Antic Daró is committed to protecting the privacy of users who access this website and/or any of its services. The use of the website and/or any of the services offered by Antic Daró implies acceptance by the user of the provisions contained in this Privacy Policy and that their personal data will be processed as stipulated herein. Please note that although there may be links from our website to other websites or social networks, this Privacy Policy does not apply to the websites of other companies or organizations to which the website is redirected. Antic Daró does not control the content of third-party websites, nor does it accept any responsibility for the content or privacy policies of these websites.
Basic information about data processing (Regulation (EU) 2016/679 and LO 3/2018)
Data Controller
Jaume Domènech Ribera
NIF: 33871530M
Carrer del Sis D’Octubre de 1869, 58 Bis, 17100 La Bisbal d’Empordà, Girona
Email: info@anticdaro.com
Purpose of Processing
Maintain commercial relations and send communications about products or services.
Legal Basis
Consent obtained from the data subject.
Execution of the service contract.
Recipients
Data will not be communicated to third parties, except as required by law or necessary to fulfill the purpose of processing.
Rights of Individuals
Individuals have the right to exercise their rights of access, rectification, restriction of processing, erasure, portability, and objection by sending a request to our address.
Data Retention Period
As long as the commercial relationship is maintained or for the years necessary to comply with legal obligations.
Complaints
Individuals can contact the AEPD to file any complaint they deem appropriate.
Additional Information
You can consult the additional and detailed information below in the “Privacy Questions”.
Privacy Question
In compliance with Regulation (EU) 2016/679 of the European Parliament and Council, of April 27, 2016 (GDPR), and Organic Law 3/2018, of December 5, on the Protection of Personal Data and guarantee of digital rights (LOPDGDD), we provide the following information about the processing of your personal data:
Who is responsible for processing your data?
Identity: Jaume Domènech Ribera
NIF: 33871530M
Address: Calle Sis D’octubre De 1869, 59, La Bisbal D’emporda, 17100, Gerona
Tel.: 639 98 24 10
Email: info@anticdaro.com
What is the purpose of processing your personal data?
- We process the information provided to us to maintain commercial relationships and send communications about products or services.
- If you contact us through the contact form on our website, we will process your data to manage your query.
- If you give us your consent, we may also process your data to send you information about our activities, products, or services.
- If you send us a CV, we will process the data to manage the CV database for personnel selection.
How long will we keep your data?
- The personal data provided will be retained as long as you are a user of our services or want to receive information. You can object to the processing of your data for promotional purposes at any time. Data will then be kept for the periods necessary to comply with our legal obligations, which, in the case of accounting and tax documentation, will be 6 years according to Art. 30 of the Commercial Code, and 4 years for tax purposes, according to articles 66 to 70 of the General Tax Law.
- CV data will be retained for one year.
What is the legal basis for processing your data?
The legal basis for processing your data is the execution of the service contract and the consents you provide. Regarding information submitted by minors under 14 years, it is essential that it is done with parental consent, from the guardian or the legal representative of the minor, for the personal data to be processed. If this is not the case, the legal representative of the minor must notify us as soon as they become aware of this.
To whom will your data be communicated?
Data will not be communicated to third parties, except as required by law or necessary to fulfill the purpose of processing.
What are your rights when you provide us with your data?
- Anyone has the right to obtain confirmation about whether we are processing their personal data.
- Data subjects have the right to access their personal data, as well as to request the rectification of inaccurate data or, where appropriate, to request its deletion when, among other reasons, the data is no longer necessary for the purposes for which it was collected.
- In certain circumstances, data subjects may request the restriction of the processing of their data, in which case we will only retain them for the exercise or defense of claims.
- Also, in certain circumstances and for reasons related to their particular situation, data subjects may object to the processing of their data. In such cases, we will cease processing the data, except for compelling legitimate reasons or for the exercise or defense of potential claims.
- Every data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.
- Finally, data subjects have the right to lodge a complaint with the competent supervisory authority.
How can you exercise your rights?
By sending a written request, along with a copy of an identification document, to our physical or electronic address.
How did we obtain your data?
The personal data we process comes from the data subject. The data subject guarantees that the personal data provided is accurate and is responsible for communicating any changes to them. Data marked with an asterisk are mandatory to provide the requested service.
What data do we process?
The categories of data we may process in the provision of our services are:
- Identification data
- Postal or electronic addresses
- In the case of video surveillance systems:
- Image
- In the case of CVs:
- Personal characteristics
- Academic and professional details
The data are limited, as we only process the necessary data to provide our services and manage our activity.
Do we use cookies?
We use cookies during navigation on our website with the user’s consent.
The user can configure his browser to warn him of the use of cookies and to prevent their use. Please visit our cookie policy.
To manage cookies and similar technologies used (tracking pixels, web beacons, etc.) and related consents, we use the “Real Cookie Banner” consent tool. Details on how it works can be found at the following link “Real Cookie Banner“.
The legal basis for the processing of personal data in this context is art. 6 (1) lit. c GDPR and art. 6 (1) lit. f GDPR. Our legitimate interest is the management of cookies and similar technologies used and related consents.
The provision of personal data is not contractually required or necessary for the conclusion of a contract. You are not obliged to provide personal data. If you do not provide us with personal data, we will not be able to manage your consents.
What security measures do we apply?
We apply the security measures established in Article 32 of the GDPR. Therefore, we have adopted the necessary security measures to ensure a level of security appropriate to the risk of data processing, with mechanisms to ensure the confidentiality, integrity, availability, and permanent resilience of processing systems and services.
Some of these measures are:
- Information on data processing policies to staff.
- Periodic backup.
- Access control to data.
- Regular verification, evaluation, and assessment processes.
How do we process data on behalf of third parties?
When providing our services, we process personal data for which our clients are responsible. We do so as data processors, in accordance with Article 28 of the GDPR. In these data processing activities, we will:
i) Process personal data only following documented instructions from the data controller, including regarding transfers of personal data to a third country or an international organization, unless required by Union or Member State law to which we are subject. In this case, we will inform the controller of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest.
j) Ensure that persons authorized to process personal data have committed themselves to confidentiality.
k) Adopt all necessary security measures in accordance with Article 32 of the GDPR, implementing mechanisms to:
- Ensure the confidentiality, integrity, availability, and permanent resilience of processing systems and services.
- Restore the availability and access to personal data quickly in the event of a physical or technical incident.
- Verify, evaluate, and assess regularly the effectiveness of technical and organizational measures for ensuring the security of processing.
- Pseudonymize and encrypt personal data, where applicable.
l) Respect the conditions indicated in paragraphs 2 and 4 of Article 28 of the GDPR to engage another processor.
m) Assist the controller, taking into account the nature of the processing, with appropriate technical and organizational measures, to the extent possible, to fulfill the obligation to respond to requests for exercising the data subject’s rights under Chapter III of the GDPR.
n) Assist the controller in ensuring compliance with the obligations related to data security established in Articles 32 to 36 of the GDPR, considering the nature of the processing and the information available to us.
o) At the controller’s choice, delete or return all personal data after the end of the provision of processing services, and delete existing copies unless Union or Member State law requires storage of the personal data.
p) Make available to the controller all information necessary to demonstrate compliance with the obligations set out in Article 28 of the GDPR and allow for and contribute to audits, including inspections, conducted by the controller or another auditor authorized by the controller..
As processors, the types of personal data, categories of data subjects, and processing activities we may perform on behalf of our clients will be as follows:
Types of personal data we may process:
- Identification data
- Image
Categories of affected data subjects:
- Clients
- Staff
- Visitors
Data processing activities we may perform:
- Extraction
- Visualization