1 The Data Controller of personal data
The owner of the processing of personal data is APLICACIÓN Y SUMINISTROS TEXTILES S.A.U (ASUTEX), with registered office in Avinguda Cami Reial, 13-15, 08184 Palau-solità i Plegamans, Barcelona, Spain, and can be contacted at the email address email@example.com (hereinafter, the "Data Controller").
2 Data subject to processing
The personal data processed through the Site are as follows:
cookies: information on cookies is available at the following link. In addition to the cookies mentioned above, we may use third-party services that have so-called beacons, small images used to monitor user activity on websites or for tracking email (e.g. opening the email,selecting certain links by the recipient) or other tracking systems;
navigation data: when accessing the Site, the computer systems and software procedures used to operate the Site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified interested parties, but by their very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of the computers used by users who connect to the Site, the addresses in URI(Uniform Resource Identifier)notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user's computer environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the Site, to check its correct functioning, to identify anomalies and / or abuses; in any case they are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the Site or third parties.
3 Purpose of the processing
Your personal data will be processed, with your consent where necessary, for the following purposes:
allow navigation of the Site and offer the services requested by you through the Site;
fulfill any obligations provided for by current laws, regulations or community legislation, or comply with any requests from the authorities;
send you informational, business and marketing communications, including the sending of newsletters and market research, through automated tools (sms, email,fax) and not (paper mail, telephone with operator), provided that you have consented, about the products and activities promoted by the Data Controller. It is specified that a single consent is collected for the marketing purposes described here. You can revoke your consent at any time by sending an email to the address firstname.lastname@example.org;
communicate your Personal Data to others to other Group companies for sending them business and marketing communications, including sending newsletters and market research, through automated tools (sms, email,fax) and not (paper mail, telephone with operator);
4 Legal basis of the processing and nature of the provision of data
Your personal data are processed by the Data Controller:
(i) for the purposes referred to in art. 3, point 1, pursuant to art. 6, paragraph 1, letter .b) of the Regulation ([...] the processing is necessary for the execution of a contract of which the interested party is a party or for the execution of pre-contractual measures adopted at the request of the same), as the treatments are necessary to answer your question or provide you with assistance regarding our products. The provision of personal data for these purposes is optional, but failure to provide it would make it impossible to respond to you or to use the services requested;
(ii) for the purposes referred to in art. 3, point 2, pursuant to art. 6, paragraph 1, letter .c) of the Regulation ([...] the processing is necessary to fulfill a legal obligation to which the data controller is subject). Once the personal data have been provided, in fact, the processing is necessary to fulfill legal obligations to which the Data Controller is subject;
(iii) for the purposes referred to in art. 3, points 3 and 4, pursuant to art. 6, paragraph 1, letter a) of the Regulation ([...] the interested party has expressed consent to the processing of their personal data for one or more specific purposes). The provision of your personal data for marketing purposes is not mandatory and does not affect the use of the services;
5 Duration of processing
Personal data relating to the purposes referred to in art. 3, point 1, will be kept for the time strictly necessary to achieve those same purposes (i.e. provide the information, products or services requested). In any case, since these are treatments carried out for the provision of services, the Data Controller will keep personal data for 6 years’ time after finalizing the contractual relation in accordance with Mercantile legislation. Referring the data derived from queries, they will be kept until their effective resolution and, at most, for a period of 1 year.
Personal data relating to the purposes referred to in art. 3, point 2 will be kept until the time provided for by the specific obligation or applicable law.
Personal data relating to the purposes referred to in art. 3, points 3 and 4 for a period not exceeding 24 months from your consent.
After the above periods of time, the data will be deleted.
6 Methods of data processing
The data will be processed and stored exclusively for the purposes indicated above through the use of paper and computer supports, inserted in databases and processed with suitable tools to guarantee the integrity, security and confidentiality of the data, in accordance with the provisions of the Regulation. All appropriate technical and organizational measures will be taken to ensure a level of data protection in accordance with the provisions of the Regulation. Access will be allowed only to persons authorized to process personal data by the Data Controller.
7 Communication to third parties and / or dissemination of data
Personal data may be communicated to external parties;
who typically act as data processors pursuant to art. 28 of the Regulation (e.g. consultants, suppliers of technical maintenance services, sending mailing lists, server hosting providers);
to entities or authorities to which the Data Controller is obliged to communicate such data by virtue of legal provisions or orders of the authorities;
and for the purposes referred to in art. 3, point 4, to Group companies.
8 Data transfer
The data will be processed and transmitted mainly in Spain and in any case within the European Union. Where, for reasons strictly related to the operation of IT systems or for the purposes described above, it is necessary to use subjects who process data in countries outside the European Union, the Data Controller ensures that they offer adequate guarantees for the protection of the privacy of personal data processed. That is, any international transfer of data that is carried out will comply with the provisions of Execution Decision (EU) 2021/914 of the Commission of June 4, 2021 regarding standard contractual clauses for the transfer of personal data to third countries. in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council.
9 Rights of the interested party
According to the provisions of Chapter III of the Regulation, the interested party has the right at any time to have access to their personal data and to request its correction or cancellation; the right to request the limitation of processing in the cases provided for by art. 18 of the Regulation, where technically possible, as well as to obtain in a structured format, commonly used and readable by automatic device, the data concerning you, in the cases provided for by art. 20 of the Regulation and the right to oppose the processing in the cases provided for by art. 21 of the Regulation.
The rights listed above can be exercised by sending a request to the Data Controller by email to the address email@example.com without any formalities. An answer will be provided without delay. In any case, the interested party always has the right to lodge a complaint with the Guarantor Authority for the protection of personal data, if you believe that the processing of your data is contrary to the privacy legislation in force.