DATA PROTECTION POLICY
In compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council, of April 27, 2016 (hereinafter GDPR), Igusol S.A. (hereinafter Igusol) hereby presents this Policy regarding the processing and protection of personal data.
Data controller information
- IGUSOL S.A.
- Tax ID: A26500223
- Registered address: La Losa 7-2 Industrial Estate Lentiscares, Navarrete (La Rioja)
- Email: firstname.lastname@example.org
Contact information of the Data Protection Officer: email@example.com
Scope of application
This Policy will apply to:
- Those who visit Igusol´s website, www.igusol.com
- Those who voluntarily communicate with Igusol via email or complete any of the data collection forms published on Igusol´s website.
- Those who request information about Igusol´s products and services or who request to participate in any of Igusol´s commercial activities.
- Those who enter into a contractual relationship with Igusol through the contracting of its products and services.
- Any other individuals who, directly or indirectly, have given their explicit consent for their data to be processed by Igusol for any of the purposes outlined in this Policy.
Igusol advises that, except for the existence of a legally constituted representation, no user may use another person´s identity and communicate their personal data. Therefore, the data provided to Igusol must be personal data corresponding to the user´s own identity, adequate, relevant, current, accurate, and true. In this regard, the user will be solely responsible for any direct or indirect damage caused to third parties or to Igusol due to the use of another person´s data or their own data when false, incorrect, outdated, inadequate, or irrelevant. Similarly, a user who communicates the personal data of a third party will be responsible for having obtained the corresponding authorization from the data subject, as well as for the consequences in case of non-compliance.
Likewise, users who communicate personal data to Igusol declare that they are of legal age, in accordance with Spanish legislation, refraining from providing data to Igusol if not of legal age. Any data provided about a minor will require the prior consent or authorization of their parents, guardians, or legal representatives, who will be held responsible for the data provided by the minors under their care.
Purposes of data collection and processing
As the data controller, Igusol informs users of the existence of various data processing operations and files in which personal data communicated to Igusol are collected and stored.
The purposes of this collection and processing of personal data are as follows:
Regarding the cookies used by Igusol during navigation through its web pages, they are stored on the user´s terminal equipment (computer or mobile device) and collect information when visiting these web pages, with the aim of improving their usability, understanding users´ habits or navigation needs to adapt to them, and obtaining information for statistical purposes. Not wishing to receive these cookies does not constitute an impediment to accessing the information on Igusol´s websites, although the use of some services may be limited. If consent for receiving cookies has been given and later withdrawn, those stored on the user´s device must be deleted through the options provided by different browsers.
In the case of sending an email to Igusol or providing personal data through any other means, such as a contact form, the purpose of collecting and processing such data by Igusol is to address inquiries and requests for information about Igusol´s products and services.
Retention period of personal data
Igusol will retain personal data for the strictly necessary time to fulfill the purposes detailed above. Igusol may appropriately block such data during the period in which liabilities may arise from its relationship with the client.
In the case of data subject to retention due to Law 25/2007, of October 18, on the retention of data related to electronic communications and public communication networks, the retention period will be as detailed in said regulation.
Recipients of personal data
The recipients of personal data collected by Igusol will be:
- Igusol´s own employees in the performance of their duties.
- Providers of Igusol involved in the provision of services, if necessary for the provision of such services.
- Judicial or administrative authorities, as well as State Security Forces and Bodies, if Igusol is required under current legislation to provide information related to its clients and services.
Users´ rights and exercise thereof
Users may exercise the following rights recognized by the GDPR at any time:
- Right of access. Users have the right to obtain information from Igusol about whether personal data concerning them are being processed, to access such data, and to obtain information about the processing carried out.
- Right to obtain a copy of their personal data.
- Right to rectification. Users have the right to request that Igusol rectify their personal data if it is inaccurate or incomplete.
- Right to erasure. Users have the right to request the erasure of data when they are no longer necessary for the purpose for which they were provided or when other legally provided circumstances occur.
- Right to restriction of processing. Users have the right to request limitation of the processing of their personal data, so that the processing operations corresponding to each case do not apply to them, in those cases provided for in Article 18 of the GDPR.
- Right to data portability. Users have the right to receive their personal data that concerns them in a structured format, provided that such data exclusively concern the user and have been provided by them.
Users may exercise these rights as follows:
Users may exercise their rights by sending a communication via email to the address firstname.lastname@example.org or by sending a request along with their ID card or valid document confirming their identity, addressed to Igusol S.A., La Losa 7-2 Industrial Estate Lentiscares, 26370 Navarrete (La Rioja), Spain, attention: Human Resources Department, specifying the right they wish to exercise.
In cases of manifestly unfounded or excessive requests due to their repetitive nature, Igusol reserves the right to charge a fee for administrative costs incurred or to refuse to act in accordance with Article 12.5 of the GDPR.
Users and/or clients may contact the relevant local supervisory authority if they believe that the processing of their personal data has not been carried out in accordance with current legislation.
The data protection supervisory authority in Spain is the Spanish Data Protection Agency, whose contact details are available on its website, specifically at http://www.agpd.es/portalwebAGPD/CanalDelCiudadano/contacteciudadano/index-ides-idphp.php.
Igusol as Data Processor
In accordance with Article 28 of the GDPR and related regulations, Igusol will process personal data for which the client is the data controller or processor when necessary for the proper provision of the contracted services. In such cases, Igusol will act as a data processor, in accordance with the terms indicated below:
Igusol will only process data according to the instructions of the responsible or data controller client, not using them for a purpose other than that stated in this Data Protection Policy and/or the applicable contractual conditions.
Once the provision of services that require the processing of personal data is completed, these data will be destroyed, as well as any media or documents containing any personal data or any type of information generated during, for, or by the provision of the corresponding services. However, Igusol may appropriately block said data during the period in which liabilities may arise from its relationship with the client.
If Igusol uses the data for a different purpose, communicates or uses them in violation of this Data Protection Policy and/or the corresponding service conditions, Igusol will also be considered the data controller.
In accordance with Article 28 of the GDPR, Igusol undertakes to maintain due professional secrecy regarding personal data to which it must access and/or process in order to fulfill the purposes of the applicable service conditions, both during and after their termination. Igusol commits to using such information only for the purpose intended in each case and to require the same level of commitment from any person within its organization who participates in any phase of the processing of personal data for which the client is responsible.
In accordance with the GDPR, the following rules will apply in relation to the manner and modalities of access to data for the provision of services:
Access and/or processing of data by Igusol, without prejudice to specific legal or regulatory provisions that may apply in each case or those initiated by Igusol, will be subject to the necessary security measures to:
- Guarantee permanent confidentiality, integrity, availability, and resilience of the processing systems and services.
- Restore the availability and access to personal data quickly in case of a physical or technical incident.
- Regularly verify, evaluate, and assess the effectiveness of the technical and organizational measures implemented to ensure the security of processing.
- Pseudonymize and encrypt personal data, as appropriate.
The client authorizes Igusol, in its capacity as a data processor, to subcontract with third parties, on behalf and for the account of the client, the services of storage, custody of backup data copies, and security, as well as those that may be necessary to enable the provision of the contracted services, always respecting the obligations imposed by the GDPR and its implementing regulations. At any time, the client may contact Igusol to find out the identity of the subcontracted entities for the provision of the indicated services, which will act in accordance with the terms set out in this document and after formalizing a data processing agreement with Igusol in accordance with Article 28(4) of the GDPR.
The client authorizes Igusol to carry out the following actions, provided that they are necessary for the execution of the provision of the services. This authorization is limited to the necessary action(s) for the provision of each service and has a maximum duration linked to the validity of the applicable service conditions:
To carry out the processing of personal data on portable devices only by users or user profiles assigned to the provision of services.
To carry out processing outside the premises of the client or Igusol, only by users or user profiles assigned to the provision of services.
Igusol is not responsible for non-compliance with the obligations arising from the GDPR or the relevant regulations on data protection by the user and/or client in relation to their activity that is related to the execution of the contract or commercial relationships that link them to Igusol. Each party shall be responsible for the consequences of its own breach of contractual obligations and relevant regulations.