PRIVACY POLICY

By means of the present communication THE MARKETING COMPANIES OF THE BRAND GRUPSA, ROMAYO, S.A (In charge of the Treatment), TORMADOOR, S.L (Responsible for the Treatment), SERVIGROUP KIRA, S.L (In charge of the Treatment) and GRUPO METAL SYSTEM, S.A (In charge of the Treatment) , thereafter, the Organization, inform consumers and users of the website www.grupsa.com its policy of protection of personal data, so that users determine freely and voluntarily if they wish to provide the Organization with personal data that they are required to answer queries, on the occasion of the subscription, registration or completion of any online data form and / or use of the mail account lopd@grupsa.com .

The Organization reserves the right to modify this Privacy Policy to keep it adapted to the current legislation on data protection. In such cases, the Organization will announce on this website the changes introduced reasonably in advance of its implementation.

The visit to this website does not imply that the user is obliged to provide any information about it. In the event that the user provides any information of a personal nature, the data collected on this website will be treated in a fair and lawful manner, subject at all times to the principles and rights set out in Regulation EU 2016/679 of the European Parliament and of the Council, of 26.04.16, and other development regulations.

RESPONSIBLE FOR THE TREATMENT AND RESPONSIBLE

  • Business names: ROMAYO, S.A (A81585382, In charge of the Treatment), TORMADOOR, S.L (B82635905, Responsible for the Treatment), SERVIGROUP KIRA, S.L (B83551200, In charge of the Treatment) and GRUPO METAL SYSTEM, S.A (A78558897, In charge of the Treatment).
  • 91 814 05 02.
  • Mail: lopd@grupsa.com .
  • Social adress: M – 404, Km. 20, 28971 Griñón (Madrid). For all the Organization this is the address for rights exercises.
  • Website: grupsa.com .

INFORMATION RIGHT

According RGPD – UE 679/2016, we give you the following information in compliance with the information obligation:

Responsible Identity: TORMADOOR, S.L (B82635905); ROMAYO, S.A (A81585382, In charge of the Treatment), SERVIGROUP KIRA, S.L (B83551200, In charge of the Treatment) and GRUPO METAL SYSTEM, S.A (A78558897, In charge of the Treatment); Purpose: manage the service prestation; Principle of limitation of the purpose: the email account will be kept, while the commercial relationship is maintained, either until the deletion is requested by the interested party or during the period legally required from the person in charge as of the last confirmation of interest; Legitimation: consent of the interested party; Procedence: the interested party himself;  Recipients: no data will be transferred to third parties, except if there is a legal obligation. Managers of the treatment within the EU; Postal address: Ctra. M – 404, Km. 20, 28971 Griñón (Madrid); This is the address for exercising the rights of the 4 companies that make up the Organization.  Phone Number: 91 814 05 02;  E-mail: lopd@grupsa.com ;  More information in www.grupsa.com .

Rights of the interested party: Rights of the interested party: Right of access, obtaining from the data controller the confirmation of whether or not their personal data are being processed. Right of rectification, if they were inaccurate, incomplete or outdated. Right of withdrawal, the controller may retain them or block them for the exercise or defense of claims. Right of opposition, being able to continue with the treatment if there is legal obligation or it is necessary for the exercise or defense of claims. Right of limitation of the treatment, being able to conserve them for the exercise or defense of claims. Right to portability, so that your data may have it and try another entity. Right not to be subject to automated individual decisions, in order not to make a decision about you based only on the processing of your data, which produces legal effects in your personal sphere or affects you in a similar way. Right to revoke the consent for the specific purpose that were treated, being lawful the treatment carried out until that moment. Right to request the protection of the Spanish Agency for Data Protection in cases of refusal to request the exercise of rights. Responsible email exercise rights: lopd@grupsa.com;

You can oppose any of the phases of the processing of your data by simply sending an email to the account lopd@grupsa.com , providing your Identity Number and a way to contact.

At the moment of proceeding with the collection of the data, the voluntary or obligatory nature of the data object of collection will be indicated. The refusal to provide the data classified as mandatory will imply the impossibility of continuation. The user who provides their data must keep them updated and communicate to the person responsible for the file any change in their data.

The user who provides personal data about another person, must itself, where appropriate, inform the owner of the data of the provisions of this Privacy Policy.

EXERCISE OF RIGHTS BY INTERESTED PARTIES

Mailing address: Ctra. M – 404, Km. 20, 28971 Griñón (Madrid); This is the address for exercising the rights of the 4 companies that make up the Organization.

Upon presentation of their national identity document or passport, the holders of the interested parties may exercise their rights. The controller will respond to the interested parties without undue delay.

E-mail to exercise the rights of the affected parties:

Rights of the interested party:

  • Right of access.
  • Right of rectification.
  • Right of withdrawal.
  • Right of opposition.
  • Right of limitation of the treatment.
  • Right to portability.
  • Right not to be subject to automated individual decisions.
  • Right to revoke the consent.

On the other hand, the interested parties can also exercise this other right that assists them:

  • Right to request the protection of the Spanish Agency for Data Protection.

INFORMED CONSENT

Consequently, users who provide personal data on this website expressly and unequivocally consent to the incorporation of their data into an automated file of the Responsible for the purposes specifically determined above.

THE PRINCIPLE OF DATA QUALITY

The personal data provided by users will be accurate and updated so that they respond truthfully to the current situation of the affected. Therefore, the user must respond to the truthfulness and certainty of the personal data provided and communicate any changes that may occur in the future. The Organization will proceed to the cancellation of the personal data collected when they are no longer necessary or relevant for the purpose for which they were collected or registered. The cancellation will lead to the blocking of the data, being kept only at the disposal of the Public Administrations, Judges and Courts, for the attention of the possible responsibilities born of the treatment, during the term of prescription of these. Once the aforementioned deadline has been met, the personal data will be deleted.

PRINCIPLE OF LIMITATION OF THE PURPOSE

Personal data will be kept, as long as the relationship is maintained, either until the deletion is requested by the interested party or during the period legally required from the person responsible as of the last confirmation of interest (in any case, it will depend on the service borrowed, Art 5, Law 25/2007 on the preservation of data relating to electronic communications and public communications networks (1 year), Article 66 and following General Tax Law (4 years), Article 1964 of the Civil Code, personal actions no special term, (5 years), Article 30 Commercial Code, accounting books, invoices … (6 years), Article 25 Law on Prevention of Money Laundering and Financing of Terrorism (10 years)).

REGISTRATION OF TREATMENT ACTIVITIES

In accordance with art. 5 of the European Union Regulation 2016/679 of the European Parliament and of the Council of 26.04.16, the treatment activities carried out by the Treatment Manager comply with the following principles:

  • Lawfulness, loyalty and transparency: Personal data are treated in a lawful, fair and transparent manner in relation to the interested party.
  • Limitation of the purpose: The data are collected for specific, explicit and legitimate purposes, and will not be further processed in a manner incompatible with said purposes.
  • The data are adequate, relevant and limited to what is necessary in relation to the purposes for which they are treated (Data Minimization).
  • The data are accurate and, when needed, they are updated. Also, necessary actions are taken to suppress or rectify without delay those data which are inaccurate for the purposes for which they are processed (Accuracy).
  • The data are kept in such way that it is possible the identification of the interested parties during no longer time than the necessary for the purposes of the treatment (Limitation of the term of conservation):
  • The data are processed in such way that a proper security is guaranteed by means of the application of adequate control measures (Integrity and confidentiality).

The data come from the interested party, and it is the responsibility of the latter to keep them updated in our databases through the exercise of the right of rectification.

The user which gives personal data of another person must itself, where appropriate, inform the owner of the data of the provisions of this Privacy Policy.

SECURITY MEASURES: THE PRINCIPLE OF DATA SECURITY

The Article 5.1.f of the General Data Protection Regulation (RGPD) determines the need to establish adequate security guarantees against unauthorized or illegal treatment, against the loss of personal data, destruction or accidental damage. This implies the establishment of technical and organizational measures aimed at ensuring the integrity and confidentiality of personal data and the possibility (Article 5.2) to demonstrate that these measures have been implemented (proactive responsibility).

The company has made available to those affected how many organizational, technical and specific security measures are necessary to guarantee the confidentiality, integrity and availability of the personal data of the interested parties.

CONTACT FORM | EMAIL ACCOUNT

Through the contact form and/or email account lopd@grupsa.com we are available to all those affected or interested who wish to send us any questions or need clarification about the services provided.

USE OF COOKIES

Cookies are small data files or a set of characters that are stored on the hard disk or in the temporary memory of the user’s computer when they access the pages of certain websites. They are used so that the server accessed can know the preferences of the user when returning it to connect. Access to this website may involve the use of cookies, which will facilitate the browsing process. The cookies used can not read the cookie files created by other providers. The user has the possibility to configure his browser to be warned on the screen of the reception of cookies and to prevent the installation of cookies on his hard drive. To do this, the user should consult the instructions and manuals of your browser to expand this information. No cookie allows you to extract information from the user’s hard drive or access personal information. They simply associate the browser of a specific computer with an anonymous code. The only way for a user’s private information to be part of a cookie file is for the user to personally give that information to the server. Given that the user’s email address is a personal data when it allows to identify you, by collecting it in the online data form and / or the lopd@grupsa.com email account, the user expressly authorizes the Organization to treatment for the sending of communications concerning the activity that this Organization displays.

These communications will be preceded by the word “subject” at the beginning of the message and will clearly identify the Organization. However, you can revoke your consent at any time to receive communications by sending an email to the lopd@grupsa.com email account.