PRIVACY POLICY

AECAVA informs users of the website about its policy regarding the processing and protection of the personal data of users and customers.

And guarantees at all times the full and complete compliance with the obligations set forth by the regulations on data protection and information society services: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR), Organic Law 3/2018, of 5 December, on the Protection of Personal Data and guarantee of digital rights (LOPDGDD) and Law 34/2002, of 11 July, on Information Society Services and Electronic Commerce (LSSIce).

Purposes of the data processing

The data provided by the User is used for various purposes, which are listed below:

Purpose of the processing

Managing any queries raised through the query form.

Sending newsletters, commercial communications and promotions.

Managing website incidents and maintenance.

Legal basis for processing

Legitimate interest of the Company to respond to requests for information through the website.

Consent given expressly at the time of data collection through the website forms.

DATA RETENTION PERIOD

Purpose of the processing

Managing any queries raised through the query form

Sending newsletters, commercial communications and promotions.

Managing website incidents and maintenance.

Retention period

We will process your data for as long as it is necessary to deal with your request or inquiry.

We will process your data until you unsubscribe.

We will process your data for as long as necessary to comply with the applicable legally required periods.

DATA RECIPIENTS

To fulfil the purposes outlined in this Privacy Policy, it is necessary for us to provide access to your personal data to third parties who support us in the services we offer you (Data Processors).

The data processors act to fulfil a contract or provide a service to the Data Controller, following the latter’s instructions at all times and ensuring the same levels of security.

RIGHTS OF USERS

The user has the right to:

  • Request access to their personal data that is being processed and receive this information in writing via the requested means.
  • Request the rectification of inaccurate personal data or, if applicable, request their erasure when, among other reasons, the data are no longer necessary for the purposes for which they were collected.
  • Request the restriction of the processing of their data.
  • Object to the processing of their personal data when necessary, in which case their data will cease to be processed except for legal reasons.
  • Right to the data’s portability. The data subject has the right to receive personal data they have provided in a structured, commonly used and machine-readable format and have it transmitted it to another controller, provided that the following requirements are met:
  1. The processing is based on consent or on a contract.
  2. The processing is carried out by automated means.
  • Right to withdraw the consent given.
  • Right to lodge a complaint to the Spanish Data Protection Agency.

    • The User may exercise the aforementioned rights by writing to the postal or email address of the Data Controller, proving their identity with a scanned copy of their National ID card or equivalent document, and specifying the right they wish to exercise.

    Origin of the data

    Personal data must be provided voluntarily by the data subject. Failure to provide certain data or failure to respond to questions that may be asked of the data subject in registration processes or through electronic forms may result in the inability to access certain services for which it is essential to have this personal data. In this case, the Data Controller must inform of the obligatory or necessary nature of providing the personal data for the functioning of the service.
    The Data Controller ensures the confidentiality of your personal data and guarantees their security, adopting the necessary measures to avoid their alteration, loss, unauthorized processing or access.

    Information provided by the data subject

    Children under 18 cannot transfer their personal data without the prior consent of their parent(s) and/or legal guardian(s).
    The data subject, by entering their information in the contact forms or submitted through download forms, expressly and freely accepts and unequivocally acknowledges that their data is necessary for the Controller to process their request, and the inclusion of data in the remaining fields is voluntary.
    The data subject guarantees that the personal data provided to the service provider is truthful and undertakes to notify any changes to it.
    All the data requested through the website are necessary for the provision of an optimal service to the data subject. If incomplete data is provided, we cannot guarantee that the information and services provided by the Controller will be completely tailored to your needs.

    Security measures

    That, in accordance with the provisions of current personal data protection regulations, the Controller is complying with all the provisions of the GDPR and the LOPDGDD for the processing of personal data under its responsibility, and expressly with the principles described in Article 5 of the GDPR and Article 4 of the LOPDGDD, whereby they are processed lawfully, fairly, and transparently in relation to the data subject and are adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.
    The Controller ensures that it has implemented appropriate technical and organizational policies to apply the security measures established by the GDPR and the LOPDGDD in order to protect the rights and freedoms of the data subject and has provided the latter with adequate information to exercise these rights.

    Security breaches

    The Controller shall inform all individuals whose data may have been affected, as well as the authorities, of any security breach affecting the database used by this website or any of our third-party services within 72 hours of detecting the breach.

    Applicable legislation and jurisdiction

    For the resolution of any disputes or issues related to this website or the activities carried out therein, Spanish law will apply, and the parties expressly submit to it. The courts and tribunals of Barcelona will have jurisdiction to settle any disputes arising from or related to its use.