Privacy Policy

Confidentiality and Data Protection Policy

CORTINAS Y AUTOMATISMOS EUROPE S.L. (hereinafter the Entity) is committed to due diligence and compliance with Data Protection regulations.

Below is the detailed information on the confidentiality and personal Data Protection policy in compliance with the provisions of Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation or GDPR), and Article 11 of the Spanish Organic Law 3/2018 on Personal Data Protection and Guarantee of Digital Rights (LOPD GDD).

Data of the Data Controller and contact details of the Data Protection Officer (DPO):

  • Identity: CORTINAS Y AUTOMATISMOS EUROPE S.L.
  • Address / Postal Code: C/ Pica d'Estats 108-118, 08272 Sant Fruitós de Bages, Barcelona (Spain)
  • Phone: (+34) 932420108
  • E-mail: info@eurotronic-europe.com
  • DPO contact details: lopd@sauleda.com
  • Data Protection Channel: www.corporate-line.com/cnormativo-sauleda

Purposes of processing

The Entity will process the information provided by data subjects for the following purposes:

  • Manage your visit, appointment, and meeting at our facilities.
  • Manage the provision and execution of contracted services and products.
  • Manage any type of request, suggestion, or inquiry about our professional services made by data subjects through any means or contact channel, including the contact form on our website.
  • Manage sales, billing, location data, and other necessary data to fulfill the role of supplier, for product monitoring and delivery/after-sales service.
  • Manage order shipments, tracking, and returns.
  • Formalize and manage relationships with suppliers and partners.
  • Informative and commercial communications: process your data to inform you about activities, events, offers, raffles, promotions, articles of interest, and general information related to our activity and the contracted services/products.
  • Prepare publications, promotional videos, and other content for pre-sales and after-sales service, marketing, and commercial prospecting purposes of the Entity.
  • Collect data through social networks, blogs, apps or electronic devices, the Entity's website, and any other similar means.
  • Manage the Eurotronic Europe mobile apps developed by the Entity for customer service and support.
  • Manage data provided by job applicants via Curriculum Vitae (CV) or other means for selection and recruitment purposes.
  • Ensure the security of offices, facilities, and individuals through access controls, video surveillance systems, and other access control/identification systems.
  • Comply with applicable legal provisions in health, equality, and occupational risk prevention matters.
  • Manage and monitor the functioning of internal mechanisms, policies, and protocols established by the Entity for compliance purposes and management of reporting channels for that purpose.
  • All other processing applicable for proper compliance with official/sectoral regulations and requirements to which our activity is subject.

For the proper provision of service and management of the above purposes, data processing will be carried out under the strictest compliance with Data Protection regulations and the Policy detailed herein. You may exercise your rights at any time (see specific section).

Data retention criteria

  • Management of contracted services/products with the Entity: personal data provided in contracts, offers, and/or service proposals, as well as data of other involved persons, will be kept as long as the contracted services are valid. Once services end, personal data will be retained if liabilities with the Entity may arise and/or in compliance with other applicable legal frameworks requiring their retention. Data will be kept in a way that allows identification and exercise of affected parties' rights, under technical, legal, and organizational measures necessary to ensure confidentiality and integrity.
  • Curriculum Vitae management: the Entity, as a rule, keeps your CV for a maximum period of one year; once this period ends, it will be automatically destroyed, in compliance with the principle of data quality.
  • Employment Contract management: personal data will in any case be retained during the validity of the employment relationship and, once ended, if liabilities may arise between the parties and when required by law.
  • Others: all other user data and information provided by any means will be retained for as long as necessary to fulfill the purpose for which they were collected.

Legal basis

The legal grounds that allow the Entity to process users', customers', and potential customers' personal data are:

  • The consent of data subjects for handling and managing any information request or inquiry about our services and products.
  • The consent given by job candidates for selection and recruitment purposes.
  • The framework of service/product provision and/or contracting with the Entity.
  • Legitimate interest in sending you informational, commercial communications and/or promotional offers related to the Entity's activity and contracted services/products by email or other means.
  • Compliance with legal obligations and internal compliance procedures.
  • Legitimate interest in ensuring the security of offices, facilities, and individuals.

Recipients

No personal data will be transferred to third parties, except as required by law.

Source

Personal data is obtained directly from data subjects and our partners. Categories of personal data provided include:

  • Identification data.
  • Postal or electronic addresses.
  • Bank data.
  • Data provided and/or consented to by the data subjects themselves related and necessary for managing and delivering the requested service/product.

Rights

Right of Access, Rectification, and Erasure: data subjects have the right to obtain confirmation of whether or not the Entity is processing their personal data. They have the right to access their personal data, request the rectification of inaccurate data, or request their erasure when, among other reasons, the data are no longer necessary for the purposes for which they were collected.

Right to Restriction and Objection: in certain circumstances, data subjects may request the restriction of their data processing, in which case they will only be retained for the exercise or defense of claims. In certain circumstances and for reasons related to their particular situation, data subjects may object to the processing of their data. In such cases, the Entity will stop processing the data, except for compelling legitimate grounds or for the exercise or defense of possible claims.

Right to withdraw consent: data subjects have the right to withdraw their consent at any time, except in cases of personal data processing required by Data Protection regulations or necessary for the provision of contracted services, which do not require such consent. However, this withdrawal is not retroactive and will not affect the lawfulness of processing based on prior consent. These rights may be exercised through our Data Protection Channel, whose access details are provided at the beginning of this Policy.

Security and Control Measures

General

In compliance with data protection regulations, the Entity will process personal data applying appropriate technical, legal, organizational, and security measures to guarantee the confidentiality and integrity of the information it manages in accordance with current regulations.

We appreciate that you inform the Data Protection Officer via the contact details / Channel provided in this Privacy Policy of any security risks you may be aware of that could compromise the integrity and confidentiality of personal data and/or confidential information, so that necessary measures can be taken to avoid unauthorized processing, loss, destruction, or accidental damage.

Cybersecurity

As a specific and complementary concept, the Entity applies cybersecurity measures to prevent and manage potential attacks and fraud by cybercriminals threatening the privacy and protection of the data processed and accessed by the Entity within its activities and operations.

In this regard, we warn that in case of potentially risky situations caused by communications whose content and/or format raise doubts of authenticity, we recommend ignoring them and contacting the Data Protection Officer through the contact details indicated in this Privacy Policy.

Likewise, any request received that appears to originate from our Entity regarding changes in payment methods, requests for data, contact persons, confidential (non-public) information, banking and/or credit card details, or other official data, must not be addressed without direct confirmation from our Entity through an alternative means. We appreciate and require your collaboration in reporting any such requests or other potential cybersecurity risks involving our Entity, as well as any possible security risks you may become aware of.

Data Protection Channel

The Entity has implemented a Channel, with the highest commitment, rigor, and professionalism in terms of security, expertise, independence, and knowledge in handling communications received.

The Channel, which includes use in the field of Data Protection, has been set up through a web platform, developed and managed by an independent external expert, to provide and guarantee our aforementioned commitments.

Through the Channel, you may communicate and exercise your Rights (see previous section) and report any indication or knowledge of possible security breaches, cyberattacks, and/or potential breaches or irregularities regarding Data Protection regulations, this Entity's Policy, and all matters mentioned above regarding confidentiality and trade secrets.

The Channel access details are provided at the beginning of this Policy.

Supervisory Authority

In case of disagreement with the Entity regarding the processing of your data, you have the right to lodge a complaint with the competent Data Protection Supervisory Authority. In Spain, this Authority is the Spanish Data Protection Agency (www.aepd.es).

Support and assistance

Data subjects may contact the Entity with any questions about the processing of their personal data or interpretation of our Policy, by contacting the Data Protection Officer (DPO) at the address indicated at the beginning of this Policy.