In this sense, the owner guarantees compliance with current regulations on personal data protection, reflected in the Organic Law 3/2018, of 5 December, on the Protection of Personal Data and the Guarantee of Digital Rights (LOPD GDD). It also complies with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons (GDPR).
The Website does not sell personal information to third parties and will always seek consent before using the data for any purposes other than those described in this clause.
In processing personal data, the Website complies with current local and European legislation, as well as its implementing regulations. It therefore adopts the necessary technical and organisational measures to prevent the loss, misuse, alteration, unauthorised access and theft of the personal data provided. Always in accordance with the state of technology, the nature of the data and the risks to which they are exposed.
2. Who is responsible for the processing of personal data?
Inter-Ingenia, S.L. is the party responsible for the processing of the User’s personal data and informs that this data will be processed in accordance with the provisions of Regulation (EU) 2016/679 of 27 April (RGPD) and Organic Law 3/2018 of 5 December (LOPDGDD).
3. What personal data do we collect and process?
The personal and non-personal information collected by the Website will change depending on the use of the Website as well as its features, options and services offered.
Personal and non-personal information collected by the Website will come to us in three ways:
- Automatically collected.
- Information voluntarily provided to us.
- Information provided by third parties.
3.1.- Automatically collected data
This information will consist of:
b) The IP from which the connection is made, the type of device used and its characteristics, the version of the operating system, the type of browser, the language, the date, the country, the time of the request, the reference URL or the mobile network used, among others. The Website servers may automatically detect the IP address and domain name used by the User. An IP address is a number automatically assigned to a computer when it connects to the Internet. All this information is recorded in a server activity file that allows the subsequent processing of the data in order to obtain purely statistical measurements that make it possible to know the number of page impressions, the number of visits made to the web servers, the order of visits, the access point, etc.
c) Data on the use of the Website and possible errors detected during its use, such as pages not found or erroneous visualisations.
3.2.- Data provided voluntarily
This information shall consist of:
a) The information contained in messages sent through the Website’s contact channels. For example, email, alias or name, subject or message..
3.3.- Those provided by third parties
This information shall consist of:
a) That provided by social networks or similar services.
b) That provided by possible cookies.
4. What do we process personal data for and what do we do with it?
Mainly, we will process the data to provide our services and maintain a commercial relationship with the persons concerned. The operations envisaged to carry out the processing are:
a) The processing of orders, requests, responding to queries or any type of request made by the User through any of the forms of contact made available on the Website of the Data Controller.
b) The possibility of carrying out market research and statistical analysis.
The data provided to the Website will be used to:
a) To deal with your requests.
b) If you have consented, statistical analysis of browsing.
4.1.- In e-mails and contact forms
The Website has an SSL encryption that allows the secure sending of your personal data through standard contact forms.
The personal data collected will be subject to automated processing and incorporated into the corresponding files of the activity register and of which the Responsible Party is the owner.
In this sense:
We will receive your IP, which will be used to check the origin of the message in order to provide you with appropriate recommendations (e.g. to present the information in the correct language) and to detect possible irregularities (e.g. possible cyber-attack attempts on the Website), as well as data relating to your ISP.
You may also provide us with your details by telephone, email and other means of communication as indicated.
Finally, and as already indicated, the purpose of the processing of this data will be solely to provide the information or services requested.
4.2.- In social networks
The Controller and Website has profiles on some of the main social networks on the Internet, acknowledging that it is responsible for the processing in relation to the data published therein (for example, photos uploaded by the Controller in which people’s faces appear) or for the data that Users send privately to the Controller through these channels (for example, a photograph, an ID card, etc.).
b) Purposes of the processing
The processing that the Controller will carry out with the data within each of the aforementioned networks will be, at most, that which the social network allows for the corporate profiles.
The purpose of the processing is that already established, relating to the maintenance of a relationship between the User and the Controller, and may include the following operations: a) to process requests and queries submitted to the Controller; b) to provide information on activities and events organised by the Controller; c) to provide information on products and/or services offered by the Controller; d) to interact through the official profiles. Thus, the Data Controller may, where the law does not prohibit it, inform our followers by any means that the social network allows about its activities or offers, as well as provide a personalised customer service.
Under no circumstances will the Data Controller extract data from the social networks, unless the User’s consent to do so is expressly and promptly obtained.
c) Legal basis for processing
Article 6.1.a) GDPR, as the User has given his/her consent to the processing of his/her personal data for one or more specific purposes. The User has a profile on the same social network and has decided to join the social network of the Controller, thus showing interest in the information published therein, therefore, at the time of requesting to follow our official profiles, he/she gives his/her consent to the processing of those personal data published on his/her profile.
The User may access the privacy policies of the social network itself at any time, as well as configure his/her profile to guarantee his/her privacy.
The Data Controller has access to and processes the User’s public information, especially his/her contact name. This data is only used within the social network itself and will only be included in a file held by the Data Controller when necessary to process the User’s request.
d) Data retention criteria
The information provided by the User through the Responsible Party’s social networks, including his/her personal data, may be published, always depending on the services that the User uses, and may therefore be publicly available to other third party users of the social networks.
From the profile of each social network, the User can configure what information he/she wishes to make public in each case, view the permissions that have been granted, delete them or deactivate them, such as any third-party application that he/she no longer wishes to use.
No communication of personal data to third parties outside the social network is foreseen except, if essential for the development and execution of the purposes of the processing, to our service providers related to communications, with whom the Controller has signed the confidentiality and processing manager contracts required by current privacy regulations.
When, due to the very nature of social networks, the effective exercise of the User’s or follower’s data protection rights is subject to the modification of the latter’s personal profile, the Controller will help and advise to this end to the best of its ability.
g) Use of the profile
The Controller may carry out the following actions:
Access to the public information of the profile.
Publication on the User’s profile of all information already published on the Controller’s social network.
Sending personal and individual messages through the social network channels.
Updates on the status of the page to be published on the User’s profile.
The User can always control his/her connections, delete content that is no longer of interest to him/her and restrict who he/she shares his/her connections with; to do so, he/she must access his/her privacy settings.
The User, once he/she is a follower or has joined the Controller’s social network, may publish comments, links, images, photographs or any other type of multimedia content supported by the same. The User, in all cases, must be the owner of the content published, hold the copyright and intellectual property rights or have the consent of the third parties concerned.
Any publication on the social network, whether texts, graphics, photographs, videos, etc., that violate or are likely to violate morals, ethics, good taste or decorum, and/or that infringe, violate or violate intellectual or industrial property rights, the right to image or the law, is expressly prohibited.
In such cases, the Controller reserves the right to immediately remove the content, without prior notice, and may request the permanent blocking of the User.
The Controller shall not be held responsible for the content freely published by a User. The User must bear in mind that his/her publications will be known by other users, and therefore he/she is primarily responsible for his/her privacy.
The images that may be published on the social network will not be stored in any file by the Data Controller, but they will remain on the social network.
i) Data of minors or persons with special abilities
Access and registration through the social networks of the Data Controller is prohibited to minors under 18 years of age. If the User has special abilities, the intervention of the holder of their parental authority or guardianship, or of their legal representative by means of a valid document accrediting representation, will be necessary.
The Responsible Party shall be expressly exonerated from any liability that may arise from the use of the social networks by minors or persons with special abilities. The social networks of the Controller do not knowingly collect any personal information from minors, therefore, if the User is a minor, he/she should not register or use the social networks of the Controller, nor should he/she provide any personal information.
5. Why may we process personal data?
Because the processing is legitimised by article 6 of the GDPR as follows:
6. How long will we keep personal data?
It will be kept for no longer than is necessary to maintain the purpose of the processing or there are legal requirements that dictate its custody and when it is no longer necessary for that purpose, it will be deleted with appropriate security measures to ensure the anonymisation of the data or the total destruction of the data.
The following is an indication of how long the data processed by the Website will be retained:
a) Disaggregated data will be retained with no deletion period.
b) Client Users’ data will be kept depending on the service contracted. In any case, it shall be the minimum necessary.
c) The data of Users uploaded by the Data Controller to pages and profiles on social networks will be kept from the time the user gives his/her consent until he/she withdraws it.
7. To whom do we provide or communicate personal data?
No communication of personal data to third parties is foreseen except, if necessary for the development and execution of the purposes of the processing, to our service providers related to communications, with whom the Controller has signed the confidentiality and data processor contracts required by current privacy regulations.
8. Are there any transfers of data outside the EEE?
We inform you of the possibility and intention to communicate personal data to third parties that may be located in jurisdictions that may not provide the same guarantees as in the European Economic Area with regard to the processing of personal data. Notwithstanding the foregoing, we have put in place the necessary safeguards by signing European Commission standard contractual clauses as well as other similar safeguards that allow us to ensure the degree of protection most similar to that required by the European Economic Area.
The following possible importers are established by way of example and without limitation: Google Inc. (including Youtube) and various social networks (LinkedIn, Facebook, Twitter and Instagram).
9. Where do we obtain personal data from?
The personal data processed on this Website is collected primarily and directly from the User, with the exception of data that may be collected automatically and data provided by third parties mentioned earlier in this document.
10. What rights can be exercised and how?
The rights of the User are:
- Right of access, rectification, portability and deletion of data, and to limit or oppose the processing.
- The right to lodge a complaint with the supervisory authority (www.aepd.es) if he/she considers that the processing does not comply with the regulations in force.
- If you have given consent for a specific purpose, you have the right to withdraw your consent at any time, without this affecting the lawfulness of the processing based on the consent prior to its withdrawal.
The aforementioned rights may be exercised at any time at the following addresses:
In both cases it is necessary to identify yourself with your name and surname, as well as a copy of your ID card or national ID.
You can find the different models for exercising these rights here: https://www.aepd.es/es/derechos-y-deberes/conoce-tus-derechos
In addition, if as a User you consider that there is a problem with the way in which the Controller is handling personal data and information, complaints can be addressed to the Data Protection Delegate or the corresponding data protection authority, being the Spanish Data Protection Agency the one indicated in the case of Spain.
11. On the obligatory or non-obligatory nature of the information provided
Users, by ticking the corresponding boxes and entering data in the fields marked with an asterisk (*) in the contact form or presented in download or account registration forms, expressly and freely and unequivocally accept that their data are necessary to deal with their request, by the Data Controller as provider, with the inclusion of data in the remaining fields being voluntary. The User guarantees that the personal data provided to the Responsible are truthful and is responsible for communicating any modification and/or update of the same.
The Responsible informs that all the data requested through the Website are obligatory, as they are necessary for the provision of an optimum service to the User. In the event that all the data is not provided, there is no guarantee that the information and services provided will be completely adapted to the User’s needs or that the service will be limited.
The personal data provided will be incorporated and processed in accordance with the Register of Processing Activities of the Data Controller, for the purpose(s) described above
12. Security measures
In accordance with the provisions of the regulations in force on personal data protection, the Controller is complying with all the provisions of the RGPD and LOPDGDD regulations for the processing of personal data under its responsibility, and manifestly with the principles described in article 5 of the RGPD, whereby they are processed lawfully, fairly and transparently in relation to the User as a data subject and are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
The Controller guarantees that it has implemented appropriate technical and organisational policies to apply the security measures established by the RGPD and the LOPDGDD in order to protect the rights and freedoms of Users and has provided them with the appropriate information so that they can exercise them.
In any case, the Website cannot guarantee the absolute security of the information collected, so you must cooperate and use common sense at all times about the information shared.
You should understand and acknowledge that, even after deletion, personal and non-personal information may remain visible in caches or if other Users have copied or stored it.
For more information about privacy safeguards, you can always contact the Controller.