In terms of data protection, UAS Gestión y Consultoría S.L. should be considered the Data Controller, regarding the files/processing activities identified in this policy, specifically in the section on Data Processing.
Below are the identifying details of the owner of this website:
Data Controller: UAS Gestión y Consultoría S.L.
Postal Address: Avenida de la Investigación s/n (PCTEX- Centro de Negocios), 06006 Badajoz
Email Address: firstname.lastname@example.org
Data Protection Officer
The person appointed to carry out the functions of the Data Protection Officer at UAS GESTIÓN Y CONSULTORÍA S.L. is UAS Gestión y Consultoría S.L., whose identifying details are as follows:
Postal address: Avenida de la Investigación s/n (PCTEX- Centro de Negocios), 06006 Badajoz.
E-mail address: email@example.com
The personal data that may be requested will only consist of the strictly necessary information to identify and address the request made by the data subject, hereinafter referred to as the data subject. This information will be treated in a fair, lawful, and transparent manner in relation to the data subject. Furthermore, personal data will be collected for specific, explicit, and legitimate purposes, and will not be further processed in a manner that is incompatible with those purposes.
The data collected from each data subject will be adequate, relevant, and not excessive in relation to the corresponding purposes for each case, and will be updated whenever necessary.
The data subject will be informed, prior to the collection of their data, of the general aspects regulated in this policy so that they can provide express, precise, and unequivocal consent for the processing of their data, in accordance with the following aspects.
Purposes of the processing.
The explicit purposes for which each of the treatments is carried out are stated in the information clauses incorporated in each of the data collection methods (web forms, paper forms, voice messages or posters, and information notes).
However, the personal data of the data subject will be processed solely for the purpose of providing an effective response and addressing the requests made by the user, as specified alongside the option, service, form, or data collection system used by the data subject.
As a general rule, prior to the processing of personal data, UAS Gestión y Consultoría S.L. obtains the express and unequivocal consent of the data subject by including informed consent clauses in the different information collection systems.
However, if the consent of the data subject is not required, the legal basis for the processing carried out by UAS Gestión y Consultoría S.L. is the existence of a specific law or regulation that authorizes or requires the processing of the data of the data subject.
As a general rule, UAS Gestión y Consultoría S.L. does not transfer or communicate data to third parties, except as required by law. However, if necessary, such data transfers or communications are communicated to the data subject through the informed consent clauses contained in the various data collection methods.
As a general rule, personal data is always collected directly from the data subject. However, in certain exceptions, data may be collected through third parties, entities, or services other than the data subject. In this regard, this information will be provided to the data subject through the informed consent clauses contained in the various information collection methods, within a reasonable period of time, no later than one month after obtaining the data.
The information collected from the data subject will be retained for as long as necessary to fulfill the purpose for which the personal data was collected. Once the purpose has been fulfilled, the data will be deleted. This deletion will result in the blocking of the data, being kept only available to the Public Administration, Courts, and Tribunals, to address any liabilities arising from the processing, during the statute of limitations of such liabilities. Once the aforementioned period has elapsed, the information will be destroyed.
For informational purposes, the following are the legal retention periods for information related to different matters:
|Documentation of a labor or social security||4 years||Article 21 of Royal Legislative Decree 5/2000, of August 4, which approves the revised text of the Law on Infractions and Penalties in the Social Order.|
|Accounting and tax documentation for mercantile purposes||6 years||Art. 30 Commercial Code|
|Accounting and tax documentation for tax purposes||4 years||Art. 66 to 70 General Tax Law|
|Access control to buildings||1 month||AEPD Instruction 1/1996|
|Video surveillance||1 month||AEPD Instruction 1/2006Organic Law 4/1997|
Rights of data subjects.
Data protection regulations grant a series of rights to data subjects, who are users of the website or users of UAS Gestión y Consultoría S.L.’s social media profiles.
The rights that are available to data subjects are as follows:
- Right of access: the right to obtain information on whether their own data is being processed, the purpose of the processing being carried out, the categories of data being processed, the recipients or categories of recipients, the retention period and the origin of such data.
- Right of rectification: the right to obtain the rectification of inaccurate or incomplete personal data.
- Right of deletion: the right to obtain the deletion of data in the following cases:
- When the data is no longer necessary for the purpose for which it was collected.
- When the owner of the data withdraws consent
- When the data subject objects to the processing
- When the data must be deleted in compliance with a legal obligation.
- When the data have been obtained by virtue of an information society service on the basis of art. 8 par. 1 of the European Data Protection Regulation.
- When the data subject contests the accuracy of the personal data, for a period of time that allows the company to verify the accuracy of the data.
- When the processing is unlawful and the data subject objects to the erasure of the data.
- When the company no longer needs the data for the purposes for which they were collected, but the data subject needs them for the formulation, exercise or defense of claims.
- When the data subject has objected to the processing while it is being verified whether the legitimate reasons of the company prevail over those of the data subject.
Data subjects may exercise the aforementioned rights by contacting UAS Gestión y Consultoría S.L. via written request sent to the following address: firstname.lastname@example.org, indicating the requested right in the subject line.
In this regard, UAS Gestión y Consultoría S.L. will respond to your request as soon as possible, taking into account the deadlines established in data protection regulations.
The security measures adopted by UAS Gestión y Consultoría S.L. are those required in accordance with Article 32 of the GDPR. In this regard, UAS Gestión y Consultoría S.L., taking into account the state of the art, the costs of implementation, the nature, scope, context, and purposes of the processing, as well as the varying likelihood and severity of the risks to the rights and freedoms of individuals, has established appropriate technical and organizational measures to ensure a level of security appropriate to the existing risk.
In any case, UAS Gestión y Consultoría S.L. has implemented sufficient mechanisms to:
- Ensure the ongoing confidentiality, integrity, availability, and resilience of the processing systems and services.
- Restore the availability and access to personal data promptly in the event of a physical or technical incident.
- Regularly verify, assess, and evaluate the effectiveness of the implemented technical and organizational measures to ensure the security of the processing.
- Pseudonymize and encrypt personal data, where applicable.