Through this press release, THE MARKETING COMPANIES GRUPSA, ROMAYO, SA (Responsible for Treatment), GRUPSA GLOBAL, SL (Responsible for Treatment), SERVIGROUP KIRA, SL (Responsible for Treatment) and GRUPO METAL SYSTEM, SA (Responsible for Treatment) , hereinafter, the Organization, inform consumers and users of the www.grupsa.com website of its personal data protection policy, so that users can freely and voluntarily determine whether they wish to provide the Organization with personal data that they are required to answer queries, on the occasion of the subscription, registration or completion of any online data form and / or use of the email account email@example.com.
Visiting this website does not imply that the user is obliged to provide any information about it. In the event that the user provides any personal information, the data collected on this website will be treated in a fair and lawful way, subject at all times to the principles and rights set forth in Regulation EU 2016/679 of the European Parliament and of the Council, of 04.26.16, and other implementing regulations.
RESPONSIBLE FOR TREATMENT AND MANAGERS
• Company names: ROMAYO, SA (A81585382, Responsible for Treatment), GRUPSA GLOBAL, SL (B82635905, Responsible for Treatment), SERVIGROUP KIRA, SL (B83551200, Responsible for Treatment) and GRUPO METAL SYSTEM, SA (A78558897, Responsible for Treatment) .
• Tel. 91 814 05 02.
• Mail: firstname.lastname@example.org.
• Registered office: Ctra. M – 404, Km. 20, 28971 Griñón (Madrid). For the entire Organization this is the domicile for the exercise of rights.
• Website: www.grupsa.com.
THE RIGHT TO INFORMATION
In accordance with the RGPD – UE 679/2016, we provide you with the following information in compliance with the duty to inform:
Responsible Identity: GRUPSA GLOBAL, S.L (B82635905); ROMAYO, S.A (A81585382, Responsible for Treatment), SERVIGROUP KIRA, S.L (B83551200, Responsible for Treatment) and GRUPO METAL SYSTEM, S.A (A78558897, Responsible for Treatment); Purpose: manage the provision of the service; Principle of limitation of purpose: the email account will be kept, either as long as the commercial relationship is maintained, either until its deletion is requested by the interested party or during the period legally required from the person responsible since the last confirmation of interest ; Legitimation: consent of the interested party; Origin: the interested party; Recipients: data will not be transferred to third parties, except if there is a legal obligation. Data processors within the EU; Postal address: Ctra. M – 404, Km. 20, 28971 Griñón (Madrid); This is the domicile for the exercise of the rights of the 4 companies that make up the Organization. Telephone: 91 814 05 02; Email: email@example.com; More information at www.grupsa.com. Rights of the interested party: Rights of the interested party: Right of access, obtaining from the controller the confirmation of whether or not their personal data is being processed. Right of rectification, if they are inaccurate, incomplete or outdated. Right of erasure, the data controller may retain or block them for the exercise or defense of claims. Right of opposition, being able to continue with the treatment if there is a legal obligation or is necessary for the exercise or defense of claims. Right to limit the treatment, being able to keep them for the exercise or defense of claims. Right to portability, so that your data is kept and processed by another entity. Right not to be subject to automated individual decisions, in order not to make a decision about you based only on the processing of your data, which produces legal effects in your personal sphere or affects you in a similar way. Right to revoke consent for the specific purpose that they were processed, being lawful the treatment carried out up to that moment. Right to request the protection of the Spanish Agency for Data Protection in the event of refusal to request the exercise of rights. Email responsible for exercising rights: firstname.lastname@example.org;
You can oppose any of the phases of the treatment of your data without more than directing an email to the account email@example.com, providing your ID and contact form.
At the time of data collection, the voluntary or mandatory nature of the data collected will be indicated. The refusal to provide the data classified as mandatory will mean the impossibility of continuation. The user who provides their data must keep them updated and notify the person responsible for the file of any changes in their data.
EXERCISE OF RIGHTS BY INTERESTED PARTIES
Postal address: Ctra. M – 404, Km. 20, 28971 Griñón (Madrid); This is the domicile for the exercise of the rights of the 4 companies that make up the Organization.
Upon presentation of their national identity document or passport, the holders of the interested parties may exercise their rights. The data controller will respond to the interested parties without undue delay.
E-mail for the exercise of rights for those affected:
Rights of the interested party:
• Right of access.
• Right of rectification.
• Right of withdrawal.
• Right of opposition.
• Right to limit the treatment.
• Right to portability.
• Right not to be subject to automated individual decisions.
• Right to revoke consent.
On the other hand, the interested parties may also exercise this other right that assists them:
THE INFORMED CONSENT
Consequently, users who provide personal data on this website expressly and unequivocally consent to the incorporation of their data into an automated file of the Responsible for the purposes specifically determined above.
THE PRINCIPLE OF DATA QUALITY
The personal data provided by users will be accurate and updated so that they respond truthfully to the current situation of the affected party. For this reason, the user must answer for the veracity and certainty of the personal data provided and communicate any modification of it that occurs in the future. The Organization will proceed to the cancellation of the personal data collected when they are no longer necessary or relevant for the purpose for which they were collected or registered. The cancellation will lead to the blocking of the data, remaining only available to public administrations, judges and courts, for the attention of possible responsibilities arising from the treatment, during the period of prescription thereof. Once the aforementioned period has expired, your personal data will be deleted.
PRINCIPLE OF LIMITATION OF PURPOSE
The personal data will be kept, either as long as the relationship is maintained, or until its deletion is requested by the interested party or during the period legally required from the person responsible from the last confirmation of interest (in any case, it will depend on the service lent, Art 5, Law 25/2007 of data conservation related to electronic communications and public communications networks (1 year), Article 66 and following General Tax Law (4 years), Article 1964 of the Civil Code, personal actions no special term, (5 years), Article 30 Commercial Code, accounting books, invoices … (6 years), Article 25 Prevention of Money Laundering and Terrorism Financing Law (10 years)).
RECORD OF TREATMENT ACTIVITIES
In accordance with art. 5 of Regulation EU 2016/679 of the European Parliament and of the Council, of 26.04.16, the treatment activities carried out by the Data Controller comply with the following principles:
• Legality, loyalty and transparency: Personal data is processed in a lawful, loyal and transparent manner in relation to the interested party.
• Limitation of purpose: The data is collected for specific, explicit and legitimate purposes, and will not be further processed in a manner incompatible with those purposes.
• The data is adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed (Data Minimization).
• The data is accurate, and, when necessary, updated. In addition, all the necessary measures are adopted so that those data that are inaccurate for the purposes for which they are processed (Accuracy) are deleted or rectified without delay.
• The data is kept in such a way that the identification of the interested parties is allowed for no longer than necessary for the purposes of the treatment (Limitation of the conservation period).
• The data is processed in such a way that adequate security is guaranteed through the application of appropriate control measures (integrity and confidentiality).
The data comes from the interested party, being the responsibility of the latter to keep them updated in our databases through the exercise of the right of rectification.
SECURITY MEASURES: THE PRINCIPLE OF DATA SECURITY
Article 5.1.f of the General Data Protection Regulation (RGPD) determines the need to establish adequate security guarantees against unauthorized or illegal treatment, against the loss of personal data, destruction or accidental damage. This implies the establishment of technical and organizational measures aimed at ensuring the integrity and confidentiality of personal data and the possibility (article 5.2) to demonstrate that these measures have been implemented (proactive liability).
The company has made available to those affected as many organizational, technical and specific security measures as are necessary to guarantee the confidentiality, integrity and availability of the personal data of the interested parties.
CONTACT FORM | EMAIL ACCOUNT
Through the contact form and / or the email account firstname.lastname@example.org we are available to all those affected or interested who wish to send us any questions or need clarification about the services provided.