Privacy Policy
From XORSA GLOBAL, S.L.U. We understand that it is essential to maintain a transparent relationship with you, therefore, below, we present our Privacy Policy, so that at all times you are duly informed about how we collect and safely treat any data you provide us.
Your data will be treated in accordance with current legislation and, specifically, in accordance with the provisions of Regulation (EU) 2016/679 of April 27, 2016 (RGPD) regarding the protection of natural persons in Regarding the processing of personal data and the free circulation of these data. Also in relation to Organic Law 3/2018, of December 5, on the Protection of Personal Data and Guarantee of Digital Rights.
A careful reading of our Privacy Policy will provide you with the necessary information to know what destination we will give to the data you provide us.
1 WHO IS RESPONSIBLE FOR THE PROCESSING OF YOUR DATA?
If you, or an authorized person, have provided us with your data, we inform you that XORSA GLOBAL, S.L.U., with CIF: ESB27035419 is responsible for the treatment thereof. These data will be treated in accordance with the provisions of current regulations on personal data protection.
It is possible that there are other persons in charge of the treatments we carry out, in that case we will always inform who is the person in charge of the treatment thereof, as well as their identification data.
From XORSA GLOBAL, S.L.U. We are committed to complying with the obligation of secrecy of personal data and your duty to keep them. For that we adopt the necessary measures to avoid its alteration, loss, treatment or unauthorized access in accordance with established in the Regulation.
2 WHERE DO WE REPORT?
From XORSA GLOBAL, S.L.U. We inform you through the website https://www.xorsa.com/ in the section corresponding to the privacy policy . More information in " Legal Notice ".
3 WHAT PERSONAL DATA DO WE PROCESS?
The personal data that we process are:
-
Those that you decide to provide us voluntarily
-
The data derived from the communications you maintain with us.
-
The information corresponding to your own navigation in the case of Online Services, (IP address or information derived from cookies or similar devices (you can see our Cookies Policy on the web).
-
That information that is available in sources accessible to the public, to which we can legitimately access.
-
The data derived from the contractual or pre-contractual relationship that you maintain with us, including your image, always informing you in this case of the possibility of capturing your image.
-
Those that third parties provide us about you, with a legitimate basis for it or having obtained your consent for it.
-
The data of third parties that you provide us, with the prior consent of the third party in question.
4 HOW DO WE TREAT THE DATA?
At XORSA GLOBAL, S.L.U. We treat your personal data always in strict compliance with current legislation. In addition, we inform you that we have the appropriate technical and organizational measures to guarantee an optimal level of security, thereby guaranteeing that only those people who have authorization will access, that we will keep them intact, avoiding any intentional or accidental loss and that we have reinforced the data processing systems and services.
The operations, procedures and technical procedures that we carry out in an automated or non-automated way and that enable the collection, storage, modification, transfer and other actions on personal data, are considered to be the processing of personal data.
5 WHAT IS THE LEGITIMATION OF THE TREATMENT?
The basis for the legitimacy of the processing of Personal Data will be that resulting from the contractual or pre-contractual relationship, the employment relationship or any other that is required for the processing of data, such as express consent.
6 HOW DO WE MANAGE ELECTRONIC COMMUNICATIONS?
In the case of receiving communications by these means (emails, automated response messages of forms, and other communication systems) we inform you that the messages are directed exclusively to their recipient and may contain privileged or confidential information. If you are not the intended recipient, we notify you that unauthorized use, disclosure and / or copying is prohibited under current legislation.
In accordance with the provisions of Law 34/2002 of July 11, Services of the Information Society and Electronic Commerce, and Directive 2002/58 / EC we inform you that in the event that no If you wish to receive communications and information of a commercial nature through this electronic communication system, notify us by this same means indicating in the subject "LOW COMMERCIAL COMMUNICATIONS" so that your personal data may be removed from our database. Your request will be activated within a period of 10 days from its sending. In the event that we do not receive an express reply from you, we will understand that you accept and authorize our entity to continue making the aforementioned communications.
7 HOW LONG DO WE KEEP YOUR DATA?
The personal data related to natural persons that XORSA GLOBAL, S.L.U. we collect by any means, they will be kept as long as the interested party does not request their deletion. Likewise, they will be kept as long as the relationship that originated the processing of the data is maintained, respecting in any case the legal conservation periods. After this period, the personal data will be eliminated from all the systems of XORSA GLOBAL, S.L.U ..
8 WILL YOUR DATA BE COMMUNICATED TO THIRD PARTIES?
There will be no assignment, transmission or transfer of personal data, except those already informed, that are not as a result of a legal obligation. If, at the request of the Public Administration or the Autonomous Institutions in the scope of the functions that the law expressly attributes to them, your data is requested, these will be transmitted.
If there is an assignment, transmission or transfer of personal data outside of the cases previously provided, you will be previously informed so that, if applicable, you give us your consent.
But in order to be able to organize ourselves correctly, have good operations and procedures that guarantee good management, from XORSA GLOBAL, S.L.U. It may be necessary to hire the services of advisers, professionals, or other service companies to process data under our instructions.
This treatment on behalf of third parties is regulated in a contract that is in writing or in any other legally admitted way and that allows to prove its celebration and content, expressly specifying that the person in charge of the treatment will treat the data in accordance with our instructions and not will apply or use them for a purpose other than that stated in said contract, nor will it communicate them, not even for their conservation, to other people.
9 WHAT ARE YOUR RIGHTS?
The data protection regulations grant you the following rights:
-
Right to revoke any consent previously given.
-
Right of access : Know what type of data is being processed and the characteristics of the treatment that is carried out.
-
Right of rectification : To be able to request the modification of the data that are inaccurate or untrue
-
Portability right : To be able to obtain a copy in interoperable format of the data that is being processed.
-
Right to limitation of the treatment in the cases that it considers that it is not necessary.
-
Right of cancellation : Request the cessation of data processing and its deletion when its conservation is no longer necessary.
If you want more information regarding the treatment of your data, rectify those that are inaccurate, oppose and / or limit any treatment that you consider is not necessary, or request the cancellation of the treatment when the data is no longer necessary, you can write to XORSA GLOBAL, SLU in POL. IND. SETE PONTES P-90,, 27800 - VILALBA (Lugo) or by email to Correo@xorsa.com.
-
Said communication must reflect the following information: Name and surname of the user, the application request, the address and the supporting data.
-
The exercise of rights must be carried out by the user himself. However, they may be executed by an authorized person as the authorized representative's legal representative. In this case, the documentation that proves this representation of the interested party must be provided.
Likewise, we want to inform you that you can withdraw the consent given without affecting the legality of the treatment already carried out, by sending your request to the same address indicated in the previous paragraph. In this case, you must accompany your application, a copy of your ID or document proving your identity.
Also remind you that you have the right to file a claim with the Spanish Agency for Data Protection (AEPD), if you consider your rights infringed Data Protection C / Jorge Juan, 6 28001-Madrid - FAX: 914483680- TELF: 901 100 099- E-mail: citizen@agpd.es
10 WHAT IS THE PURPOSE AND BASIS OF LEGITIMATION FOR THE PROCESSING OF THE DATA?
We detail below the purposes of the data processing carried out by some, or all, of the Treatment Managers listed above.
| TREATMENT ACTIVITY | PURPOSE OF THE TREATMENT | BASIS OF LEGITIMATION |
|---|---|---|
| Labor management | Personnel management to formalize an employment contract, file control, payroll management | Contractual relationship |
| Fiscal and accounting management | Necessary treatment for compliance with tax and accounting obligations | Contractual relationship. Legal obligation for the person responsible. Prevailing legitimate interests of the person responsible or third parties |
| Contact management | Data processing to be able to maintain communications with the interested parties | Contractual relationship. Prevailing legitimate interests of the person in charge or third parties. Express consent of the interested party |
| Prevention of occupational risks | Compliance with current legislation on occupational risk prevention and health surveillance | Contractual relationship. Legal obligation for the person responsible. |
| Video surveillance | Capture of images by the video surveillance system and / or alarm system with image capture, to protect the assets of the entity | Prevailing legitimate interests of the controller or third parties. |
| Customer management | Processing of the data necessary for maintaining the commercial / contractual relationship with customers, billing, after-sales service, sending promotions and advertising and loyalty. | Contractual relationship. Commercial relationship. |
| Labor control | Employee attendance control at work position (vacations, absences, registration of working hours) | Contractual relationship. Legal obligation for the person responsible. Prevailing legitimate interests of the controller or third parties |
| Supplier management | Analysis, valuation, contracting, order management and supplier payment management | Contractual relationship |
| Management of complaints and inquiries | Management of inquiries from clients, potential clients, users and other interested parties, about the company's services or the management of claims about billing, service delivery or other motivations. | Express consent of the interested party |
| Management of potential clients | Being able to carry out the necessary communications with potential clients and / or other interested parties, sending estimates, rates, product costs and other information requested prior to establishing a contractual relationship | Business relationship |
| E-commerce | Preparation and management of orders and purchases made through web platforms | Contractual relationship. Commercial relationship |