Privacy Policy

Privacy and Data Protection Policy

SAULEDA, S.A. (hereinafter the Entity) is committed to due diligence and compliance with Data Protection regulations.

Detailed information on the privacy and personal data protection policy in compliance with the provisions of Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) is set out below. or GDPR) and article 11 of Organic Law 3/2018, on the Protection of Personal Data and Guarantee of Digital Rights (LOPD GDD).

Data Controller and contact details of the Data Protection Officer (DPO):

  • Identity: SAULEDA, S.A.
  • Address / C. P: Travessera de les Corts, 102 – 08028 Barcelona (Spain)
  • Telephone: (+34) 93 339 71 50
  • E-mail: sauleda@dev.sauleda.com
  • DPO Contact Details: lopd@dev.sauleda.com
  • Data Protection Channel: www.corporate-line.com/cnormativo-sauleda

Purposes of processing

The Entity will process the information provided to us by interested parties for the following purposes:

  • Manage your attention, visit and meeting in our facilities.
  • Manage the provision and performance of the contracted services and products.
  • Manage any type of request, suggestion or request about our professional services made to us by interested persons through any means or contact channel, including the live chat and the contact form on our website.
  • Manage sales, billing, location and other data necessary to fulfill the function of marketer, for product monitoring and delivery/after-sales service.
  • Manage the shipment of orders, their tracking and returns.
  • Formalize and manage the relationship with suppliers and collaborators.
  • Informative and commercial communications: processing of your data in order to inform you about activities, events, offers, sweepstakes, promotions, articles of interest and general information related to our activity and the services/products contracted.
  • Prepare publications, promotional videos and other content for the purposes of pre- and post-sales service, marketing and commercial prospecting of the Entity.
  • Capture data through social networks, blogs, applications or electronic devices, the Entity’s website and any other type of similar means.
  • Manage the Sauleda Collections and Meteo Alarm mobile applications developed by the Entity for customer service and support.
  • Manage data provided by candidates for a job through the Curriculum Vitae (CV) or other means for the purpose of the selection and recruitment process.
  • Ensure the security of offices, facilities, and people through access controls, video surveillance systems, and other access control/identification systems.
  • Comply with the legal provisions that apply to the Entity and its activities in the areas of health, equality and occupational risk prevention.
  • Manage and control the operation of the internal mechanisms, policies and protocols established by the Entity for the purposes of regulatory compliance and management of whistleblowing channels for this purpose.
  • All those treatments that are applicable to us for the due compliance with the regulations and official/sectoral requirements to which our activity is subject.

For the proper purpose and development of your attention and management of the above purposes, the processing of your data for the purposes corresponding to those mentioned above will be carried out under the strictest compliance with the Data Protection regulations and the Policy that we are detailing to you. You may exercise your rights at any time (see specific section).

Data retention criteria

  • Management of services/products contracted with the Entity: the personal data provided in contracts, offers and/or service proposals, as well as those of the rest of the people whose intervention is necessary, will be kept for as long as the contracted services are in force. At the end of the provision of the contracted service(s), the personal data will be kept in the cases that may arise from responsibilities with the Entity and/or in compliance with other regulatory frameworks that are applicable to the Entity or a regulation with the force of law that requires the conservation of these. Personal data will be kept in such a way as to allow the identification and exercise of the rights of the affected parties and, under the technical, legal and organisational measures that are necessary to guarantee their confidentiality and integrity.
  • Curriculum Vitae Management: the Entity, as a rule, keeps its Curriculum Vitae for a maximum period of one year; At the end of this period, it will be automatically destroyed, in compliance with the principle of data quality.
  • Management of Employment Contracts: personal data will be kept, in any case, for as long as the employment relationship is in force and, at the end of it, in the event that responsibilities may arise between the parties and when required by a regulation with the force of law.
  • Others: the rest of the data and information provided by the user by any means will be kept for as long as necessary to fulfill the purpose for which they were collected.

Legitimation

The legal basis that enables the Entity to process the personal data of users, customers, potential customers by virtue of the following titles:

  • The consent of the interested parties for the processing and management of any request for information or consultation about our services and products.
  • Consent given by job candidates for selection and recruitment purposes.
  • The framework for the provision and/or contracting of services/products with the Entity.
  • The legitimate interest to send you informational, commercial communications and/or promotional offers related to the activity of the Entity and the services/products contracted through email or any other means.
  • Compliance with legal obligations and internal regulatory compliance procedures.
  • The legitimate interest to ensure the security of offices, facilities and people.

Recipients

Personal data will not be transferred to third parties, except by law.

Origin

Personal data is collected directly from data subjects and our partners. The categories of personal data you provide to us are:

  • Identification data.
  • Mailing or e-mail addresses.
  • Bank details.
  • Data provided and/or consented to by the interested parties themselves related and necessary for the management and performance of the requested service/product.

Rights

Right of Access, Rectification and Deletion: interested parties have the right to obtain confirmation as to whether or not the Entity is processing personal data concerning them. Data subjects have the right to access their personal data, as well as to request the rectification of inaccurate data or request its deletion when, among other reasons, the data is no longer necessary for the purposes for which it was collected.

Right to Restriction and Opposition: in certain circumstances, interested parties may request the restriction of the processing of their data, in which case we will only keep them for the exercise or defence of claims. In certain circumstances and for reasons related to their particular situation, data subjects may object to the processing of their data. The Entity will cease to process the data in this case, except for compelling legitimate reasons, or for the exercise or defence of possible claims.

Right to revoke the consent given: the interested parties have the right to withdraw their consent at any time, except in the case of processing of personal data provided for in the Data Protection regulations or necessary for the provision of the contracted service, which do not require such consent. However, this withdrawal does not have retroactive effect and therefore will not affect the lawfulness of processing based on previously given consent. These rights may be exercised in our Data Protection Channel, whose access details are detailed at the beginning of this Policy.

Security Measures and Control

General

In compliance with data protection regulations, the Entity will process personal data by applying the appropriate technical, legal, organisational and security measures, in order to guarantee the confidentiality and integrity of the information it manages in accordance with the provisions of current regulations.

We would appreciate that you would inform the Data Protection Officer through the contact details / Channel established in this Privacy Policy, of any security risk, of which you have indications or knowledge, that may compromise the integrity and confidentiality of personal data and/or confidential information, in order to be able to adopt the necessary measures to prevent their unauthorised processing, accidental loss, destruction or damage.

Cybersecurity

As a specific concept and complementary to the above, the Entity applies cybersecurity measures to prevent and manage possible attacks and fraud by cybercriminals that threaten the privacy and protection of the data that our Entity processes and accesses within the scope of its activities and operations.

In this regard, we would like to warn that in the event of possible risk situations due to communications whose content and/or format generate doubts as to their authenticity, we recommend omitting them and contacting the Data Protection Officer through the contact details indicated in this Privacy Policy.

Likewise, any request received from our Entity regarding changes in payment methods, requests for contact details or persons or confidential (non-public) information, bank and/or credit card details and/or other official data, must not be dealt with without direct confirmation from our Entity by another alternative means. We thank you and need your collaboration for your communication and denunciation of any notification about this type of request and other possible risk situations of cyberattacks in which our Entity may be used, as well as for any possible security risk that you may be aware of.

Data Protection Channel

The Entity has implemented a Channel, contemplating the highest commitment, rigor and professionalism in terms of security, experience, independence and knowledge in the treatment of the communications received.

The Channel, which includes use in the field of Data Protection, has been implemented through a web platform, developed and managed by an independent external expert, to provide and guarantee our previous commitments.

Through the Channel, you will be able to communicate and process the exercise of your Rights (see previous section) and communicate any indication or knowledge you may have of possible security breaches, cyberattacks and/or possible breaches or irregularities regarding the Data Protection regulations, this Entity Policy and all the aspects mentioned above on confidentiality and company secrets.

The access details to the Channel are detailed at the beginning of this Policy.

Supervisory Authority

In the event of disagreements with the Entity in relation to the processing of your data, you have the right to lodge a complaint with the relevant Data Protection Supervisory Authority. In Spain, this Authority is the Spanish Data Protection Agency (www.aepd.es).

Care & Support

Interested parties may inform the Entity of any questions regarding the processing of their personal data or interpretation of our Policy, by contacting the Data Protection Officer (DPO) at the address indicated at the beginning of this Policy.