GRUPO SERMICRO, is aware of the importance of personal data, so it assures all users that we ensure the proper treatment and privacy of them, strictly complying with the provisions of the Legal Order, and in the terms explained below:
In compliance with the General Data Protection Regulation (EU) 2016/679, of 27 April 2016, regarding the protection of individuals with regard to the processing of personal data and the free circulation of these data, we inform you that there is an automated processing of personal activities, with the sole purpose of facilitating the management of the activity of this Website, the management of the services offered through it and, where appropriate, the management, development and fulfillment of the contractual relationship that the User establishes with the GROUP SERMICRO. Equally, GRUPO SERMICRO ttreat the data provided to manage queries, which are made through the Website, may be included in files, manual or automated for such use.
GRUPO SERMICRO is, for the purposes of the provisions of the Law, the Person Responsible for the Processing of Activities.
The processing activities are registered in the Company’s Data Protection Policy and have the legally established security measures (technical and organisational measures that prevent the alteration, loss, processing or unauthorised access to the data, as appropriate)
All personal data you provide will be incorporated into our register of activities mentioned above.
The Management of GRUPO SERMICRO is responsible for formulating the strategy and approving the Company’s corporate policies, as well as organizing the internal control systems. In the exercise of these responsibilities, and in order to establish the general principles that should govern the processing of personal data.
- Purpose: The Personal Data Protection Policy establishes the common principles and guidelines of action that should govern the GROUP SERMICRO with regard to the protection of personal data, guaranteeing, in all cases, compliance with the applicable legislation. In particular, the Personal Data Protection Policy aims to guarantee the right to the protection of their data of all natural persons who relate to society, ensuring respect for the right to honor and privacy in the processing of different types of personal data, from different sources and for different purposes depending on their business activity.
- Evaluation The Security Officer shall evaluate, at least once a year, the compliance and effectiveness of this Personal Data Protection Policy and report the result to the management assuming such functions at all times. This 3. Personal Data Protection Policy was initially approved by the Administrator on May 15, 2018.
- By accepting this Privacy and Data Protection Policy, the User guarantees the accuracy, validity and authenticity of the personal data provided, and undertakes to keep them duly updated.
The User exonerates the GRUPO SERMICRO d responsibility for any damage or harm that may suffer as a result of errors, defects or omissions in the information provided to the GROUP SERMICRO
GRUPO SERMICRO undertakes to comply with its obligation of professional secrecy with respect to personal data received through the Website and its treatment with confidentiality.
The User expressly accepts that GRUPOSERMICRO may transfer personal data as we sometimes use other companies to provide certain of our services. To do so, they need access to personal data of our Users. GRUPO SERMICROmay provide the information provided through the Web, to third parties related or dependent on it or to service providers, for the achievement of such services, for the purposes and with application of the security measures provided for in the RGPD .
- Principles of the processing of personal data The principles by which the Personal Data Protection Policy is governed are the following:
a) General principles: GRUPO SERMICRO will scrupulously comply with the legislation of its jurisdiction in terms of data protection, which is applicable depending on the processing of personal data that is carried out and which is determined in accordance with binding regulations or agreements adopted within the company GRUPO SERMICRO will promote that the principles contained in this Personal Data Protection Policy are taken into account
(i) in the design and implementation of all procedures involving the processing of personal data,
(ii) the products and services offered by it,
(iii) in all contracts and obligations they enter into with natural persons and
(iv) n the implementation of any systems and platforms that allow employees or third parties to access personal data and/or the collection or processing of such data.
b) Principles relating to the processing of personal data:
(i) Principles of legitimacy, lawfulness and fairness in the processing of personal data. The treatment of personal data will be loyal, legitimate and lawful according to the applicable legislation. In this respect, personal data must be collected for one or more specific and legitimate purposes in accordance with the applicable legislation. Where this is mandatory under applicable law, the consent of the data subjects must be obtained before their data are collected. Likewise, when required by law, the purposes of the processing of personal data will be explicit and determined at the time of collection.
In particular, GRUPO SERMICRO will not collect or process personal data relating to ethnic or racial origin, political ideology, beliefs, religious or philosophical convictions, life or sexual orientation, union membership, health, or genetic or biometric data aimed at univocally identifying a person, unless the collection of such data is necessary, legitimate and required or permitted by applicable law, in which case they will be collected and processed in accordance with the provisions of that law.
(ii) Minimisation principle. Only those personal data that are strictly necessary for the purpose for which they are collected or processed and suitable for that purpose will be processed.
(iii) Principle of accuracy. Personal data must be accurate and up to date. Otherwise, they must be deleted or rectified.
(iv) Principle of limitation of the conservation period. Personal data will not be kept beyond the period necessary to achieve the purpose for which they are processed, except in the cases provided for by law.
(v) Principles of integrity and confidentiality. Personal data protection policy. In the processing of personal data, adequate security must be guaranteed, by means of technical or organisational measures, to protect them from unauthorised or unlawful processing and to prevent their loss, destruction and accidental damage. The personal data collected and processed by GroupSERMICRO must be kept with the utmost confidentiality and secrecy, and may not be used for purposes other than those that justified and allowed its collection and without being communicated or transferred to third parties outside the cases permitted by applicable law.
(vi) Principle of proactive responsibility (accountability). GRUPO SERMICRO will be responsible for complying with the principles stipulated in this Policy for the protection of personal data and those required by applicable legislation and must be able to prove it, when required by applicable law.Group SERMICRO will have to make an evaluation of the risk of the treatments that make, with the purpose of determining the measures to apply to guarantee that the personal data are treated according to the legal requirements. Where required by law, the risks that new products, services or information systems may entail for the protection of personal data shall be assessed beforehand and the necessary measures shall be taken to eliminate or mitigate them. GROUP SERMICRO must keep a register of activities describing the processing of personal data carried out within the framework of its activities. In the event of an incident that causes the accidental or unlawful destruction, loss or alteration of personal data, or the unauthorised communication of or access to such data, the internal protocols established for this purpose by the Security Officer and those established by the applicable legislation must be followed. Such incidents should be documented and measures should be taken to address and mitigate any negative effects on those concerned. In the cases provided for by law, data protection delegates will be appointed in order to ensure compliance with data protection regulations in the company.
(vii)Principles of transparency and information. The processing of personal data shall be transparent in relation to the data subject, providing him/her with information on the processing of his/her data in a comprehensible and accessible manner, where required by applicable law. In order to ensure fair and transparent processing,GROUP SERMICRO responsible for processing must inform those affected or interested whose data is sought to collect the circumstances relating to the processing under applicable law.
(viii) Acquisition or collection of personal data. It is forbidden to acquire or obtain personal data from illegitimate sources, from sources that do not sufficiently guarantee their legitimate origin or from sources whose data have been collected or transferred in contravention of the law.
(ix)Recruitment of processors. Prior to the hiring of any service provider who accesses personal data that are the responsibility of SERMICRO as well as during the term of the contractual relationship, they must take the necessary measures to ensure and, when legally required, demonstrate that the processing of data by the person in charge is carried out in accordance with applicable law.
(x) International data transfers. Any processing of personal data subject to European Union law involving a transfer of data outside the European Economic Area must be carried out in strict compliance with the requirements set out in the applicable law in the jurisdiction of origin. In addition, business partners or subsidiaries located outside the European Union must comply with the requirements for international transfers of personal data that may be applicable in their jurisdiction.
(xi) Rights of data subjects. GRUPO SERMICRO must allow interested parties to exercise the rights of access, rectification, deletion, limitation of treatment, portability and opposition that are applicable in each jurisdiction, establishing, to that effect, the internal procedures that are necessary to meet, at least, the legal requirements applicable in each case
- Implementation In accordance with the provisions of this Personal Data Protection Policy, the Corporate Security Department, together with the Company’s Legal Services, will develop and keep up to date the internal regulations on global data protection management, which will be implemented by the Security Officer and will be binding on all the Company’s executives and employees. Likewise, the Head of the Department shall establish internal procedures that develop the principles contained in this document.
- Control It is the responsibility of the Security Officer to supervise the Company’s compliance with the provisions of this Personal Data Protection Policy In order to verify compliance with this Personal Data Protection Policy, periodic audits will be carried out with internal or external auditors
Any User will be able to exercise the rights of access, rectification, cancellation, opposition and request the suppression of the data through postal mail to GROUPSERMICRO located in Calle Pradillo 48-50, Spain, or sending an e-mail to email@example.com with the reference in the subject: “Data Protection”, including next to the request a copy of its DNI or official document accrediting the identity.
On the basis of all the above, below you will find schematically information about the general aspects of the Protection of your personal data carried out by SERMICRO GROUP:
|Calle de Pradillo, 50, 28002 Madrid, España
tel. 917 44 86 00
|Attention of consultations
|To attend the consultations of the Users who get in touch with us through the sections of Contact or enabled Forms.
|Legitimación y conservación
|Base jurídica del tratamiento
|La base para el tratamiento de los datos es el consentimiento otorgado por el Usuario con la marcación, en su caso, de la correspondiente casilla de aceptación
En caso de no facilitar los datos necesarios para estas finalidades será imposible prestarle nuestros servicios. Los datos se conservarán mientras se mantenga le relación y no se solicite su supresión y en cualquier caso en cumplimiento de plazos legales de prescripción que le resulten de aplicación.
|Legitimation and conservation
|Legal basis of the treatment
|The basis for the processing of the data is the consent given by the User with the marking, where appropriate, of the corresponding acceptance box. If you do not provide the necessary data for these purposes it will be impossible to provide our services. The data will be kept as long as the relationship is maintained and its deletion is not requested and in any case in compliance with the legal statute of limitations that apply to it.
|User information may be used, subject to anonymization, for statistical purposes in order to analyze the behavior and trends of Users and analyze how to improve the services we provide to Users.
|Legitimation and conservation
|Legal basis of the treatment
|The use of your e-mail in the terms indicated above will be with your consent if you tick the appropriate box. The data will be kept as long as the relationship is maintained and its deletion is not requested and in any case in compliance with the legal statute of limitations that apply to it.
|Recipients of transfers
|The following data transfers are planned:
|The data may be transferred to other companies in the Group in order to resolve the query that we have raised when it refers to activities developed by any of our companies. The list of companies in the group can be consulted at: http://www.imesapi.com/quienes-somos/nuestras-empresas
|Rights of data subjects
|Ejercicio de derechos
|nterested parties may exercise their rights of access, rectification, deletion, portability and limitation or opposition by writing to SERMICRO GROUP, indicating “exercise rights data protection” or through the following email address: firstname.lastname@example.org
|Those concerned have the right to withdraw their consent.
|Interested parties have the right to complain to the Control Authority www.agpd.es).
© SERMICRO 2019.