- Introduction: Our Commitment to Privacy
At FLORESIENDO we have always considered the privacy and intimacy of our clients to be of special importance. The protection of your personal data has been a constant in the commitment that we have assumed from the first moment in which you placed your trust in us.
We want respect for your fundamental right to the protection of your data to be a constant. We will try to give you control over your own information.
The Privacy Policy that we detail below can help you better understand how we use your personal data. In it we explain in more detail the types of personal data we collect, how we collect it, for what purposes we may use it and with whom we may share it.
For this reason and because of the importance that YOUR privacy has for us, the application of the new Regulation (EU) 2016/679 of the European Parliament and of the council of April 27, 2016 regarding the protection of natural persons with regard to the treatment of personal data and the free circulation of these data (RGPD), rather than assuming a decalogue of obligations and restrictions, has only come to confirm the importance that intimacy and privacy have acquired in our days. A time marked by technological advances, the good use of which is always welcome, but which, to the contrary, can entail an invasion and interference in the life of any citizen.
So without further delay we expose the basic principles on which we base the treatment of personal data, the custody of the same and its exclusive use for the entrusted purposes, always making available to the owner of the same (YOU) the ultimate capacity of decision .
However, if you do not want to read our privacy policy, if you have already done so or if you have any specific question that you need to consult personally, our Data Protection Officer (DPO) is at your disposal for whatever you want to tell us.
This Privacy Policy applies to the ESCUELA FLORESIENDO website (https://www.escuelafloresiendo.com), as well as to the rest of the products and services that you may or may contract with us.
We intend to describe what data we collect, the purposes for which we carry out its collection, how we use that data and all the possibilities we offer, including how to access the data and update it. In short, we intend to make you aware of all the essential elements that you should know about the use we make of your personal data and our invariable commitment to its custody.
In addition, you will see that you have at your disposal the “definitions” tab. A tool that can be useful to understand those concepts or actions that, due to their specificity, need a short description as simple as possible.
At FLORESIENDO we intend that our privacy policy be a «living» element, that it acquires the necessary modifications and updates to keep abreast of the latest developments in privacy matters that may best come to it. Therefore, if you are interested in receiving information about new developments, do not hesitate to contact us.
2. Who is responsible for your personal data?
Although in the “definitions” tab you will find the definition of the person in charge made by Regulation (EU) 2016/679, we prefer to explain in a simple way who is the person in charge of your personal data.
FLORESIENDO is responsible for any personal data that you own and that is processed by us.
We are responsible for safeguarding your data, for using it appropriately and for protecting it with the necessary measures to prevent its misuse.
It is important to recognize at this point the breadth of meaning that the expression “personal data” has.
Gone are the days when personal data was understood as the name, surname, postal address and landline telephone number. Nowadays, personal data is any information that allows the identification of a person or any information that serves to make it identifiable. Therefore, the name is personal data, obviously, but so is the IP address of a computer or a car license plate.
Consequently, and given the infinity of personal data that can currently be collected, FLORESIENDO redoubles its efforts to comply with the principle of data minimization, that is, use only the strictly necessary personal data, by the minimum number of people necessary and the least number times.
Our postal address is: Canillas 34 dupl. 5izq 28002, Madrid
To end the section, remind you of the name and other contact details of our Data Protection Officer (DPO)
3. When do we collect your personal data?
In BLOOMING. We collect personal data about you every time you have a relationship with us, including the provision of any of our services, when you use our website or when you interact with us electronically.
At no time will we collect your data for purposes other than the purpose of FLORESIENDO., which is none other than the development of our professional activity, which is why you came to us.
For example, we will collect your data when you make a withdrawal with us, participate in one of our programs through the website, etc, etc.
4. For what purpose do we treat your data?
We treat your data to provide you with a help service in your life, whether through holistic meetings, conferences and training that allow you to act as a facilitator.
On FLORESIENDO’s own website. You can find more information about our services. In the different sections you will obtain in a detailed way the answer you are looking for for each of the professional activities that we carry out.
All of them are related to each other and linked to our purpose, our reason for being.
We reiterate: at no time will we collect your data for purposes other than our corporate purpose, which is none other than the development of our professional activity.
It is important to remind you that the data has been collected exclusively for specific, explicit and legitimate purposes, and will not be further processed in a manner incompatible with said purposes.
In other words, we will not use your data for any purpose other than the one included in this tab, reminding you again that we will try to give you control over your own information.
As for the retention periods, we will maintain them for as long as the existing contractual or commercial relationship continues, subsequently being blocked as long as the sectoral regulations oblige us.
And to finish with this epigraph, announce that from FLORESIENDO. At no time will automated decisions be made with your personal data. In all the company’s treatments there will always be human intervention.
5. What data do we process and from what source are they obtained?
On the occasion of your relationship with us, the following categories of personal data can be processed: (it will have to be modified depending on the client).
- a) Identification data. Here you can include the signature, an image, health card, social security number or mutual insurance.
- b) Data relating to health. It may be the case that some personal characteristic or social circumstance is included, as long as it is necessary for the service provided.
- c) Data of an economic or transactional nature, such as payments, income, transfers or debits.
The data may come from the owner himself, from his representative or from a third party.
6. What is the legitimacy for the treatment of your data?
The Regulation, in its spirit and intention to avoid the arbitrary treatment of personal data, establishes some requirements for its use.
To put it another way, the Regulation tells us what are the reasons why personal data can be processed, with the person responsible for this treatment being in charge of «justifying» it based on the possibilities that are included in the regulations.
In general, it establishes the conditions in article 6, leaving for article 9 the treatments where especially sensitive data is collected.
In our case, the legitimate basis for processing your personal data is as follows:
Your consent, if you have given it.
The provision of services that has occurred.
The legitimate interest of the school, which exclusively seeks the best provision of the services it offers.
We do not want to forget to remind you that for the correct achievement of the objectives when processing your personal data, it is essential that they are correctly updated. Therefore, if in the absence of an opportunity to update them, you are aware of the need for it, please contact our DPO to carry out as many updates as necessary. It is essential to have your data up to date.
7. Minors
Both national regulations and the European Regulation itself establish limitations on the processing of personal data of a «minor».
For this reason, from FLORESIENDO., and making ours the recommended age in the Regulation, all data processing of a minor under 16 years of age must have the authorization of their parent or guardian, which will be duly accredited and in accordance with the applicable regulations.
In this sense, we will implement all the measures that we deem appropriate and possible to proceed with the effective verification of the minor’s age.
8. Will we communicate your personal data? Who?
From BLOOMING. We will not transfer your personal data to third parties, unless:
It is necessary to provide the contracted service.
There is a legal obligation to do so.
That you have given us your consent to do so.
We provide you with a list of categories of companies to which we transfer your data in the Third Parties section. (a list of the data transfers that are carried out and the categories of data processors that we have must be included).
Section a) indicates the cases where, in order to provide you with an adequate service and manage the relationship we have with you, it is necessary for certain companies to process your data, as part of the provision of contracted services.
In these cases, all relationships will be regulated by a data protection contract. Document that will regulate confidentiality and commitment to regulatory compliance, referenced in Regulation (EU) 2016/679 of the European Parliament.
The b) does not indicate but the cases where a law obliges us to transfer the data (example, Tax Agency).
And c) refers to situations where their consent will be asked for cases in which it is necessary to have their approval. These situations will be covered by your consent, which will be duly managed to be able to inform you whenever you need it and so that in the event that you change your mind and revoke it, you have no problem doing so.
We insist that you are the owner of the data, and our commitment is to give you control of your own information.
What happens if you do not consent? Nothing obliges you to give us this consent, but if you do not do so, you will lose information about our products, services and other activities that, without being directly related to the contractual relationship that we may maintain, would be very useful to you. . to know the evolution, novelties and offer of our company.
It is important to note, although we hope it is not necessary, that by virtue of the legal relationship that may exist and in the event of any non-payment, the data related to the debt may be communicated to files related to the fulfillment or non-compliance of monetary obligations (capital solvency files).
9. International Data Transfers
Prior to the explanation of the Control Authority on international data transfers, at FLORESIENDO we would like to inform you that we will not carry out any international transfer without your consent, insisting once again that you will be the one in control of your information.
Once this fundamental aspect has been clarified, we can collect what the Spanish Data Agency says about this matter:
International data transfers involve a flow of personal data from Spanish territory to recipients established in countries outside the European Economic Area (the countries of the European Union plus Liechtenstein, Iceland and Norway).
Those responsible and in charge of the treatment may carry out international data transfers without the need for an authorization from the Spanish Agency for Data Protection, provided that the data processing complies with the provisions of the European Regulation and the following assumptions are met.
The European Commission has declared the following countries with an adequate level of security.
In other words, it considers them suitable for making transfers with them, equating them to a level analogous to the EU member states themselves.
(listed as of June 2018)
Decision 2000/518/EC of the Commission, of July 26, 2000.
Canada. Decision 2002/2/EC of the Commission, of December 20, 2001, regarding the entities subject to the scope of application of the Canadian data protection law.
Decision 2003/490/EC of the Commission, of June 3, 2003.
Decision 2003/821/CE of the Commission, of November 21, 2003.
Isle of Man. Decision 2004/411/EC of the Commission, of April 28, 2004.
Decision 2008/393/EC of the Commission, of May 8, 2008.
Faroe Islands. Decision 2010/146/EU of the Commission, of March 5, 2010.
Decision 2010/625/EU of the Commission, of October 19, 2010.
Decision 2011/61/EU of the Commission, of January 31, 2011.
New Zealand. Decision 2013/65/EU of the Commission, of December 19, 2012.
USES. Applicable to entities certified under the EU-US Privacy Shield. Decision (EU) 2016/1250 of the Commission, of July 12, 2016. The Privacy Shield offers a series of rights and obliges companies to protect personal data in accordance with the “Privacy Principles”.
In cases where the country is not included in the above list, it will be necessary:
A legally binding and enforceable instrument between public authorities or bodies.
Binding corporate rules.
Standard data protection clauses adopted by the Commission that are still valid.
Decision 2001/497/CE, of June 15, 2001, regarding standard contractual clauses for the transfer of personal data between data controllers to a third country and Decision 2010/87/EU of the Commission, of February 5, 2010, regarding standard contractual clauses for the transfer of personal data to data processors established in third countries, in accordance with Directive 95/46/EC of the European Parliament and of the Council.
Standard data protection clauses adopted by a supervisory authority and approved by the Commission.
Codes of conduct, together with binding and enforceable commitments of the person in charge or the person in charge of the treatment in the third country to apply adequate guarantees, including those related to the rights of the interested parties.
Certification mechanisms, together with binding and enforceable commitments from the controller or processor in the third country to apply adequate guarantees, including those relating to the rights of data subjects.
If the specific case does not meet the preceding requirements either, these are, in the absence of a suitability decision and adequate guarantees, they can only be carried out if any of the following conditions are met:
The interested party has explicitly given its consent.
The transfer is necessary for the execution of a contract between the interested party and the data controller or for the execution of pre-contractual measures adopted at the request of the interested party.
The transfer is necessary for the conclusion or execution of a contract, in the interest of the interested party, between the data controller and another natural or legal person
The transfer is necessary for important reasons of public interest
The transfer is necessary for the formulation, exercise or defense of claims.
The transfer is necessary to protect the vital interests of the interested party or of other persons, when the interested party is physically or legally incapable of giving his consent.
The transfer is made from a public registry that, in accordance with the Law of the Union or of the Member States, is intended to provide information to the public and is open to consultation by the general public or any person who can provide a legitimate interest. , but only to the extent that, in each particular case, the conditions established by the Law of the Union or of the Member States for consultation are met.
When none of these exceptions are applicable either, a transfer may only be carried out if it is not repetitive, affects only a limited number of interested parties, is necessary for the purposes of compelling legitimate interests pursued by the controller over which no the interests or rights and freedoms of the data subject prevail, and the data controller evaluates all the circumstances involved in the transfer of data and, based on this evaluation, offers appropriate guarantees regarding the protection of personal data.
In this case, the data controller will inform the control authority of the transfer. In addition to the information referred to in articles 13 and 14 of the RGPD, the data controller will inform the interested party of the transfer and of the compelling legitimate interests pursued.
Binding Corporate Rules (BCR):
Binding Corporate Rules (or BCR for its acronym in English) are “the personal data protection policies assumed by a controller or processor established in the territory of a Member State for transfers or a set of transfers of personal data to a responsible or in charge in one or more third countries, within a business group or a union of companies engaged in a joint economic activity”.
Business groups are those “constituted by a company that exercises control and its controlled companies”.
The competent control authority will approve binding corporate rules (better known by its acronym in English BCR (Binding Corporate Rules) in accordance with the consistency mechanism established in article 63 of the RGPD.
10. How long will we keep your data?
At FLORESIENDO we want to convey to you the firm intention of keeping your personal data strictly as long as it is necessary. Either because you maintain a relationship with us, because there is a provision of services, you are interested in receiving information about our services or any other circumstance that requires the processing of your personal data. That is, for the time strictly necessary for the purpose for which they were collected.
Regarding the security of the facilities, the images captured through the video surveillance systems will be kept for a maximum period of 30 days, unless there is knowledge of any fact that could be relevant for a subsequent judicial action.
Once the reason why we process your personal data has expired, we will keep them as long as we are required by the sectoral regulations that may affect them.
In this sense and as an example, the sectoral regulations regarding money laundering, the Tax Agency, the Commercial Code regulations, patient autonomy or clinical history, Courts and Tribunals of Justice before potential claims, scientific research and/or statistics, etc.
In any case, for those cases where we have to keep the data in accordance with the obligations imposed by the different legal regulations, we will do so by blocking them, preventing any treatment other than that exclusively mentioned.
And after the legally established deadlines, we will destroy or anonymize your data.
11. What are your rights?
As the holder of the fundamental right to the protection of your personal data, the regulations recognize certain rights, which have been reinforced since the RGPD.
The recognized rights are the following: ACCESS, RECTIFICATION, DELETION, LIMITATION, PORTABILITY AND OPPOSITION.
Your exercise is FREE and FREE.
The interested party can exercise their rights by requesting it in writing, and together with a copy of a reliable document that proves their identity, at the following postal address:
E-mail: info@escuelafloresiendo.com
Therefore, from FLORESIENDO. we want to follow the current imposed from Europe and provide you with all the necessary tools so that you can exercise your rights, understand them and know their importance.
Both from this privacy policy and from the assistance provided by our Data Protection Delegate, we provide you with the information and mechanisms necessary for this purpose.
Right of Access.- First right included in the RGPD, in its article 15:
The interested party shall have the right to obtain from the data controller confirmation of whether or not personal data concerning him or her is being processed and, in this case, the right of access to the personal data and to the following information:
- a) the purposes of the treatment;
- b) the categories of personal data in question;
- c) the recipients or the categories of recipients to whom the personal data were or will be disclosed, in particular recipients in third parties or international organizations;
- d) if possible, the expected term of conservation of the personal data or, if not possible, the criteria used to determine this term;
- e) the existence of the right to request from the person in charge the rectification or deletion of personal data or the limitation of the processing of personal data relating to the interested party, or to oppose such processing;
- f) the right to file a claim with a supervisory authority;
- g) when the personal data has not been obtained from the interested party, any available information about its origin;
- h) the existence of automated decisions, including the elaboration of profiles, referred to in article 22, sections 1 and 4, and, at least in such cases, significant information on the applied logic, as well as the importance and the foreseen consequences of said treatment for the interested party.
When personal data is transferred to a third country or to an international organization, the data subject shall have the right to be informed of the appropriate safeguards under Article 46 relating to the transfer.
The controller will provide a copy of the personal data being processed. The person in charge may receive for any other copy requested by the interested party a reasonable fee based on administrative costs . When the interested party submits the request by electronic means, and unless the interested party requests that it be provided in another way, the information will be provided in a commonly used electronic format.
The right to obtain a copy mentioned in section 3 shall not adversely affect the rights and freedoms of others.
In other words and looking for an easy explanation, what is intended is that the owner of the data has the capacity to access them and know what data has been collected.
Right of Rectification.- It is included in the RGPD in its article 16:
The interested party shall have the right to obtain, without undue delay, from the controller the rectification of inaccurate personal data concerning him. Taking into account the purposes of the treatment, the interested party will have the right to have incomplete personal data completed, including by means of an additional declaration.
An elementary right that recognizes the holder the possibility of demanding that their data is correct and updated.
Right of Deletion (also called the right to be Forgotten).- Article 17 of the RGPD:
The interested party shall have the right to obtain, without undue delay, from the data controller the deletion of the personal data that concerns him, who will be obliged to delete the personal data without undue delay when any of the following circumstances occur:
- a) the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
- b) the interested party withdraws the consent on which the treatment is based in accordance with Article 6, paragraph 1, letter a), or Article 9, paragraph 2, letter a), and this is not based on another legal basis;
- c) the interested party opposes the treatment in accordance with article 21, paragraph 1, and no other legitimate reasons for the treatment prevail, or the interested party opposes the treatment in accordance with article 21, paragraph 2;
- d) the personal data has been illicitly processed;
- e) the personal data must be deleted for the fulfillment of a legal obligation established in the Law of the Union or of the Member States that applies to the data controller;
- f) the personal data has been obtained in relation to the offer of services of the information society mentioned in article 8, section 1.
Where you have made personal data public and are required under paragraph 1 to delete such data, the controller, taking into account the technology available and the cost of its implementation, shall take reasonable steps, including techniques, with a view to informing those responsible for processing the personal data of the interested party’s request to delete any link to said personal data, or any copy or replica thereof.
Sections 1 and 2 will not apply when the treatment is necessary:
- a) to exercise the right to freedom of expression and information;
- b) for the fulfillment of a legal obligation that requires the processing of data imposed by the Law of the Union or of the Member States that applies to the data controller, or for the fulfillment of a mission carried out in the public interest or in the exercise of public powers conferred on the person responsible;
- c) for reasons of public interest in the field of public health in accordance with article 9, paragraph 2, letters h) and i), and paragraph 3;
- d) for archival purposes in the public interest, scientific or historical research purposes or statistical purposes, in accordance with article 89, paragraph 1, insofar as the right indicated in paragraph 1 could make impossible or seriously impede the achievement of the purposes of such treatment, or
- e) for the formulation, exercise or defense of claims.
Delete your personal data when they are not necessary for the purposes for which they were collected, among other reasons.
Right of Limitation.- Article 18 RGPD:
The interested party shall have the right to obtain from the data controller the limitation of data processing when any of the following conditions are met:
- a) the interested party challenges the accuracy of the personal data, during a period that allows the person in charge to verify the accuracy of the same;
- b) the treatment is unlawful and the interested party opposes the deletion of the personal data and requests instead the limitation of its use;
- c) the person in charge no longer needs the personal data for the purposes of the treatment, but the interested party needs them for the formulation, exercise or defense of claims;
- d) the interested party has objected to the treatment under article 21, paragraph 1, while verifying whether the legitimate reasons of the person in charge prevail over those of the interested party.
When the processing of personal data has been limited by virtue of section 1, said data may only be processed, with the exception of its conservation, with the consent of the interested party or for the formulation, exercise or defense of claims, or with with a view to protecting the rights of another natural or legal person or for reasons of important public interest of the Union or of a certain Member State.
Any interested party who has obtained the limitation of treatment in accordance with section 1 will be informed by the person in charge before the lifting of said limitation.
Limit the treatment by us of all or part of your personal data in the circumstances determined by law.
Portability Right.- Article 20 of the RGPD:
The interested party will have the right to receive the personal data that concerns him, that he has provided to a data controller, in a structured format, of common use and mechanical reading, and to transmit them to another data controller without being prevented by the data controller would have facilitated them, when:
- a) the processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) or on a contract pursuant to Article 6(1)(b) , Y
- b) the treatment is carried out by automated means.
When exercising their right to data portability in accordance with section 1, the interested party will have the right to have the personal data transmitted directly from controller to controller when technically possible.
The exercise of the right mentioned in section 1 of this article shall be understood without prejudice to article 17. Said right shall not apply to the treatment that is necessary for the fulfillment of a mission carried out in the public interest or in the exercise of public powers conferred on the person in charge. of the treatment.
The right mentioned in paragraph 1 shall not adversely affect the rights and freedoms of others.
Request the portability of your personal data in an interoperable and self-sufficient format.
Right of Opposition.- Article 21 RGPD:
The interested party shall have the right to object at any time, for reasons related to their particular situation, to the processing of personal data concerning them based on the provisions of article 6, paragraph 1, letters e) of), including the profiling on the basis of those provisions. The controller will stop processing the personal data, unless it proves compelling legitimate reasons for the processing that prevail over the interests, rights and freedoms of the interested party, or for the formulation, exercise or defense of claims.
When the processing of personal data is for direct marketing, the interested party shall have the right to object at any time to the processing of personal data that concerns him, including profiling to the extent that it is related to said marketing.
When the interested party opposes the treatment for direct marketing purposes, the personal data will no longer be processed for said purposes.
At the latest at the time of the first communication with the interested party, the right indicated in sections 1 and 2 will be explicitly mentioned to the interested party and will be presented clearly and apart from any other information.
In the context of the use of information society services, and notwithstanding the provisions of Directive 2002/58/EC, the interested party may exercise their right to object by automated means that apply technical specifications.
When personal data is processed for scientific or historical research or statistical purposes in accordance with article 89, paragraph 1, the interested party shall have the right, for reasons related to his particular situation, to oppose the processing of personal data concerning him, unless it is necessary for the fulfillment of a mission carried out for reasons of public interest.
Or what could be summarized: object to certain treatments in the circumstances and for reasons related to your particular situation.
As the last element of the section referring to the rights of the owners, it is important to warn them that they may withdraw, at any time, the consents previously granted.
12. Before which Control Authority can you file claims?
The Regulation, in order to protect the owner of the data, offers a route in cases where the expected response in the exercising of rights related to the protection of damages has not been obtained.
In these cases, you can file a claim with the Spanish Data Protection Agency, the control authority in matters of data protection, at the following address:
C / Jorge Juan, 6. Madrid (28001)
URL: agpd.es
13. When will we send you commercial communications?
When we collect data directly from you, we may ask you whether or not you wish to receive marketing communications from us.
In this sense, it must be taken into account that if these communications are related to goods, services or news related to the relationship you have with us, we may carry them out by virtue of the existing legitimate interest.
It does not have to be the case, but if they are commercial communications that are not directly related to the relationship you have with us, or are even third-party companies, these commercial communications will always be preceded by your consent.
Consent that, as you well know, you can revoke whenever you deem appropriate.
14. Social Networks
Confirm this end.
FLORESIENDO has a profile on some of the main social networks on the Internet, acknowledging itself as responsible for the treatment in relation to the data published in these profiles or the data that users send privately to the mailbox that appears in the profile for this purpose (example, questions or advice).
Purpose and legitimacy: The treatment that will be carried out with the data within each of the aforementioned networks will be, at most, that which the social network allows for corporate profiles.
Thus, from FLORESIENDO. We can inform «our» followers, when the law does not prohibit it, about activities, offers, as well as provide any personalized customer service.
Data extraction: In no case will we extract data from social networks, unless the user’s consent is expressly and expressly obtained for it.
Rights: When, due to the very nature of social networks, the effective exercise of data protection rights is required by any owner, our DPO may inform and advise you for this purpose, to the extent of its possibilities.
15. Data security
At the moment in which we are responsible for your data and we treat it for the pertinent purposes, the necessary organizational and security measures will be applied to guarantee the integrity, confidentiality, availability, resilience or invulnerability, to avoid loss, misuse and access. unauthorized access to your personal data. All this in accordance with the provisions of the aforementioned Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, regarding the protection of natural persons with regard to the processing of personal data, as well as what is established in the applicable national regulations.
For security and strictly authorized access, we will block your data if necessary, we will proceed to encrypt them when the action so advises and we will even anonymize them if with this we achieve our objective, which is none other than the correct custody and proper use of your personal data. .
We have also reviewed our policy on data collection, storage and processing, including physical security measures, to prevent unauthorized access to our systems.
Complying with the principle of data minimization, we limit access to personal information that must be processed and we will ensure that all parties comply with strict contractual confidentiality obligations.
Failure to comply with the disciplinary conditions set forth will be sufficient reason for sanction, contractual termination or dismissal.
16. Cookies
Confirm these extremes with the IT department
A cookie is a small data file containing a string of characters that is sent to your computer when you visit a website. When you visit that website again, the cookie enables the site to recognize your browser.
How long a cookie remains on your computer or mobile device depends on whether it is a «persistent» or «session» cookie.
In FLORESIENDO both types of cookies are used.
Session cookies will only remain on your device while you are browsing.
Persistent cookies remain on your computer or mobile device until they expire or are deleted.
We use the following types of cookies on our website.
Strictly Necessary Cookies: These cookies are essential for you to be able to navigate our website and use its features. Without these cookies certain cannot be offered.
Performance cookies: These cookies collect information about how you use our website. This data can be used to optimize our website and make it easier for you to navigate.
Functional cookies: these cookies allow us to remember your choices on our website and personalize your experience.
Third-party cookies: third-party cookies are enabled by entities or websites other than EVOLUCIÓN INTERIOR SL These cookies can be used on our website to improve our products or services or help us offer more relevant ads. These cookies are subject to the corresponding privacy policies of these external services, such as the «data use policy» of Facebook.
Analytical cookies: we use analytical cookies, such as those offered by Google Analytics, to know aspects such as the time visitors spend on our website, the pages they find most useful and the way in which they arrive at our website.
How to control cookie settings.-
Most browsers allow you to control cookies through your preferences settings. However, if you limit the ability of websites to set cookies, your overall user experience may worsen.
Some browsers offer a “Do Not Track” (“DNT”) signal with which you can indicate your preferences regarding tracking and cross-site tracking.
Pixels.-
In addition to cookies, we sometimes use small graphic images called «pixels» (also known as web beacons, clear GIFs, or pixel tags).
We use pixels in the email communications we send to you to help us know whether our email communication has been viewed. We also use third-party pixels (such as those from Google, Facebook, and other advertising networks) to help us deliver advertising based on your interests.
17. Definitions
It is our intention to make it as easy as possible for you to understand the glossary of concepts that are hidden behind your fundamental right to data protection.
Therefore, and below, the following definitions serve as «clarification».
However, the company’s Data Protection Officer is at your disposal for any questions you may have.
.- It would be interesting if all the words subject to definition have a direct link to reach the definition contained in this tab (underlining of automated decision to take to the definition tab).
“Personal data”: all information about an identified or identifiable natural person (the interested party); an identifiable natural person is any person whose identity can be determined, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more elements of identity physical, physiological, genetic, psychic, economic, cultural or social of said person.
“Processing”: any operation or set of operations carried out on personal data or sets of personal data, whether by automated procedures or not, such as collection, registration, organization, structuring , conservation, adaptation or modification, extraction, consultation, use , communication by transmission, diffusion or any other form of authorization of access, collation or interconnection, limitation, suppression or destruction.
“Limitation of treatment”: the marking of the personal data stored in order to limit their treatment in the future.
«Profiling»: any form of automated processing of personal data consisting of using personal data to evaluate certain personal aspects of a natural person, in particular to analyze or predict aspects related to professional performance, economic situation, health, personal preferences, interests , reliability, behavior, location or movements of said natural person.
“Pseudonymization”: the processing of personal data in such a way that they can no longer be attributed to a data subject without the use of additional information, provided that such additional information appears separately and is subject to technical and organizational measures designed to ensure that the personal data is not attributed to an identified or identifiable natural person.
“File”: any structured set of personal data, accessible according to certain criteria, whether centralized, decentralized or distributed functionally or geographically.
“Responsible for the treatment” or “responsible”: the natural or legal person, public authority, service or other body that, alone or jointly with others, determines the purposes and means of the treatment; if the law of the Union or of the Member States determines the purposes and means of the treatment, the data controller or the specific criteria for its appointment may be established by the law of the Union or of the Member States.
“Data Processor” or “Data Processor”: the natural or legal person, public authority, service or other body that processes personal data on behalf of the data controller.
“Recipient”: the natural or legal person, public authority, service or other body to which personal data is communicated, whether or not it is a third party. However, public authorities that may receive personal data in the context of a specific investigation in accordance with Union or Member State law shall not be considered recipients; the processing of such data by said public authorities will be in accordance with the data protection regulations applicable to the purposes of the processing.
“Third Party”: natural or legal person, public authority, service or body other than the interested party, the data controller, the data processor and the persons authorized to process personal data under the direct authority of the data controller or data processor.
«Consent of the interested party»: any free, specific, informed and unequivocal expression of will by which the interested party accepts, either by means of a declaration or a clear affirmative action, the processing of personal data that concerns him.
“Personal data security breach”: any security breach that results in the accidental or unlawful destruction, loss or alteration of personal data transmitted, stored or otherwise processed, or unauthorized communication or access to such data.
“Genetic data”: personal data relating to the inherited or acquired genetic characteristics of a natural person that provide unique information about the physiology or health of that person, obtained in particular from the analysis of a biological sample of such person.
“Biometric data”: personal data obtained from a specific technical treatment, related to the physical, physiological or behavioral characteristics of a natural person that allow or confirm the unique identification of said person, such as facial images or dactyloscopic data.
”Health-related data”: personal data relating to the physical or mental health of a natural person, including the provision of health care services, which reveals information about their state of health.
”Main establishment”:
- a) as regards a controller with establishments in more than one Member State, the place of its central administration in the Union, unless decisions on the purposes and means of processing are taken in another establishment of the controller in the Union and the latter establishment has the power to enforce such decisions, in which case the establishment that has taken such decisions shall be considered as the main establishment.
- b) in the case of a data processor with establishments in more than one Member State, the place of its central administration in the Union or, if there is no central administration, the establishment of the processor in the Union where the processing is carried out. main processing activities in the context of the activities of an establishment of the processor to the extent that the processor is subject to specific obligations under this Regulation.
“Representative”: a natural or legal person established in the Union who, having been designated in writing by the controller or the processor in accordance with Article 27, represents the controller or the processor with regard to their respective obligations under Article 27. this Regulation.
“Company”: natural or legal person engaged in an economic activity, regardless of its legal form, including companies or associations that regularly carry out an economic activity.
“Business group”: group constituted by a company that exercises control and its controlled companies.
“Binding corporate rules”: the personal data protection policies assumed by a controller or processor established in the territory of a Member State for transfers or a set of transfers of personal data to a controller or processor in one or more third countries. , within a business group or a union of companies engaged in a joint economic activity.
“Control Authority”: the independent public authority established by a Member State in accordance with the provisions of article 51 of the RGPD.
“Interested control authority”: the control authority affected by the processing of personal data because:
- a) the controller or processor is established in the territory of the Member State of that supervisory authority.
- b) data subjects residing in the Member State of that supervisory authority are substantially affected or are likely to be substantially affected by the processing, or
- c) a claim has been filed with that control authority.
“Cross-border processing”:
- a) the processing of personal data carried out in the context of the activities of establishments in more than one Member State of a controller or a processor in the Union, if the controller or processor is established in more than one Member State, or
- b) the processing of personal data carried out in the context of the activities of a single establishment of a controller or a processor in the Union, but which substantially affects or is likely to substantially affect data subjects in more than one Member State.
“Pertinent and motivated objection”: the objection to a proposal for a decision on the existence or not of an infringement of this Regulation, or on the conformity with this Regulation of actions planned in relation to the person in charge or the person in charge of the treatment, which clearly demonstrates the importance of the risks posed by the draft decision for the fundamental rights and freedoms of data subjects and, where appropriate, for the free movement of personal data within the Union.
“Information society service”: any service as defined in article 1, paragraph 1, letter b), of Directive (EU) 2015/1535 of the European Parliament and of the Council.
“International organization”: an international organization and its subordinate bodies of public international law or any other body created by or by virtue of an agreement between two or more countries.
“Cookie”: Small file that a web server sends to the hard drive of the Internet user who visits it with information about their preferences and browsing patterns.
“IP address”: number that identifies, in a logical and hierarchical manner, a network interface (communication/connection element) of a device (computer, tablet, laptop, smartphone) that uses the IP protocol (Internet Protocol) or, which corresponds to the network level of the TCP/IP model (example, 205.45.128.30).
“Visit counter”: computer program that indicates the number of visitors that a certain web page has received. Once configured, these counters will be increased one by one after each visit to the web page. Web counters are not necessarily reliable. A webmaster could set it to start at any large number, giving the impression that their site is more popular than it really is.
“Browser”: Program that allows browsing the internet or other computer communications network.
“Automated decision” – Explanation of Recital 71 of the RGPD: the interested party must have the right not to be the subject of a decision, which may include a measure, that evaluates personal aspects related to him, and that is based solely on automated processing and produces legal effects on him or significantly affects him in a similar way, such as the automatic denial of an online credit application or online contracting services in which there is no human intervention. This type of processing includes profiling consisting of any form of personal data processing that evaluates personal aspects related to a natural person, in particular to analyze or predict aspects related to work performance, economic situation, health , preferences or personal interests, reliability or behavior, situation or movements of the interested party, to the extent that it produces legal effects on him or significantly affects him in a similar way. However, decisions based on such processing, including profiling, should be permitted if expressly authorized by Union or Member State law applicable to the controller, including for fraud prevention and control purposes and tax evasion, carried out in accordance with the regulations , rules and recommendations of the Union institutions or national supervisory bodies and to ensure the security and reliability of a service provided by the controller, or necessary for the conclusion or execution of a contract between the interested party and a data controller, or in cases in which the interested party has given his explicit consent. In any case, said treatment must be subject to the appropriate guarantees, which must include specific information to the interested party and the right to obtain human intervention, to express their point of view, to receive an explanation of the decision made after such assessment and to challenge the decision. Such a measure must not affect a minor.
Principles in the Protection of Personal Data
Personal data will be
- a) processed in a lawful, loyal and transparent manner in relation to the interested party (“lawfulness, loyalty and transparency”).
- b) collected for specific, explicit and legitimate purposes, and will not be further processed in a manner incompatible with said purposes; in accordance with article 89, paragraph 1, the further processing of personal data for archival purposes in the public interest, scientific and historical research purposes or statistical purposes shall not be considered incompatible with the initial purposes («purpose limitation») .
- c) adequate, pertinent and limited to what is necessary in relation to the purposes for which they are processed (“data minimization”).
- d) accurate and, if necessary, updated; All reasonable steps will be taken to promptly erase or rectify personal data that is inaccurate for the purposes for which it is processed (“accuracy”).
- e) kept in a way that allows the identification of the interested parties for no longer than is necessary for the purposes of the processing of personal data; personal data may be kept for longer periods provided that they are processed exclusively for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, in accordance with article 89, paragraph 1, without prejudice to the application of the measures appropriate technical and organizational measures imposed by this Regulation in order to protect the rights and freedoms of the interested party («limitation of the retention period»).
- f) processed in such a way as to ensure adequate security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, through the application of appropriate technical or organizational measures («integrity and confidentiality»).
The data controller shall be responsible for and able to demonstrate compliance with the provisions of section 1 («proactive responsibility»).
18. Wi-Fi for visitors
Any interested party who wants to access the FLORESIENDO WIFI network will be able to do so, knowing that information about the connected device is stored, not about browsing.
In our facilities, a specific SSID is offered so that customers and other visitors can surf the Internet for free.
And the following data of each device that connects is stored: name, MAC, IP, channel (wifi or ethernet) and time of connection. Information about navigation is not stored.
Purpose and legitimacy: Necessary security measure to know which devices are connected to the company network and, where appropriate, to be able to block the connection to unauthorized ones.
19. Changes in the Privacy Policy
FLORESIENDO intends that its privacy policy be a living element that is updated as many times as necessary, to which new current aspects are incorporated and those that are less popular or less important due to technological evolution or any other circumstance are suppressed.
Therefore, FLORESIENDO can modify or update this «policy» when necessary.
Check back often. It will serve as an element to assess the good practices that we carry out.
When we update this “policy”, we will modify the date of last update that appears at the beginning of it.
If there are any material changes in the «policy» or in the way your personal data is used, we will notify you by posting a notice of such changes before they take effect or by sending you a notification directly if you have consented.