Política de Privacidade

This privacy policy applies to clients’ and/or cleanairspaces.com (the WEBSITE) users’ personal data, and the data controller is HUMAN WELLNESS SOLUTIONS, S.L. (the PROCESSOR).

APPLICABLE LAW
Our Privacy Policy has been designed according to REGULATION (EU) 2016/679 of the EUROPEAN PARLIAMENT and of the COUNCIL of 27 April 2016 on the protection of natural persons regarding the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (GDPR EU 2016/679) and, insofar as it does not contradict the above Regulation, by Organic Law 3/2018, of 5 December, on the Protection of Personal Data and guarantee of digital rights (LOPDGDD 3/2018).

By providing us with their data, the client and/or user declares that they have read and are aware of this Privacy Policy, giving their unequivocal and express consent to processing their personal data according to the purposes and terms expressed herein.

BASIC DATA PROTECTION INFORMATION
Data controller: HUMAN WELLNESS SOLUTIONS, S.L.
Purpose: contact the data subject, respond to requests for information received, send quotes for our air filtration systems and devices, AHU, ERV, HVAC systems, lighting and other equipment, provide the services requested and send commercial communications about our products and/or services by letter, telephone, email, SMS/MMS, WhatsApp, Telegram or other equivalent electronic means of communication, provided that the data subject has consented to the processing of their personal data for this purpose.
Legitimation: performance of a contract to which the data subject is a party or to implement pre-contractual measures at the data subject’s request. The legitimate interest of the CONTROLLER. Consent of the data subject.
Recipients: Data will not be passed on to third parties unless legally required to do so.
Rights: You may access, rectify and erase the data and other rights stated in the additional information, which you can exercise by contacting the data controller at info@cleanairspaces.com
ADDITIONAL DATA PROTECTION INFORMATION
The data controller is:

Identity: HUMAN WELLNESS SOLUTIONS, S.L.
Tax ID No.: B01807056
Postal address: Calle Pepita Barrientos 7 (Galia Litoral) – 29004 Málaga (España)
Telephone number: (+34) 951 571 866
Email: info@cleanairspaces.com
DATA PROTECTION OFFICER
The DATA CONTROLLER does not have a Data Protection Officer.

PURPOSE AND LEGAL BASIS FOR PROCESSING
a) General:

The DATA CONTROLLER will process the personal data provided by its clients and/or users for these purposes:

Purpose: administrative, commercial, accounting and tax management of the company, respond to requests for information received, answer queries, send quotes for our air filtration systems and devices, AHU, ERV, HVAC systems, lighting and other equipment, providing the services requested, and sending commercial communications about our products and/or services by letter, telephone, email, SMS/MMS, WhatsApp, Telegram or other equivalent electronic means of communication, provided that the data subject has consented to the processing of their personal data for this purpose.
Legal basis of this processing: Performance of a contract to which the data subject is a party or to implement pre-contractual measures at the data subject’s request. The legitimate interest of the CONTROLLER. The data subject’s consent, which may be withdrawn.
b) Electronic forms WEBSITE:

The DATA CONTROLLER processes the personal data provided by clients and/or users through the electronic forms to collect personal data on the WEBSITE for the purposes identified below:

As for the “Contact Form” and other queries (those that may be addressed through the email accounts listed on the WEBSITE):

Purpose: Contact the data subject, deal with requests for information received, answer queries raised and send commercial communications about our products and/or services by letter, telephone, email, SMS/MMS, WhatsApp or other equivalent electronic means of communication, provided that the data subject has consented to the processing of their personal data for this purpose.
Legal basis of this processing: The data subject’s consent, which may be withdrawn at any time.
When the data requested in the electronic forms are necessary, the DATA CONTROLLER will state this obligatory nature when collecting data from customers and/or users, and failure to provide them will mean that the corresponding request cannot be dealt with.

WHAT TYPE OF DATA DO WE PROCESS?
In terms of the above, we divide the Client data we process into these sources and categories:

a) Data provided directly by the client and/or user: data provided directly by the client and/or user, either when requesting the product and/or service by completing the electronic forms for the collection of personal data or in the paper format provided for this purpose, or data provided during the relationship. The client and/or user is responsible for its accuracy and up-to-dateness.

Identity data (name and surname, legal representative, tax identification number, passport, postal address, email, telephone, mobile phone, manual, handwritten or digitalised signature, social media profiles, IP addresses)
Economic data (bank details)
b) Data obtained from sources other than the client and/or user: data obtained from sources other than the client and/or user, either with their consent or by any other legal authorisation (legitimate interest, compliance with a legal obligation, etc.).

c) Data derived from the commercial relationship: data provided indirectly by the client and/or user as a result of the service and the maintenance of this activity. This category includes traffic data, the history of payments or contracted services, browsing data through the public Website or other similar data.

RECORDS OF PROCESSING ACTIVITIES
The personal data obtained from the client and/or user as a result of filling in the electronic forms on the WEBSITE form part of the DATA CONTROLLER’s Records of Processing Activities (RPA), which will be updated from time to time according to the Regulation EU 2016/679 and the LOPDGDD 3/2018.

ADDRESSEES
Data subjects’ personal data will be sent to the recipients stated below:

a) General:

The DATA CONTROLLER’s suppliers as processors, within the framework of the corresponding services (lawyers, accountants, tax consultants, labour consultants, transport agencies, suppliers, consultants and IT service providers).
Competent authorities and bodies, to the extent necessary for the fulfilment of legal obligations.
b) As for the “Contact Form” and other queries (those that may be addressed through the email accounts listed on the WEBSITE):

Data will not be passed on to third parties unless there is a legal obligation to do so.
TRANSFERS OF DATA TO THIRD COUNTRIES
There are no plans to transfer data to third countries without an adequate level of protection.
RETENTION PERIODS
Personal data will be retained:

a) General:

The data will be retained until the data subject requests their erasure and, where appropriate, for the years necessary to comply with legal obligations.
b) As for the “Contact Form” and other queries (those that may be addressed through the email accounts listed on the WEBSITE):

The personal data will be retained until the end of the relationship between the CONTROLLER and the client and/or user, unless the latter requests the erasure of the data beforehand, or until the data subject withdraws the consent given, without this affecting the lawfulness of the processing based on the consent before the withdrawal.

For this purpose, the data subject is reminded that he/she must inform the DATA CONTROLLER as the recipient to whom he/she communicates personal data, of any rectification or erasure of the data of his/her representatives, authorised persons and other contact persons.

Once the relationship has ended, insofar as the personal data of the data subjects are relevant for the DATA CONTROLLER’S responsibility against the clients and/or users, such data will be kept, duly blocked, at the disposal of the judicial authorities or competent public administrations to enforce any liabilities arising from the processing for the period of limitation of such liabilities.

DATA SUBJECTS’ RIGHTS
The clients and/or users of the WEBSITE may exercise the following rights before the DATA CONTROLLER, insofar as they are applicable: access to personal data, rectification, erasure (right to be forgotten), restriction of processing, data portability, opposition to processing and not to be subject to automated individual decisions and, when the processing is based on consent, the right to withdraw it at any time.

Clients and/or users may exercise these rights by a written and signed request sent the DATA CONTROLLER, Calle Pepita Barrientos 7 (Galia Litoral) – 29004 Málaga (Spain) or by email to info@cleanairspaces.com, attaching, in both cases, a legally valid proof of identity, such as a photocopy of the NIF/NIE or equivalent document, and clearly stating the right that he/she wishes to exercise.

Users may also lodge a complaint with the competent Control Authority (Spanish Data Protection Agency) on the aepd.es website if they observe that the processing does not comply with the regulations in force or if they consider that their rights have been violated regarding the protection of their personal data, especially when they have not obtained satisfaction in exercising their rights.

The DATA CONTROLLER will deal with these rights within one month, which may be extended to two months if the complexity of the request or the number of requests received so requires. This is notwithstanding the duty to retain specific data under the legal terms and until the possible liabilities arising from possible processing or, where appropriate, from a contractual relationship expire.

Besides the above, and regarding data protection regulations, users who so request may organise the destination of their data after their death.

COMMERCIAL COMMUNICATIONS
Unless the client and/or user opposes, by selecting the two consent boxes in the existing electronic forms, “I accept the processing of my data for the purposes stated in the basic data protection information” and “I give my consent to HUMAN WELLNESS SOLUTIONS, S.L. to send commercial communications of its products and/or services”, he/she authorises and grants his/her express consent to the commercial communications, by electronic means, related to the products and/or services offered by the DATA CONTROLLER.

The legal basis for this processing is the data subject’s consent, which may be revoked at any time.

According to Law 34/2002, of 11 July, on Information Society Services and Electronic Commerce (LSSICE), users are informed that if they do not wish to receive commercial communications, by electronic means, of our products and/or services, they may object to the processing of their data for promotional purposes, simply and freely, by sending an email to info@cleanairspaces.com, stating “UNSUBSCRIBE” or “DO NOT SEND” in the subject line of the message.

The personal data will be retained for as long as the business and professional relationship is maintained and for the years necessary to meet legal requirements.

VERACITY OF THE DATA PROVIDED BY DATA SUBJECTS
The client and/or user is responsible for the information provided when filling in the electronic forms on the WEBSITE or sending emails to the accounts under the cleanairspaces.com Internet domain being true and is responsible for the accuracy of all data provided and for keeping it updated to reflect a real situation. The client and/or user is also responsible for false or inaccurate information provided and the damage, inconvenience and problems that such inaccuracies may cause the DATA CONTROLLER or third parties.

SECURITY MEASURES
The DATA CONTROLLER warrants that it has implemented appropriate technical and organisational policies on the Website to apply the security measures established by the GDPR UE 2016/679 and the LOPDGDD 3/2018 to protect the rights and freedoms of clients and/users and has provided them with the appropriate information so that they can exercise them.

To protect individual rights, in particular concerning automated processing, and to be transparent with clients and/or users, the DATA CONTROLLER has established a policy setting out all such processing, the purposes of such processing, the legitimacy of such processing and also the instruments available to clients and/or users to enable them to exercise their rights.

The WEBSITE is developed with the WordPress content management system. It has an SSL encryption certificate activated for the entire domain, allowing users to send their personal data through electronic forms securely.

All information will be stored and managed with due confidentiality, applying the necessary computer security measures to prevent access to or improper use of your data, its manipulation, deterioration or loss.

However, the client and/or user should bear in mind that the security of computer systems is never absolute. When personal data is provided over the Internet, it may be collected without their consent and processed by unauthorised third parties. The DATA CONTROLLER declines any responsibility for the consequences of these acts for the user if he/she voluntarily published the information.

ACCEPTANCE AND CONSENT
The client and/or user declares to have been informed of the personal data protection terms, accepting and consenting to their processing by the DATA CONTROLLER in the manner and for the purposes stated in this Privacy Policy. Certain services on the WEBSITE may contain particular conditions with specific provisions on the protection of personal data.

CHANGES TO THIS PRIVACY POLICY
The DATA CONTROLLER reserves the right to change this Privacy Policy to adapt it to new legislation, jurisprudence, interpretation of the Spanish Data Protection Agency and industry practices.

In such cases, the DATA CONTROLLER will announce the changes introduced reasonably before implementing them on the Websites.

The Legal Notice may complement this Privacy Policy, Cookies Policy and the General Terms and Conditions of Contract, which, where appropriate, are included for certain services if such access involves any speciality in terms of personal data protection.