask us to rectify your personal data when it is inaccurate, as well as to complete it when it is incomplete.
Right of Opposition:
You can object to us processing your data when it is incorrect or its processing is no longer necessary.
In the event that you act as a defendant or person affected by a complaint within the framework of Law 2/2023, you will not be able to exercise your right of opposition, since it is presumed (under proof to the contrary) that there are reasons that legitimize the processing of your personal data, in accordance with the provisions of article 31.4 of the Law.
Right of Deletion:
Request that your data be deleted, for any of these reasons:
- Your data is no longer necessary for the purposes for which it was collected or processed.
- You have not given consent for the processing of your data.
- When you have exercised your right to object.
- When the data has been processed unlawfully.
- When the data must be deleted to comply with a legal obligation.
Right to Limitation of treatment:
You may ask us to exercise this right when one or more of these situations occur:
- When you dispute the accuracy of your data, during a period that allows the person responsible to verify its accuracy.
- When the processing is unlawful and you oppose the deletion of your data and request instead the limitation of its use.
- When the data are no longer needed for the purposes of the processing, but the interested party needs them for the formulation, exercise or defense of claims.
- When you have objected to the processing pursuant to Article 21(1), while it is verified whether the legitimate reasons of the controller prevail over those of the interested party.
Portability Right:
It refers to the right to obtain the data related to you, in a structured, commonly used and machine-readable format, as well as transmit it to another person responsible for subsequent processing.
Right not to be subject to automated decisions:
Right not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects on him or her or significantly affects him in a similar way.
To exercise any of your rights, you must write to our entity either by postal mail to the address: CALLE CASTALLA, 25, CP 03630, SAX (ALICANTE) or to the email: central@jchicoponce.com stating the rights you wish to exercise. , accompanied by a copy of your ID or equivalent document to know who we must provide the requested information about and their contact information to send you our response. If you act on behalf of another person, you must prove your representation.
If you wish to make any suggestions or queries regarding the processing of your personal data, you can contact our data protection consultants:
BUSINESS ADAPTER, S.L.
Ronda Guglielmo Marconi, 11, 26, (Technology Park) 46980 Paterna (Valencia).
Interested party attention form
We inform you that you have the right to make a claim before the Spanish Data Protection Agency at: C/ Jorge Juan, 6, 28001 Madrid or at www.aepd.es.
12. Commitment to the Protection of personal data
Area of application
Our commitment to the protection of personal data will be mandatory for all departments and workers of our entity, as well as those third parties acting on our behalf.
Object
We have established action protocols for the processing of your personal data, in accordance with the provisions of European and Spanish data protection regulations.
Beginning
We will process your data lawfully, fairly, transparently, minimizing data, accuracy, limiting the retention period, integrity, confidentiality and active responsibility.
Special category of data
Our entity prohibits the processing of personal data that reveals ethnic or racial origin, political opinions, religious or philosophical convictions, union membership, the processing of genetic or biometric data, data relating to health or data relating to sexual orientation. , except in legally authorized exceptions and with the prior consent of the interested party.
Rights of interested parties
Our entity will attend to and respond as quickly and diligently as possible to your requests to exercise your rights.
Record of Activities, Impact Assessment and Security Measures
Our entity will carry out a record of the processing activities and analyze the purposes of the processing, categories of interested parties and data, recipients, international transfers, retention periods, etc., to evaluate the risks of the processing and implement security measures. necessary security to guarantee the confidentiality, integrity and availability of personal data.
Likewise, in each processing activity, the need to prepare an Impact Assessment has been analyzed and to determine if there is an obligation to designate a Data Protection Officer, establishing, if necessary, that the person designated for this position complies with the Sufficient knowledge and experience in accordance with the provisions of current regulations.
Control
We have external help that advises us on this matter, monitoring all publications made by the competent control bodies and other European and Spanish entities related to data protection regulations, in order to comply with these regulations at all times.
13. Update of this Policy
Our entity reserves the right to modify this Policy without prior notice. That is why we recommend consulting it every time you visit our website.
Text updated on March 29, 2024.