ABOUT PRIVACY AT PEPA BANDERA©
In accordance with the GDPR (EU) 2016/679 and the Organic Law 3/2018 on Data Protection and Guarantee of Digital Rights, we inform you that the data you provide will be processed by MARÍA JOSÉ GRANDE BRIHUEGA (hereinafter with the trade name of GRUPO PEPA BANDERA or PEPA BANDERA and/or PEPA PRIVÈ), as the Data Controller and included in its Records of Processing Activities, for the purpose of responding to your request, inquiry, and/or providing you with our services.
GRUPO PEPA BANDERA has a well-defined policy when it comes to preserving information security, privacy, and data protection. This applies to all devices that may in any way create a vulnerability in its information system, to the human resources that handle the information, to the information itself, to its transmission, and to the destruction of both devices and said information.
To achieve this, PEPA BANDERA has developed, among other measures, regular controls over external and internal personnel managing the applications, confidentiality agreements, data processing contracts, etc., and we offer you our information for greater transparency and peace of mind.
As a user of the website, you are informed that with the acceptance of this Privacy Policy and the consent you provide, we will have a legitimate basis for processing the personal data you provide through our site to respond to your request or provide you with our navigation services.
The data requested in the web forms are general in nature, essential for providing you the service and therefore mandatory (unless otherwise specified in the required field) to fulfill the established purposes. In any case, we remind you that, at your own risk, you must provide us with complete and truthful information.
USER COMMITMENTS.
As a user, you commit to providing information that is always truthful and that the data you communicate is accurate, updated, and complete, exonerating us from any issues arising from erroneously or mistakenly transferred data.
By communicating your data to us, you guarantee that you are over 18 years old, and if this is not the case, your legal guardians will be informed and must assume the responsibilities arising from any of these conditions not being met, including any resulting damages and losses.
WHAT DATA WE COLLECT.
In general, the data we process usually come from the user, but in case you provide data of third parties for any reason, although we exempt ourselves from any responsibility in these cases, by communicating them, you declare that you have the consent of the interested person, and that they are aware of this data processing policy.
The data we process may therefore be received directly from you as a user, your legal representative, third parties, or public administrations or organizations.
For the provision of our services, we will need to collect and, where applicable, process the following categories of personal data:
- Identifying data: name, surnames, and on some occasions, ID number.
- Contact data: postal address, email, and telephone.
Remember that we will never request bank or financial data.
LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA.
We inform you that our legal basis for processing the personal data you provide is explicit consent, without prejudice to legitimate interest to respond to your inquiries or requests.
At the time before contacting us and providing data, you have the possibility to grant us this consent. It is necessary for us to manage, where applicable, your registration as a client, respond to requests, inquiries, doubts, etc. It is also necessary for us to send you commercial communications and news of your interest.
If you are a job applicant, you must contact us by phone, and we will inform you how to send us your information.
The consent you grant us can be withdrawn at any time by emailing: info@pepabandera.es. In the event of withdrawing your consent, it will not affect the lawfulness of the processing carried out previously.
PURPOSE OF PROCESSING THE COLLECTED PERSONAL DATA.
The personal data provided through this website, which PEPA BANDERA is authorized to process, will be collected for the following purposes:
- Manage, process, and monitor contracted services.
- Respond to questions, requests, information, inquiries, etc.
- Understand your interest in our services.
- Request your opinion on our services for improvement purposes.
- Adapt our offer to your needs or preferences.
- Comply with our fiscal, administrative, accounting obligations, etc.
- Fulfill our obligation to provide information to public bodies.
- Send you news, suggestions, advertising, or information about products or services if you authorize us to do so.
- Conduct marketing actions, public relations, surveys, and advertising.
- Resolve conflicts or problems, including the exercise of legal actions.
- Prevent prohibited or illegal activities.
- Perform anonymous computations on access habits, usage, and activity of users.
Specifically, we inform you that we will not perform profile analysis or make decisions based exclusively on automated solutions that may affect legal situations. In the event that this changes, or we require some additional information, we will inform you in a timely manner, explain the necessity of it, and obtain your consent.
In principle, we will not collect especially sensitive or high-risk data, unless exceptionally you provide them for a specific need.
COMMUNICATION OF THE DATA YOU PROVIDE TO US.
The personal data you provide to us may be communicated to:
- Group companies under the PEPA BANDERA brand for any of the services they may provide.
- Data processors, as applicable, to cover the services entrusted to them on our behalf, such as card payment systems, consultancies, communication management, recruitment companies, and similar. One of our processors is IONOS CLOUD S.L.U., which provides hosting and website functionalities.
- Banking entities and intermediaries to carry out deposits or withdrawals, collections and payments, or refunds.
- Public Administrations in legally stipulated cases.
- State Security Forces and Corps.
The personal data of the user may be used for legal purposes by the Data Controller, in Courts, or in stages leading to possible legal actions arising from the misuse of this website or related services, so with this document, you become aware that the Data Controller may be obliged to disclose personal data upon request by public authorities.
WHERE WE STORE PERSONAL DATA. INTERNATIONAL DATA TRANSFERS.
The data are processed in the operational offices of the Data Controller and in any other electronic information storage location where the parties involved in the processing are located.
These data will be archived and stored in their computer systems in the case of automated processing, and in physical format, at the Data Controller’s registered office always within the European Union.
Depending on your location as a user, data transfers may involve transferring to a country different from yours. For more information about where such transferred data are processed, users can consult the section containing details about Personal Data processing.
In principle, PEPA BANDERA does not plan to carry out international data transfers, that is, outside the European Union, but in the event that this occurs, individuals will be informed about the legal basis for transferring data to a country outside the European Union or to any international organization governed by public international law or created by two or more countries, and about the security measures adopted by the Data Controller to safeguard their data.
If such transfers occur, the Data Controller will duly inform and adopt all necessary guarantees, carry out all legal procedures, and adopt the specifically provided clauses for this purpose.
RIGHTS UNDER DATA PROTECTION LAW AND HOW TO EXERCISE THEM.
As a user of our website, you have the right to exercise any of the following rights:
I. Right of Access
This right allows you to know the personal data of your ownership that we hold in our database, along with the purpose for which they were collected, the identity of the recipients of the data, the expected retention periods or the criteria used to determine them, and based on that, the existence of the right to request their rectification or deletion.
II. Right of Rectification
You may promptly rectify those personal data that are inaccurate or incomplete, even by providing an additional statement.
III. Right to Erasure/Suppression
You can exercise this right if you believe there is no legal basis for the processing, if the data is not necessary in relation to the purposes for which it was collected, or if you withdraw the consent initially given, and there is no other legal basis that legitimizes our processing or the processing is unlawful.
IV. Right to Object
You can object to the processing of your personal data in certain cases such as:
- When the processing is based on a public interest mission or on the legitimate interests of the controller or a third party.
- When the processing is intended for direct marketing purposes, including profiling.
- If your personal data are processed for direct marketing purposes, you can object to such processing at any time without providing any justification. To know if the Data Controller is processing personal data for direct marketing purposes, you can consult with them.
V. Right to Portability
According to this right, you can receive the personal data provided in a structured, commonly used, machine-readable, and interoperable format, and the right to transmit them to another data controller.
VI. Right to Restrict Processing
You can exercise the right to restrict the processing of your data, provided that one of the following conditions applies:
- You challenge the accuracy of the personal data.
- The processing is unlawful and you oppose the deletion of the personal data and request instead the restriction of its use.
- PEPA BANDERA no longer needs the personal data for the purposes of processing, but does need them for the formulation, exercise, or defense of claims.
- You oppose the processing while it is verified whether PEPA BANDERA’s legitimate reasons should prevail over yours.
You can exercise your rights free of charge by sending a written request to info@pepabandera.es, indicating the reference “Data Protection-Exercise Rights”, attaching a photocopy of your ID (or identification document from your country of origin). Likewise, you can go to the Spanish Data Protection Agency if you disagree with the processing, on their website: www.aepd.es
HOW LONG WE WILL KEEP THE DATA YOU PROVIDE US
In principle, unless a different period is imposed by law, we will keep the information for as long as necessary to provide you with the information you request or as long as our relationship is maintained.
The Data Controller may keep personal data for a longer period as long as you have given your consent for it, provided that you do not withdraw it.
If you give us consent to send you commercial publications, we may keep and use your data for as long as you wish to receive such information.
We also inform you that we will keep the data for as long as required by legal provisions and the statute of limitations for responsibilities to comply with our administrative, fiscal, labor, accounting obligations, etc.
If you wish to revoke the consent you give, you can exercise your right to deletion as permitted by current regulations, and the essential information will be blocked.
CONFIDENTIALITY OF INFORMATION
At PEPA BANDERA, we highly value the privacy of all individuals who are part of our clientele, those who collaborate with us, and/or those who are connected to our environment in any way.
Therefore, we take very seriously the privacy of the information you provide us or that we may collect. Without a doubt, we will treat the data provided by you in an absolutely confidential manner and in accordance with the orderly and good faith fulfillment of our duty of secrecy.
We assure you that within our proactive responsibility, we have adopted all necessary technical and organizational measures, seeking balanced protection within the state of the art and our capabilities in fulfilling our duties, establishing protocols by design and by default to prevent alteration, loss, processing, or unauthorized access to information.
DATA BREACH
While we adopt all measures within our reach, we cannot eliminate all risks and the possibility of a breach or incident occurring. Therefore, in the unlikely event that this happens, we will act according to the following guidelines:
- We will technically manage to prevent its effects from spreading.
- We will attempt to address the problem as soon as possible.
- We will communicate the facts if necessary to the Spanish Data Protection Agency within a maximum of 72 hours.
- We will inform you if you may suffer any minimal damage or are at risk for your rights. This communication may be made publicly and plainly through a website notice, social media notice, or your email.
- We will follow up and implement new measures to prevent it from happening again or to minimize the probability.
UPDATE: January 2023