The purpose of this “Privacy and Data Protection Policy” is to disclose the conditions governing the collection and processing of personal data by SG ATHOM SLU, making every effort to ensure the fundamental rights, honour and freedoms of the persons whose personal data is processed, in compliance with the regulations and laws in force that govern the Protection of Personal Data according to the European Union and the Spanish Member State and, specifically, those expressed in the “Treatment Activities” section of this Privacy Policy.
For all of which, in this Privacy and Data Protection Policy, users of the Website are informed https://sg-athom.com of all the details of interest to you regarding how these processes are carried out, for what purposes, what other entities may have access to your data and what the rights of users are.
"Personal information": All information about an identified or identifiable natural person (“the Website user”); an identifiable natural person is any person whose identity can be determined, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more elements of identity physical, physiological, genetic, psychic, economic, cultural or social of said person.
"Treatment": any operation or set of operations carried out on personal data or sets of personal data, whether by automated procedures or not, such as collection, registration, organization, structuring, conservation, adaptation or modification, extraction, consultation, use, communication by transmission, diffusion or any other form of authorization of access, collation or interconnection, limitation, suppression or destruction.
“Limitation of processing”: the marking of the personal data stored in order to limit their treatment in the future.
"Profiling": any form of automated processing of personal data consisting of using personal data to evaluate certain personal aspects of a natural person, in particular to analyze or predict aspects related to professional performance, economic situation, health, personal preferences, interests, reliability, behavior, location or movements of said natural person.
"Pseudonymization": the processing of personal data in such a way that it can no longer be attributed to a data subject without the use of additional information, provided that such additional information appears separately and is subject to technical and organizational measures aimed at ensuring that the personal data is not attributed to a person identified or identifiable physical
"File": any structured set of personal data, accessible according to certain criteria, whether centralized, decentralized or distributed functionally or geographically.
“Responsible for the treatment” or “responsible”: the natural or legal person, public authority, service or other body that, alone or jointly with others, determines the purposes and means of the treatment; if the law of the Union or of the Member States determines the purposes and means of the treatment, the data controller or the specific criteria for its appointment may be established by the law of the Union or of the Member States.
“In charge of the treatment” or “in charge”: the natural or legal person, public authority, service or other body that processes personal data on behalf of the data controller.
"Addressee": the natural or legal person, public authority, service or other body to which personal data is communicated, whether or not it is a third party. However, public authorities that may receive personal data in the context of a specific investigation in accordance with Union or Member State law shall not be considered recipients; the processing of such data by said public authorities will be in accordance with the data protection regulations applicable to the purposes of the processing.
"Third": natural or legal person, public authority, service or body other than the interested party, the data controller, the data processor and the persons authorized to process personal data under the direct authority of the data controller or data processor.
"Consent of the interested party": Any free, specific, informed and unequivocal expression of will by which the interested party accepts, either by means of a declaration or a clear affirmative action, the processing of personal data that concerns them.
"Violation of the security of personal data": any breach of security resulting in the accidental or unlawful destruction, loss or alteration of personal data transmitted, stored or otherwise processed, or the unauthorized communication of or access to such data;
"Genetic data": personal data relating to the inherited or acquired genetic characteristics of a natural person that provide unique information on the physiology or health of that person, obtained in particular from the analysis of a biological sample from such a person.
"Biometric data": personal data obtained from a specific technical treatment, related to the physical, physiological or behavioral characteristics of a natural person that allow or confirm the unique identification of said person, such as facial images or dactyloscopic data.
“Health data”: personal data relating to the physical or mental health of a natural person, including the provision of health care services, which reveal information about their state of health.
"Main Establishment": a) as regards a controller with establishments in more than one Member State, the place of its central administration in the Union, unless decisions on the purposes and means of processing are taken at another establishment of the controller in the Union and the latter establishment has the power to enforce such decisions, in which case the establishment that has made such decisions shall be deemed to be the main establishment; b) as regards a processor with establishments in more than one Member State, the place of its central administration in the Union or, if there is no central administration, the establishment of the processor in the Union where the main activities are carried out of processing in the context of the activities of an establishment of the processor to the extent that the processor is subject to specific obligations under this Regulation.
"Representative": natural or legal person established in the Union who, having been appointed in writing by the controller or processor pursuant to Article 27 GDPR, represents the controller or processor with regard to their respective obligations under this Regulation .
"Business": natural or legal person engaged in an economic activity, regardless of its legal form, including companies or associations that regularly carry out an economic activity.
"Control authority": the independent public authority established by a Member State in accordance with the provisions of article 51 of the GDPR. In the case of Spain, it is the Spanish Data Protection Agency.
“Cross-border processing”: a) the processing of personal data carried out in the context of the activities of establishments in more than one Member State of a controller or a processor in the Union, if the controller or processor is established in more than one Member State, or b) the processing of personal data carried out in the context of the activities of a single establishment of a controller or a processor in the Union, but which substantially affects or is likely to substantially affect data subjects in more than one Member State.
"Information society service": any information society service, that is, any service normally provided for remuneration, remotely, electronically and at the individual request of a recipient of services.
The Data Controller is that natural or legal person, of a public or private nature, or administrative body, which alone or jointly with others determines the purposes and means of personal data processing; in case the purposes and means of the treatment are determined by the Law of the European Union or of the Spanish Member State.
In the aspects expressed in this Data Protection Policy, the identity and contact information of the Data Controller is:
SG ATHOM SLU
Paseo del Cid Avenue 45. 12579, Alcalà de Xivert (Castellón), Spain
This Privacy and Data Protection Policy is developed based on the following regulations and data protection laws:
The personal data collected and processed through this website will be treated in accordance with the following principles:
The data processing activities carried out through the website are detailed below, specifying each of the following sections:
6.1 MAIN PROCESSING ACTIVITIES
They are those data processing activities whose purposes are necessary and essential for the provision of services.
Jobs | |
---|---|
Legal bases | (Art. 6.1.b RGPD) Existence of a contractual relationship with the interested party through a contract or pre-contract |
Purposes | Staff pick |
Data categories and groups | job applicants (Identifying data; Academic and professional; Personal characteristics; Social circumstances; Employment details) |
Data origin | The interested party or his legal representative |
Recipient Category | Recruitment companies |
International transfer | are not planned |
Conservation period | For a period of 2 years from the last confirmation of interest. Article 5 section C of the RGPD 2016/679 |
Customer Management | |
---|---|
Legal bases | Existence of a contractual relationship with the interested party through a contract or pre-contract |
Purposes | Management of clients/suppliers, accounting, fiscal and administrative |
Data categories and groups | Clients (Identifying data; Economic, financial and insurance; Transactions of goods and services) |
Data origin | The interested party or his legal representative |
Recipient Category | Tax administration; Banks, savings banks and rural banks |
International transfer | are not planned |
Conservation period | For a period of 6 years from the last confirmation of interest. Article 30 of the Commercial Code |
Management of potentials | |
---|---|
Legal bases | Existence of a contractual relationship with the interested party through a contract or pre-contract |
Purposes | Management of leads and contacts |
Data categories and groups | Potentials (Identifying data) |
Data origin | The interested party or his legal representative |
Recipient Category | are not planned |
International transfer | are not planned |
Conservation period | For a period of 2 years from the last confirmation of interest. Article 5 of the RGPD 2016/679 section C. |
Vendor management | |
---|---|
Legal bases | Existence of a contractual relationship with the interested party through a contract or pre-contract |
Purposes | Management of clients/suppliers, accounting, fiscal and administrative |
Data categories and groups | Suppliers (Identifying data; Economic, financial and insurance; Transactions of goods and services) |
Data origin | The interested party or his legal representative |
Recipient Category | Tax administration; Banks, savings banks and rural banks |
International transfer | are not planned |
Conservation period | For a period of 6 years from the last confirmation of interest. Article 30 of the Commercial Code |
labor management | |
---|---|
Legal bases | Existence of a contractual relationship with the interested party through a contract or pre-contract |
Purposes | Job training; Management of payroll and employment contracts; Prevention of occupational hazards; Data protection and information privacy; Human Resources; Staff pick; Labor supervision and control |
Data categories and groups | Staff (Identifying data; Personal characteristics; Employment details; Economic, financial and insurance; Transactions of goods and services) |
Data origin | The interested party or his legal representative |
Recipient Category | Social Security Organizations; Tax administration; Banks, savings banks and rural banks |
International transfer | are not planned |
Conservation period | For a period of 6 years from the last confirmation of interest. Article 30 of the Commercial Code |
prosthetic work | |
---|---|
Legal bases | Existence of a contractual relationship with the interested party through a contract or pre-contract |
Purposes | prosthetic work |
Data categories and groups | Patients (Identifying data; Special categories of data) |
Data origin | The interested party or his legal representative |
Recipient Category | are not planned |
International transfer | are not planned |
Conservation period | For a period of 6 years from the last confirmation of interest. Article 30 of the Commercial Code |
6.2 OPTIONAL TREATMENT ACTIVITIES (if the user has marked their acceptance)
These are those personal data processing activities whose purposes are not essential for the provision of the service and that are only carried out if the user has marked YES in the consent to carry out these activities.
Website Inquiries | |
---|---|
Legal bases | (Art. 6.1.a RGPD) Consent of the interested party |
Purposes | Management of leads and contacts; Response to queries received through the electronic form on the web |
Data categories and groups | web contacts (Identifying data) |
Data origin | The interested party or his legal representative |
Recipient Category | are not planned |
International transfer | are not planned |
Conservation period | For a period of 2 years from the last confirmation of interest. Article 5 section C of the RGPD 2016/679 |
Social Media | |
---|---|
Legal bases | (Art. 6.1.a RGPD) Consent of the interested party |
Purposes | Sharing information on Social Networks |
Data categories and groups | Staff (Identifying data) |
Data origin | The interested party or his legal representative |
Recipient Category | Providers of social network services |
International transfer | are not planned |
Conservation period | As long as its deletion is not requested by the interested party |
All the fields that appear marked with an asterisk (*) in the Website forms must be filled in, in such a way that the omission of any of them could make it impossible for the services or information requested to be provided.
You must provide true information, so that the information provided is always up-to-date and does not contain errors, you must notify the Treatment Manager as soon as possible, the modifications and rectifications of your personal data that occur through an email to the address: gtron@sg-athom.es
Likewise, by "clicking" on the "I accept" button (or equivalent) incorporated in the aforementioned forms, you declare that the information and data that you have provided in them are accurate and true, as well as that you understand and accept this Privacy Policy. Privacy.
In compliance with the provisions of article 8 of the RGPD and article 7 of the LOPD/GDD, only those over 14 years of age may grant their consent for the processing of their personal data in a legal manner by Happy Implants.
Therefore, children under 14 years of age may not use the services available through the Website without the prior authorization of their parents, guardians or legal representatives, who will be solely responsible for all acts carried out through the Website by them. minors in their charge, including the completion of the electronic forms with the personal data of said minors and the marking, where appropriate, of the boxes that accompany them.
The Treatment Manager adopts the necessary organizational and technical measures to guarantee the security and privacy of your data, avoid its alteration, loss, treatment or unauthorized access, depending on the state of the technology, the nature of the data stored and the risks to which they are exposed.
Among others, the following measures stand out:
On the other hand, the Data Controller has made the decision to manage the information systems in accordance with the following principles:
Current data protection regulations protect the user in a series of rights in relation to the use given to their data. Each and every one of such rights are unipersonal and non-transferable, that is, they can only be exercised by the owner of the data, after verifying their identity.
The rights of Website users are detailed below:
The Website user can exercise any of the aforementioned rights by contacting the Data Controller and prior identification of the User using the following contact information:
The user is informed of his right to file a claim with the Spanish Data Protection Agency if he considers that an infringement of data protection legislation has been committed regarding the processing of his personal data.
Control authority contact information:
Spanish Agency for Data Protection
Email: info@aepd.es
Phone: 912663517
Website: https://www.aepd.es
Address: C/. Jorge Juan, 6. 28001, Madrid (Madrid), Spain
It is necessary that the user of the Website has read and agrees with the data protection conditions contained in this Privacy Policy, as well as accepting the processing of their personal data so that the Data Controller can proceed with it in the manner, deadlines and purposes indicated.
The Data Controller reserves the right to modify this Privacy Policy, according to its own criteria, or motivated by a legislative, jurisprudential or doctrinal change of the Spanish Data Protection Agency. The changes or updates made to this Privacy Policy that affect the purposes, retention periods, data transfers to third parties, international data transfers, as well as any right of the User of the Website, will be explicitly communicated to the user.
The strictly necessary cookies must always be activated so that we can save your cookie settings preferences.
If you deactivate this cookie we will not be able to save your preferences. This means that every time you visit this website you will have to activate or deactivate cookies again.