1.-PURPOSE OF THE POLICY

At Disop, S.A. (hereinafter, Disop), we respect your privacy and protect your personal data. This policy details how we collect, use and share your information in accordance with the applicable data protection regulations, including the General Data Protection Regulation (GDPR).

This privacy policy applies to the www.acuaiss.com website. If you do not provide us with your personal data, no processing of your information will take place.

We will inform you about the purposes of the processing, the entities that could access your data and your rights as data subject. Some processing may be based on legal obligations, contracts or legitimate interests, without requiring your express consent.

If the website uses cookies, we will clearly notify you in our Cookie Policy, where you can learn more about the use of cookies and how to manage your preferences.

This policy ensures transparency and is designed for you to clearly know and exercise your rights.

2.- DEFINITION OF PERSONAL DATA

  • Personal data: Personal data means any information relating to an identified or identifiable natural person (“Website user”). An identifiable natural person is any person whose identity can be determined, directly or indirectly, by means of identifiers such as a name, an identification number, location data, an online identifier, or through elements of their physical, physiological, genetic, psychological, economic, cultural or social identity.

3.-IDENTITY OF THE  PERSON RESPONSIBLE FOR THE PROCESSING

Who collects and processes your data?

The Data Controller is: Disop, S.A NIF/DNI A28423879

How can you contact us?

  • Postal and office address: Avda Valdelaparra Num. 31 A. 28108, Alcobendas (Madrid), Spain
  • Company address: Avda Valdelaparra Num. 31 A. 28108, Alcobendas (Madrid), Spain
  • Email: marketing@disop.com- Phone: +34 916 612 244

Who can help you with our Data Protection Policy?

At Disop we have a Data Protection Officer (DPO), whose role is to ensure compliance with current data protection regulations within our organization. If you have any queries or need assistance regarding the processing of your personal data, you can contact our DPO through the following means:

  • Auratech Legal - NIF B87984621 
  • Email:  rgpd@auratechlegal.es- Phone: 911 134 963

4.- APPLICABLE LAWS AND REGULATIONS

This Privacy and Data Protection Policy is developed on the basis of the following data protection laws and regulations:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data. Hereinafter RGPD.
  • Organic Law 3/2018, of 5 December on the Protection of Personal Data and Guarantee of Digital Rights. Hereinafter LOPD/GDD.
  • Law 34/2002, of July 11, on Information Society Services and Electronic Commerce. Hereinafter LSSICE.

5.- PRINCIPLES APPLICABLE TO THE PROCESSING OF PERSONAL DATA

At Disop we treat personal data in accordance with the principles established in the current regulations, guaranteeing that the treatment is:

  • Licit, fair and transparent: We inform in a clear and accessible manner about how the data is collected and used.
  • Limited to specific purposes: Data is collected for legitimate purposes and is not used for other purposes.
  • Data minimization: We only request data that is strictly necessary.
  • Accuracy: We keep data up to date and correct inaccurate data.
  • Limitation of retention: Data is retained only for as long as necessary for the stated purposes.
  • Integrity and confidentiality: We apply appropriate security measures to protect data.
  • Proactive accountability: We take responsibility for complying with and demonstrating compliance with these principles.

6.-SECURITY MEASURES

What we do to ensure the privacy of your data?

At Disop, we have implemented the necessary technical and organizational measures to ensure the security of the personal data we process. These measures are designed to prevent alteration, loss, unauthorized access or improper processing of data, adapting to the state of technology and potential risks.

Among the measures we highlight:

  • Confidentiality: Only authorized persons may access the information.
  • Integrity: The information is kept accurate and protected against unauthorized modifications.
  • Availability: We ensure that data is accessible to authorized persons at all times.
  • Continuous evaluation: We regularly review and improve our security measures to adapt to new threats and technological advances.
  • Seudonymization and encryption: We apply these techniques to reinforce the protection of data, especially sensitive data

7.- PURPOSES OF THE PROCESSING 

Why do we want to process your data?

Below we detail the intended uses and purposes: 

Consultations and contacts acuaiss.com web forms

Relationship management with potential customers and those interested in the company's products or services

Providing quick and personalized responses to queries received through the website

Recording and analyzing inquiries to improve customer service and user experience

Cookies, pixel and tracking - Acuaiss

Improve browsing security by preventing attacks such as Cross-Site Request Forgery (CSRF). Obtain web usage statistics to improve the user experience.

Monitor and analyze user behavior on the web to improve the performance and usability of the site.

Retain user preferences during your browsing session (e.g., language, content personalization).

How long do we keep your data?

We use your data for the time strictly necessary to fulfill the purposes stated above. Unless there is a legal obligation or requirement, the expected retention periods are:

Consultations and contacts web forms acuaiss.com For a period of 5 years from the last confirmation of interest. Personal data will be kept until they are no longer necessary for the purpose for which they were collected, respecting the principle of data minimization and upon request for deletion
Cookies, pixel and tracking - Acuaiss The data collected by cookies will be retained for as long as strictly necessary for the purposes described, as detailed in the cookie policy of the website, or until the user revokes their consent.

8.- LEGITIMACY OF THE PROCESSING

Why do we process your data?

The collection and processing of your data is always legitimated by one or more legal bases, which we detail below: 

Consultations and contacts web forms acuaiss.com
  • (Art. 6.1.a RGPD) Consent of the interested party
Cookies, pixel and tracking - Acuaiss
  • (Art. 6.1.a RGPD) Consent of the interested party
    • LSSICE. Law 34/2002, of July 11, 2002, on services of the information society and electronic commerce. Law 34/2002, of July 11, 2002, on information society services and electronic commerce.

9.- RECIPIENTS OF YOUR DATA

To whom do we transfer your data within the European Union?

We may share your personal data with members of our corporate group (you can view the details of our group here) in order to provide you with the products, services or information you have requested from us. We may also share your data with other entities within our group for the purposes of IT support and maintenance, internal governance, administration and compliance with our legal or regulatory obligations.

We will not share your personal data with other entities within our group.

We will not share your personal data with third parties outside our corporate group, except in the following cases:

  • When you have given us your consent to do so.
  • When you have instructed us to share your information with third party sites or platforms, such as social networks. Please note that once shared, this data will be under the control of the receiving company and subject to their privacy practices.
  • When third parties perform services on our behalf, such as product delivery, customer service, IT services or technology solutions. We require these companies not to use your personal data for purposes other than those requested by us or required by law.
  • Where it is necessary to comply with legal obligations or in the context of a business sale; to enforce our Terms of Use; to ensure your safety or the safety of others; to protect our rights and property, as well as yours; or to comply with legal process.
  • When we share your data for direct marketing or advertising purposes, we will explicitly notify you.

Do we make International Transfers of your data outside the European Union?

The data we process is primarily stored on servers located within the European Economic Area (EEA). However, some of our service providers and group companies may be located outside the EEA, in countries such as the United States, China or Australia. These international transfers are carried out with appropriate safeguards, either through adequacy decisions, such as the EU-US Data Privacy Framework (DPF), or through the use of standard contractual clauses, approved by the European Commission, which ensure an adequate level of data protection.

10.- DATA PROCESSING ACTIVITIES

The following is a description of the data processing activities carried out through www.acuaiss.com, specifying:

  • Activity: Name of the data processing activity.
  • Purposes: Uses and processing carried out with the data collected.
  • Legal basis: Legal basis that legitimizes the data processing.
  • Data processed: Type of data processed.
  • Provenance: Source of the data.
  • Conservation: Data conservation period.
  • Addressees: Third parties to whom the data is transferred.
  • International transfers: Data transfers outside the European Union.

10.1 - Processing activities

These are those data processing activities whose purposes are necessary  for the provision of the services.

Inquiries and contacts web forms acuaiss.com
Legal basis (Art. 6.1.a RGPD) Consent of the data subject
Purposes Relationship management with potential customers and those interested in the company's products or services; Provide quick and personalized responses to queries received through the website; Registration and analysis of queries to improve customer service and user experience
Data categories and groups Web users (Identifying data; Other categories)
Data source The data subject himself or his legal representative
Category of recipients Entities of the corporate group
International transfer Not foreseen
Shelf life For a period of 5 years from the last confirmation of interest. Personal data will be kept until they are no longer necessary for the purpose for which they were collected, respecting the principle of data minimization and upon request for deletion
Security measures

1. Data encryption in transit using HTTPS and encrypted storage of sensitive information (Art. 32 RGPD).

2. Access control to data by means of user authentication and role management.

3. Periodic security audits to ensure system integrity and prevent unauthorized access.

4. Regular data backup and disaster recovery plan.

5. Ongoing training of staff in data protection and security measures.
Cookies, pixel and tracking - Acuaiss
Legal basis (Art. 6.1.a RGPD) Consent of the data subject (LSSICE. Law 34/2002, of July 11, 2002, on information society services and electronic commerce)
Purposes To monitor and analyze user behavior on the web to improve the performance and usability of the site; To retain user preferences during their browsing session (e.g., language, content personalization); To improve browsing security by preventing attacks such as Cross-Site Request Forgery (CSRF). Obtain web usage statistics to improve the user experience.
Data categories and groups Web users (Other categories; Identifying data)
Data source The data subject himself or his legal representative
Category of recipients Entities of the corporate group
International transfer Not foreseen
Shelf life The data collected by cookies will be retained for as long as strictly necessary for the purposes described, as detailed in the cookie policy of the website, or until the user revokes their consent.
Security measures

1. Encryption of the information transmitted between the user's browser and the server (use of HTTPS).

2. Access control to the data collected through authentication and role management.

3. Evaluation and periodic review of cookie settings and tracking technologies to ensure compliance with data protection regulations (Art. 32 RGPD).

4. Notification and transparency on the use of cookies through accessible banners and policies, with the option to accept or reject the use of non-essential cookies.

5. Pseudonymization of the data collected to minimize the risk of direct identification of users.

11.- DATA OF MINORS

How do we handle the data of minors?

Minors under 14 years of age may not use the services offered through our website without the prior authorization of their parents, guardians or legal representatives. These will be solely responsible for all actions performed through the website by minors in their care, including the completion of online forms with the personal data of minors and, where appropriate, the selection of the corresponding boxes.

In accordance with the provisions of Article 8 of the RGPD and Article 7 of the LOPD/GDD, only those over 14 years of age may grant their consent to the lawful processing of their personal data by Disop.

12.-PROCEDENCE AND TYPES OF DATA PROCESSED

Where did we obtain your data from?

Consultations and contacts acuaiss.com web forms
  • Web users: The interested party or their legal representative.
Cookies, pixel and tracking - Acuaiss
  • Web users: The interested party or its legal representative.

What types of data do we collect and process from you?

Consultations and contacts acuaiss.com web forms
Web users
  • Identifying data (E-mail address)
  • Other categories (Message)

Cookies, pixel and tracking - Acuaiss

Web users
  • Other categories (ID generated by Pixel or Cookie; Location)
  • Identifying data (IP address)
 

 13- RIGHTS OF THE STAKEHOLDERS

What are your rights regarding your data?

Data protection regulations give you specific rights that you can exercise in relation to the processing of your data. These rights are personal and non-transferable, which means that only you, as the data subject, can exercise them after verification of your identity.

The following describes your rights:

Right of access: You may request confirmation as to whether Disop is processing your data and access information related to its processing.

Right of rectification: If your personal data is inaccurate or incomplete, you may request its correction.

Right to erasure (“right to be forgotten”): You may request the deletion of your data when it is no longer necessary for the purposes for which it was collected, or if you withdraw your consent.

Right to limitation of processing: You may request limitation of the processing of your data, for example, while their accuracy is being verified or in other cases provided for by law.

Right to data portability: You have the right to receive your data in a structured, commonly used and machine-readable format, and to transmit it to another data controller.

Right to object: You can object to the processing of your data for reasons related to your particular situation, or when the processing is based on a legitimate interest.

Right not to be subject to automated decisions: You may request not to be subject to decisions based solely on automated processing of your data, including profiling.

Right to withdraw consent: You may withdraw your consent at any time, without affecting the lawfulness of the processing based on the prior consent.

Right to file a complaint: If you consider that your rights have not been respected, you may file a complaint with the corresponding supervisory authority: Spanish Data Protection Agency info@aepd.es https://www.aepd.es

To exercise any of these rights, you may contact Disop using the following contact information:

  • Responsible: Disop, S.A
  • Address: Avda Valdelaparra Num. 31 A. 28108, Alcobendas (Madrid), Spain
  • Phone: +34 916 612 244
  • E-mail: marketing@disop.com
  • Website: https://disop.com/

You can also exercise your rights before the Data Protection Delegate:

Email: rgpd@auratechlegal.es - Phone: 647633242

How can you exercise your rights in relation to your data?

To exercise your rights of access, rectification, deletion, limitation or opposition, portability and withdrawal of consent, you can do so by sending an email to these addresses: rgpd@auratechlegal.es / marketing@disop.com or a postal mail to : Avda Valdelaparra Num. 31 A. 28108, Alcobendas (Madrid), Spain

How can you file a complaint if you feel that your rights are not respected?

If you believe that the processing of your personal data does not comply with data protection regulations, you have the right to lodge a complaint with the relevant Control Authority in your country of residence or place of business.

Depending on your location, you can address the competent authority in your country. For example:

•In Germany, you can contact the Berliner Beauftragte für Datenschutz und Informationsfreiheit

•In France, the competent authority is the Commission Nationale de l'Informatique et des Libertés (CNIL).

Specific contact details for Spain are as follows:

  • Spanish Data Protection Agency
    C/. Jorge Juan, 6. 28001, Madrid (Madrid), Spain
    Email: info@aepd.es- Phone: 912663517
    Web: https://www.aepd.es

If you are not sure which authority corresponds to you or you need information about other control authorities, you can consult the article on Data Protection Control Authorities, where you will find contact details and links according to your location.

14.-MODIFICATION AND INFORMATION PRINCIPLE

This document ensures that you understand how we process your personal data. By using our website or services, you confirm that you have been informed about the terms of our Privacy Policy, in accordance with the information principle set out in Article 13 of the GDPR. The lawful bases for processing your personal data are set out in Article 6 of the GDPR, and may include the performance of a contract, compliance with legal obligations or legitimate interest, among others.

This policy has been developed with the collaboration of Auratech Legal, a specialist data protection firm, and will be reviewed periodically to ensure its adequacy and compliance.

Disop reserves the right to modify this policy at any time.

Disop reserves the right to modify this Privacy Policy based on changes in legislation, jurisprudence or guidelines from the supervisory authorities. Any relevant modification that affects the purposes of the processing, storage periods or users' rights will be explicitly communicated.

Last updated: November 25, 2024