Data protection policy
1.- Identity of the Data Controller
The information provided by the USER through any of the forms or methods of contact made available on the WEBSITE, which may content personal data, will be processed by GESTAMP SERVICIOS, S.A. (hereinafter, the “COMPANY”), with registered offices at Calle Alfonso XII, 16, 28014 Madrid, as Controller.
2.- Purpose and legal basis of data processing
The COMPANY will need to process the USER's data both to meet the requests for information that the USER makes through the WEBSITE, as well as to provide any requested services or services that the USER decides to sign up to or register through any of the forms on the WEBSITE.
The legal basis that legitimates the processing of data collected through the WEBSITE by the COMPANY may be the USER’s express consent, the contractual relationship between the COMPANY and the USER or the legitimate interest of the COMPANY when, for example, offering COMPANY services and products equal or similar to those taken out or previously requested by the USER.
Any USER who contacts the COMPANY through the WEBSITE consents to the processing of the data provided through such contact in accordance with this WEBSITE Data Protection Policy.
Any USER who registers through any WEBSITE form must consent to the processing of their data in accordance with the Data Protection Policy provided along with said form, by checking the consent box enabled for this purpose.
THE COMPANY will process the information provided by the USER for different purposes, depending on the way the data is collected:
- Send information required by the USER.
- Manage, administer , provide, extend, adapt and improve the services requested or to which the USER has decided to subscribe or register.
- Design new services related to the previous ones.
The USER consents to the processing of their data for the purposes described, or when applicable, for the purposes described in the Data Protection Policy provided together with the subscription form regarding the WEBSITE's services, without prejudice to the right they have to revoke such consent.
3.- Transfer of Personal Data
The data that the USER has provided to THE COMPANY will not be communicated to any third party, unless:
- The transfer is authorized by law.
- The treatment responds to the free and legitimate acceptance of a legal relationship whose development, compliance and control necessarily involves the communication of data to third parties.
- The data is requested by the Public Prosecutor's Office or the Judges or Courts or the Court of Accounts, in the exercise of the functions assigned to them.
THE COMPANY may transfer the data to the companies of the Loire Gestamp Group when you have a legitimate interest, for corporate or administrative reasons.
4.- Compulsory or voluntary character of the requested information
The compulsory data for each form will be identified as such on the form itself. Failure to provide said information will effectively mean that the service requested by the USER cannot be provided.
5.- Storage of data
The period during which the personal data is stored will vary depending on the service, until the provision thereof has ended satisfactorily, or until the USER revokes their consent. At any rate, the time personal data is to be kept will be reduced to the minimum necessary, so it will only be kept while the purpose for which it was collected still exists. When keeping this data is no longer necessary, the COMPANY will keep the data that may be necessary during the legally established terms blocked, so that any issues related to the processing thereof may be addressed. After the legal terms, any personal data will be deleted, adopting the appropriate security measures to ensure the total erasure thereof.
6.- Exercising of rights
The USER may exercise their rights of access, rectification, cancelation/erasure, objection, limitation and portability before Loire Gestamp by sending an email to the address dataprotection@gestamp.com, or through ordinary mail to the address indicated above, identifying their capacity as USER of the WEBSITE, providing a photocopy of their National Identification Document, or equivalent identification, and specifying their request.
Additionally, if the USER considers that his/her personal data protection rights have been breached, he/she may lodge a complaint with the competent data protection authority (in Spain, Agencia Española de Protección de Datos (www.agpd.es).
7.- USER’s obligations regarding data protection
The USER guarantees that he or she is of legal age and that the information provided is exact and truthful. The USER undertakes to inform the COMPANY of any modification to the information provided by sending an email to the address , identifying themselves as USER of the WEBSITE and specifying the information that must be modified.
Likewise, the USER undertakes to keep the passwords and identification codes secret and to inform the COMPANY as soon as possible in the event of loss, theft or unauthorized access. As long as this communication does not occur, the COMPANY will be exempt from all liability that may arise from the improper use by unauthorized third parties of such passwords and identification codes.
In the event that the USER provides third party personal data for any purpose, they guarantee that they previously informed the affected parties and obtained their consent for the purpose of providing their data to THE COMPANY.
8.- Security measures
The COMPANY has adopted the technical and organizational measures needed to ensure the security of personal data and prevent the unauthorized alteration, loss, processing or access, taking into account the state of technology, the nature of the stored data, and the risks to which it is exposed.
9.- USER’s consent
The USER declares to have read and understood this document and expressly consents to the processing of their data in accordance with the conditions set forth herein.