BASIC DATA PROTECTION INFORMATION
Data controller: HUMAN WELLNESS SOLUTIONS, S.L.
Purpose: contact the data subject, respond to requests for information received, send quotes for our air filtration systems and devices, AHU, ERV, HVAC systems, lighting and other equipment, provide the services requested and send commercial communications about our products and/or services by letter, telephone, email, SMS/MMS, WhatsApp, Telegram or other equivalent electronic means of communication, provided that the data subject has consented to the processing of their personal data for this purpose.
Legitimation: performance of a contract to which the data subject is a party or to implement pre-contractual measures at the data subject’s request. The legitimate interest of the CONTROLLER. Consent of the data subject.
Recipients: Data will not be passed on to third parties unless legally required to do so.
Rights: You may access, rectify and erase the data and other rights stated in the additional information, which you can exercise by contacting the data controller at firstname.lastname@example.org
ADDITIONAL DATA PROTECTION INFORMATION
The data controller is:
Identity: HUMAN WELLNESS SOLUTIONS, S.L.
Tax ID No.: B01807056
Postal address: Calle Pepita Barrientos 7 (Galia Litoral) – 29004 Málaga (España)
Telephone number: (+34) 951 571 866
DATA PROTECTION OFFICER
The DATA CONTROLLER does not have a Data Protection Officer.
PURPOSE AND LEGAL BASIS FOR PROCESSING
The DATA CONTROLLER will process the personal data provided by its clients and/or users for these purposes:
Purpose: administrative, commercial, accounting and tax management of the company, respond to requests for information received, answer queries, send quotes for our air filtration systems and devices, AHU, ERV, HVAC systems, lighting and other equipment, providing the services requested, and sending commercial communications about our products and/or services by letter, telephone, email, SMS/MMS, WhatsApp, Telegram or other equivalent electronic means of communication, provided that the data subject has consented to the processing of their personal data for this purpose.
Legal basis of this processing: Performance of a contract to which the data subject is a party or to implement pre-contractual measures at the data subject’s request. The legitimate interest of the CONTROLLER. The data subject’s consent, which may be withdrawn.
b) Electronic forms WEBSITE:
The DATA CONTROLLER processes the personal data provided by clients and/or users through the electronic forms to collect personal data on the WEBSITE for the purposes identified below:
As for the “Contact Form” and other queries (those that may be addressed through the email accounts listed on the WEBSITE):
Purpose: Contact the data subject, deal with requests for information received, answer queries raised and send commercial communications about our products and/or services by letter, telephone, email, SMS/MMS, WhatsApp or other equivalent electronic means of communication, provided that the data subject has consented to the processing of their personal data for this purpose.
Legal basis of this processing: The data subject’s consent, which may be withdrawn at any time.
When the data requested in the electronic forms are necessary, the DATA CONTROLLER will state this obligatory nature when collecting data from customers and/or users, and failure to provide them will mean that the corresponding request cannot be dealt with.
WHAT TYPE OF DATA DO WE PROCESS?
In terms of the above, we divide the Client data we process into these sources and categories:
a) Data provided directly by the client and/or user: data provided directly by the client and/or user, either when requesting the product and/or service by completing the electronic forms for the collection of personal data or in the paper format provided for this purpose, or data provided during the relationship. The client and/or user is responsible for its accuracy and up-to-dateness.
Identity data (name and surname, legal representative, tax identification number, passport, postal address, email, telephone, mobile phone, manual, handwritten or digitalised signature, social media profiles, IP addresses)
Economic data (bank details)
b) Data obtained from sources other than the client and/or user: data obtained from sources other than the client and/or user, either with their consent or by any other legal authorisation (legitimate interest, compliance with a legal obligation, etc.).
c) Data derived from the commercial relationship: data provided indirectly by the client and/or user as a result of the service and the maintenance of this activity. This category includes traffic data, the history of payments or contracted services, browsing data through the public Website or other similar data.
RECORDS OF PROCESSING ACTIVITIES
The personal data obtained from the client and/or user as a result of filling in the electronic forms on the WEBSITE form part of the DATA CONTROLLER’s Records of Processing Activities (RPA), which will be updated from time to time according to the Regulation EU 2016/679 and the LOPDGDD 3/2018.
Data subjects’ personal data will be sent to the recipients stated below:
The DATA CONTROLLER’s suppliers as processors, within the framework of the corresponding services (lawyers, accountants, tax consultants, labour consultants, transport agencies, suppliers, consultants and IT service providers).
Competent authorities and bodies, to the extent necessary for the fulfilment of legal obligations.
b) As for the “Contact Form” and other queries (those that may be addressed through the email accounts listed on the WEBSITE):
Data will not be passed on to third parties unless there is a legal obligation to do so.
TRANSFERS OF DATA TO THIRD COUNTRIES
There are no plans to transfer data to third countries without an adequate level of protection.
Personal data will be retained:
The data will be retained until the data subject requests their erasure and, where appropriate, for the years necessary to comply with legal obligations.
b) As for the “Contact Form” and other queries (those that may be addressed through the email accounts listed on the WEBSITE):
The personal data will be retained until the end of the relationship between the CONTROLLER and the client and/or user, unless the latter requests the erasure of the data beforehand, or until the data subject withdraws the consent given, without this affecting the lawfulness of the processing based on the consent before the withdrawal.
For this purpose, the data subject is reminded that he/she must inform the DATA CONTROLLER as the recipient to whom he/she communicates personal data, of any rectification or erasure of the data of his/her representatives, authorised persons and other contact persons.
Once the relationship has ended, insofar as the personal data of the data subjects are relevant for the DATA CONTROLLER’S responsibility against the clients and/or users, such data will be kept, duly blocked, at the disposal of the judicial authorities or competent public administrations to enforce any liabilities arising from the processing for the period of limitation of such liabilities.
DATA SUBJECTS’ RIGHTS
The clients and/or users of the WEBSITE may exercise the following rights before the DATA CONTROLLER, insofar as they are applicable: access to personal data, rectification, erasure (right to be forgotten), restriction of processing, data portability, opposition to processing and not to be subject to automated individual decisions and, when the processing is based on consent, the right to withdraw it at any time.
Clients and/or users may exercise these rights by a written and signed request sent the DATA CONTROLLER, Calle Pepita Barrientos 7 (Galia Litoral) – 29004 Málaga (Spain) or by email to email@example.com, attaching, in both cases, a legally valid proof of identity, such as a photocopy of the NIF/NIE or equivalent document, and clearly stating the right that he/she wishes to exercise.
Users may also lodge a complaint with the competent Control Authority (Spanish Data Protection Agency) on the aepd.es website if they observe that the processing does not comply with the regulations in force or if they consider that their rights have been violated regarding the protection of their personal data, especially when they have not obtained satisfaction in exercising their rights.
The DATA CONTROLLER will deal with these rights within one month, which may be extended to two months if the complexity of the request or the number of requests received so requires. This is notwithstanding the duty to retain specific data under the legal terms and until the possible liabilities arising from possible processing or, where appropriate, from a contractual relationship expire.
Besides the above, and regarding data protection regulations, users who so request may organise the destination of their data after their death.
Unless the client and/or user opposes, by selecting the two consent boxes in the existing electronic forms, “I accept the processing of my data for the purposes stated in the basic data protection information” and “I give my consent to HUMAN WELLNESS SOLUTIONS, S.L. to send commercial communications of its products and/or services”, he/she authorises and grants his/her express consent to the commercial communications, by electronic means, related to the products and/or services offered by the DATA CONTROLLER.
The legal basis for this processing is the data subject’s consent, which may be revoked at any time.
According to Law 34/2002, of 11 July, on Information Society Services and Electronic Commerce (LSSICE), users are informed that if they do not wish to receive commercial communications, by electronic means, of our products and/or services, they may object to the processing of their data for promotional purposes, simply and freely, by sending an email to firstname.lastname@example.org, stating “UNSUBSCRIBE” or “DO NOT SEND” in the subject line of the message.
The personal data will be retained for as long as the business and professional relationship is maintained and for the years necessary to meet legal requirements.
VERACITY OF THE DATA PROVIDED BY DATA SUBJECTS
The client and/or user is responsible for the information provided when filling in the electronic forms on the WEBSITE or sending emails to the accounts under the cleanairspaces.com Internet domain being true and is responsible for the accuracy of all data provided and for keeping it updated to reflect a real situation. The client and/or user is also responsible for false or inaccurate information provided and the damage, inconvenience and problems that such inaccuracies may cause the DATA CONTROLLER or third parties.
The DATA CONTROLLER warrants that it has implemented appropriate technical and organisational policies on the Website to apply the security measures established by the GDPR UE 2016/679 and the LOPDGDD 3/2018 to protect the rights and freedoms of clients and/users and has provided them with the appropriate information so that they can exercise them.
To protect individual rights, in particular concerning automated processing, and to be transparent with clients and/or users, the DATA CONTROLLER has established a policy setting out all such processing, the purposes of such processing, the legitimacy of such processing and also the instruments available to clients and/or users to enable them to exercise their rights.
The WEBSITE is developed with the WordPress content management system. It has an SSL encryption certificate activated for the entire domain, allowing users to send their personal data through electronic forms securely.
All information will be stored and managed with due confidentiality, applying the necessary computer security measures to prevent access to or improper use of your data, its manipulation, deterioration or loss.
However, the client and/or user should bear in mind that the security of computer systems is never absolute. When personal data is provided over the Internet, it may be collected without their consent and processed by unauthorised third parties. The DATA CONTROLLER declines any responsibility for the consequences of these acts for the user if he/she voluntarily published the information.
ACCEPTANCE AND CONSENT
In such cases, the DATA CONTROLLER will announce the changes introduced reasonably before implementing them on the Websites.
DEFINITION AND GENERIC FUNCTION OF COOKIES
The PROVIDER, owner of this website, informs that cookies and/or similar technologies are used to store and retrieve information when you browse. In general, these technologies can be used for various purposes, such as recognising you as a user, obtaining information about your browsing habits, or personalising how content is displayed. The specific uses we make of these technologies are described below.
INFORMATION ON THE TYPE OF COOKIES USED AND THEIR PURPOSE
Technical: These are necessary for browsing and the proper functioning of our website. They allow, for example, to control traffic and data communication, access to restricted areas, carry out the purchase process of an order, use security elements, store content to broadcast videos or share content through social media.
Personalisation: They allow you to access the service with a set of general predefined features according to a set of criteria, such as the language, the browser used to access the service, the regional configuration from which the service is accessed, etc.
Analysis cookies: They are cookies processed by third parties or us and let us know the number of users we receive and allow us to measure and conduct statistical analysis on how our users use the offered service. Users’ browsing on our Website is analysed to improve our products or services offering.
Advertising: These are those that allow managing, efficiently, the advertising spaces that may be included on our Website.
Behavioural advertising: these are those which, processed by third parties or by us, allow us to analyse your browsing habits on the Internet to show you advertising related to your browsing profile.
The information obtained by cookies is processed only by our editor and/or by third parties whom our editor has hired to provide a service that requires cookies.
First-party cookies: They are those that are sent to your computer from our computers or domains and from which we provide the service you request.
Third-party cookies: They are those that are sent to your computer from a computer or domain not managed by us but by another collaborating company. Such as, for example, those used by social media or external content such as Google Maps. Third-party cookies tell us the number of users we receive and allow us to measure and conduct statistical analysis on how our users use the offered service. Users’ browsing on our Website is analysed to improve our products or services offering. Meet the third parties HERE
HOW CAN I SET OR DISABLE COOKIES?
You can allow or block cookies and delete your browsing data (including cookies) from the browser you use. Please refer to the options and instructions provided by your browser for this. If you accept third-party cookies, you will need to delete them from your browser options.
WE DO NOT TRANSFER DATA TO THIRD COUNTRIES
OUR PROFILING INVOLVES AUTOMATED DECISIONS THAT HAVE A LEGAL EFFECT ON THE USER OR SIGNIFICANTLY AFFECT THE USER IN A SIMILAR WAY.
DATA RETENTION PERIODS
Data retention period for the different purposes under the terms of Article 13.2 a) of the GDPR:
Session cookies: These are temporary cookies that remain in your browser’s cookie file until you leave the Website, so none of them remains registered on your computer’s hard drive. The information obtained through these cookies is used to analyse web traffic patterns. Ultimately, this allows us to provide a better experience to improve the content and make it easier to use.
Persistent cookies: These are stored on your hard drive, and our website reads them each time you visit our site. A persistent cookie has a fixed expiry date. The cookie will stop working after that date. We generally use these cookies to facilitate shopping and registration services.