Introduction
AZ Broquetas S.L. located in Sant Andreu de la Barca, Barcelona – hereinafter referred to as AZB – is the operator of the website www.az-broquetas.es; being responsible for the personal data of users in full compliance with this General Data Protection Regulation.
We protect your privacy and your private information. We collect, process and use your personal data in accordance with the contents of the Privacy Policy Act and the applicable data protection regulations in force, in particular the GDPR. This privacy policy governs the personal information we collect, process and use about you. Therefore, we ask you to read the following explanations carefully.
Collection of personal data
1.1 Personal data is, within the framework of this data protection regulation, any information that refers to an identified or identifiable natural person, referred to below as a data subject. This includes, in particular, your name, your e-mail address and, if applicable, your address and telephone number.
1.2 Personal information also includes information about the data subject’s use of our website. In this context, we collect your personal information in the following ways: information about your visits to our website, such as the extent of data transfer, the location from which you retrieve data from our website and other connection information and sources you access. This generally happens through the use of log files and cookies. More information about log files and cookies can be found below.
1.3 Basically, your personal data is stored for a period of 10 years. If we collect your IP address, it will only be stored for the duration of your use of the website and then immediately deleted or anonymized by shortening. The remaining data is stored for a limited period of time. We delete or limit their processing of the data generated in this respect once they are no longer needed.
2. Purpose and legal basis
2.1 Purpose of use
We use your personal information for the following purposes:
- to respond to your request
- to ensure that our website is presented to you in the most effective and interesting way possible.
- to perform our obligations under any contract between you and us
- to allow you to participate in interactive offers, if you so desire
- to inform you about changes in our services.
2.2 Legal Basis
The processing of your personal data is carried out exclusively on the basis of your consent. You may revoke this consent at any time. The legality of the prosecution, which took place until the revocation on the basis of consent, is not affected.
3. Information about your computer, cookies and guidance
3.1 Each time you access our website, we collect the following information about your computer: cookies, IP address, username, custom dimensions, custom variables, order number, user location, date and time, title of the page being viewed, URL of the page being viewed, URL of the page viewed before the current page, screen resolution, time in local time zone, files clicked and downloaded, link clicks on an external domain, page load time, country, region, city, primary browser language, browser user. We use all this data for the proper functioning of our website, in particular to detect and eliminate website errors, to determine the use of the website and to make adjustments or improvements.
3.2 We may also collect information about your use of our website through the use of cookies. These are small text files that are stored on your disk and store certain settings and data to share with our system through your browser. A cookie typically contains the name of the domain from which the cookie data was sent, as well as information about the age of the cookie and an alphanumeric identifier. Cookies allow our systems to recognize the user’s device and make any presetting immediately available. As soon as a user accesses the platform, a cookie is transmitted to the hard drive of the user’s computer. Cookies help us to improve our website and provide you with a better service tailored to your needs. They also allow us to recognize your computer when you return to our website and therefore:
- Store information about your favorite activities on the site and, therefore, that our site is tailored to your individual interests. This includes, for example, advertising that corresponds to your personal interests.
- Speed up the processing of your applications.
3.3 The cookies we use only store information about your use of the website as explained above. This is not done by means of a personal assignment, but by signing an identification number in the cookie (“Cookie ID”). At no time will a combination of the cookie ID with your name, IP address or similar data that would allow a cookie mapping be made. For information on how to prevent the use of browser cookies, see section 3.6.
3.4. Our website uses so-called tracking technologies. We use these technologies to make the website more interesting. This technique allows advertisers to use our advertisers’ websites for Internet users who are already interested in our website. The insertion of this advertising material on the pages of our partners is based on a cookie technology and an analysis of past usage behavior. We only use this technology if you have given your consent, if it is necessary to use it for the purpose of entering into or performing a contract with you, or if other legal provisions permit it.
3.5 We work with business partners who help us to make the website more interesting for the interested party. Therefore, when you visit the website, cookies from these affiliates will also be stored on your hard drive. These are cookies that are automatically deleted after the specified time. Cookies from our partner companies are also collected using a cookie ID, which allows our advertising partners to target you with advertisements that may actually be of interest to you. For information on how to stop the use of such cookies, see section 3.6.
3.6 If you do not wish to use browser cookies, you can set your browser so that the storage of cookies is not accepted. Please note that, in this case, you may use our website only partially or not at all. If you only wish to accept our own cookies, but not cookies from our service providers and partners, you can choose the setting on your browser to block cookies from external providers.
4. Data security
Unfortunately, the transmission of information via the Internet is not completely secure, so we cannot guarantee the security of data transmitted to our website via the Internet. However, we secure our website and other systems through technical and organizational measures against loss, destruction, access, modification or dissemination of your data by unauthorized persons. In particular, your personal data is encrypted with us. We use SSL (Secure Sockets Layer) or TLS (Transport Layer Security) encryption.
5. No transfer of your personal data
We will not disclose your personal information to third parties unless you have given your consent to such disclosure or we are otherwise required to
share your data due to legal regulations and/or official or judicial orders. This may be, in particular, the provision of information for law enforcement, security or intellectual property rights enforcement.
6. Privacy and third party websites
The website may contain hyperlinks to and from third party websites. If you follow a hyperlink to one of these websites, please note that we cannot accept any liability or guarantee for third-party content or data protection conditions. Please check their privacy policy before submitting personal information to these websites.
7. Changes in the privacy policy
We reserve the right to change this Privacy Policy at any time with effect for the future. A current version is available on the website. Visit the website regularly to learn about the applicable privacy policy.
8. Your rights and contact
According to the EU General Data Protection Regulation, as an affected party, you have the following rights:
Right to information
The data subject has the right to receive information from us as the party responsible for the processing of personal data concerning him/her.
In addition, you may request information on the following concerns:
- purpose of data processing
- categories of personal data processed
- recipients or categories to whom personal data relating to the data subject has been disclosed or is still being disclosed
- the planned duration of the storage of your personal data or, if no specific information is available, the criteria for determining the duration of storage
- the existence of a right to rectification or erasure of personal data concerning him or her, a right to restriction of processing by the controller or a right to object to such processing
- the existence of a right of appeal to a supervisory authority
- all available information on the origin of the data if the personal data are not collected from the data subject
- the existence of automated decision-making, including the proposition under Article 22 (1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved and the extent and intended impact of such processing on the data subject.
Finally, you also have the right to request information about whether your personal information is transferred to a third country or an international organization. In this case, you can obtain information on the appropriate safeguards in accordance with. Art. 46 DSGVO in connection with the transfer.
You can claim your right to be informed at the following e-mail address:
8.2 Right of rectification
The data subject shall have the right to have incorrect or incomplete personal data completed and/or rectified. The correction should be carried out as diligently as possible.
8.3 Right of Restriction
The data subject has the right to restrict the processing of his or her personal data in the following cases:
- for a period of time that allows the controller to verify the accuracy of the personal data, where the data subject has contested the accuracy of the personal data
- where the processing is unlawful and the data subject opposes the erasure of the personal data and requests instead the restriction of their use
- where the controller no longer needs the personal data for the purposes of the processing, but the data subject needs them for the purposes of formulating, exercising or defending claims, or
- where the data subject has objected to the processing of his or her data pursuant to Article 21 (1) of the GDPR, while verifying whether the legitimate reasons of the controller outweigh those of the data subject.
Where the processing of personal data has been restricted, such data may be retained only with the consent of the data subject or for the purpose of making, pursuing or defending legal claims, or for the protection of the rights of another natural or legal person or for reasons of substantial public interest of the Union or of a particular Member State.
If there is a restriction on the processing of data in accordance with the principles described above, the data subject will be informed by the data controller prior to the lifting of the restriction.
8.4 Right to Suppression
The data subject shall have the right to obtain from the controller the immediate erasure of personal data concerning him/her, who shall be obliged to erase the personal data without undue delay if any of the following circumstances apply:
1. The personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
2. The data subject withdraws consent with Article 6(1)(a) or Article 9(2)(a) of the GDPR on which the processing is based in accordance with, and/or where there is no other legal basis for the consent.
3. The data subject objects to the processing (pursuant to Article 21 (1) of the GDPR) and for which there are no other legitimate grounds for the processing; or where the data subject objects to the processing pursuant to Article 21 (2) of the GDPR.
4. The personal data has been unlawfully processed.
5. Personal data must be erased in order to comply with a legal obligation under Union or Member State law that applies to the controller.
6. The personal data of the data subject have been obtained in connection with the provision of information society services referred to in Article 8(1) of the GDPR.
In the event that the data subject’s data has been made public and in accordance with Article 17(1) of the GDPR, appropriate measures, including technical means, must be taken to – taking into account existing technological availability and implementation costs – inform the controllers processing the personal data that the data subject has requested the deletion of all links containing information about him or her as well as copies or replicas of such data.
We would like to point out that the right to erasure does not exist as long as the data processing is necessary.
- to exercise the right to freedom of expression and information
- to comply with a legal obligation required by the European Union or one of its Member States to which the data controller is subject, or to carry out a task carried out in the public interest or in the exercise of a task delegated by a public authority to the controller;
- for reasons of public interest in the field of public health according to Article 9 (2), letters h and i, as well as Article 9 of the GDPR;
- for the pursuit of purposes of public interest, scientific research, historical research or statistical purposes as referred to in Article 89 (1) of the GDPR, insofar as the law referred to in subparagraph (a) may make it impossible or seriously affect the achievement of the purposes of the processing or,
- to assert, exercise or defend legal claims.
8.5 Right to Information
The data subject has the right to rectify, delete or restrict the processing of his or her data, and we are obliged to notify this correction, deletion or restriction to all recipients to whom his or her personal information has been disclosed, except in cases where it proves impossible or involves a disproportionate effort. The data subject also has the right to be informed about these recipients.
8.6 Right to data portability
According to the GDPR, the data subject shall have the right to receive the personal data concerning him/her that he/she has provided in a structured, commonly used and machine-readable format. He shall also have the right to transmit them to another person without being prevented from doing so by the person in charge to whom he had provided them, when
- the processing is based on consent within the meaning of Article 6(1)(a) of the GDPR
- the processing is carried out by automated means.
In exercising his or her right to data portability, the data subject shall have the right to have personal data transmitted directly from data controller to data controller where technically feasible and without prejudice to the rights and freedoms of others.
The right to data portability shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
8.7 Right of Revocation of Consent
The data subject has the right to revoke his or her consent to the use of his or her privacy data at any time. Such revocation does not affect the lawfulness of the processing carried out on the basis of the consent until revocation.
8.8 Right of Opposition
The data subject shall have the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her on the basis of Article 6(1)(e) or (f) of the GDPR, including profiling on the basis of those provisions.
The controller shall cease to process the personal data unless it can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the formulation, exercise or defense of claims.
Where the purpose of the processing of personal data is direct marketing, the data subject shall have the right to object at any time to the processing of personal data concerning him/her, including profiling insofar as it is related to such marketing. When the data subject objects to the processing for direct marketing purposes, the personal data will no longer be processed for such purposes.
In the context of the use of information society services, and by way of derogation from the provisions of Directive 2002/58/EC, the data subject may exercise his or her right to object by automated means applying technical specifications.
8.9 Automated individual decisions, including profiling
According to the General Data Protection Regulation, the data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects on him or her or similarly significantly affects him or her. This principle shall not apply if the decision:
- it is necessary for the conclusion or performance of a contract between you and the data controller
- is authorized by Union or Member State law which applies to the controller and which also provides for appropriate measures to safeguard the rights and freedoms and legitimate interests of the data subject, or
- is based on the explicit consent of the data subject.
In the cases referred to in paragraph (1) and (3), the controller shall take appropriate measures to safeguard the rights and freedoms and legitimate interests of the data subject, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to challenge the decision.
The decisions referred to in paragraphs (1) to (3) shall not be based on the special categories of personal data referred to in Article 9(1), unless Article 9(2)(a) or (g) applies and appropriate measures have been taken to safeguard the rights and freedoms and legitimate interests of the data subject.
Right to Complaint to Supervisory Authorities
If you consider that the processing of your personal data is contrary to the GDPR, you have the right to complain to the supervisor of the member state in which you reside, work or where such violation of your rights has occurred.
You also have the right to complain to a local supervisory authority.
For Spain it is:
Spanish Data Protection Agency (AEPD)
C/ Jorge Juan, 6. 28001 – Madrid
Tel. 901 100 099 – 912 663 517
Please do not hesitate to contact us if you have any questions, comments or concerns regarding the collection, processing or use we make of your personal data.
May 23, 2018