DATA PROTECTION POLICY
In compliance with Regulation (EU) 2016/679, of the European Parliament and of the Council, of 27 April 2016 (hereinafter GDPR), INGENIERÍA DE PROCESOS Y PRODUCTO I-MAS S.L. (hereinafter Proto&Go!) hereby discloses this Policy regarding the processing and protection of personal data.
Data of the data supervisor:
INGENIERÍA DE PROCESOS Y PRODUCTO I-MAS S.L.
Domicilio social: C/ Castello, 19 08110 Montcada i Reixac (Barcelona)
Contact details of the Data Representative: firstname.lastname@example.org
Field of application
This Policy will be applied:
- To those persons who visit the Proto&Go! website, protoandgo.com (hereinafter, any reference to it shall also include the English and French versions respectively).
- To those persons who visit the Proto&Go! website, protoandgo.com (hereinafter, any reference to it shall also include the English and French versions respectively).
- To those who request information about Proto&Go! products and services or who request to participate in any of the commercial actions of Proto&Go!
- To those who formalise a contractual relationship with Proto&Go! by contracting its products and services.
- To those who use any other service present on the web site that implies the communication of data to Proto&Go! or the access to data by Proto&Go! for the provision of its services.
- To any others who, directly or indirectly, have given their express consent for their data to be processed by Proto&Go! for any of the purposes set out in this Policy.
The use of Proto&Go! products and services requires the express acceptance of this Policy.
Proto&Go! informs that, except for the existence of a legally constituted representation, no user and/or client may use the identity of another person and communicate their personal data, and therefore the data provided to Proto&Go! must be personal data, corresponding to their own identity, adequate, pertinent, current, exact and true. In this sense, the user and/or client will be the only responsible for any direct or indirect damage caused to third parties or to Proto&Go! by the use of data of another person or their own data when they are false, erroneous, not current, inadequate or not pertinent. Likewise, the user and/or client who communicates the personal data of a third party will be responsible for having obtained the corresponding authorisation from the interested party, as well as for the consequences if this is not the case.
Furthermore, the user and/or client who communicates personal data to Proto&Go! declares that he/she is of legal age, in accordance with the provisions of Spanish legislation, abstaining otherwise from providing data to Proto&Go! Any data provided about a minor will require the prior consent or authorisation of their parents, legal tutors or representatives, who will be considered responsible for the data provided by the minors in their care.
This Policy will be of subsidiary application with respect to those other conditions on personal data protection that are established with special character and are communicated, without limitation, through the registration forms, contracts and/or conditions of the particular services, being therefore this Policy complementary to those mentioned in that which is not expressly foreseen in the same.
Purposes of the collection and processing of personal data
Proto&Go!, in its capacity as data supervisor, informs users of the existence of several processing operations and files in which the personal data communicated to Proto&Go! are collected and stored.
The purposes of said collection and processing of personal data are as follows:
- In relation to the “cookies” that Proto&Go! uses when browsing through its web pages, they are stored in the user’s terminal equipment (computer or mobile device) and collect information when visiting said web pages, with the aim of improving their usability, finding out the browsing habits or needs of the users in order to adapt to them, as well as obtaining information for statistical purposes. In the case of those users who are already clients of Proto&Go!, the information collected with the cookies will also be used to identify them when accessing the different tools that Proto&Go! places at their disposal for the management of the services. In any case, users can configure their browser to disable or block the reception of all or some of the cookies. The fact of not wishing to receive these cookies does not constitute an impediment to accessing the information on the Proto&Go! websites, even though the use of some services may be limited. If, once consent has been given to receive cookies, the user wishes to withdraw this consent, the cookies stored on the user’s computer must be eliminated through the options of the different browsers. All the information on the cookies used by Proto&Go! is published in its Cookies Policy, available for consultation at https://www.protoandgo.com/politica-de-cookies/.
- In the case of sending an e-mail to Proto&Go! or communicating personal data by any other means, such as a contact form, the purpose of the collection and processing of such data by Proto&Go! is to respond to queries and requests for information about Proto&Go! products and services.
- In the case of sending an e-mail to Proto&Go! related to its job offers, such data will be processed in order to participate in personnel selection procedures.
- In accordance with Art. 6, paragraph 1, subparagraph 1, letter a of the GDPR, if we have previously obtained your express consent to your registration for our newsletter, we will use the data necessary for this purpose to send commercial communications in accordance with this consent. You can unsubscribe from the newsletter at any time by sending a message to our contact address described here or by clicking on the link provided for this purpose in the e-mail containing this commercial communication. After unsubscribing we block your e-mail address for this use, provided that you have not given your express consent to the continued use of the data, or we reserve the right to continue using your data in the cases permitted by law.
- When contracting the services offered by Proto&Go!, only those personal data will be collected that are necessary to establish the contractual relationship and enable the supply of services and remuneration of the same by customers, being such data collected and processed for the following purposes:
- The main purpose will consist of maintaining the contractual relationship established with the client, in accordance with the nature and characteristics of the services contracted, contacting Proto&Go! with the client via the e-mail address, telephone or other media indicated by the latter.
- For the maintenance of historical records of commercial relations during the legally established periods.
- In those cases in which Proto&Go! must access and/or process personal data in respect of which the client has the status of data controller or data processor, Proto&Go! will process such data in the role of data processor in accordance with the provisions of article 28 of the RGPD and in accordance with that indicated in the section entitled “Proto&Go! as data supervisor”, included in this Policy.
- In compliance with the provisions of Law 25/2007, of 18 October, on the conservation of data relating to electronic communications and public communications networks, Proto&Go! informs the user that it will proceed to retain and conserve certain traffic data generated during the development of communications, as well as, where appropriate, to communicate such data to the competent authorities provided that the legal circumstances provided for in that Law are complied with.
- For all other purposes expressly set out in the Specific Conditions applicable to the corresponding product or service contracted by the customer and expressly accepted by the latter.
Retention period for personal data
Proto&Go! will keep the personal data for the time strictly necessary for the fulfilment of the aforementioned purposes. Proto&Go! may keep said data blocked during the period in which responsibilities may arise from its relationship with the client.
In the case of data subject to conservation on the occasion of Law 25/2007, of 18 October, on the conservation of data relating to electronic communications and public communications networks, the period of conservation of the same will be as detailed in the aforementioned regulations.
Addressees of personal data
The addressees of the personal data collected by Proto&Go! will be the following:
- Proto&Go!’s own employees in the performance of their duties.
- The suppliers of Proto&Go! who are involved in the supply of the services, in the event that this is necessary for the performance of the same.
- The companies belonging to the Group of Companies of which Proto&Go! forms part, understood in the sense of article 42 of the Code of Commerce, whose activity is the commercialisation of services of an identical or analogous nature offered by Proto&Go!, such as design, engineering, manufacturing or innovation development solutions.
- The judicial or administrative organs, as well as the State Security Forces and Authorities, in the event that Proto&Go! is required under current legislation to provide information related to its clients and its services.
- Any others who, due to the nature of the service, must access the data provided with the same, as detailed in the Special Conditions applicable to the corresponding product or service contracted by the customer and expressly accepted by the latter.
Users’ rights and the exercise of these rights
Users may exercise the following rights recognised by the RGPD at any time:
- Right of access.Users have the right to obtain from Proto&Go! information about whether personal data concerning them are being processed, to access them and to obtain information about the processing carried out.
- The right to obtain a copy of their personal data.
- Right of rectification.Users have the right to have Proto&Go! rectify their personal data in the event that it is inaccurate or incomplete.Derecho de supresión.Los usuarios tienen derecho a que se proceda a la supresión de los datos cuando estos ya no resulten necesarios para la finalidad para la que fueron proporcionados o cuando concurran el resto de las circunstancias legalmente previstas.
- Right of deletion. Users have the right to have the data deleted when they are no longer necessary for the purpose for which they were provided or when the rest of the legally foreseen circumstances occur.
- Right to limitation of processing. Users have the right to request a limitation on the processing of their personal data, so that the processing operations that should correspond in each case are not applied to them, in those cases provided for in art. 18 of the GDPR.
- Right to portability.Users have the right to receive the personal data concerning them in a structured format, as long as such data are exclusively concerning the user and have been provided by the user.
Users may exercise these rights in the following ways:
- If they are Proto&Go! customers, users may check their personal data at any time through the “My Account” section, which can be accessed by logging in at http://www.protoandgo.com/.
- Whether they are clients of Proto&Go! or not, users may exercise their rights by sending a communication by e-mail to the address email@example.com o by sending a request accompanied by their National Identity Card or a legally valid document accrediting their identity, addressed to Proto&Go!, C/ Castelló 19, 08110, Montcada i Reixac, Barcelona, Spain, for the attention of the Commercial Information Department, specifying the right they wish to exercise.
In cases of manifestly unfounded or excessive requests due to their repetitive nature, Proto&Go! reserves the right to charge a fee for the administrative costs involved or the right to refuse to act on them, in accordance with the provisions of art. 12.5 RGPD.
Users and/or customers may contact the relevant local supervisory authority if they consider that the processing of their personal data has not been carried out in accordance with the legislation in force.
The data protection supervisory authority in Spain is the Spanish Data Protection Agency, whose contact details are available on its website, specifically at http://www.agpd.es/portalwebAGPD/CanalDelCiudadano/contacteciudadano/index-ides-idphp.php.
International data transfers
In those products and services of Proto&Go! in which international transfers are required to enable the provision of the same, this circumstance will be included in the Specific Conditions that are applicable to the corresponding product or service contracted by the client and expressly accepted by the client prior to the same.
Proto&Go! as data supervisor
In accordance with article 28 RGPD and concordant articles, Proto&Go! will process the personal data in respect of which the client holds the status of data controller or data processor, when this is necessary for the proper provision of the contracted services. In this case, Proto&Go! will act as data processor, in accordance with the terms indicated below:Proto&Go! únicamente tratará los datos conforme a las instrucciones del cliente responsable o encargado del tratamiento, no utilizándolos para un fin distinto al que figura en la presente Política de protección de datos y/o en las condiciones contractuales que sean de aplicación.
- Once the services that motivate the processing of personal data have been provided, they will be destroyed, as well as any support or documents containing any personal data or any type of information that has been generated during, for and/or due to the provision of the services that are the object of the corresponding Conditions. Notwithstanding the above, Proto&Go! may keep the aforementioned data duly blocked during the period in which liabilities may arise from its relationship with the client.
- In the event that Proto&Go! uses the data for another purpose or communicates or uses them in breach of this Data Protection Policy and/or the corresponding Conditions of Service, it will also be considered responsible for the processing.
- Proto&Go! undertakes, in accordance with article 28 of the RGPD, to maintain due professional secrecy with respect to the personal data that it must access and/or process in order to comply in each case with the object of the applicable Terms of Service, both during and after the termination thereof, undertaking to use such information solely for the purpose intended in each case and to demand the same level of commitment from any person within its organisation involved in any phase of the processing of the personal data for which the client is responsible.
- In accordance with the provisions of the GDPR, the following rules shall apply in relation to the form and methods of access to data for the provision of services:
- In the event that Proto&Go! must access the processing resources located on the client’s premises, the client will be responsible for establishing and implementing the security policy and measures, as well as for communicating them to Proto&Go! who undertakes to respect them and to require compliance with them by the persons in its organisation who participate in the provision of the services.
- When Proto&Go! remotely accesses the data processing resources under the responsibility of the client, the latter shall establish and implement the policy and security measures in its remote processing systems, Proto&Go! being responsible for establishing and implementing the policy and security measures in its own local systems.
- When the service is provided by Proto&Go! on its own premises, Proto&Go! will record in its Register of Activities the circumstances relating to the processing of data in the terms required by the RGPD, including the security measures corresponding to such processing.
- The access and/or processing of data by Proto&Go!, without prejudice to the specific legal or regulatory provisions in force that may be applicable in each case or those adopted by Proto&Go! on its own initiative, shall be subject to the security measures necessary to:
- Guarantee the permanent confidentiality, integrity, availability and resilience of the processing systems and services.
- Restore the availability and access to personal data quickly, in the event of a physical or technical incident.
- Regularly verify, evaluate and assess the effectiveness of the technical and organisational measures implemented to ensure the security of the processing.
- Pseudonymise and encrypt personal data, where appropriate..
- El cliente autoriza a Proto&Go!, en su calidad de encargado del tratamiento, a subcontratar con terceros, en nombre y por cuenta del cliente, los servicios de almacenamiento, custodia de las copias de respaldo de datos y seguridad, y aquéllos que fueran necesarios para posibilitar la prestación de los servicios contratados, respetando en todo caso las obligaciones impuestas por el RGPD y su normativa de desarrollo. En cualquier momento, el cliente podrá dirigirse a Proto&Go! para conocer la identidad de las entidades subcontratadas para la prestación de los servicios indicados, las cuales actuarán de conformidad con los términos previstos en este documento y previa formalización con Proto&Go! de un contrato de tratamiento de datos conforme al art. 28.4 del RGPD.
- El cliente autoriza a Proto&Go! a realizar las acciones que se indican a continuación, siempre que sean necesarias para la ejecución de la prestación de los servicios. Dicha autorización queda limitada a la/s actuación/es necesaria/s para la prestación de cada servicio y con una duración máxima vinculada a la vigencia de las Condiciones contractuales aplicables:
- To carry out the processing of personal data on portable devices only by the users or user profiles assigned to the provision of the services.
- To carry out the processing outside the premises of the client or of Proto&Go! only by the users or user profiles assigned to the provision of the services.
- The entry and exit of media and documents containing personal data, including those comprised in and/or attached to an e-mail, outside the premises under the control of the client responsible for the processing.
- The execution of the data recovery procedures that Proto&Go! is obliged to carry out.
- Proto&Go! is not responsible for the non-fulfilment of the obligations derived from the RGPD or the corresponding regulations on data protection on the part of the user and/or client in what corresponds to their activity and which is related to the execution of the contract or commercial relations that bind them to Proto&Go! Each party shall be responsible for the liability arising from its own breach of contractual obligations and of the regulations themselves.