Last updated: 22 Abril 2021
DISET, S.A. (hereinafter, “DISET”) with Spanish Value Added Tax Identification Number (N.I.F.) A08261588 and registered office in Calle C, nº 3, Sector B, Zona Franca, 08040 Barcelona, duly entered in the Companies Register of Barcelona on Volume 44585, Folio 122, Sheet B-18625, hereby states that it is the owner of the domain pasitoapasito.es (hereinafter, the “Website”), in accordance with the requirements of the Spanish Act 34/2002 of 11 July, on Information Society Services and Electronic Commerce (hereinafter, the “LSSI-CE”).
1. Contact Details of the Data Controller
In agreement with the terms of applicable data protection regulations and especially the (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter, the “GDPR”) and the Spanish Basic Act 3/2018 of 5 December, on Personal Data Protection and guarantee of digital rights (hereinafter, the “LOPDGDD”), the Data Controller is:
|Data Controller||DISET, S.A.|
|VALUE ADDED TAX IDENTIFICATION NUMBER (N.I.F.)||A08261588|
|Registered office||Calle C, nº 3, Sector B, Zona Franca, 08040 Barcelona|
|Phone No.||93 336 74 62|
2. Personal data protection in compliance with applicable regulations
DISET has adapted the Website to the GDRP and the LOPDGDD. To do this, it has put in place technical and organisational policies, means and procedures to guarantee and protect the confidentiality, integrity and availability of your personal data.
3. Principles that we will apply to your personal information
In the processing of your personal data, we will apply the following principles that meet the requirements of the GDPR:
- Principle of legality, loyalty and transparency: We will always require your consent for the processing of your personal data for one or more specific purposes of which we will inform you in advance with absolute transparency.
- Principle of data minimisation: We will only request strictly necessary data in relation to the purposes for which we require them.
- Principle of limitation of the storage period: The data will be kept for no longer than necessary for the purposes of the processing, depending on the purpose, we will inform you of the relevant storage period.
- Principle of integrity and confidentiality: Your data will be treated in such a way that adequate security of personal data is guaranteed and confidentiality is guaranteed. You should know that we take all necessary precautions to prevent unauthorised access or improper use of our users’ data by third parties.
4. Data collection and confidentiality
The data provided to DISET by different media, contact forms or any other procedure used for the collection of your data, will be collected in accordance with current data protection regulations, and for the sole purpose of providing the service that you have been informed of.
The transmission of data by the user of DISET services (hereinafter, the “User”) through the Website is done on a voluntary basis and, prior to processing, the User is informed of the use and purposes thereof.
DISET informs the User that only the information necessary to achieve the purpose of processing is collected and the data provided will only be processed for the purpose(s) for which he/she was informed and which he/she subsequently authorised.
DISET, in its capacity as Data Controller, guarantees confidentiality in the processing of all the personal data of the User to which it has access. The Data Controller, as well as any other person involved in any phase of the processing, is subject to the strictest professional secrecy, with a special commitment to adopt the necessary levels of protection and technical and organisational measures to ensure the security of personal data and prevent their alteration, misuse, loss, theft, unauthorised processing or unauthorised access.
All information provided to DISET by the User shall be truthful, and the User shall be solely responsible for any false or inaccurate statements made by the User and for any damage caused to DISET or third parties.
DISET reserves the right to exclude from the Services any User who has provided false information, without prejudice to any other appropriate legal action.
5. Data processing and purposes of processing
DISET will process the User’s data, manually and/or automatically, for the following specific purposes:
|Data processing||Purpose of the processing||Legal basis for the processing|
|Resolving queries||Responding to requests and queries made through the Contact form provided for this purpose on the Website.||Consent of the interested party|
Sending commercial and/or promotional communications in electronic format
|Sending commercial communications of activities, promotions, advertising, news, newsletters and other information about DISET products and services using electronic media.||Consent of the interested party|
In order to carry out the above purposes, we may rely on automated decisions, including profiling. In any event, we will only use the data necessary for profiling, which will be encrypted beforehand as a security measure.
6. Data processing by third parties and transfer
DISET will not disclose to third parties any personal information or data that you have provided on the Website that can directly or indirectly identify you, except as required by law.
If there is a sale, merger, consolidation, or change in control of the company, substantial transfer of assets, reorganisation or liquidation of DISET, then, at our discretion, we may transfer, sell, or assign the information gathered on this Website to one or more relevant parties.
7. Storage of personal data
The personal data will be kept for the time that is strictly necessary, until the end of the purpose for which they were collected, and as long as the cause continues to be that used to legitimise the processing of said personal data. Once the cause that legitimised the processing no longer exists, the personal data will be retained, properly blocked, for the necessary period of time to comply with the legal statute of limitations, in order to prevent any possible violations.
8. Direct marketing
will not use your personal data for direct marketing purposes without your express prior consent.
If at any time you decide to stop receiving marketing information from DISET, you may, free of charge and without having to provide any justification, unsubscribe from direct marketing campaigns and object to the future processing of your personal data for such purposes by sending an e-mail to firstname.lastname@example.org.
Please note that, even if you decide not to subscribe or to unsubscribe from commercial, promotional or newsletter emails, we may still need to contact you regarding important non-commercial information, and send any communications that are required in order to comply with our legal obligations.
9. Security measures
DISET adopts the security levels required by the GDPR which are appropriate to the nature of the data being processed at any given time. In this regard, it uses encryption techniques that do not allow a third party to trace the identity of the User who interacts with our services. Likewise, it may also carry out secure anonymisation techniques for personal data it processes to carry out its activity.
Notwithstanding the foregoing, technical security in an environment like Internet is not impregnable and misconduct by third parties may occur, although DISET may make all its best efforts through its available means to prevent such actions.
10. Rights of the interested parties and the exercising of them
In accordance with GDPR and LOPDGDD, users may exercise the following rights:
- Right to access: The user may ask DISET if it is processing their data, and if so, access them.
- Right to rectification: The user may request rectification if the data are inaccurate or complete the data that is incomplete.
- Right to request deletion of your data.
- Right to request restriction of processing: In this case we will only retain them for the exercise or defence of claims.
- Right to object to processing: DISET will no longer process personal data, with the exception that they must continue to be processed for legitimate reasons or for the exercise or defence of possible claims.
- Right to data portability: In the event that the user wishes his/her data to be processed by another data controller, DISET will facilitate the transfer of his/her data to the new data controller.
- Right not to be subject to a decision based solely on the automated processing of your personal data.
If the user has given its consent for a specific purpose, the user may withdraw it at any time, without affecting the lawfulness of the processing based on his/her prior consent before its withdrawal.
In whichever case, at the time the user exercises their right of deletion, all personal data linked to their account, as well as the information and content included in their profile will be deleted. In addition, if the user exercises the right to delete data necessary for DISET to provide services from the website, DISET will be obliged to end its relationship with the user, and will proceed to deactivate the account, with the user having no right of complaint.To exercise your rights, including that of filing a complaint if you believe that DISET is processing your data inappropriately, you should send a written communication to DISET‘s registered office or to the e-mail address email@example.com
You can use the templates and forms concerning the rights referred to above by addressing them to the official website of the Spanish Data Protection Agency (https://www.aepd.es/es/derechos-y-deberes/conoce-tus-derechos). If you consider that DISET is processing your personal data inappropriately, you can direct your complaint to this Supervisory Authority.
12. Governing law
The privacy of all information provided, both provided by the user through the means of requesting personal data, as well as accessible through the website, is regulated by the current data protection regulations, especially the GDPR and the LOPDGDD.