Privacy Policy
PRIVACY POLICY
In compliance with current legislation, https://arcostec.es/ (hereinafter also referred to as "the Website") commits to adopting the necessary technical and organizational measures in accordance with the appropriate level of security relative to the risk of the collected data.
Laws Incorporated into This Privacy Policy
This privacy policy is adapted to the current Spanish and European regulations on personal data protection on the internet. Specifically, it adheres to the following rules:
- Regulation (EU) 2016/679 of the European Parliament and Council, of April 27, 2016, concerning the protection of natural persons with regard to the processing of personal data and the free movement of such data (GDPR).
- Royal Decree 1720/2007, of December 21, which approves the regulations for the development of Organic Law 15/1999, of December 13, on the Protection of Personal Data (RDLOPD).
- Law 34/2002, of July 11, on Services of the Information Society and Electronic Commerce (LSSI-CE).
- Organic Law 3/2018, of December 5 (LOPDGDD).
Identity of the Data Controller
The data controller responsible for processing personal data collected on https://arcostec.es/ is ARCOSTEC GROUP 2020 S.L, with Tax ID (NIF): B54903091 (hereinafter, the Data Controller). The contact details are as follows:
- Email: info@arcostec.es
- Phone: 865607015
Principles Applicable to the Processing of Personal Data
The processing of the user's personal data will be subject to the following principles, as established in Article 5 of the GDPR:
- Principle of legality, fairness, and transparency: User consent will be required at all times after transparent information is provided about the purposes for which personal data is collected.
- Purpose limitation principle: Personal data will be collected for specified, explicit, and legitimate purposes.
- Data minimization principle: Only the personal data strictly necessary for the purposes for which they are processed will be collected.
- Accuracy principle: Personal data must be accurate and kept up to date.
- Storage limitation principle: Personal data will only be retained for as long as is necessary for the purposes of their processing.
- Integrity and confidentiality principle: Personal data will be processed in a way that ensures their security and confidentiality.
- Proactive responsibility principle: The Data Controller will be responsible for ensuring that the above principles are complied with.
Categories of Personal Data
The categories of personal data processed on https://arcostec.es/ are only identifying data. In no case will special categories of personal data be processed as defined in Article 9 of the GDPR.
Legal Basis for Processing Personal Data
The legal basis for processing personal data is consent. https://arcostec.es/ undertakes to obtain the user's explicit and verifiable consent to process their personal data for one or more specific purposes.
The user has the right to withdraw their consent at any time, and it will be as easy to withdraw it as it was to provide it. As a general rule, withdrawing consent will not affect the use of the Website.
When the user must or may provide their data through forms to make inquiries, request information, or for reasons related to the content of the Website, they will be informed if completing any of the fields is mandatory.
Purposes of Processing Personal Data
Personal data is collected and managed by https://arcostec.es/ to facilitate, expedite, and fulfill the commitments established between the Website and the User, or to maintain the relationship established in the forms completed by the User or to respond to a request or inquiry.
Additionally, data may be used for commercial purposes, customization, operational and statistical purposes, and activities related to the corporate purpose of https://arcostec.es/, as well as for data extraction, storage, and marketing studies to tailor the content offered to the User, improve the quality, functionality, and navigation of the Website.
Retention Periods for Personal Data
Personal data will only be retained for the minimum time necessary for the purposes of its processing, and in any case, only for the following period: The time necessary to fulfill the contracted activities or until the user requests its deletion.
When personal data is collected, the user will be informed about the period during which the data will be retained or, when this is not possible, the criteria used to determine this period.
Recipients of Personal Data
The user's personal data will not be shared with third parties. However, users will be informed of the recipients or categories of recipients of their personal data at the time of collection.
Personal Data of Minors
In accordance with Articles 8 of the GDPR and 13 of the RDLOPD, only users over 14 years of age may lawfully consent to the processing of their personal data by https://arcostec.es/. For users under 14, the consent of parents or guardians will be required.
Confidentiality and Security of Personal Data
https://arcostec.es/ undertakes to adopt the necessary technical and organizational measures to ensure the security of personal data and to prevent its destruction, loss, alteration, or unauthorized access.
The Website has an SSL certificate (Secure Socket Layer) to ensure that personal data is transmitted securely and confidentially.
In the event of a security breach involving personal data, the Data Controller will notify the user without undue delay if the breach is likely to result in a high risk to the rights and freedoms of natural persons.
Rights derived from the processing of personal data
The User has over https://arcostec.es/ and may, therefore, exercise against the Data Controller the following rights recognized in the GDPR:
- Right of access: It is the right of the User to obtain confirmation of whether https://arcostec.es/ is processing or not their personal data and, if affirmative, to obtain information about their specific personal data and about the processing that https://arcostec.es/ has carried out or carries out, as well as, among other things, the available information about the origin of said data and the recipients of the communications made or foreseen of the same.
- Right of rectification: It is the right of the User to have their personal data that turn out to be inaccurate or, taking into account the purposes of the processing, incomplete, modified.
- Right of erasure ("the right to be forgotten"): It is the right of the User, whenever current legislation does not establish otherwise, to obtain the deletion of their personal data when these are no longer necessary for the purposes for which they were collected or processed; the User has withdrawn their consent to the processing and this does not have another legal basis; the User opposes the processing and there is no other legitimate reason to continue with it; personal data have been processed unlawfully; personal data must be deleted to comply with a legal obligation; or personal data have been obtained as a result of a direct offer of information society services to a child under 14 years of age.
In addition to deleting the data, the Data Controller, taking into account the available technology and the cost of its application, must take reasonable measures to inform controllers who are processing personal data of the data subject’s request to delete any link to those personal data. - Right to restriction of processing: It is the right of the User to limit the processing of their personal data. The User has the right to obtain the limitation of the processing when they challenge the accuracy of their personal data; the processing is unlawful; the Data Controller no longer needs the personal data, but the User needs it to make claims; and when the User has opposed the processing.
- Right to data portability: In the case that the processing is carried out by automated means, the User will have the right to receive from the Data Controller their personal data in a structured, commonly used, and machine-readable format, and to transmit them to another data controller. Whenever it is technically possible, the Data Controller will directly transmit the data to that other controller.
- Right to object: It is the right of the User to prevent the processing of their personal data or to have the processing of the same by https://arcostec.es/ ceased.
- Right not to be subject to a decision based solely on automated processing, including profiling: It is the right of the User not to be subject to an individualized decision based solely on the automated processing of their personal data, including profiling, except as otherwise established by current legislation.
Thus, the User may exercise their rights by means of a written communication addressed to the Data Controller with the reference "GDPR - https://arcostec.es/", specifying:
- Name, surname of the User and copy of the DNI (identity document). In cases where representation is accepted, the identification by the same means of the person representing the User, as well as the document proving the representation, will also be necessary. The copy of the DNI may be replaced by any other valid means in law that proves identity.
- Request with the specific reasons for the request or information to which access is sought.
- Address for notification purposes.
- Date and signature of the applicant.
- Any document that proves the request being made.
This request and any other attached documents may be sent to the following email address:
- Email: info@arcostec.es
Claims before the supervisory authority
In the event that the User considers that there is a problem or breach of current regulations regarding the way their personal data is being processed, they will have the right to effective judicial protection and to file a complaint before a supervisory authority, in particular, in the State where they have their habitual residence, place of work, or the place of the alleged infringement.
In the case of Spain, the supervisory authority is the Spanish Data Protection Agency (AEPD) (http://www.aepd.es).
It is necessary for the User to have read and agreed to the terms on the protection of personal data contained in this Privacy Policy and Cookies Policy, as well as to accept the processing of their personal data so that the Data Controller can proceed with it in the manner, for the duration, and for the purposes indicated. The use of the Website implies the acceptance of its Privacy Policy and Cookies Policy.
https://arcostec.es/ reserves the right to modify its Privacy Policy and Cookies Policy, according to its own criteria or prompted by a legislative, jurisprudential, or doctrinal change by the Spanish Data Protection Agency. Changes or updates to this Privacy Policy and Cookies Policy will be explicitly notified to the User.
This Privacy Policy and Cookies Policy was updated on September 5, 2024, to adapt to the Regulation (EU) 2016/679 of the European Parliament and of the Council, of April 27, 2016, relating to the protection of natural persons with regard to the processing of personal data and the free movement of such data (GDPR).
Warning: The original language of this document is Spanish. This translation is for convenience only and may not be entirely accurate. Users are advised to refer to the original Spanish version for legal purposes