• esp
  • eng
  • fra
Go to top Go to top
 

Privacy Policy

Home > Privacy Policy

Introduction

This Privacy Policy has been developed taking into account the provisions of Regulation 2016/679 of the European Parliament and the council of April 27, 2016 relating to the protection of natural persons with regard to the processing of personal data and the circulation of these data, hereinafter the ‘GDPR’.

This Privacy Policy is intended to inform the owners of personal data, for which information is being collected, specific aspects relating to the processing of their data, among other things, the purposes of the treatments, contact information to exercise the rights that assist them, the terms of conservation of information and security measures.

Data Processing

This Privacy Policy also applies to the following entities that are part of Grupo Ramón García, this is:

  • Carpintería Ramón García, S.A.
  • Cocina Hogar Ordes, S.L.
  • Ramón García Contract, S.L.

This is due to the fact that the implementation of technical, organizational and legal security measures converge and are managed in the same way. Always respecting logical access control between entities. So that each one of them accesses the information for which it is responsible.

In this sense, in terms of data protection, the aforementioned entities must be considered as Responsible for the Treatment, in relation to the files/treatments that they manage.

Data Treatment

The personal data requested, where appropriate, will consist only of those strictly necessary to identify and respond to the request made by the owner thereof, hereinafter, the data subject. This information will be treated in a fair, lawful and transparent manner in relation to the data subject. On the other hand, personal data will be collected for explicit and legitimate determined purposes, not being further processed in a manner incompatible with those purposes.

The data collected from each data subject will be adequate, relevant and not excessive in relation to the corresponding purposes for each case, and will be updated whenever necessary.

The owner of the data will be informed, prior to the collection of his/her data, of the general ends regulated in this policy in order to be able to give the express, precise and unequivocal consent for the processing of his/her data, in accordance with the following aspects:

Purposes of the Treatment.

The explicit purposes for which each of the treatments are carried out are included in the informative clauses included in each of the data collection channels (web forms, paper forms, locutions or posters and informative notes).

However, personal data of the data subject will be treated with the sole purpose of providing an effective response and meet the requests made by the user, specified next to the option, service, form or data collection system that the owner uses.

Legitimation

As a general rule, prior to the processing of personal data, the identified entities obtain the express and unequivocal consent of the owner thereof, through the incorporation of informed consent clauses in the different data collection systems.

 

However, in case the consent of the data subject is not required, the legitimizing basis of the Treatment is the existence of a specific law or norm that authorizes or requires the treatment of the data of the data subject.

 

Recipients

As a general rule, the identified entities do not proceed to the transfer or communication of the data to third parties, except those legally required. However, if necessary, such assignments or data communications are informed to the data subject through consent clauses, contained in the different ways of collecting personal data.

 

Source

As a general rule, personal data is always collected directly from the data subject, however, in certain exceptions, data may be collected through third parties, entities or services different from the data subject. In this sense, this end will be transferred to the data subject through the consent clauses contained in the different ways of collecting information and within a reasonable time, once the data have been obtained, and at the latest within a month.

 

Storage Period

The information collected from the data subject will be kept as long as it is necessary to fulfill the purpose for which the personal data was collected, so that, once the purpose has been fulfilled, the data will be canceled. Said cancellation will result in the blocking of the data being kept, only available to the Public Administrations, Judges and Courts, to attend to the possible responsibilities arising from the treatment. During the period of prescription of these, once the aforementioned period has expired, the information will be destroyed.

 

For information purposes, the following are the legal terms for the storage of information:

 

DOCUMENT TERM LEGAL REFERENCE
Documentation related to labor nature or related to social security 4 years Article 21 Real Decreto Legislativo 5/2000, August 4, approving the revised text Ley sobre Infracciones y Sanciones en el Orden Social
Accounting and fiscal documentation for commercial purposes 6 years Article 30 Código Comercio
Accounting and tax documentation for tax purposes 4 years Articles 66 to 70 Ley General Tributaria
Access control to buildings 1 month Instruction 1/1996 AEPD
Video surveillance 1 month Instruction 1/2006 AEPD

Organic Law 4/1997

 

Navigation data

In relation to the navigation data that can be processed through the website, in case of collecting data subject to regulations, it is recommended to consult the Cookies Policy published on our website.

Rights of data subjects

Regulations on data protection grant a series of rights to data subjects or holders of data that are subject to Treatment by the identified entities.

These are the rights that assist data subjects:

  • Right of access to data: the right to obtain information about whether your own data is being processed, the purpose of the treatment being carried out, the categories of data, the recipients or categories of recipients, the term of conservation and the origin of that data.

 

  • Right to rectification: right to obtain the correction of inaccurate or incomplete personal data.

 

  • Right to erasure: right to obtain deletion of data in the following cases:
    • When data is no longer necessary for the purpose for which it was collected.
    • When the owner of the right withdraws the consent.
    • When the data subject opposes the treatment.
    • When data must be abolished in compliance with a legal obligation.
    • When data has been obtained by virtue of an information society service based on the provisions of article 8 section 1 of the General Data Protection Regulation.

 

  • Right to object: right to object to a specific treatment based on the consent of the data subject.

 

  • Right to limit: right to obtain the limitation of data treatment when one of the following assumptions is made:
    • When data subject challenges the accuracy of the personal data, during a period that allows the company to verify the accuracy of the same.
    • When data treatment is illegal and the data subject opposes the deletion of the data.
    • When the company no longer needs the data for the purposes for which it was collected, but the data subject needs it for formulation, exercise or defense of claims.
    • When the data subject has opposed the treatment while it is being verified if the legitimate reasons of the company prevail over those of the data subject.

 

Data subjects may exercise the indicated rights, by addressing the identified entities, by writing, to the following address: lopd@gruporg.eu indicating in the subject line the right you wish to exercise.

In this regard, the identified entities must respond to your request as soon as possible and taking into account the deadlines set out in the regulations on data protection.

On the other hand, it is important to bear in mind that the data subject may at any time submit a claim to the competent supervisory authority.

Safety

The security measures adopted by the entities identified are those required, in accordance with the provisions of article 32 of RGPD. In this sense, the identified entities, taking into account the state of the art, the costs of application and the nature, scope, context and purposes of the treatment, as well as the risks of variable probability and severity for rights and freedoms of natural persons, have established the appropriate technical and organizational measures to ensure the appropriate security level to the existing risk.

In any case, the identified entities have mechanisms to:

  1. Permanently guarantee the confidentiality, integrity, availability and resilience of the treatment systems and services.
  2. Quickly restore the availability and access to personal data, in case of physical or technical incident.
  3. Verify, evaluate and assess, on a regular basis, the effectiveness of the technical and organizational measures implemented to guarantee the safety of the treatment.
  4. Pseudonymize and encrypt personal data, if applicable.