Privacy Policy
Version: 25/05/2018
1. Identification.
1.1. Mac Puar, S.A. (hereinafter, MP); company registered in the Mercantile Registry of Seville, volume 194, page 107, section 3, sheet SE-5611; with VAT A41023607; regiistered office in Leonardo Da Vinci Street, 15, 41092, Seville (Spain); telephone (+34) 902197277; and email elevacion@mpascensores.com, is the owner of the website located at the Internet address http://www.macpuarsa.es and their accounts on social networks (hereinafter, this Website).
1.2. MP is the owner of the following accounts in social networks:
1.3. The person accessing this Website (hereinafter, the User), ensures that it has the legal minimum age established by the General Data Protection Regulation (16 years) or by the national regulations that apply to grant the consent in relation to the services of the information society.
1.4. By accessing this Website, the User expressly accepts all the clauses of its legal information, this privacy policy, and its cookies policy, as well as all those particular conditions collected for the use of certain services. In case of not accepting any of the mentioned clauses, the User must refrain from accessing this Website.
2. Processing of personal data by the controller.
2.1. The information regarding the different processing carried out by MP as controller is expanded below.
Data provided in the application form "Customer service" | |
Who is the controller for the processing of your data? | MP (more information in point 1.1). |
Which is the purpose of the processing of your personal data?
| We will process the information you provide, or authorize access, in order to manage what is indicated in your communication. |
How long will we keep your data? | We will kept the personal data that you provide us, while your communication is being handled, as long as the commercial relationship is maintained, or during the time necessary to comply with legal obligations. |
What is the legitimization for the processing of your data? | The legal basis for the processing of your data is your freely granted consent. |
To which recipients will your data be communicated? | No data will be transferred to third parties, except legal obligation or prior authorization. |
What are your rights when you provide us with your data? | You have the right to request from MP access to and rectification or erasure of personal data or restriction of processing concerning the User or to object the processing as well as the right to data portability, the right to withdraw consent at any time, or he right to lodge a complaint with a supervisory authority (more information in point 6). |
What data should be mandatory?
| All the data in the application form is compulsory, if you do not provide us with such data, you will not be allowed to contact MP. |
Data provided through the application form in the section "Budget Request" | |
Who is the controller for the processing of your data? | MP (more information in point 1.1). |
Which is the purpose of the processing of your personal data?
| We will process the information you provide, or authorize access, in order to manage your budget for the service or product requested. |
How long will we keep your data? | We will kept the personal data that you provide us, while your requested budget is being managed, as long as the contractual or pre-contractual relationship is maintained, or during the time necessary to comply with legal obligations. |
What is the legitimization for the processing of your data? | The legal basis for the processing of your data is your freely granted consent. |
To which recipients will your data be communicated? | No data will be transferred to third parties, except legal obligation or prior authorization. |
What are your rights when you provide us with your data? | You have the right to request from MP access to and rectification or erasure of personal data or restriction of processing concerning the User or to object to processing as well as the right to data portability, the right to withdraw consent at any time, or he right to lodge a complaint with a supervisory authority (more information in point 6). |
What data should be mandatory?
| All the data of the form are obligatory, if you do not provide us with such data, you will not be allowed to contact MP. |
Contact by email | |
Who is the controller for the processing of your data? | MP (more information in point 1.1). |
Which is the purpose of the processing of your personal data?
| We will process the information you provide, or authorize access, in order to arrange and reply the communications addressed to our email. |
How long will we keep your data? | We will kept the personal data that you provide us, while your communication is being handled, as long as the commercial relationship is maintained, or during the time necessary to comply with legal obligations. |
What is the legitimization for the processing of your data? | The legal basis for the processing of your data is your freely granted consent. |
To which recipients will your data be communicated? | No data will be transferred to third parties, except legal obligation or prior authorization. |
What are your rights when you provide us with your data? | You have the right to request from MP access to and rectification or erasure of personal data or restriction of processing concerning the User or to object the processing as well as the right to data portability, the right to withdraw consent at any time, or he right to lodge a complaint with a supervisory authority (more information in point 6). |
What data should be mandatory?
| You are not required to provide any information to contact MP through email. |
Contact through social networks | |
Who is the controller for the processing of your data? | MP (more information in point 1.1). |
Which is the purpose of the processing of your personal data?
| We will process the information you provide, or authorize access, for the purpose of managing contacts in social networks. |
How long will we keep your data? | We will kept the personal data that you provide us, while your communication is being handled, as long as the commercial relationship is maintained, or during the time necessary to comply with legal obligations. |
What is the legitimization for the processing of your data? | The legal basis for the processing of your data is your freely granted consent. |
To which recipients will your data be communicated? | No data will be transferred to third parties, except legal obligation or prior authorization. |
What are your rights when you provide us with your data? | You have the right to request from MP access to and rectification or erasure of personal data or restriction of processing concerning the User or to object the processing as well as the right to data portability, the right to withdraw consent at any time, or he right to lodge a complaint with a supervisory authority (more information in point 6). |
What data should be mandatory?
| You are not requested to provide any information to contact MP through social networks. |
3. Processing of personal data as processor.
3.1. The User who signs a contract for the provision of services with MP as processors, authorizes him to process the personal data necessary to provide the requested service.
3.2. For the execution of the services related to the fulfillment of the object of this assignment, the controller will make available to MP, the personal data necessary to provide the requested service.
3.3. This agreement will last as long as the commercial relationship is maintained. Once this contractual relationship ends, MP must return to the controller the personal data, or transmit it to another processor designated by the controller, and delete any copy in their possession. However, the data may be kept blocked to address possible administrative or jurisdictional responsibilities.
3.4. MP and all his personnel are obliged to:
· Use the personal data object of processing, or those collected for inclusion, only for the purpose of this assignment. In any case it may be used data for other purposes.
· To process the data according to the instructions of the controller.
· Keep, in writing, a record of all the categories of processing activities carried out on behalf of the controller, which contains:
◦ The name and contact information of the processor or processors and each controller for which the processors acts.
◦ The processing categories carried out by each controller.
◦ A general description of the appropriate technical and organizational safety measures that you are applying.
◦ Do not communicate the data to third parties, unless you have the express authorization of the controller, in the legally admissible cases. If the processor wants to outsource, he has to inform the controller and request his prior authorization.
· Maintain the duty of secrecy regarding personal data to which you have had access under this order, even after the end of the contract.
· Guarantee that the authorized persons to process personal data commit, expressly and by writing, to respect confidentiality and to comply with the corresponding security measures, of which they must be informed conveniently.
· Maintain at the disposal of the controller the documentation proving compliance with the obligation established in the previous section.
· Guarantee the necessary training regarding the protection of personal data of the persons authorized to process personal data.
· When the affected users exercise the rights of access, rectification, erasure and object, limitation of the processing and portability of data to MP, this must be communicated by email to the controllers address. The communication must be made immediately and in no case beyond the working day following the reception of the request, together with, when appropriate, other information that might be relevant to resolve the request.
· Notification of data security breaches: MP will notify the data controller, without undue delay and through his email address, of the security breaches in relation to the personal data in his charge which he has knowledge of, together with all the relevant information for the documentation and communication of the incident. At least the following information must be provided:
◦ Description of the nature of the violation of the security of personal data, including, when possible, the categories and the approximate number of interested parties affected, and the categories and the approximate number of personal data records affected.
◦ Information of the contact person to obtain more information.
◦ Description of the possible consequences of the violation of the security of personal data.
◦ Description of the measures adopted or proposed to remedy the violation of the security regarding personal data, including, if applicable, the measures adopted to mitigate the possible negative effects. If it is not possible to provide the information simultaneously, and to the extent that it is not, the information will be provided gradually without undue delay.
· MP, at the request of the controller, will communicate those breaches of data security to the controller as soon as possible, when it is likely that the violation implies a high risk to the rights and freedoms of natural persons. The communication must be done in a clear and simple language and must include the elements indicated in each case by the controller, at least:
◦ The nature of the data breach.
◦ Data of the contact of the controller where more information can be obtained.
◦ Describe the possible consequences of the violation of the security of personal data.
◦ Describe the measures adopted or proposed by the controller to remedy the violation of the security of personal data, including, if applicable, the measures adopted to mitigate the possible negative effects.
· Provide the controller with all the information necessary to demonstrate compliance with their obligations, as well as for the performance of audits or inspections carried out by the person in charge or by another auditor authorized by him.
· Implement the necessary technical and organizational security measures to guarantee the confidentiality, integrity, availability and permanent resilience of the processing systems and services.
· Return to the controller the personal data and, if applicable, the media where they appear, once the service has been completed.
· The return must involve the total deletion of the existing data in the computer equipment used by MP. However, MP may keep a copy, with the data duly blocked, as long as responsibilities for the execution of the provision can be derived.
3.5. Duties the controller:
· Provide the processor with the necessary data so that he can provide the service.
· Ensure, prior to and throughout the processing, compliance with the General Data Protection Regulations of MP.
· Supervise the processing.
4. Social networks.
4.1. When the User accesses the accounts of MP on social networks, they accept the processing of their personal data by them according to their privacy policies:
5. Guarantee.
5.1. The User guarantees that the information provided is truthful, accurate, complete and up-to-date, and is responsible for any damage or loss, direct or indirect, that may be caused as a result of breach of this obligation.
5.2. If the data provided belonged to a third party, the User guarantees that he has informed that third party and obtained has authorization to provide his personal data to MP.
6. Rights.
6.1. Right of access: The User shall have the right to obtain from MP confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data.
6.2. Right to rectification: The User shall have the right to obtain from MP without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the User shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
6.3. Right to erasure: The User shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller has the obligation to erase personal data without undue delay.
6.4. Right to restriction of processing: The User has the right to obtain from MP restriction of processing.
6.5. Right to data portability: The User has the right to receive the personal data concerning him or her, which he or she has provided to MP, in a structured, commonly used and machine-readable format and has the right to transmit those data to another controller without hindrance from the controller to which the personal data has been provided.
6.6. Right to object: The User has the right to object, on grounds relating to his or her particular situation, at any time regarding the processing of personal data concerning him or her. MP shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
6.7. Automated individual decision-making, including profiling: The User has the right to not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or affects him or her similarly.
6.8. Right to withdraw his or her consent: The User shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. It shall be as easy to withdraw as to give consent.
6.9. The User may exercise the rights of access, rectification, erasure, restriction of processing, object and portability at any time, by writing addressed to Pabellón MP, Leonardo Da Vinci Street, 15, 41092, Seville (Spain), or through the e-mail address elevacion@mpascensores.com.
6.10. More information about these rights here.