Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Official Journal of the EU L 119/1, 04-05-2016) (henceforth, GDPR), provides a modernised framework based on accountability for data protection in Europe.
In this regard, article 12 of GDPR, under the heading “Transparent information, communication and modalities for the exercise of the rights of the data subject” establishes the following in section 1:
The controller shall take appropriate measures to provide any information referred to in Articles 13 and 14 and any communication under Articles 15 to 22 and 34 relating to processing to the data subject in a concise, transparent, intelligible and easily accessible form, using clear and plain language, in particular for any information addressed specifically to a child. The information shall be provided in writing, or by other means, including, where appropriate, by electronic means. When requested by the data subject, the information may be provided orally, provided that the identity of the data subject is proven by other means.
In order to make the greater requirements for information introduced by GDPR compatible with the concision and comprehension in how it is presented, the Data Protection Authorities recommend adopting a layered information model.
The multi-level information approach consists of the following:
- Presenting basic information at an initial level, in a summarised way, at the same time and in the same way that the data is collected.
- Referring to additional information at a second level, where the other information will be presented in detail, in a more suitable way for presentation, understanding, and if desired, filing.
Controller NATEEVO NATEEVO DIGITAL, S.L.
Address of the controller Avenida de Europa 1, building B, CP 28108, Alcobendas (Madrid)
Purpose Your data will be used to handle your requests and provide you our services.
Advertising We will only send you advertising with your prior consent, which you can provide to us via the corresponding box provided for that purpose.
Legitimation We will only process your data with your prior consent, which you can provide to us via the corresponding box provided for that purpose.
Recipients Generally, only the staff at our company that is duly authorised can be made aware of the information that we request from you.
Rights You have the right to find out which information we hold about you, to correct it and delete it, as explained in the additional information available on our website
Additional information More information in the “YOUR SECURE DATA” section on our website.
YOUR SECURE DATA
Information in compliance with personal data protection legislation.
In Europe and Spain there are data protection rules devised to protect your personal information which our company must comply with.
Therefore, it is very important for us that you perfectly understand what we are going to do with the personal data we request from you.
Thus, we will be transparent and give you control over your data, with simple language and clear options that will allow you to decide what we will do with your personal information.
Please, if you still have any queries after reading this information, do not hesitate to ask us.
Many thanks for your collaboration.
- About us
- Our name; NATEEVO DIGITAL, S.L.
- Our Company Tax No. / Tax ID No.: B-80891856
- Our main activity: Full Commerce Agency
- Our address: Avenida de Europa 1, building B, CP 28108, Alcobendas (Madrid)
- Our contact telephone number: + 916 623 404
- Our contact email address: firstname.lastname@example.org
- Our website: nateevodigital.com
- For your trust and security, we inform you that we are a company registered in the following Trade Registry/Public Registry: B-80891856
We are at your disposal, do not hesitate to contact us.
- What are we going to use your data for?
Generally, your personal data will be used to interact with you and provide you with our services.
Likewise, it can also be used for other activities, such as sending you advertising or promoting our activities.
- Why do we need to use your data?
Your personal data is needed in order to interact with you and provide you with our services. In this regard, we will provide you with a series of boxes that will enable you to decide, in a clear and simple way, how your personal information is used.
- Who is going to find out the information that we request from you?
Generally, only the staff at our company that is duly authorised can be made aware of the information that we request from you.
Likewise, staff from entities that require access to it in order for us to provide you with our services may be made aware of your personal information. Thus, for example, our bank will find out your data if payment for our services is carried out via card or bank transfer.
Likewise, public or private entities that we are obliged to provide your personal data to in order to comply with a law, will be made aware of your information. For example, the Tax Law forces the Tax Agency to provide specific information about financial operations that exceed a specific amount.
In the event that, aside from the aforementioned cases, we have to provide your personal information to other entities, we will request your consent beforehand through clear options that will enable you to decide on this matter.
- How are we going to protect your data?
We will protect your data with effective security measures in accordance with the risks that the use of your information entails.
To this end, our company has approved a Data Protection Policy and annual checks and audits are carried out to verify that your personal data is secure at all times.
- Will we send your data to other countries?
The world has countries that are secure for data and others that are not so secure. Thus, for example, the European Union is a secure environment for your data. Our policy is to not send your information to any country that is not secure from the point of view of data protection.
In the event that, in order to provide you with the service, it is essential to send your data to a country that is not as secure as Spain, we will always request your consent beforehand and we will apply effective security measures that reduce the risk of sending your personal information to another country.
- How long are we going to keep your data for?
We will keep your data over the course of our relationship and while required by law. Once the applicable legal periods have ended, we will get rid of it in a secure and environmentally friendly way.
- What are your data protection rights?
You can contact us at any time to find out what information we have about you, correct it if it is incorrect and get rid of it at the end of our relationship, if it is legally possible.
You also have the right to request the transfer of your information to another entity. This right is called “portability” and can be useful in specific situations.
In order to request any of these rights, you have to send a written request to our address, along with a photocopy of your National ID No., in order to identify yourself.
At the offices of our company, we have specific forms for requesting these rights and we offer you our help to fill them in.
To find out more about your data protection rights, you can consult the website of the Spanish Data Protection Agency (www.agpd.es).
- Can you withdraw your consent if you change your mind at a later date?
You can withdraw your consent if you change your mind about the use of your data at any time.
Thus, for example, if you were once interested in receiving advertising about our products or services, but you no longer to wish to receive any more advertising, you can inform us through the form for opposition to processing available at the offices of our company.
- If you believe that your rights have been neglected, where can you make a complaint?
If you believe that your rights have been neglected by our company, you can make a complaint to the Spanish Data Protection Agency, through any of the following means:
- Electronic office: agpd.es
Spanish Data Protection Agency
Calle Jorge Juan, 6
- Via telephone:
Tel. 901 100 099
Tel. 91 266 35 17
Making a complaint to the Spanish Data Protection Agency is free of charge and it is not necessary for a lawyer or legal representative to be in attendance.
- Will we create profiles about you?
Our policy is to not create profiles about the users of our services.
However, there may be situations where, for the purposes of providing the service, commercial purposes or of another kind, we need to create information profiles about you. One example could be the use of your purchase or service history in order to offer you products or services adapted to your tastes or needs.
In this case, we will apply effective security measures that protect your information at all times from unauthorised people who aim to use it for their own benefit.
- Will we use your data for other purposes?
Our policy is to not use your data for purposes other than those which we have explained. However, if we need to use your data for other purposes, we will always ask for your consent beforehand through clear options that enable you to decide on the matter.
DATA PROTECTION POLICY
The Management / Governing Body of NATEEVO DIGITAL, S.L. (henceforth, the controller), assumes the utmost responsibility and commitment to the establishment, implementation and maintenance of this Data Protection Policy, guaranteeing the ongoing improvement of the controller with the aim of achieving excellence in relation to compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Official Journal of the EU L 119/1, 04-05-2016), and of Spanish personal data protection legislation (Organic Law, specific sectoral legislation and its implementing provisions).
The Data Protection Policy of NATEEVO DIGITAL, S.L. is grounded in the principle of proactive responsibility, according to which the controller is responsible for compliance with the regulatory and case-law framework that governs the Policy, and it is capable of demonstrating this to the competent control authorities.
In that regard, the controller will be governed by the following principles that must serve all its staff as a guide and reference framework for the processing of personal data:
- Data protection by design: the controller will apply, both at the time of determining the means of processing and at the time of the processing itself, the appropriate technical and organisational measures, such as pseudonymisation, devised to effectively apply the data protection principles, as well as data minimisation, and integrate the necessary guarantees into the processing.
- Data protection by default: the controller will apply the appropriate technical and organisational measures with the aim of guaranteeing that, by default, only the personal data necessary for each of the specific purposes of processing is subject to processing.
- Data protection in the information lifecycle: the measures that guarantee the protection of personal data will apply during the entire information lifecycle.
- Lawfulness, fairness and transparency: the personal data will be processed in a lawful, fair and transparent way in relation to the interested party.
- Purpose limitation: personal data will be collected for specific, explicit and legitimate purposes, and it will not subsequently be processed in a way that is incompatible with those purposes.
- Data minimisation: personal data will be appropriate, relevant and limited to what is necessary in relation to the purposes for which it is processed.
- Accuracy: personal data must be accurate and, if necessary, up-to-date; all reasonable measures will be adopted to ensure that personal data that is inaccurate in relation to the purposes for which it is processed is deleted or rectified without delay.
- Storage limitation: personal data will be kept in a way that enables the identification of the interested parties for no longer than what is required for the purposes of the processing of the personal data.
- Integrity and confidentiality: personal data will be processed in a way that guarantees adequate security of the personal data, including protection against unauthorised or unlawful processing and against its loss, destruction or accidental damage, through the application of appropriate technical or organisational measures.
- Information and training: one of the keys to guarantee the protection of personal data is the training and information that is provided to the staff involved in the processing of it. During the information lifecycle, all staff with access to the data will be properly trained and informed about their obligations in relation to compliance with data protection legislation.
The Data Protection Policy of NATEEVO, S.L. is communicated to all staff of the controller and provided to all interested parties.
Consequently, this Data Protection Policy involves all the staff of the controller, who must know it and accept it, consider it as their own, each member is responsible for applying it and verifying the data protection rules that apply to their activity and also identifying and contributing the opportunities for improvement that they deem appropriate with the aim of attaining excellence in relation to its compliance.
This policy will be reviewed by the Management / Governing Body of NATEEVO, S.L., as many times as deemed necessary, in order to comply, at all times, with the current provisions on personal data protection.