Privacy Policy
1.- Object and scope of application.
SICTE Servicios de Ingeniería y Consultoría Técnicos Europeos, S.L. (hereinafter, SICTE), in compliance with Regulation (EU) 2016/679, of the European Parliament and of the Council, of April 27, 2016 (GDPR), highlights this Policy in relation to the processing of personal data.
This Policy will apply:
- To users who visit the SICTE website ( http://www.sicte.es ).
- To those who voluntarily contact SICTE through email, chat or who complete one of the data collection forms published on the SICTE website.
- To those who request information about SICTE services, or request to be part of any of its commercial actions.
- To those who hire any of the services of SICTE, formalizing the corresponding contractual relationship.
- To those who use any other service present on the website http://www.sicte.es if this implies the communication of personal data to SICTE or access to data by SICTE to provide its services.
- To any others who give their express consent, directly or indirectly, so that their data is processed by SICTE in relation to any of the purposes indicated in this Policy.
The user and / or client assumes the responsibility for the veracity of the data provided by him, committing to the fact that they are true and up to date, not being able to use the identity of another person or communicate their personal data except that accredits having an authorization with legal validity. For this purpose, the user and / or client will be solely responsible for any damage, direct and / or indirect, that causes third parties or SICTE for the use of personal data of another owner without their prior authorization, or their own data of a personal nature when these are false, erroneous, are not updated or are inadequate. The user and / or client that communicates the personal data of a third party will be responsible for having obtained the consent of the interested party, as well as the consequences otherwise.
The user and / or client that communicates personal data to SICTE declares to be of legal age in accordance with the provisions of Spanish legislation, and should not otherwise provide data to SICTE. Any information provided by a minor will require the prior consent or authorization of their parents, guardians or legal representatives, who will be responsible for the personal data provided by the minors in their care.
This Policy will be of subsidiary application in relation to other conditions on the collection or processing of personal data that could be established with special character and be communicated through registration forms or contracts of private services, this Policy being complementary to those mentioned in what was not expressly provided therein.
The use of SICTE services requires the express acceptance of this Data Protection Policy.
2- Purposes of data collection and processing by SICTE.
SICTE has several files where it collects and stores the personal data that is communicated to it as the data controller. The following are the purposes of the collection and processing of personal data by SICTE:
- Regarding the "cookies" used by SICTE in the navigation of its website http://www.sicte.es a> and that are stored in the user's equipment (computer or mobile device) collecting information about said visits, the purpose is to improve the usability of said web page, facilitate navigation through it, know the browsing habits and needs of users to adapt to them and obtain information for statistical purposes. In the case of users who are customers of SICTE, the information collected through cookies also serves to identify them when accessing the tools that SICTE makes available to manage the contracted services.
Users can configure their browser to notify them of the receipt of « cookies », or avoid it. If the user decides to withdraw the consent for the reception of cookies after having granted it, he must delete all those stored on his computer and configure the options of the different browsers. Browsing the SICTE website once cookie collection is disabled is possible, although the use of some services may suffer limitations.
Those interested can find more information in the SICTE Cookies Policy, published at https: // www .sicte.es / - In the event that those interested fill out any of the SICTE forms to participate in any of their commercial actions, their purpose will be participation in them, as well as the sending of advertising information about SICTE services unless the interested expressly express their opposition when their data are collected. In any case, the interested party may modify the option about receiving commercial information at any time, through the means available for it in SICTE.
The purpose of the collection and processing of data in the cases of sending an email to SICTE or a communication of personal data through any other means (such as a contact form published in http://www.sicte.es ) will answer questions, concerns and requests for information about SICTE and its services. - Regarding the contracting of SICTE services, the data collected will be limited to the personal data necessary to establish the contractual relationship with the client and enable the provision of services. The purposes for which such data will be collected and processed will be the following:
- The maintenance of the contractual relationship according to the nature of the contracted services, this being the main purpose, so that SICTE can contact the client through email, telephone or any other means indicated by it. < / li>
- To enable the sending of documentation and information in relation to the contracted services and for the sending of commercial communications whose purpose is said services or similar, through e-mail, postal mail, telephone, SMS or any other means indicated by the client, unless he expressly expresses his opposition when contracting. Regardless of the option chosen by the client in the contracting process, the client may modify his decision at any time and as many times as he wishes, through the specific section available in his Client Area, choosing whether or not to receive information commercial of SICTE.
- The maintenance of the historical records of SICTE's business relations, during the legally established deadlines.
- In cases where access or processing by SICTE is carried out with respect to personal data in which the client had the status of responsible or in charge of the treatment, SICTE will act as the person in charge of the treatment in accordance with the provisions of the art. GDPR 28. The section “SICTE as responsible for the treatment” included in this Policy collects more information in this regard.
- SICTE will proceed to retain and retain certain traffic data generated during the development of communications, as well as to communicate said data to the competent bodies whenever the legal circumstances provided, all in compliance with Law 25/2007, of October 18, on the preservation of data related to electronic communications and public communications networks.
- For all purposes that are expressly included in the contracts corresponding to each of the services contracted by the client and accepted by the client.
3- Recipients of the data.
They will be recipients of the personal data collected by SICTE:
- Those SICTE providers that participate in the provision of services, if necessary to enable them.
- Companies that are part of the Business Group to which SICTE belongs, understood according to the provisions of art. 42 of the Commercial Code, whose activity is the commercialization of services of the same or similar nature offered by SICTE (for example, domain name services, web hosting or electronic commerce).
- The State Security Forces and Bodies, as well as judicial or administrative bodies, if the collaboration of SICTE were required to provide information related to its clients or services, in accordance with the Law.
- Any other that is necessary to enable the provision of each specific service, providing the necessary information in SICTE service contracts, which are expressly accepted by customers.
4.- Data retention period.
The preservation of personal data by SICTE will be carried out during the period of time that is strictly necessary to fulfill the purposes set out in this Policy, keeping SICTE duly blocked said data in addition during the period in which responsibilities could be derived of your relationship with customers.
With respect to the data subject to conservation in accordance with Law 25/2007, of October 18, on the conservation of data related to electronic communications and public communications networks, the period of conservation thereof will be detailed in said regulations.
5.- User rights.
The rights of users in relation to the collection and processing of data by SICTE are the following, recognized by the GDPR:
- Right of access: Users have the right to request and obtain information from SICTE about their personal data, to access them and to obtain information about their treatment.
- Right to obtain a copy of your personal data.
- Right of deletion: Users can request the deletion of the data when they are no longer necessary for the purpose for which they were provided or if the other circumstances provided by the GDPR concur.
- Right of rectification: In the event that their data were incorrect or incomplete, users have the right to request their rectification.
- Right to limit treatment: In the cases provided for in art. 18 of the GDPR, users have the right to request that the processing of their personal data be limited, so that the corresponding processing operations are not applied to them.
- Right to portability: Users have the right to receive personal data that are incumbent on them in a structured and commonly used format, being necessary requirements that such data rests exclusively with the user and would have been provided by him to SICTE. li>
For the exercise of their rights, users may use the following ways:
- In the case of users who are SICTE customers: customers have at their disposal the “Client Area” tool, which is authentically accessed from http://www.sicte.es and which has a specific section where the data can be checked at any time .
- In the case of both non-client users and SICTE customers: The email address mailto: info@quinuadeperu.com a > , to which they can send an e-mail to exercise their rights. If you wish, you can also do it by sending a petition accompanied by your D.N.I. or valid document proving your identity, addressed to the Commercial Department of SICTE, C / Directorate Spain, l, specifying the right they wish to exercise.
SICTE reserves the right to charge a fee for administrative costs arising in cases of manifestly unfounded or excessive applications for its repetitive nature, as well as the right to refuse to act on them, in accordance with art. 12.5 GDPR.
6.- International transfers.
In the case of SICTE services that require the carrying out of international transfers to enable them to be provided, said circumstance will be indicated in the contract corresponding to the specific service contracted by the client and expressly accepted by the client in a manner prior to it.
7.- Control authority.
In the case of considering that the processing of their personal data has not been carried out in accordance with current legislation, users may notify the corresponding control authority in each case. In Spain, the control authority is the Spanish Agency for Data Protection, whose contact details are published in http://www.agpd.es/portalwebAGPD/CanalDelCiudadano/contacteciudadano/index-ides-idphp.php
8.- SICTE as the person in charge of the treatment.
In relation to personal data for which the client has the status of responsible or responsible for processing, SICTE will treat such data in accordance with art. 28 GDPR and concordant, when this is necessary for the provision of contracted services. SICTE will act in this case as the person in charge of the treatment, in accordance with the conditions indicated below:
- SICTE will treat such data in accordance with the instructions of the client responsible or in charge of the treatment, not using them for a purpose other than that contained in this Policy and / or in the contractual conditions that apply.
- Once the provision of the services subject to the processing of personal data has been completed, they will be destroyed, as well as any support or documents that contain any personal data or any information that has been generated during, for and / or for the provision of services. However, SICTE may keep said data duly blocked during the period in which responsibilities may arise from its relationship with the client.
- According to art. 28 of the GDPR, SICTE will maintain due professional secrecy regarding the personal data that must be accessed and / or processed in order to comply in each case with the object of the service contract that applies to it, both during and after the termination of the same, pledging to use said information only for the intended purpose in each case and to demand the same level of commitment from any person who within their organization participates in any phase of the personal data processing responsibility of the client. li >
- In the event that SICTE allocates the data for another purpose or communicates or uses it in breach of this Policy or its corresponding contractual conditions, it will be held liable for the processing.
- In relation to the form and modalities of access to data in the provision of services, according to the GDPR the following rules will apply:
- In the event that SICTE must have access to the treatment resources located in the client's facilities, the latter will be responsible for establishing and implementing the security policy and measures, as well as communicating them to SICTE, who undertakes to respect them and demand their fulfillment from people who participate in the provision of services.
- When SICTE remotely access the data processing resources that are the responsibility of the client, the latter must establish and implement the security policy and measures in its remote treatment systems, SICTE being responsible for establishing and implementing the security policy and measures in their own local systems.
- In cases in which the service was provided by SICTE in its own premises, SICTE will collect in its Activity Register the circumstances regarding the processing of data in the terms required by the GDPR, including security measures corresponding to said treatment. .
- Without prejudice to the specific legal or regulatory provisions in force that may be applicable in each case or to the measures that SICTE adopts on its own initiative, the access and processing of personal data by SICTE will be subject to the measures of security needed to:
- Ensure the permanent confidentiality, integrity, availability and resilience of treatment systems and services.
- Restore availability and access to personal data quickly, in case of physical or technical incident.
- Verify, evaluate and assess, on a regular basis, the effectiveness of the technical and organizational measures implemented to ensure the safety of the treatment.
- Pseudonymize and encrypt personal data, if applicable
- The client authorizes SICTE, as the person in charge of the processing, to outsource with third parties on behalf and on behalf of the client, the storage services, custody of the backup copies of data and security, as well as those that were necessary to enable the provision of contracted services, respecting in any case the obligations imposed by the GDPR. The client may contact SICTE at any time to know the identity of the subcontracted entities for the provision of said services, which will act in accordance with the terms set forth in this document and prior formalization with SICTE of a data processing contract in accordance with art. . 28.4 of the GDPR.
- The client gives his authorization to SICTE to carry out the actions indicated below, provided that they are necessary for the execution of the provision of the services, said authorization being limited to the action / is necessary to provide the service and with a maximum duration linked to the applicable contractual conditions:
- To carry out the processing of personal data on portable devices only by users or user profiles assigned to the provision of services.
- To process the data outside the premises of the client or SICTE, only by users or user profiles assigned to the provision of services.
- Upon entry and exit of media and documents containing personal data, including those that are part or attached to an email, outside the premises under the control of the client responsible for the processing.
- The execution of the data recovery procedures that SICTE is obliged to perform.
- SICTE is not responsible for the breach of the obligations derived from the GDPR or the corresponding regulations regarding data protection by the user and / or client in what corresponds to their activity and that is related to the execution of the contract or commercial relations that join SICTE. Each of the parties must meet the responsibilities arising from their own breach of contractual obligations and current regulations.
9.- Data of the data controller.
Corporate name: SICTE
NIF: B-00000000
Registered office: C / Address
Contact email: info@sicte.es
10.- Contact data of the Data Protection Delegate:
info @ info @ sicte.es