The purpose of this Privacy Policy is to explain how we collect, manage, and
protect the personal data you provide to us through our website or blog
(hereinafter Website) and to allow you to freely decide whether you want us to process it.
The personal data you provide will be treated confidentially and will be incorporated into the corresponding handling activity owned by our company.
The information we gather is essential to deal with your request and to invoice you if you make a purchase or contract. The information we collect will be used to maintain our relationship with you if you request it or when we are obliged to do so in order to provide you with services and/or deal with your purchases on this website.
Your personal data will be processed for the sole purpose of dealing with your requests, whether you are a customer, supplier, user of our website or job applicant.
We do not send advertising without the user’s prior consent.
You can change your mind and withdraw your consent at any time.
We do not process data of minors.
In the event that the user is under 14 years of age or has a disability, the consent of a parent, guardian or legal representative is required.
Our company has implemented all the necessary technical and organisational measures to protect the collected personal data from loss, theft or unauthorised use.
These measures are regularly verified in our compliance checks.
The personal data provided will be kept for the time necessary to fulfil the purpose for which they are collected and to clarify any possible liabilities that may arise from the purpose.
Job applications will be kept for a maximum period of 1 year or until the applicant asks us to delete his or her data.
You have the right to know if your personal data is being processed by us. You therefore have the right to access your data, modify it if it is inaccurate or request its deletion when the data is no longer necessary.
You can also exercise your limitation or portability right if you consider it necessary. To do so, you may write to our company by e-mail to privacy@ainia.es attaching a copy of your ID card as identification.
If you have any suggestions or queries about the way your data is processed, you may contact our data protection consultants:
If the person wishing to exercise their rights is under 14 years of age or disabled, they may do so through their parents, guardians or legal representative.
If you wish to file a complaint alleging infringement of your rights, you can do so at the Spanish Data Protection Agency, C/ Jorge Juan, 6, 28001 Madrid or at www.aepd.es.
We do not create profiles using your personal data, but if we do, you will be informed and asked for permission to do so.
You also have the right to object to such processing at any time.
Your personal data will not be transferred to other countries or third parties except where there is a legal obligation to do so.
When purchasing products or contracting services, your personal data may be transferred to the entities involved in delivering the purchased products or providing you with our services.
Our bank obtains your data in order to process payments for products or services, as well as the necessary data processing agents in order to carry out contracts and/or purchases.
In the event of transfers to other entities or to other countries, we will inform you and ask for your prior consent.
Scope of application
This Code of Conduct shall be binding to all departments, employees of our entity and those acting on our behalf.
Objective
We have established protocols for the processing of personal data, in accordance with the provisions of Spanish and European data protection regulations, in order to guarantee data security and confidentiality at all times.
Principles
Lawfulness, Fairness, Transparency, Data minimisation, Accuracy, Retention period limitation, Integrity, Confidentiality and Active Liability.
Special category data
The processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, the processing of genetic or biometric data, data concerning health or data concerning sexual orientation is prohibited, except in legally authorised exceptions and with the prior consent of the data subject.
Rights of the parties concerned
Data subjects shall have the right to access their personal data, as well as the right to modify it if it is inaccurate. They may also erase it if it is no longer necessary or if processing is no longer desired and to restrict it to certain processing. They may also receive their data easily and in standard structured formats used by the controller, to have their data used for profiling purposes and to object to the processing at any time.
Registration of Activities, Impact Assessment and Security Measures
Our entity will keep a record of the processing activities and analyse the intended purposes of the processing, data subjects and data categories, recipients, international transfers, storage periods, etc., in order to assess the processing risks and implement the necessary security measures to safeguard personal data under the principles of confidentiality and secrecy. Likewise, we have assessed the need to appoint a Data Protection Delegate, establishing, if necessary, that the person appointed to this post will have sufficient knowledge and experience in accordance with the current regulations.
Control
We have hired an external consultancy firm to carry out a regular audit to assess compliance with this commitment and all legal obligations in this field.