In compliance with Regulation (EU) 2016/679, of the European Parliament and of the Council, of April 27 2016 (hereinafter GDPR), Nubaltec IT Consulting, S.L. (hereinafter Nubaltec) reveals this Policy regarding the processing and protection of personal data.
Data of the controller:
- Name: NUBALTEC IT CONSULTING, S.L.
- EU-id: ESB66820077
- Address: C/ París 45-47, Ent. 3ª, 08029 - Barcelona
- E-mail: [email protected]
Contact details of the Data Protection Officer: [email protected]
Scope of application
This Policy shall apply:
- To those who visit the Nubaltec website, www.nubaltec.com.
- To those who voluntarily communicate with Nubaltec through email, chat or who complete any of the data collection forms published on the Nubaltec website.
- To those who request information about Nubaltec products and services or who request to participate in any of Nubaltec's commercial actions.
- To those who formalize a contractual relationship with Nubaltec by contracting its products and services.
- To those who use any other service present on the website that involves the communication of data to Nubaltec or access to data by Nubaltec for the provision of its services.
- To any others who, directly or indirectly, have given their express consent for their data to be processed by Nubaltec for any of the purposes included in this Policy.
The use of Nubaltec products and services requires the express acceptance of this Policy.
Nubaltec warns that, except for the existence of a legally constituted representation, no user and/or client can use the identity of another person and communicate their personal data, so the data provided to Nubaltec must be personal data, corresponding to their own identity, adequate, pertinent, current, exact and true. In this sense, the user and/or client will be solely responsible for any direct or indirect damage caused to third parties or Nubaltec due to the use of another person's data or their own data when they are false, erroneous, not current, inadequate. or not relevant. Likewise, the user and/or client who communicates the personal data of a third party will be responsible for having obtained the corresponding authorization from the interested party, as well as its consequences otherwise.
In the same way, the user and/or client who communicates personal data to Nubaltec declares to be of legal age, in accordance with the provisions of Spanish legislation, refraining otherwise from providing data to Nubaltec. Any data provided about a minor will require the consent or prior authorization of their parents, guardians or legal representatives, who will be considered responsible for the data provided by the minors under their care.
This Policy will be of subsidiary application with respect to those other conditions that on the protection of personal data are established with a special character and are communicated, without limitation, through the registration forms, contracts and/or conditions of the particular services Therefore, this Policy is complementary to those mentioned in matters not expressly provided for in them.
Purposes of the collection and processing of personal data
Nubaltec, in its capacity as data controller, informs users of the existence of various treatments and files in which the personal data communicated to Nubaltec is collected and stored.
The purposes of said collection and processing of personal data are the following:
- In relation to the "cookies" that Nubaltec uses when browsing through its website (www.nubaltec.com), they are stored in the user's terminal equipment (computer or mobile device) and collect information When visiting said web pages, with the purpose of improving their usability, knowing the browsing habits or needs of users in order to adapt to them, as well as obtaining information for statistical purposes. In the case of those users who are already clients of Nubaltec, the information collected with the cookies will also serve to identify them when accessing the different tools that Nubaltec makes available to manage the services. In any case, users can configure their browser in such a way that the reception of all or some of the cookies is disabled or blocked. The fact of not wishing to receive these cookies does not constitute an impediment to access the information on the Nubaltec websites, although the use of some services may be limited. If once the consent for the reception of cookies has been granted, it is desired to withdraw it, those stored on the user's computer must be eliminated, through the options of the different browsers.
All the information about the cookies used by Nubaltec , is published in its Cookies Policy, available for consultation at https://www.nubaltec.com/en/cookies-policy.php.
- In the case of sending an email to Nubaltec or communicating personal data through any other means, such as a contact form, the purpose of collecting and processing said data by Nubaltec It is the attention of the queries and requests for information that arise about the products and services of Nubaltec.
- In the case of sending an email to Nubaltec related to your job offers, said data will be processed to participate in personnel selection procedures.
- In the case of Nubaltec forms that interested parties complete to participate in any of Nubaltec's commercial actions, the purpose will be to enable such participation, as well as the sending of commercial and advertising communications about Nubaltec services, except that the interested party expressly expresses his opposition at the same moment of the collection of his data. Notwithstanding the foregoing, the interested party may modify his decision at any time, as many times as he wishes, through the means provided by Nubaltec for this purpose. Li>
- In contracting the services offered by Nubaltec, only those personal data that are necessary to establish the contractual relationship and enable the provision of services and remuneration thereof by customers will be collected, said data being collected and processed for the following purposes:
- The main purpose will consist of maintaining the contractual relationship established with the client, in accordance with the nature and characteristics of the contracted services, contacting Nubaltec with the client through the e-mail address, telephone or other means indicated by the latter.
- For the sending of documentation and information related to the contracted services, as well as for the sending of commercial and advertising communications about them or similar ones by Nubaltec, by postal mail, e-mail, telephone, SMS or other means indicated by the client, unless the client expressly states their opposition at the time of contracting. Regardless of whether the client has chosen to receive commercial information from Nubaltec or not, the client may modify their decision at any time, as many times as they wish, by contacting the Data Protection Delegate ([email protected]).
- For the maintenance of historical records of commercial relations during the legally established periods.
- In those cases in which Nubaltec must access and/or process personal data in respect of which the client has the status of data controller or processor, Nubaltec will process said data as data processor in accordance with the provisions of article 28 of the GDPR and in accordance with what is indicated in the section called "Nubaltec as data processor", included in this Policy.
- In compliance with the provisions of Law 25/2007, of October 18, on the preservation of data related to electronic communications and public communications networks, Nubaltec informs the user that certain personal data will be retained and preserved. traffic generated during the development of communications, as well as, where appropriate, to communicate said data to the competent bodies provided that the legal circumstances provided for in said Law concur.
- For all those other purposes, which are expressly included in the Specific Conditions that are applicable to the corresponding product or service contracted by the client and expressly accepted by the latter.
Personal data retention period
Nubaltec will keep personal data for the time strictly necessary to fulfill the purposes detailed above. Nubaltec may keep said data duly blocked during the period in which responsibilities could be derived from its relationship with the client.
In the case of the data subject to conservation due to Law 25/2007, of October 18, on the conservation of data related to electronic communications and public communication networks, the conservation period thereof will be detailed in said regulations.
Recipients of personal data
The recipients of the personal data collected by Nubaltec will be the following:
- Nubaltec employees themselves in the performance of their duties.
- Nubaltec suppliers involved in the provision of services, in the event that this is necessary for the provision thereof.
- The judicial or administrative bodies, as well as the State Security Forces and Corps, in the event that Nubaltec is required in accordance with current legislation to provide information related to its clients and its services.
- Any others who, due to the nature of the service, must access the data provided with it, as detailed in the Specific Conditions that apply to the corresponding product or service contracted by the customer and expressly accepted by the customer.
Rights of users and exercise thereof
Users may at any time exercise the following rights recognized by the GDPR:
- Right of access: Users have the right to obtain information from Nubaltec about whether personal data that concerns them is being processed, to access them and to obtain information about the treatment carried out.
- Right to obtain a copy of your personal data.
- Right of rectification: Users have the right for Nubaltec to rectify their personal data in the event that they are inaccurate or incomplete.
- Right of deletion: Users have the right to proceed to the deletion of the data when they are no longer necessary for the purpose for which they were provided or when the rest of the legally provided circumstances concur.
- Right to limit treatment: Users have the right to request a limitation in the treatment of their personal data, so that the treatment operations that must correspond in each case are not applied to them, in those cases provided for in the art. 18 of the GDPR.
- Right to portability: Users have the right to receive the personal data that concerns them in a structured format, as long as said data is the exclusive concern of the user and has been provided by them.
Whether they are Nubaltec customers or not, users may exercise their rights by sending an e-mail communication to the address lopd@ nubaltec.com or by sending a request accompanied by your D.N.I. or legally valid document proving your identity, addressed to Nubaltec IT Consulting, S.L. C/ París 45-47, Ent. 3ª, 08029 - Barcelona Spain, to the attention of the Commercial Information Department, specifying the right they wish to exercise.
In the cases of manifestly unfounded or excessive requests due to their repetitive nature, Nubaltec reserves the right to charge a fee for the administrative costs that arise or the right to refuse to act with respect to them, in accordance with the provisions of the art. 12.5 GDPR.
Users and/or clients may contact the corresponding local control authority if they consider that the treatment carried out regarding their personal data has not been carried out in accordance with current legislation.
The data protection control authority in Spain is the Spanish Agency for Data Protection, whose contact details are available on its website, specifically at https://www.aepd.es/agencia/contacto.html.
International data transfers
In those Nubaltec products and services in which transfers outside the European Union are required to enable their provision, said circumstance will be included in the Specific Conditions that apply to the corresponding product or service contracted by the client and expressly accepted by the latter prior to them.
Nubaltec as data processor
In accordance with article 28 of the GDPR and concordants, Nubaltec will process the personal data with respect to which the client holds the status of controller or processor, when this is necessary for the adequate provision of the contracted services. In this case, Nubaltec will act as the person in charge of the treatment, in accordance with the terms indicated below:
- Nubaltec will only process the data in accordance with the instructions of the client responsible or in charge of the treatment, not using it for a purpose other than that which appears in this Data Protection Policy and/or in the applicable contractual conditions.< /li>
- Once the provision of the services that motivate the processing of personal data has been completed, these will be destroyed, as will any support or documents that contain any personal data or any type of information that has been generated during, to and/or for the provision of the services subject to the corresponding Conditions. Notwithstanding the foregoing, Nubaltec may keep the aforementioned data duly blocked during the period in which responsibilities may arise from its relationship with the client.
- In the event that Nubaltec uses the data for another purpose or communicates or uses it in breach of this Data Protection Policy and/or the corresponding Terms of Service, it will also be considered the data controller.
- Nubaltec undertakes, in accordance with article 28 of the GDPR, to maintain due professional secrecy regarding the personal data that it must access and/or process in order to comply in each case with the purpose of the Conditions of the service that are applicable, both during and after their termination, agreeing to use said information only for the intended purpose in each case and to demand the same level of commitment from any person within their organization who participates in any phase of processing personal data responsibility of the customer.
- In accordance with the provisions of the GDPR, the following rules will apply in relation to the form and modalities of access to data for the provision of services:
- In the event that Nubaltec must access the processing resources located at the client's facilities, the latter will be responsible for establishing and implementing the policy and security measures, as well as communicating them to Nubaltec, who undertakes to respect them and demand their compliance from the people of your organization who participate in the provision of services.
- When Nubaltec remotely accesses the data processing resources under the responsibility of the client, the latter must establish and implement the policy and security measures in its remote processing systems, with Nubaltec being responsible for establishing and implementing the policy and security measures on their own local systems.
- When the service is provided by Nubaltec in its own premises, Nubaltec will collect in its Activities Registry the circumstances related to data processing in the terms required by the GDPR, including the security measures corresponding to such processing.
- The access and/or processing of data by Nubaltec, without prejudice to the specific legal or regulatory provisions in force that may be applicable in each case or those that Nubaltec adopts on its own initiative, will be subject to the necessary security measures. for:
- Guarantee the confidentiality, integrity, availability and permanent resilience of treatment systems and services.
- Restore availability and access to personal data quickly, in the event of a physical or technical incident.
- Verify, evaluate and assess, on a regular basis, the effectiveness of the technical and organizational measures implemented to guarantee the safety of the treatment.
- Pseudonymize and encrypt personal data, if applicable.
- The client authorizes Nubaltec to carry out the actions indicated below, whenever they are necessary for the execution of the provision of services. Said authorization is limited to the action(s) necessary for the provision of each service and with a maximum duration linked to the validity of the applicable Contractual Conditions:
- To carry out the processing of personal data on portable devices only by users or user profiles assigned to the provision of services.
- To carry out the treatment outside the premises of the client or Nubaltec, only by the users or user profiles assigned to the provision of the services.
- The entry and exit of supports and documents containing personal data, including those included in and/or attached to an email, outside the premises under the control of the client responsible for the treatment.
- The execution of the data recovery procedures that Nubaltec is obliged to carry out.
- Nubaltec is not responsible for the breach of the obligations derived from the GDPR or the corresponding regulations on data protection by the user and/or client in what corresponds to their activity and that is related to the execution of the contract or commercial relations that bind you to Nubaltec. Each party must face the responsibility that derives from its own breach of contractual obligations and the regulations themselves.