DATA CONTROLLER AND REGULATORY COMPLIANCE STATEMENT
Pursuant to the provisions of the Spanish and European Regulation on Personal Data Protection, you are hereby informed that the owner of this website and the data controller of your personal data is HNOS. ASENSIO, S.L. (hereinafter, “GRUPO SESÉ”), whose data are included in our Legal Notice.
GRUPO SESÉ states that it shall comply with the Spanish and European law in force on Personal Data Protection and, with regard to the state of the technology, the nature of the data and the risks to which they are exposed, GRUPO SESÉ states that it shall take the appropriate technical and organisational measures to guarantee the confidentiality and privacy of personal data collected by means of this website, as well as the integrity, availability and security thereof, taking the necessary actions to prevent any alteration, loss, access without any authorisation or fraudulent use of the data processed.
PERSONAL DATA AND PERSONAL DATA PROCESSING
Personal data are collected and processed through this website. All the personal data that you provide to GRUPO SESÉ shall be incorporated into our database and shall be used, in each case, according to the following purposes:
• to manage enquiries made through the Contact Form and the different contact emails on this website and to respond thereto opportunely
• to send commercial communications about our products or services, or news about GRUPO SESÉ that we may deem convenient to you
• to analyse traffic, displays and browsing throughout the website
• to have a business, pre-contractual or contractual relationship established with you and to provide the services requested.
• to manage efficiently all the issues regarding arrangement and holding of events and other activities related to the purposes of GRUPO SESÉ.
HOW DO WE USE PERSONAL DATA
Lawful and fair data collection
We are always going to ask for your prior consent to process your personal data for one or several particular purposes, which shall be informed before sending your data; unless the personal data processing is based on any other legitimate cause pursuant to the applicable law in force
We only require from users the data strictly necessary in relation to the purposes of data processing.
Limit of the storage period
We keep the data for the required time according to the processing purpose, informing in each case of the storage period. We review and update the personal databases erasing inactive records or those that are no longer necessary as the processing has been completed.
We apply the appropriate technical and organisational security measures for the processing of personal data, ensuring confidentiality and minimising the risk of unauthorised access or improper use of the users’ personal data by third parties.
HOW DO WE COLLECT YOUR DATA? TYPE OF PERSONAL DATA WE COLLECT
The browsing of our web pages, requests for information or inquiries about our products or services, including the subscription to newsletters, through our contact forms or any of the indicated addresses or phone numbers, shall mean that you authorise to the processing and assignments described, as well as, where appropriate, to receive commercial communications related to products, services or own activities, or third parties’.
No express authorisation is required to receive commercial communications related to products or services identical or similar to those previously contracted, notwithstanding the right to oppose the aforementioned processing at any time In all other cases, Users must accept or expressly request to receive commercial communications, as well as the receipt of communications regarding events and activities of GRUPO SESÉ.
CONSENT OF MINORS
Users under the age of 14 are not allowed by GRUPO SESÉ to send personal data though this website. If GRUPO SESÉ detects users that are under the aforementioned age, it shall not process their data and, therefore, shall not respond to their requests.
GRUPO SESÉ reserves the right to request a copy of their DNI or equivalent document to certify the legal standing if there is well-founded suspicion about the User’s age.
PURPOSE OF THE PROCESSING BY GRUPO SESÉ
The legal basis for the data processing is to serve and manage users and customers’ requests pursuant to the aforementioned provisions, to comply with the contractual relation with our customers, our legitimate interest for marketing purposes and the consent provided with regard to the other cases for the aforementioned purposes.
In addition, if you are interested to work with us and you send us your curriculum vitae and other data for these purposes though any of the means available therefor, please be informed that your data shall be incorporated into our files and shall be used for future and current selection procedures. By sending the aforementioned data, you are expressly authorising GRUPO SESÉ to process your data pursuant to the aforementioned purposes, your consent being equally the legal base for the aforementioned processing.
Grupo Sesé is committed to process your personal data confidentially and technical, sufficient and organisational measures shall be taken to guarantee privacy and confidentiality.
The personal information GRUPO SESÉ has on users is not always collected directly from users. Our servers collect certain information automatically by means of cookies that can identify the User.
The data collected by means of cookies shall be stored pursuant to the provisions of the Cookies Policy.
SECURITY MEASURES APPLICABLE TO THE PERSONAL DATA PROCESSING
In order to protect the personal data of web users, GRUPO SESÉ ensures itself and controls its data processors when applying technical and organisational measures appropriate to the state of the art to protect personal data, considering the scope, context and purposes of the processing, as well as the risks of variable probability and severity for the rights and freedoms of the interested parties, seeking to be able to ensure confidentiality, integrity, availability and resilience of the processing systems and services .
In particular, GRUPO SESÉ has implemented an Encryption and Authentication Protocol that ensures that the personal data browsed by us are transferred to our serves by means of a safe SSL (“Secure-Socket-Layer”) connection, for the purposes of protecting them from third parties.
Our policies and security procedures on information are reviewed and updated habitually for the purpose of meeting the needs of our business, the technological changes and the regulatory requirements.
GRUPO SESÉ states to be entitled to act rapidly and effectively to restore the availability and access to personal data in case of identifying a physical or technical incident, maintaining an internal Incident Record, a response plan for incidents, as well as the necessary management activities and backup copy control that guarantee the information recovery in the event of a security incident.
GRUPO SESÉ states to be entitled to store users’ personal data on secure servers, which are protected against the most common types of attacks in Spain, Europe, or in the event of storage outside of Europe, after verification of compliance with European agreements (Privacy Shield).
NOTIFICATION OF SECURITY BREACHES ON PERSONAL DATA
In The event of security breaches on personal data, excepting when they are not a risk for rights and freedoms of natural persons, GRUPO SESÉ shall notify to the Spanish Agency for Data Protection of the nature of the breach, the possible consequences that may arise and the measures taken or proposed to remedy the security breach, within 72 hours after the incident has been reported; in addition, if possible, the categories and the approximate number of affected people shall be also reported.
Likewise, GRUPO SESÉ shall notify the interested party, as soon as possible, if a security breach on the personal data may highly affect rights and freedoms of natural persons, describing the possible consequences that may arise and the measures taken or proposed to remedy the security breach.
EXERCISE OF RIGHTS
Users can withdraw their consent and/or exercise their rights of access, rectification, suppression, limitation, opposition and portability at any time, which are provided in the European regulation on Personal Data, by sending an email to firstname.lastname@example.org or by means of regular post to HNOS SESÉ ASENSIO, SL at Calle Virgen del Buen Acuerdo, 5, 50014 Zaragoza.
In such case, Users must state the right to be exercised and the website on which such right shall be exercised, and attach a copy of their DNI or any other identification document in force that may legitimate them thereto, including such documents providing electronic identification.
The interested parties are hereby informed that the data processing is occasionally required and essential to perform different tasks, such as their contracting or the maintenance of our contractual and/ or commercial relation. If you want to exercise your right of suppression or opposition to the treatment, which can be refused, you are fully responsible for the possible consequences that may arise therefrom.
Likewise, be informed that the Spanish Agency on Data Protection is the relevant control authority for the protection of rights, and you are entitled to file a claim before it if you consider that the data processing is not appropriate.
GRUPO SESÉ shall respond to your request as soon as possible and, in any event, within a month period since the receipt of the request. Said term can be extended for two months if necessary, considering the complexity and the number of requests. GRUPO SESÉ shall inform the interested party of the extension within the first month from request.
HOW TO SHARE INFORMATION WITH THIRD PARTIES DATA PROCESSOR
When we share personal information, we do so pursuant to the data privacy and security provisions. GRUPO SESÉ informs Users that their personal data may be transferred to:
• our commercial partners and third-party service providers, if required for providing services, coordinating activities, internal management, supplier certification, software, system and platform support, hosting services in the cloud and electronic communications. In such cases, a data transfer shall be carried out to the third parties when GRUPO SESÉ informs so to Users and maintains a contractual relationship with the data processor that guarantees the confidentiality, not to use personal data that we make available for other purposes, as well as the compliance with our internal data privacy and security rules.
• when such data transfer is under a legal obligation or, if required, by the relevant authorities to respond legal requirements, criminal investigation for a possible illegal activity or claims that show that a content breaches the rights of third parties or protect the rights, the propriety or the security of third parties, in the event of merger, sale, restructuring, acquisition, joint venture, allocation, transfer or other procedure, totally or partially, of our company, assets or shares.
If GRUPO SESÉ is required to respond before relevant authorities to legal requests, criminal investigations for a suspected illegal activity or claims stating that content breaches the rights of third parties; or to protect right propriety or security of third parties, it shall be allowed to communicate personal data from users to relevant authorities.
HOW LONG WILL WE PROCESS YOUR DATA?
With regard to job applicants, if you are applied for a specific offer, your data shall be stored for the corresponding selection process. In all other cases, your data shall be stored for a maximum period of 1 year, and then they shall be suspended.