Information in compliance with personal data protection legislation

 

In Spain and the rest of Europe, there are data protection regulations in place designed to protect your personal data that, as a company, we need to be compliant with.

That is why it’s important for us that you clearly understand what we do with the data we request.

We will be transparent and ensure you have control over your data, using plain language and clear options that will allow you to decide what we are allowed to do with your personal data.

If anything is unclear after reading this information, please do not hesitate to contact us.

Thank you for your cooperation.

 

Company name: CONDENSIA QUÍMICA S.A.

Our tax identification code/tax ID:   A08394801

Our primary activity: Manufacture of esters and polyesters

Our address: Carrer Jonqueres, 16, 11º AC.P. 08003 , BARCELONA (Barcelona)

Our telephone number: +34 93 268 06 33

Our email address: condensia@condensia.com

Our website: www.condensia.com

 

For your peace of mind and security, we are inscribed in the following Spanish Public Registry/Commercial and Trade Registry: Barcelona Mercantile Registry, Page 31.009, Folio 100, Volume 2.308, Book 2.308, Section 2ª, of Companies, Inscription 1ª N.I.F A-08394801.308

We are available should you need us. Please do not hesitate to contact us.

 

Basic information on data protection

 

Data controller

CONDENSIA QUÍMICA S.A.

Address

Carrer Jonqueres, 16, 11º A C.P. 08003, BARCELONA, (Barcelona)

Purposes

We will use your data to respond to your requests and deliver our services to you.

Marketing

We will only send you marketing correspondence if you have given your prior consent, which you can do by ticking the box for that purpose.

Lawful basis

We will only process your data if you have given your prior consent, which you can do by ticking the box for that purpose.

Recipients

Generally, only our members of staff who have been duly authorised may access the data that you have provided.

Your rights

You have the right to know what information we hold about you, to rectify it and to erase it, as explained in the additional information available on our website.

 

Generally, your personal data will be used to maintain a relationship with us in order to deliver our services to you.

Your data may also be used for other purposes, such as sending you marketing communications or promoting our services. 

 

Your personal data is required for us to maintain a relationship with us in order to deliver our services to you. We will provide a series of tick-boxes that will allow you to make a clear and simple decision on how you want us to use your data. 

 

Generally, only our staff members who have been fully authorised may access the data that you have provided.

Equally, we may pass your personal data on to other entities where this is required in order to provide our services to you. For instance, we will need to share your data with our bank if you pay for our services by credit card or bank transfer.

We will also need to pass your data on to public or private entities when we are obliged to do so by law. For example, Spanish tax law requires us to provide the tax authorities with information on financial transactions that exceed a certain amount.

Nevertheless, if we otherwise need to disclose your personal data to other entities, we will ask your permission beforehand, providing you with clear options that will allow you to make a decision.

 

We protect your data using effective security measures in proportion to the risks involved in using your data.

We have adopted a Data Protection Policy, and we carry out checks and annual audits to verify that your personal data is secure at all times.

 

Many countries across the world offer secure protection for your data, while others not so much. The European Union, for example, is a secure environment for your data. Our policy is not to send your personal data to any country that does not offer secure protection for your data.

In the event that we need to send your data to a country that is not as secure as Spain, in order to deliver our services to you, we will always ask your permission beforehand and apply effective security measures to reduce the risk of sending your personal data to another country.

 

We will store your data for the duration of our customer relationship, in compliance with the legislation. Once the statutory retention period has lapsed, we will then destroy your data in a secure and environmentally-friendly manner.

 

You may contact us at any time to find out what personal data we hold about you, to have it rectified where it is incorrect and to have it erased once our customer relationship comes to an end, provided that it is lawful to do so.

You are also entitled to have your data transferred to other entities in certain situations, under your right to data portability.

If you wish to exercise any of these rights, please send us a written request, accompanied by a copy of your ID, so that we can confirm your identity.

We have specific forms that you can use to exercise these rights, which we would be happy to help you fill in.

For more information about your data protection rights, please visit the Spanish Data Protection Agency website at www.agpd.es.

 

Yes, you can withdraw your consent at any time if you change your mind about how your data may be used.

For example, if you were previously interested in receiving marketing communications about our products or services, but you no longer wish to receive these, you can let us know by using the consent withdrawal form available from us.

 

If you are not satisfied with how we have handled your request, you may submit a complaint to the Spanish Data Protection Agency, the Agencia Española de Protección de Datos. The agency can be contacted as follows:

Website: www.agpd.es

Address:

Agencia Española de Protección de Datos
C/ Jorge Juan, 6
28001 Madrid
Spain

Telephone:

+34 901 100 099
+34 91 266 35 17

 

You can submit a complaint to the Spanish Data Protection Agency free of charge and you do not need the assistance of a solicitor or lawyer.

 

Our policy is not to build any profiles about the users of our services.

However, there may be situations when we need to develop information profiles about you in order to provide a service, commercial or otherwise. An example would be where we use your purchase or service history to offer products or services tailored to your tastes or needs.

In such cases, we will apply effective security measures to protect your data at all times against unauthorised persons intending to use it for their own benefit.

 

Our policy is not to use your data for any purposes other than those that we have explained. However, if we need to use your data for another purpose, we will always ask your permission beforehand, providing you with clear options that will allow you to make a decision.

 

Our personal data protection undertaking: “informed persons and protected data”

 

The Management / Governing Body of CONDENSIA QUÍMICA S.A. (from now on, the data controller), assumes the maximum responsibility and commitment with the establishment, implementation and maintenance of this Data Protection Policy, guaranteeing the continuous improvement of the data controller with the aim of achieving excellence in relation to the compliance with Regulation (EU) 2016/679 of the European Parliament and the Council, of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free circulation of these data and repealing Directive 95/46/EC (General Data Protection Regulation) (OJEU L 119/1, 04.05.2016), and of the Spanish regulations on the protection of personal data (Organic Law, specific sectoral legislation and its implementing rules)

 

The Data Protection Policy of CONDENSIA QUÍMICA S.A. is based on the principle of proactive responsibility, according to which the data controller is responsible for compliance with the regulatory and jurisprudential framework that governs said Policy, and is able to demonstrate this to the competent control authorities.

 

In this regard, the data controller shall follow the following principles which should serve as a guide and framework for all his staff in the processing of personal data:

 

1. Design of Data protection: the data controller shall, both when determining the means of processing and at the time of the processing itself, implement appropriate technical and organisational measures, such as pseudonymisation, designed to apply effectively data protection principles such as data minimisation and to integrate the necessary guarantees into the processing.

 

2. Default data protection: the controller shall implement appropriate technical and organisational measures to ensure that, by default, personal data are processed only if they are necessary for each specific purpose of the processing.

 

3. Data protection during information life: measures ensuring the protection of personal data shall be applicable throughout the entire life cycle of the information.

 

4. Legality, loyalty and transparency: personal data will be treated in a lawful, loyal and transparent manner in relation to the interested party.

 

5. Purpose limitation: personal data shall be collected for specified, explicit and legitimate purposes and shall not be further processed in a way incompatible with those purposes.

 

6. Minimisation of data: personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.

 

7. Accuracy: personal data must be accurate and, where necessary, kept up to date; all reasonable steps must be taken to ensure that personal data which are inaccurate in relation to the purposes for which they are processed are deleted or rectified without delay.

 

8. Limitation of storage time: personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes of the processing of the personal data.

 

9. Integrity and confidentiality: personal data shall be processed in a way that ensures appropriate security of personal data, including protection against unauthorised or unlawful processing and accidental loss, destruction or damage, through the implementation of appropriate technical or organisational measures.

 

10. Information and training: one of the keys to guaranteeing the protection of personal data is the training and information provided to the personnel involved in the processing of such data. During the life cycle of the information, all personnel with access to the data will be properly trained and informed about their obligations in relation to compliance with data protection regulations.

 

The Data Protection Policy of CONDENSIA QUÍMICA S.A. is communicated to all personnel of the data controller and made available to all interested parties.

 

Consequently, this Data Protection Policy involves all the personnel of the data controller, who must know and assume it, considering it as their own, each member being responsible for applying it and verifying the data protection rules applicable to their activity, as well as identifying and providing the improvement possibilities that they consider appropriate in order to achieve excellence in relation to its compliance.

 

This Policy will be reviewed by the Management / Governing Body of CONDENSIA QUÍMICA S.A., as many times as deemed necessary, in order to comply, at all times, with the provisions in force regarding personal data protection.