PRIVACY POLICY
Introduction
This privacy policy has been developed taking into account the provisions of Organic Law 3/2018, of December 5, on the Protection of Personal Data and guarantee of digital rights in force, as well as by Regulation 2016/679 of Parliament Council and Council of April 27, 2016 regarding the protection of natural persons with regard to the processing of personal data and the circulation of these data, hereinafter RGPD.
The purpose of this Privacy Policy is to inform the owners of the personal data, regarding which information is being collected, the specific aspects related to the processing of their data, among other things, the purposes of the treatments, the data of contact to exercise the rights that assist you, the periods of conservation of the information and the security measures among other things.
Responsible for data processing
In terms of data protection, RAMOS DOMÍNGUEZ S.L., must be considered responsible for the Treatment, in relation to the files / treatments identified in this policy, specifically in the Data Treatment section.
Identifying data of the owner and data controller:
Registered name: RAMOS DOMÍNGUEZ S.L.
NIF: B21160155
Address: VIRGEN DEL PRADO, 49 – 21220 – HIGUERA DE LA SIERRA – Email: info@jamonesoroviejo.com
DPO Data: info@seinin.com
Data processing
The personal data that is requested, where appropriate, will consist only of those strictly essential to identify and attend the request made by the owner of the same, hereinafter the Interested Party. On the other hand, personal data will be collected for specific, explicit, and legitimate purposes, not being further processed in a manner incompatible with said purposes.
The data collected from each interested party will be adequate, pertinent, and not excessive in relation to the corresponding purposes for each case and will be updated whenever necessary.
The owner of the data will be informed, prior to the collection of their data, of the general points in this policy so that they can give express, precise, and unequivocal consent for the processing of their data, in accordance with the following aspects.
Applicable principles for processing of personal data
The processing of the User’s personal data will be subject to the following principles contained in article 5 of the RGPD and in article 4 and following of Organic Law 3/2018, of December 5, on the Protection of Personal Data and guarantee of the digital rights:
- Principle of legality, loyalty, and transparency: the consent of the User will be always required after completely transparent information on the purposes for which the personal data is collected.
- Principle of purpose limitation: personal data will be collected for specific, explicit, and legitimate purposes.
- Principle of data minimization: the personal data collected will only be those strictly necessary in relation to the purposes for which they are processed.
- Principle of accuracy: personal data must be accurate and always up to date.
- Principle of limitation of the conservation period: personal data will only be kept in a way that allows the identification of the User for the time necessary for the purposes of its treatment.
- Principle of integrity and confidentiality: personal data will be treated in a way that guarantees its security and confidentiality.
- Principle of proactive responsibility: the Data Controller will be responsible for ensuring that the above principles are met.
Personal data of legal minors
Respecting the provisions of articles 8 of the RGPD and 7 of Organic Law 3/2018, of December 5, on the Protection of Personal Data and guarantee of digital rights, only those over 14 years of age may grant their consent for the treatment of your personal data in a lawful way by RAMOS DOMÍNGUEZ S.L.. If it is a child under 14 years of age, the consent of the parents or guardians will be necessary for the treatment, and this will only be considered lawful to the extent that they have authorized it.
Purpose of data processing
The explicit purposes for which each of the treatments are carried out are included in the informative clauses incorporated in each of the data collection channels (web forms, paper forms, voiceovers or posters and informative notes).
However, the personal data of the interested party will be treated with the sole purpose of providing them with an effective response and meeting the requests made by the user, specified together with the option, service, form or data collection system that the owner uses.
Legitimization
As a general rule, prior to the processing of personal data, RAMOS DOMÍNGUEZ S.L. obtains the express and unequivocal consent of the owner thereof, by incorporating informed consent clauses in the different information collection systems.
However, if the consent of the interested party is not required, the legitimizing basis of the treatment on which RAMOS DOMÍNGUEZ S.L. It is the existence of a specific Law or regulation that authorizes or requires the processing of the data of the interested party.
Third party
Generally, RAMOS DOMÍNGUEZ S.L. does not proceed to the transfer or communication of data to third parties, except those legally required, however, if necessary, said transfers or data communications are informed to the interested party through informed consent clauses contained in the different ways of collecting personal data.
Origin
As a rule, personal data is always collected directly from the interested party, however, in certain exceptions, the data may be collected through third parties, entities or services other than the interested party. In this sense, this end will be transferred to the interested party through the informed consent clauses contained in the different information collection channels and within a reasonable period, once the data has been obtained, and at the latest within one month.
Data preservation deadline
The information collected from the interested party will be kept as long as it is necessary to fulfill the purpose for which the personal data were collected, so that, once the purpose is fulfilled, the data will be canceled. Said cancellation will lead to the blocking of the data, keeping it only at the disposal of the Public Administrations, Judges and Courts, to attend to the possible responsibilities arising from the treatment, during the prescription period of these, once the period has elapsed, the information will be destroyed.
For information purposes, the legal terms for the conservation of information in relation to the different matters are set out below:
- DOCUMENT: Documentation of a labor nature or related to social security. TERM: 4 years. REF. LEGAL: Article 21 of Royal Legislative Decree 5/2000, of August 4, which approves the revised text of the Law on Infractions and Sanctions in the Social Order.
- DOCUMENT: Accounting and tax documentation for commercial purposes. TERM: 6 years. REF. LEGAL: Art. 30 Commercial Code.
- DOCUMENT: Accounting and tax documentation for tax purposes. TERM: 4 years. REF. LEGAL: Articles 66 to 70 General Tax Law.
- DOCUMENT: Building access control. TERM: 1 month. REF. LEGAL: Instruction 1/1996 of the AEPD.
- DOCUMENT: Video surveillance. TERM: 1 month. REF. LEGAL: Instruction 1/2006 of the AEPD Organic Law 4/199.
Navigational data
In relation to the browsing data that can be processed through the website, if data subject to the regulations is collected, it is recommended to consult the Cookies Policy published on our website.
Beneficiary Rights
The data protection regulations grant a series of rights to the interested parties or owners of the data, users of the website or users of the profiles of the social networks of RAMOS DOMÍNGUEZ S.L..
These rights that assist interested persons are the following:
- Right of access: right to obtain information on whether your own data is being processed, the purpose of the processing being carried out, the categories of data in question, the recipients or categories of recipients, the retention period and the origin of said data.
- Right of rectification: right to obtain the rectification of inaccurate or incomplete personal data.
- Right of deletion: right to obtain the deletion of the data in the following cases
- When the data is no longer necessary for the purpose for which it was collected.
- When the owner of the same withdraws the consent.
- When the interested party opposes the treatment.
- When they must be deleted in compliance with a legal obligation.
- When the data have been obtained by virtue of an information society service in accordance with the provisions of art. 8, apt. 1 of the European Regulation on Data Protection.
- Right of opposition: right to oppose a certain treatment based on the consent of the interested party.
- Right of limitation: right to obtain the limitation of the data processing when any of the following cases occurs:
- When the interested party challenges the accuracy of the personal data, during a period that allows the company to verify the accuracy of the same.
- When the treatment is illegal, and the interested party opposes the deletion of the data.
- When the company no longer needs the data for the purposes for which they were collected, but the interested party needs them for the formulation, exercise, or defense of claims.
- When the interested party has opposed the treatment while verifying if the legitimate reasons of the company prevail over those of the interested party.
- Right to portability: the right to obtain the data in a structured, commonly used, and machine-readable form, and to transmit them to another data controller when:
- The treatment is based on consent.
- The treatment is carried out by automated means.
- Right to file a claim with the competent control authority.
Interested parties may exercise the indicated rights by writing to RAMOS DOMÍNGUEZ S.L., sent to the following address: info@jamonesoroviejo.com, indicating in the Subject line the right they wish to exercise.
In this sense, RAMOS DOMÍNGUEZ S.L. will respond to your request as soon as possible and considering the deadlines provided in the regulations on data protection.
Security
The security measures adopted by RAMOS DOMÍNGUEZ S.L. are those required, in accordance with the provisions of article 32 of the RGPD. In this sense, RAMOS DOMÍNGUEZ SL, considering the state of the art, the costs of application and the nature, scope, context and purposes of the treatment, as well as the risks of variable probability and severity for the rights and the freedoms of natural persons, has established the appropriate technical and organizational measures to guarantee the level of security appropriate to the existing risk.
In any case, RAMOS DOMÍNGUEZ S.L. has sufficient mechanisms in place to:
- Guarantee the confidentiality, integrity, availability and permanent resilience of the treatment systems and services.
- Restore the availability and access to personal data quickly, in the event of a physical or technical incident.
- Verify, evaluate, and assess on a regular basis, the effectiveness of the technical and organizational measures implemented to guarantee the security of the treatment.
- Pseudonymize and encrypt personal data, if applicable.