Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJEU L 119/1, 04-05-2016) (hereinafter, GDPR), provides a modern framework for data protection in Europe based on accountability.
In this regard, Article 12 of the GDPR, under the heading “Transparent information, communication and modalities for the exercise of the rights of the data subject,” establishes the following points in section 1:
The controller shall take appropriate measures to provide any information referred to in Articles 13 and 14 and any communication under Articles 15 to 22 and 34 relating to processing to the data subject in a concise, transparent, intelligible and easily accessible form, using clear and plain language, in particular for any information addressed specifically to a child. The information shall be provided in writing, or by other means, including, where appropriate, by electronic means. When requested by the data subject, the information may be provided orally, provided that the identity of the data subject is proven by other means
In view of the greater demand for information introduced by the GDPR and the need to present it in a concise, understandable format, the data protection authorities recommend taking a layered or multilevel approach to information.
The multilevel approach to information consists of the following:
- At the first level, present basic information in summarized form, at the same time and in the same medium through which the data is collected.
At the second level, provide additional information. Here, the rest of the information will be presented extensively in a more appropriate medium for its presentation, understanding and, if desired, filing.
BASIC INFORMATION ON DATA PROTECTION
|Data controller||SERBATIC SISTEMAS TECNOLÓGICOS, S.A|
|Data controller’s address||Avda/ de Europa 1, edificio B, CP 28108, Alcobendas (Madrid)|
|Purpose||Your data will be used to respond to your requests and provide you with our services.|
|Advertising||We will only process your data with your prior consent, which you can give us by checking the box for that purpose.|
|Legitimacy||We will only process your data with your prior consent, which you can give us by checking the box for that purpose.|
|Recipients||In general, only the duly authorized personnel at our company will be able to access the information we request of you.|
|Rights||You have the right to be informed about what personal data we collect and the right to rectify and erase it, as explained in the additional information available on our website.|
|Additional information||Find more information in the “YOUR SECURE DATA” section of our website.|
YOUR SECURE DATA
Information in compliance with the personal data protection regulation
Europe and Spain have data protection laws designed to protect your personal information, and our company is required to follow them.
For this reason, it is very important for you to thoroughly understand what we intend to do with the personal data we request of you.
We will be transparent and give you control over your data, with concise language and clear options that will allow you to decide what we can do with your personal data.
If you have any questions after reading this information, please do not hesitate to contact us.
Thank you very much for your collaboration.
- About us
- Our business name: SERBATIC SISTEMAS TECNOLÓGICOS, S.A
- Our Taxpayer Identification Number: A-31879851
- Our principal activity: IT Consulting
- Our address: Avda/ de Europa 1, edificio B, CP 28108, Alcobendas (Madrid)
- Our phone number: 916623404
Our email address: firstname.lastname@example.org
- Our website: serbatic.es
For your confidence and assurance, our company is registered under the following Business Register/Public Register number: B82422015
Don’t hesitate to contact us. We are happy to assist you.
- How will my data be used?
In general, your personal data will be used to interact with you and provide you with our services.
In addition, it may be used for other activities, such as to send you promotional material or advertise our activities.
- Why do you need to use my data?
Your personal data is necessary so that we can interact with you and provide you with our services. By checking a series of boxes, you will be able to clearly and easily indicate how your personal information can be used.
- Who will access the information you request of me?
In general, only the duly authorized personnel at our company will be able to access the information we request of you.
Similarly, your personal data may be shared with companies that require access thereto so that we can provide you with our services. For example, our bank will receive your data if you make a payment for our services by card or bank transfer.
Likewise, your information will be shared with any public or private entity to which we are required by law to transmit your personal data. For instance, the Taxation Law requires us to provide the Spanish Tax Agency (Agencia Tributaria) with certain information on economic transactions that exceed a certain amount.
Aside from the aforementioned cases, in the event that we need to share your personal information with other organizations, we will request your permission in advance, with clear options that will allow you to decide in this regard.
- How will you protect my data?
We will protect your data with effective security measures based on the risks involved with the use of your information.
For this purpose, our organization has approved a Data Protection Policy, and annual controls and audits are carried out to verify that your personal data is secure at all times.
- How long will you keep my data?
We will keep your data during our relationship and as long as the law requires. Once the applicable legal periods are over, we will proceed to eliminate it in a secure, environmentally friendly way.
- What are my data protection rights?
You may contact us at any time to find out what information we have about you, to rectify it if incorrect and to eliminate it once our relationship ends, provided that this is legally possible.
You also have the right to request the transfer of your data to another organization. This right is called “portability” and can be useful in certain situations.
To exercise any of these rights, you must send a written request to our address, enclosing a photocopy of your National Identity Document so that we may identify you.
We have specific request forms for these rights at our offices, and we are happy to help you fill them out.
You can learn more about your data protection rights by visiting the website of the Agencia Española de Protección de Datos (Spanish Data Protection Agency) (www.agpd.es).
- Can I withdraw consent if I change my mind at a later date?
If you change your mind about the use of your data, you may withdraw your consent at any time.
For example, if you were once interested in receiving promotional material about our products and services but no longer wish to receive advertising, you can notify us by filling out the form to express opposition to data processing, available at our offices.
- If I believe that my rights have been breached, where can I file a claim?
If you believe that your rights have been breached by our organization, you can file a claim with the Spanish Data Protection Agency by one of the following means:
- Website: www.agpd.es
- Mailing address:
Agencia Española de Protección de Datos C/ Jorge Juan, 6 28001-Madrid
Tel. 901 100 099
Tel. 91 266 35 17
Filing a claim with the Spanish Data Protection Agency is free of charge, and you do not need the assistance of a lawyer.
- Will you use my data for other purposes?
Our policy is to not use your data for any purpose other than the ones we have explained to you. However, if we needed to use your data for different activities, we would always request your permission in advance, providing clear options that would allow you to decide in this regard.
DATA PROTECTION POLICY
The Management/Governing Body of SERBATIC SISTEMAS TECNOLÓGICOS, S.A. (hereinafter, the data controller), accepts maximum responsibility for and commitment to the establishment, implementation and maintenance of this Data Protection Policy, guaranteeing the data controller’s continuous improvement with the objective of achieving excellence in its compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJEU L 119/1, 04-05-2016), and the Spanish personal data protection laws (Organic Law, specific sector legislation and development regulations).
The Data Protection Policy of SERBATIC SISTEMAS TECNOLÓGICOS, S.A is based on the principle of proactive responsibility, by which the data controller is responsible for compliance with the regulatory and case-law framework that governs said Policy and is capable of demonstrating it before the competent supervisory authorities.
In this regard, the data controller shall abide by the following principles, which must serve as guidelines and a frame of reference for its entire staff when processing personal data:
- Data protection from the design stage: the data controller shall apply, both at the time of determining the means of data processing and at the time of the processing itself, appropriate technical and organizational measures, such as pseudonymization and data minimization, to effectively implement the principles of data protection, incorporating the necessary guarantees into the processing.
- Data protection by default: the data controller shall apply appropriate technical and organizational measures to guarantee that, by default, only the personal data necessary for each specific processing purpose shall be processed.
- Data protection throughout the information life cycle: the measures that guarantee personal data protection shall be applicable throughout the data’s life cycle.
- Lawfulness, loyalty and transparency: personal data shall be treated in a lawful, fair and transparent manner in relation to the data subject.
- Limitation of purpose: personal data shall be collected for specific, explicit and legitimate purposes, and shall not be further processed in a manner incompatible with said purposes.
- Data minimization: personal data shall be appropriate, relevant and limited to what is necessary in relation to the purposes for which it is processed.
- Accuracy: personal data shall be accurate and, if necessary, updated; all reasonable measures shall be taken to delete or rectify, without delay, any personal data that is inaccurate with respect to the purposes for which it is processed.
- Limited storage period: personal data shall be stored in such a way that the data subjects can be identified only as long as necessary for the purposes of the processing of personal data.
- Integrity and confidentiality: personal data shall be processed in such a way as to ensure the appropriate security of the personal data, including protection against unauthorized or illegal processing, loss, destruction or accidental damage, through the application of suitable technical and organizational procedures.
- Information and training: one of the keys to guaranteeing personal data protection is the training and information we provide to the personnel involved with its processing. During the information life cycle, all personnel with access to this data shall be properly trained and informed of their obligations regarding compliance with data protection regulations.
The SERBATIC SISTEMAS TECNOLÓGICOS, S.A Data Protection Policy is shared with all the data controller’s personnel and made available to all interested parties.
Consequently, this Data Protection Policy involves all the data controller’s personnel, who must understand and accept it, considering it as their own. Each staff member shall be responsible for applying it and verifying the data protection rules applicable to his/her activity, as well as for identifying and contributing the ideas for improvement that he/she sees fit with the objective of achieving excellence in terms of compliance.
This Policy shall be revised by the Management/Governing Body of SERBATIC SISTEMAS TECNOLÓGICOS, S.A as often as necessary, to be adapted, at all times, to the provisions in force regarding personal data protection.