PRIVACY POLICY
We ask you to carefully read this Privacy Policy, which describes the use we make of the data you provide to us, always in accordance with the requirements of REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 (GDPR), in the Organic Law 3/2018, of 5 December, on the Protection of Personal Data and Guarantee of Digital Rights and other concordant regulations that may be applicable. Our objective is transparency in the information provided for its proper understanding by you as a user. However, if after reading it you still have any doubts, you can always contact us through any of the communication channels available to you and we will clarify them for you.
I.-PROCESSOR
Contact details of the responsible party: MOSMA SOLUTIONS, S.L. (hereinafter “the RESPONSIBLE PARTY”), with CIF: B01995422 and registered office at Avenida Cerro del Águila 2 – 28703 San Sebastián de los Reyes – Madrid.
Data Protection contact details: you can contact us at the postal address above and/or by e-mail or administracion@mosmasolutions.com.
II.- PRINCIPLES UNDER THE EUROPEAN DATA PROTECTION REGULATION
We undertake to process the personal data (hereinafter the “data”) provided in accordance with the following principles set out in the General Data Protection Regulation (GDPR):
- Lawfulness: We will only collect your Personal Data for specified, explicit and legitimate purposes, and we will not process your Personal Data in a way that is incompatible with those purposes.
- Lawfulness: in accordance with Article 6 of the General Data Protection Regulation your personal data will be processed provided that you expressly consent to the processing of such data as a form of externalisation of your free and informed will and consent. Your personal data may be necessary for the performance of a contract, agreement or service to which the data subject is a party, for compliance with legal obligations, for the protection of the vital interests of the data subject and another natural person, for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller or in order to meet the legitimate interests pursued by the controller where these do not violate the fundamental rights and freedoms of the data subject or the protection of the personal data of the data subject.
- Loyalty and transparency: in accordance with Article 5 of the General Data Protection Regulation as a manifestation of transparency, as evidenced by the fact that the data subject is informed of the existence of the processing operation and its purposes.
- Data minimisation: we limit the collection of personal data to what is strictly relevant and necessary for the purposes for which it was collected.
- Purpose limitation: we will only collect your personal data for specified, explicit and legitimate purposes, which we keep in the form of processing.
- Accuracy: We will keep your personal data accurate and up to date.
- Data Security: we apply the appropriate technical and organisational measures to guarantee the appropriate level of security in accordance with the risks and nature of the data in order to prevent them from being disclosed or accessed by unauthorised personnel, or from any loss or alteration. In short, any form of unlawful processing.
- Any person who, having given their consent for the collection of data, wishes to request any processing management, is recognised and may exercise: the right of access, rectification, opposition, deletion, limitation of processing, portability and the right not to be subject to individualised decisions. The exercise of this right shall be free of charge and said request shall be corrected within a period of one month, which may be extended for a further two months, depending on exceptional circumstances such as, for example, the number of requests, complexity, or others of a similar nature.
- Principle of limitation of the retention period: the data will be kept for the time necessary and for the purposes of the processing without undue delay, during which the users’ and clients’ own data will be made available to them upon request.
III.-USER CONSENT:
By filling in our contact forms, after accepting this Privacy Policy, the user unequivocally consents to the automated processing of data in accordance with the privacy conditions of the Website.
Consent shall also be deemed to have been given in the event that the user writes directly through other channels made available to him/her on the website, and shall be considered a clear and affirmative act with regard to such consent.
The data collected in all cases are the minimum necessary to be able to respond to a request for information, to subscribe to certain offers or events, or to manage the user’s order and issue the corresponding invoice. These data are therefore adequate, relevant and not excessive in relation to the scope and specific purposes.
Notwithstanding the foregoing, said consent may be revoked at any time by the interested party, by unsubscribing by any of the means made available to the user.
IV.- PURPOSES OF DATA PROCESSING.
What use will we make of the personal information we use?
- To respond to user requests for information via the website.
- In case of contracting the different services, to manage and monitor the provision and execution of the same…
- For the management, administration, invoicing, information, provision and improvement of the service.
V.- FOR HOW LONG WILL WE KEEP YOUR DATA?
The data will be kept for the period of time necessary for the specific purpose, either to provide information to the user or to manage the service. Once the data are no longer necessary for the purpose for which they were collected, and the user does not consent to their conservation, we will keep your data blocked during the periods of limitation of the obligations that may have arisen from the treatment and/or the applicable legal periods, remaining at the disposal of the competent authorities, for the attention of the possible responsibilities arising from the treatment.
The blocking of data in accordance with Article 17.3 GDPR means the right of “retention” as an exception to the obligation of deletion. This means that the data will not be used or made accessible to anyone, and will only be used in the event of a legal requirement or a claim for liability in relation to the data. After the legal limitation period has elapsed in each case, the data will be definitively deleted.
VI.- LEGAL STANDING
We process your data on the legal basis of your consent.
In any case, you will have full rights over your personal data and over the use of such data and you may exercise them at any time.
The sending of personal data is obligatory in order to contact you and to be able to deal with the request you send us. Likewise, failure to provide the personal data requested or not accepting this privacy policy means that it will be impossible to process the requests made on this website.
VII.– ADDRESSEES
To whom do we disclose your data?
The RESPONSIBLE will not transfer your data, unless it is necessary for the delivery of the order. For example, this would be the case of courier companies contracted for this purpose, with which in any case the corresponding confidentiality and data access contracts will be signed in accordance with article 28 of the RGPD.
Apart from these cases, the data will not be transferred under any circumstances, except to competent Public Bodies, the Tax Agency, State Security Forces and Corps, Judges and Courts, when they are legally obliged to provide them.
VIII.-DATA PROTECTION RIGHTS
How can rights be exercised?
We inform you that you may exercise your rights of access, rectification, opposition, erasure, restriction of processing and portability by writing to the RESPONSIBLE PARTY at the address indicated above or to the e-mail address: administracion@mosmasolutions.com.
We also remind you that, if you are a customer, you may revoke your consent or object to the sending of commercial communications by any means and at any time by sending an e-mail to the above address.
If you consider that your request has not been dealt with correctly or that your data is not being processed appropriately, you may address your complaints to the Spanish Data Protection Agency, the supervisory body for this matter in Spain.
A)-RIGHT OF ACCESS
Article 15 of the General Data Protection Regulation recognises the data subject’s right to know whether or not his or her personal data are being processed and the purposes of the processing, the categories of data, the recipients, the origin of the data, the storage period and the criteria for determining the storage period. Thus, the CONTROLLER of the processing will provide a copy of the personal data undergoing processing in electronic format upon request.
They may also request the RESPONSIBILITY to rectify, delete or limit the data and its processing.
In order to make it easier for the user to exercise this right, we provide you with the form to be filled in for your request via the following link:
B)-RIGHT OF RECTIFICATION AND ERASURE
Articles 16 and 17 of the General Data Protection Regulation provide for the rectification and deletion of personal data, whereby the customer or user may request the rectification of their personal data on the grounds that it is inaccurate or that it is supplemented or deleted because it is no longer necessary for the purposes for which it was collected and processed.
In order to make it easier for the user to exercise this right, we provide you with the form to be filled in for your request via the following link:
C)- RIGHT TO RESTRICTION OF PROCESSING
The data subject shall have the right to obtain from the controller the restriction of data processing insofar as he or she contests the accuracy of the personal data. That is to say, the data may only be processed, with the exception of their retention, with the consent of the data subject, for the purposes of the exercise or defence of claims, the protection of the rights of another natural or legal person or for reasons of public interest of the Union or of a specific Member State. Furthermore, the data subject will be informed by the CONTROLLER prior to the lifting of such a restriction.
In order to make it easier for the user to exercise this right, we provide you with the form to be filled in for your request via the following link:
(D) -RIGHT TO DATA PORTABILITY
Article 20 of the General Data Protection Regulation recognises the right of the data subject to receive personal data relating to him or her, i.e. transmitted directly from controller to controller where technically feasible, in a structured, commonly used and machine-readable form without being prevented from doing so by the controller to whom he or she has provided it, where consent has been expressly externalised or by contract.
In order to make it easier for the user to exercise this right, we provide you with the form to be filled in for your request via the following link:
IX.- MINORS
The contents of the Website are not aimed at minors under 18 years of age. Likewise, and for the specific case of the data provided by the user, only users who are 14 years of age or older may give their free consent for the processing of such data.
In any case, the RESPONSIBLE will take all possible measures to verify the age of users, but cannot be held responsible for any failure to do so.
X.-SECURITY LEVEL
The RESPONSIBLE will implement the necessary technical and organisational security measures to ensure the security of personal data in accordance with the provisions of REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 (GDPR), thus preventing the loss, alteration and unauthorised access to them.
In any case, and if in spite of complying with all the necessary security measures, the Website should suffer a security breach that may affect its legitimate interests or rights, the RESPONSIBLE PARTY undertakes to inform the Control Authority, in this case the Spanish Data Protection Agency, within a maximum period of 72 hours, in accordance with the regulations, and, as soon as possible, all users who may have been affected.
In the event that the user accesses a third party website from the service itself, the RESPONSIBILITY cannot in any case guarantee the security of these, so it is exempt from any liability in case of damage suffered by the user for the use of the website or link in question. This Privacy Policy applies exclusively to the website of the RESPONSIBLE and does not apply to any other site that the user accesses through links outside the owner or through any other Internet channel.
XI.- CONFIDENTIALITY
The personal data that may be collected will be treated with absolute confidentiality, and the RESPONSIBLE PARTY undertakes to keep them secret and to guarantee the duty to store them, adopting all necessary measures to prevent their alteration, loss and unauthorised processing or access, in accordance with the provisions of the applicable legislation.
To this end, the RESPONSIBLE guarantees that it will keep the corresponding confidentiality commitments signed with any person involved in any phase of the processing of the personal data collected.
XII.-INTERNATIONAL DATA TRANSFERS
An International Data Transfer is understood as the communication of your personal data to countries located outside the European Union, and more specifically outside the European Economic Area (EEA). There are exceptions of countries outside this European area that are not considered to be an international transfer as the recipients are countries that the European Data Protection Commission considers appropriate as they comply with European data protection standards.
In the event that the RESPONSIBLE transfers personal information outside the EEA, either because the storage of the data is hosted on a server outside the EEA borders, or for any other reason, it ensures that the contractual clauses regulating such international transfer will be maintained, ensuring that the provider that may host or process personal information complies with the minimum security standards and principles set out in the GDPR.
XIII.- LIABILITY
The user shall be solely responsible for the completion of the forms with false, inaccurate, incomplete or outdated data. Please inform us of any changes or errors in your personal data as soon as possible by contacting us at the Data Protection Contact Point: administracion@mosmasolutions.com.
We will take reasonable steps to ensure that any inaccurate information about you is removed or amended.
XIV.- MODIFICATION OF THE PRIVACY POLICY
The requirements of this Privacy Policy supplement, and do not replace, any other existing requirements under applicable data protection legislation. In the event of any inconsistency between what is contained in this Policy and the requirements in the applicable data protection legislation, the latter shall take precedence.
The RESPONSIBLE reserves the right to modify its Privacy Policy, according to its own criteria, or especially motivated by changes in the Service, Web, or by legislative, jurisprudential or doctrinal changes of the Spanish Data Protection Agency.
Any changes to the Privacy Policy will be posted at least ten days prior to their effective date. When this occurs, we will notify you of any changes and ask you to re-read the most recent version of our Privacy Policy and confirm your acceptance of it. You can also check this Policy from time to time on this website, where it will be visible.
