Privacy policy

DATA CONTROLLER

Refractarios Campo S.L., with registered address at Lugar o Cruceiro, VILLALONGA, Sanxenxo, 36990, Pontevedra, and Tax Identification Code (C.I.F.) B36023471.

Email for the Exercise of Rights: lopd@rodonita.es

PURPOSES AND LEGAL BASES

Completing the basic data protection information provided through each data collection channel, below is additional information regarding the purposes, legal bases, and other details of the following files or processing activities:

– Clients:

Personal data will be processed for the purpose of managing accounting, tax, administrative, and collection matters, as well as maintaining the commercial relationship.

The legal basis for processing is the performance of a contract to which the data subject is a party, as well as compliance with legal obligations (Article 6.1.c) of the GDPR).

– Suppliers: Personal data will be processed for the purpose of managing the contractual relationship, which includes accounting, tax, and administrative management, as well as payment processing for services, among other tasks. The legal basis for this processing is the performance of a contract to which the data subject is a party (Article 6.1.b) of the GDPR), as well as compliance with legal obligations (Article 6.1.c) of the GDPR).

– Website Users: Personal data will be processed for the purpose of managing contact requests, complaints, suggestions, and claims. The legal basis for processing is the data subject’s consent.

DATA TRANSFERS OR DISCLOSURES

For the management of certain processing activities, it may be necessary to allow access to specific data by third-party service providers contracted for this purpose. In this regard, the entity enters into the necessary data processing agreements and has provided precise instructions to the various service providers or data processors to ensure the security and integrity of the data they access in the course of providing the contracted service.

Outside of these cases, your personal data will not be disclosed to third parties, except in situations legally provided for, such as:

– Clients and Suppliers:

Data may be disclosed to the following categories of recipients:

– Public Authorities: when required by law, for example, the Spanish Tax Agency (Agencia Estatal de la Administración Tributaria), and other competent tax or regulatory authorities, in order to comply with obligations imposed by current legislation.

– Financial Institutions: for the management of service-related payments and collections.

DATA RETENTION PERIOD

Completing the basic data protection information provided through each data collection channel, below is additional information regarding the purposes and legal bases of the following files or processing activities:

– Clients: Data will be retained until the end of the contractual relationship and will remain duly blocked during the statutory limitation periods for any liabilities that may arise (6 years).

– Suppliers: Data will be retained until the end of the contractual relationship and will remain duly blocked during the statutory limitation periods for any liabilities that may arise (6 years).

– Website Users: They will be retained for as long as your request (contact) is being processed.

PROFILING AND INTERNATIONAL DATA TRANSFERS

No profiling or international data transfers will be carried out

WITHDRAWAL OF CONSENT

In cases where the processing of personal data is based on consent, data subjects are informed of their right to withdraw consent at any time, easily and free of charge, by sending a written request to the data controller’s address or via the following email address: lopd@rodonita.es The withdrawal of consent shall not affect the lawfulness of processing based on consent prior to its withdrawal. 

DATA SUBJECT RIGHTS

The data protection regulations grant a series of rights to data subjects or data owners. These rights available to the data subjects are as follows:

– Right of access: the right to obtain information about whether their own data is being processed, the purpose of the processing being carried out, the categories of data involved, the recipients or categories of recipients, the retention period, and the origin of said data.

– Right to rectification: the right to obtain the rectification of inaccurate or incomplete personal data.

– Right to erasure: the right to obtain the deletion of data in the following cases:

• When the data is no longer necessary for the purpose for which it was collected
• When the data subject withdraws their consent
• When the data subject objects to the processing
• When the data must be deleted to comply with a legal obligation
• When the data has been obtained through an information society service based on the provisions of Article 8, paragraph 1 of the European General Data Protection Regulation (GDPR)

Right to object: the right to object to specific processing based on the data subject’s consent.

Right to restriction of processing: the right to obtain the restriction of data processing when any of the following circumstances apply:

• When the data subject contests the accuracy of the personal data, for a period enabling the company to verify the accuracy of the data.
• When the processing is unlawful and the data subject opposes the erasure of the data.
• When the company no longer needs the data for the purposes for which it was collected, but the data subject requires it for the establishment, exercise, or defence of legal claims.
• When the data subject has objected to the processing while it is being verified whether the company’s legitimate grounds override those of the data subject.

Data subjects may exercise the aforementioned rights by contacting the entity in writing at the following email address: direcciónprevencion@dimalnox.com indicating in the subject line the right they wish to exercise, or, if they prefer, by sending their request to the company’s postal address. You can access request templates on the website of the Spanish Data Protection Agency.

In this regard, the entity will respond to your request as soon as possible and within the timeframes established by data protection regulations. Additionally, it is important to note that the data subject may, at any time, file a complaint with the Spanish Data Protection Agency at www.aepd.es   

SECURITY

The security measures adopted by the entity are those required in accordance with the provisions of Article 32 of the GDPR. In this regard, taking into account the state of the art, the cost of implementation, and the nature, scope, context, and purposes of the processing, as well as the varying likelihood and severity of risks to the rights and freedoms of natural persons, it has established appropriate technical and organizational measures to ensure a level of security appropriate to the existing risk.

In any case, the entity has implemented sufficient mechanisms to:

1. Ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services.

2. Restore the availability of and access to personal data in a timely manner in the event of a physical or technical incident.

3. Regularly test, assess, and evaluate the effectiveness of the technical and organizational measures implemented to ensure the security of the processing.

4. Pseudonymize and encrypt personal data, where appropriate.

COOKIES

A cookie is a file or device that is downloaded onto the user’s terminal equipment for the purpose of storing data that may be updated and retrieved by the entity responsible for its installation. In other words, it is a file that is downloaded to your computer when you access certain websites. For more information, please refer to our Cookies Policy.