I. PRIVACY AND DATA PROTECTION POLICY
In compliance with current legislation, Balidea Consulting & Programming (hereinafter referred to as 'the Website') undertakes to adopt the technical and organisational measures necessary to ensure an appropriate level of security for the data collected, according to the risk involved.
Laws incorporated into this privacy policy
This privacy policy complies with the latest Spanish and European legislation on the protection of personal data online. Specifically, it complies with the following regulations:
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 concerning the protection of individuals with regard to the processing of personal data, and concerning the free movement of such data (General Data Protection Regulation, or GDPR).
- The Organic Law (LOPD-GDD) on the Protection of Personal Data and Guarantee of Digital Rights, passed on 5 December 2018.
- Royal Decree 1720/2007 of 21 December approves the regulations implementing Organic Law 15/1999 of 13 December on the protection of personal data (RDLOPD).
- Law 34/2002 of 11 July on Information Society Services and Electronic Commerce (LSSI-CE).
Identity of the entity responsible for processing personal data
The entity responsible for processing the personal data collected by Balidea Consulting & Programming is BALIDEA CONSULTING & PROGRAMMING (hereinafter referred to as the 'Data Controller'), with tax identification number (NIF/CIF): B-15850647, registered in the Commercial Registry of La Coruña under the following details: Tomo 2630 Folio 107 Hoja C-29447. Its contact details are as follows:
Address: Santiago de Compostela, Ed. Witland, Rúa dos Camiños da Vida s-n Baixo, 15705
Contact telephone number: (+34) 981 937 876
Contact email: info@balidea.com
Processing of personal data
In compliance with the provisions of the GDPR and the LOPD-GDD, we inform you that the personal data collected by Balidea Consulting & Programming through the Website's forms will be processed to facilitate, expedite and fulfil the commitments established between Balidea Consulting & Programming and the user; to maintain the relationship established through the forms filled out by the user; or to respond to a user's request or query. In accordance with the GDPR and the LOPD-GDD, a record of processing activities is kept, unless the exception provided for in Article 30.5 of the GDPR applies. This record specifies, according to their purposes, the processing activities carried out and the other circumstances established in the GDPR.
Principles applicable to the processing of personal data
The processing of the user's personal data will be subject to the principles set out in Article 5 of the GDPR and Article 4 et seq. of Organic Law 3/2018 of 5 December on the protection of personal data and the guarantee of digital rights.
- Principle of lawfulness, fairness and transparency: the User's consent will be required at all times, following fully transparent information about the purposes for which the personal data is collected.
- Purpose limitation principle: personal data shall be collected for specified, explicit and legitimate purposes.
- Principle of data minimisation: personal data collected will only be that which is strictly necessary in relation to the purposes for which it is processed.
- Accuracy principle: personal data must be accurate and kept up to date.
- Principle of storage limitation: personal data shall only be kept in a form that allows the identification of the User for as long as is necessary for the purposes of its processing.
- Principle of integrity and confidentiality: personal data shall be processed in a manner that ensures its security and confidentiality.
- Principle of proactive responsibility: the data controller shall be responsible for ensuring that the above principles are complied with.
Categories of personal data
The types of data requested are: Identification and contact details. Browsing data on the website is also collected automatically, as described in the cookies policy.
Balidea Consulting & Programming does not collect data considered particularly sensitive, such as: race or ethnic origin, political opinions or religious or philosophical beliefs, trade union membership, health, sexual activity or sexual orientation, biometric or genetic data.
Legal basis for the processing of personal data
The legal basis for processing personal data is either consent or another legal basis set out in the relevant form.
Balidea Consulting & Programming undertakes to obtain the User's express and verifiable consent for the processing of their personal data for one or more specific purposes.
Users have the right to withdraw their consent at any time. Withdrawing consent shall be as easy as giving it. As a general rule, withdrawing consent shall not affect the use of the website.
When users must or may provide their data through forms to make enquiries, request information, or for reasons related to the website's content or the form itself, they will be informed if completion of any of these forms is mandatory, as it is essential for the operation to be carried out correctly.
Purposes of the processing for which personal data are intended
Balidea Consulting & Programming collects and manages personal data for the purpose of facilitating, expediting and fulfilling commitments established between the website and the user, maintaining relationships established through completed forms, or responding to requests or queries.
Similarly, the data may be used for personalisation, operation and statistical purposes, as well as for activities related to Balidea Consulting & Programming's corporate purpose. This includes data extraction, storage and marketing studies, with the aim of tailoring the content offered to the user and improving the quality, functioning and navigation of the website.
When personal data is obtained, users will be informed of the specific purpose or purposes for which it will be processed, i.e. how the information collected will be used.
Retention periods for personal data
Personal data will only be retained for the minimum amount of time necessary for processing purposes, or until the user requests its deletion or withdraws their consent. If legal regulations require it to be retained for a certain period, the data will be kept blocked until the end of the retention period.
When personal data is obtained, users will be informed of how long it will be stored for, or of the criteria used to determine this period if it is not possible to specify a timeframe.
Recipients of personal data
The User's personal data will not be shared with third parties.
In any case, the user shall be informed of the recipients or categories of recipients of the personal data at the time it is obtained.
Personal data of minors
In accordance with Articles 8 and 7 of the GDPR and Organic Law 3/2018 of 5 December on the Protection of Personal Data and Guarantee of Digital Rights, Balidea Consulting & Programming may only process the personal data of individuals over the age of 14 with their consent. For minors under the age of 14, the consent of their parents or guardians is required for processing, which will only be considered lawful if they have authorised it.
Confidentiality and security of personal data
In accordance with the level of security appropriate to the risk of the data collected, Balidea Consulting & Programming undertakes to adopt the necessary technical and organisational measures to guarantee the security of personal data and prevent the accidental or unlawful destruction, loss or alteration of personal data transmitted, stored or otherwise processed, or unauthorised communication or access to such data.
The website has an SSL (Secure Sockets Layer) certificate. This ensures that personal data is transmitted securely and confidentially by fully encrypting the transmission of data between the server and the user, and vice versa.
However, given the state of technology and the nature and risks associated with the data stored, it is impossible to guarantee that hackers or others will not fraudulently access personal data. Therefore, the Data Controller undertakes to notify the User or the competent authorities without undue delay when a breach of personal data security is likely to result in a high risk to the rights and freedoms of natural persons. In accordance with Article 4 of the GDPR, a personal data breach is defined as any breach of security involving the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored, or otherwise processed.
The Data Controller will treat personal data as confidential and will inform its employees, associates and any other person to whom it makes the information accessible of their obligation to respect such confidentiality.
Rights arising from the processing of personal data
The user may exercise the following rights, recognised in the GDPR and in Organic Law 3/2018 of 5 December on the protection of personal data and the guarantee of digital rights, against the data controller:
- Right of access: this is the right of the User to obtain confirmation as to whether or not Balidea Consulting & Programming is processing their personal data and, if so, to obtain information about their specific personal data and the processing that Balidea Consulting & Programming has carried out or is carrying out, as well as, among other things, the information available about the origin of such data and the recipients of the communications made or planned.
- Right of rectification: this gives the user the right to request that their personal data be modified if it is inaccurate or incomplete in relation to the purposes of processing.
- The right to erasure (also known as the 'right to be forgotten'); is the right of the user to obtain the erasure of their personal data when it is no longer necessary for the purposes for which it was collected or processed, or when the user has withdrawn their consent to processing and there is no other legal basis for it. It also applies when the user objects to processing and there is no legitimate reason to continue, when personal data has been processed unlawfully, when personal data must be deleted to comply with a legal obligation, or when personal data has been obtained as a result of a direct offer of information society services to a child under 14 years of age. In addition to deleting the data, the data controller shall take reasonable measures to inform those responsible for processing the personal data of the data subject's request to delete any link to that personal data, taking into account the available technology and the cost of its application.
- The right to restrict processing: this is the User's right to restrict the processing of their personal data. The user can request this when they contest the accuracy of their personal data, when the processing is unlawful, when the data controller no longer needs the personal data but the user does for the purpose of making claims, and when the user has objected to the processing.
- Right to data portability: Where processing is carried out by automated means, users have the right to receive their personal data from the data controller in a structured, commonly used, machine-readable format. They also have the right to transmit those data to another data controller. Where technically feasible, the data controller shall transmit the data directly to the other controller.
- Right to object: this gives users the right to prevent Balidea Consulting & Programming from processing their personal data, or to stop them from doing so.
- Right not to be subject to a decision based solely on automated processing, including profiling: this is the right of the User not to be subject to an individualised decision based solely on the automated processing of their personal data, including profiling, unless otherwise provided for by current legislation.
- Right to lodge a complaint with the supervisory authority, which in Spain is the Spanish Data Protection Agency.
Therefore, users may exercise their rights by writing to the data controller with the reference 'LOPD', providing the following information:
- The name and surname(s) of the user. If representation is permitted, identification by the representative will also be required, as well as a document proving representation. Additional information may be requested to confirm the identity of the user or their representative, if necessary.
- Request with the specific reasons for the request or information to be accessed.
- Address for notification purposes.
- Date and signature of the applicant.
- Any document supporting the request.
This application and any other accompanying documents may be sent to the following address and/or email:
Address: Santiago de Compostela, Ed. Witland, Rúa dos Camiños da Vida s-n Baixo, 15705
Mail: info@balidea.com
Links to third-party websites
This website may contain links to third-party websites that are not operated by Balidea Consulting & Programming. These websites will have their own data protection policies and will be responsible for their own privacy practices.
II. ACCEPTANCE AND CHANGES TO THIS PRIVACY POLICY
Users must read and agree to the conditions regarding the protection of personal data set out in this Privacy Policy. By using the Website, you are indicating your acceptance of the processing of your personal data by the Data Controller, in the manner, during the periods and for the purposes indicated. Using the Website implies acceptance of the Privacy Policy.
Balidea Consulting & Programming reserves the right to modify this Privacy Policy at its discretion or in response to legislative, jurisprudential or doctrinal changes by the Spanish Data Protection Agency. Changes or updates to this Privacy Policy will not be explicitly notified to users. Users are advised to check this page periodically to stay informed of the latest changes.
This Privacy Policy has been updated to comply with the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016) and Organic Law 3/2018 of 5 December on the Protection of Personal Data and Guarantee of Digital Rights.