WHO IS THE DATA CONTROLLER?
- Identity of the controller: Aphelion Soluciones Informáticas S.L. (B97285720). Hereafter, ADD Informática.
- Address: C/ Helsinki 52, 6B –Entresuelo 1, 2, 4 y 5 – Parc Central. 46900 Torrent, Valencia (Spain)
- Email: firstname.lastname@example.org
- Telephone: +34 961 588 133
WHAT PERSONAL DATA DO WE PROCESS?
The company processes the following types of data:
- Personal data: names and surnames, DNI/NIF or equivalent identity documentation, addresses, phone numbers, other contact details.
- Professional and academic information: level of education, job, etc.
- Commercial information
- Goods and services transactions
- CCTV images/video: identification of clients, suppliers and employees.
- Financial and insurance information: tax information, bank account details, cash transfers.
- Biometric data: linked to use of Resiplus.
- Health data: linked to use of Resiplus.
WHAT IS THE PURPOSE OF THE DATA PROCESSING AND UNDER WHAT CIRCUMSTANCES?
ADD Informática processes personal data for the following purposes:
- Clients: Managing the sale of goods and services, invoicing, accounts, incoming payments, non-payments, offers, quotes and contracts, customer service, contacts and commercial relations.
- Potential clients: Monitoring new business opportunities.
- Suppliers: Purchase management, accounts, payments, managing delivery notes and orders, contacts and commercial relations.
- Contact and Online Chat: Responding to information requests about products and services and to any other question from users.
- CCTV: Controlling access to the organisation’s facilities and ensuring the security of the company’s goods and people. Controlling access by suppliers to the organisation to comply with the contractual relationship.
- Candidates: Carrying out current and future internal hiring processes.
- Online and in-person training: Responding to applications and/or bookings relative to places on in-person and online training courses. Managing event attendance. Sending commercial communications about the company’s products and/or services, with the consent of the data subject.
- Technical support: Providing personalised and remote technical support and responding to doubts and questions.
- Call recording: Responding to calls efficiently. Calls may be recorded.
- Online and in-person demo: Managing requests for the online and in-person demo service. Sending communications about the company’s products and/or services, with the consent of the data subjects.
WHAT IS THE LEGAL BASIS FOR PROCESSING THE DATA?
The organisation may process personal data in line with the following:
- Compliance with legal and regulatory obligations: Banking and financial regulations, prevention of money laundering and terrorism financing, compliance with legislation on sanctions, embargoes and tax fraud, and compliance with tax control and notification duties.
- Execution of a contract: Information about the products and/or services contracted. Managing requests.
HOW LONG WILL MY PERSONAL DATA BE PROCESSED FOR?
ADD Informática processes personal data in accordance with the following time frames:
- The period established by law.
- The period necessary for complying with operational obligations.
The data will be held for as long as is necessary to comply with the purpose for which they were collected and to determine possible responsibilities that may arise from said purpose and from the data processing, in accordance with the aforementioned regulations and with the periods set out in the relevant regulations on files and documentation.
WHO WILL MY DATA BE SHARED WITH?
We may share your personal data with the following individuals or organisations to comply with the aforementioned purposes:
- Service providers who carry out services on our behalf.
- Legal authorities, government agencies and public bodies.
- Banks and other financial institutions.
No data transfers beyond the European Economic Area will be carried out.
WHAT ARE MY RIGHTS?
Your rights under European law are as follows:
- You have the right to know if your personal data are being processed and to request a copy of your data from the controller.
- You can request that inaccurate or incomplete data be modified.
- You can object to the processing of your personal data and ask that the processing be stopped.
- Automated decision-making. You have the right to not be subject to automated decision-making, including profiling, in the case of decisions with legal implications or other significant consequences for you.
- The right to suspend the processing of the user’s personal data under certain circumstances.
- Erasure (right to be forgotten). The right to have the data erased.
- The right to request that the controller provide the personal data in a structured and clear format to another controller.
Requests must be actioned within 30 days of receipt though the deadline may be extended for a maximum of two months if necessary.
The data subject may exercise their rights through the following channels:
- Sending an email to email@example.com in which they provide verification of their identity (copy of the front side of their national identity document or similar).
- Sending a letter to C/ Helsinki 52, 6B – Entresuelo 1,2 y 4 – Parc Central. 46900 Torrent, Valencia (Spain) in which they provide verification of their identity (copy of the front side of their national identity document or similar).
- The data subject may also request support from the Spanish Data Protection Agency via their website.