In data protection terms, COMERCIAL SALGAR, S.A.U., is considered to be the Data Controller, with regards the files/processing identified in this policy, specifically in the Data processing section.
The identification details of the owner of this website are listed below:
Data Controller: COMERCIAL SALGAR, S.A.U.
Postal address: Carretera de Logroño, Km. 9,500, 50011, Zaragoza, (Zaragoza).
Email address: firstname.lastname@example.org
The personal data requested, if any will consist only of data that is strictly necessary to identify and respond to the request submitted by the owner of the data, hereinafter the data subject. Such information will be processed fairly, lawfully and transparently in relation to the data subject. In addition, personal data will be collected for specific, explicit and legitimate purposes and will not be further processed in a manner incompatible with those purposes.
The data collected from each data subject will be appropriate, relevant and not excessive in relation to the corresponding purposes for each case, and will be updated whenever necessary.
The owner of the data will be informed, prior to the data being collected, of the general points regulated in this policy so they may give their express, precise and unequivocal consent for their data to be processed, in accordance with the following aspects.
The specific purposes for which each aspect of processing is carried out are set out in the information clauses included in each of the data collection channels (website forms, paper forms, voice-overs or posters and informative notes).
However, the personal data belonging to the data subject will be processed with the sole purpose of providing an effective response and responding to the requests submitted by the user, specified along with the option, service, form or system for data collection used by the data subject.
As a general rule, prior to processing personal data, COMERCIAL SALGAR, S.A.U. obtains express and unequivocal consent from the data subject, by incorporating informed consent clauses in the different systems for collecting information.
However, in the event that the consent of the data subject is not required, the legitimate basis for the processing under which COMERCIAL SALGAR, S.A.U. acts is the existence of a specific law or regulation that authorises or requires the processing of the data subject’s data
As a general rule, COMERCIAL SALGAR, S.A.U. does not transfer or disclose data to third parties, unless it is legally required to do so, however, if necessary, the data subject is notified of such transfers or disclosure through the informed consent clauses contained in the different personal data collection channels.
As a general rule, personal data will always be collected directly from the data subject, however, in certain exceptions, the data may be collected through third parties, entities or services other than the data subject. In such a case, the data subject will be notified of this through the informed consent clauses contained in the different personal data collection channels and within a reasonable period of time, once the data has been obtained, and at the latest within one month.
Periods for retaining the data
The information collected from the data subject will be retained for as long as it is necessary to comply with the purpose for which the personal data was collected, so that, once the purpose has been fulfilled, the data will be cancelled. This cancellation will lead to the data being blocked and it will only be kept at the disposal of the Public Authorities, Judges and Courts, to respond to any possible liability issues resulting from the processing, during the statute of limitations for such actions, after which time the information will be destroyed.
For information purposes, the legal periods for retaining the information in relation to different matters are shown below:
|Employment documentation or that related to social security||4 years||Article 21 of Royal Legislative Decree 5/2000, of 4 August, approving the revised text of the Law on Infringements and Sanctions of the Social Order|
|Accounting and fiscal documentation for commercial purposes||6 years||Art. 30 of the Code of Commerce|
|Accounting and fiscal documentation for tax purposes||4 years||Articles 66 to 70 of the General Tax Law|
|Building access control||1 month||Directive 1/1996 of the AEPD (Spanish Data Protection Agency)|
|Video surveillance||1 month||Directive 1/2006 of the AEPD (Spanish Data Protection Agency) Organic Law 4/1997|
Rights of data subjects.
The data protection regulations confer a series of rights to data subjects or data owners, website users or users of the social network profiles of COMERCIAL SALGAR, S.A.U.
These rights granted to data subjects are listed below:
- Right of access: the right to obtain information about whether or not their own data is being processed, the purpose of the processing being carried out, the categories of data concerned, the recipients or categories of recipients, the period of retention and the origin of the data.
- Right of rectification: the right to the rectification of inaccurate or incomplete personal data.
- Right of deletion: the right to have the data deleted in the following circumstances:
- When the data is no longer necessary for the purpose for which it was collected
- When the owner of the data withdraws their consent
- When the data subject objects to the processing
- When the data must be deleted in compliance with a legal obligation
- When the data has been obtained via an information society service in accordance with the provisions established in Article 8, paragraph 1 of the European Data Protection Regulation.
- Right of objection: the right to object to a specific processing action based on the data subject’s consent.
- Right of limitation: the right to limit data processing in any of the following circumstances:
- When the data subject contests the inaccuracy of the personal data, during a period of time that allows the company to verify the accuracy of the data in question.
- When the processing is unlawful and the data subject opposes the deletion of the data
- When the company no longer needs the data for the purposes for which it was collected, but the data subject needs it to submit, exercise or defend any complaints.
- When the data subject has opposed the processing while it is being checked whether or not the legitimate reasons of the company prevail over those of the data subject.
- Right to portability: the right to obtain data in a structured, commonly used and machine-readable format, and to pass the data on to another controller when:
- The processing is based on consent
- The processing is carried out by automated means
- Right to submit a complaint to the competent supervisory authority.
The data subjects may exercise the rights listed above by writing to COMERCIAL SALGAR, S.A.U., at the following address: Carretera de Logroño, Km. 9,500 50011 Zaragoza (Zaragoza) indicating the right they wish to exercise in the subject line.
In this regard, COMERCIAL SALGAR, S.A.U. will deal with all requests as soon as possible and will take into account the timescales established in the data protection legislation.
The security measures adopted by COMERCIAL SALGAR, S.A.U. are those required, in accordance with the provisions established in article 32 of the GDPR. In this regard, COMERCIAL SALGAR, S.A.U., taking into account the state of the art, the costs of application and the nature, scope, context and purpose of the processing, as well as the risks of variable probability and severity for the rights and freedoms of natural persons, has established the appropriate technical and organisational measures to guarantee the right level of security for the existing risk.
In all cases, COMERCIAL SALGAR, S.A.U. has implemented sufficient mechanisms to:
- Guarantee the continued confidentiality, integrity, availability and resilience of processing systems and services.
- Restore availability and access to personal data quickly in the event of a physical or technical incident.
- Verify, evaluate and assess, on a regular basis, the effectiveness of the technical and organisational measures implemented to guarantee the security of data processing.
- Pseudonymise and encrypt personal data, as applicable.