Privacy Policy
Data Controllers
- Data Controller: NUMA TEXTIL, S.L.
- VAT Number: B15396088
- Address: Polígono Industrial de Bergondo, c/ Parroquia de Lubre, parc. G-21, 15165 Bergondo (A Coruña)
- Email for exercising rights: info@numatextil.com
Purposes and Legal Bases
By providing the basic information on data protection through each of the data collection channels, the following additional information is provided regarding the purposes, legal bases, and other information of the following files or processing activities:
Web Users and E-commerce
Personal data is collected through the website for various purposes, including but not limited to:
- Contact section for inquiries, complaints, suggestions, or claims
- Analysis of browsing habits through analytical cookies (see Cookie Policy published on the website)
- Online product sales
The lawfulness of the processing is based on Article 6.1.a. GDPR "the data subject has given consent to the processing of their personal data for one or more specific purposes" and Article 6.1.b. GDPR "processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract."
Advertising / Marketing
Data will be collected for the management of advertising and marketing actions.
The lawfulness of the processing is based on Article 6.1.a. GDPR "the data subject has given consent to the processing of their personal data for one or more specific purposes."
Web User Registration
Personal data is collected through the website for various purposes, including but not limited to:
- Contact section for submitting inquiries, complaints, suggestions, or claims
- Analysis of browsing habits through analytical cookies (see Cookie Policy published on the website)
- Online product sales
The lawfulness of the processing is based on Article 6.1.a. GDPR "the data subject has given consent to the processing of their personal data for one or more specific purposes" and Article 6.1.b. GDPR "processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract."
Data transfers or disclosures
In order to manage certain services offered by the entity, it may be necessary to allow access to certain data by third-party service providers contracted for this purpose. In this regard, the entity enters into the respective necessary data processor contracts and has provided precise instructions to the different service providers or data processors to ensure the security and integrity of the data to which they have access in the provision of the contracted service.
Data Retention Period
In addition to the basic information provided through each data collection channel, the following additional information is provided regarding the data retention period for the following processes:
- Clients: The data will be retained until the termination of the contractual relationship and will be appropriately blocked during the statutory limitation periods for any potential liabilities (6 years).
- Potential clients: The data will be retained for 1 year.
- Suppliers: The data will be retained until the termination of the contractual relationship and will be appropriately blocked during the statutory limitation periods for any potential liabilities (6 years).
- Professional contacts: The data will be retained as long as the individuals remain employed by the company with which commercial relationships are maintained.
- Personnel: The data will be retained until the termination of the contractual relationship and will be appropriately blocked during the statutory limitation periods for any potential liabilities (5 years).
- Curriculum Vitae: The data will be retained for 1 year.
- Video surveillance: The data will be retained for 1 month.
- Web users and e-commerce: The data will be retained for the duration of their request processing (contact).
- Advertising/marketing: The data will be retained until the user requests unsubscribing from the service.
- Web user registration: The data will be retained for the duration of their request processing (contact).
Profiles and International Data Transfers
No profiles or international data transfers will be conducted.
Revocation of Consent
In cases where the processing of personal data is based on consent, data subjects are informed of their right to withdraw their consent at any time, easily and free of charge, by sending a written request to the address of the data controller or through clientes@berthahogar.com. The revocation of consent will not affect the lawfulness of the processing based on consent prior to its withdrawal.
Rights of the Interested Parties
Data protection regulations grant certain rights to the interested parties or data subjects. These rights include the following:
- Right of access: The right to obtain information on whether their own data is being processed, the purpose of the processing, the categories of data involved, the recipients or categories of recipients, the retention period, and the origin of such data.
- Right of rectification: The right to have inaccurate or incomplete personal data corrected.
- Right of objection: The right to object to a specific processing based on consent.
-
Right of erasure: The right to have data erased in the following cases:
- When the data is no longer necessary for the purpose for which it was collected.
- When the data subject withdraws their consent.
- When the data subject objects to the processing.
- When the data must be deleted in compliance with a legal obligation.
- When the data has been obtained in accordance with the provisions of Article 8(1) of the European Data Protection Regulation, concerning information society services.
-
Right of restriction: The right to restrict the processing of data in the following cases:
- When the data subject contests the accuracy of the personal data, for a period that allows the company to verify its accuracy.
- When the processing is unlawful and the data subject opposes the erasure of the data.
- When the company no longer needs the data for the purposes for which it was collected, but the data subject requires it for the establishment, exercise, or defense of legal claims.
- When the data subject has objected to the processing pending the verification of whether the company's legitimate grounds override those of the data subject.
-
Right to data portability: The right, in cases where the processing is carried out by automated means, to receive personal data in a structured, commonly used, machine-readable format, and to transmit it to another data controller, provided that the processing is based on consent or is necessary for the performance of a contract.
- This right, by its nature, does not apply when the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
-
Right not to be subject to automated individual decision-making: The right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning the data subject or similarly significantly affects them.
This right shall not apply in the following cases:
- When it is necessary for the conclusion or performance of a contract between you and the controller.
- When the processing of your data is based on your previously given consent.
* In these two cases, the controller must ensure that the data subject has the right to human intervention, to express their point of view, and to contest the decision.
- When it is authorized by Union or Member State law, and appropriate measures are in place to safeguard the data subject's rights, freedoms, and legitimate interests.
* Furthermore, these exceptions shall not apply to special categories of data (Article 9(1)), unless Article 9(2)(a) or (g) applies and the appropriate measures mentioned in the preceding paragraph have been taken.
Interested parties can exercise the aforementioned rights by contacting the entity through a written request sent to info@numatextil.com, indicating the right they wish to exercise in the subject line, or by sending their request to the postal address of the relevant company.
In this regard, the entity will respond to the request as soon as possible, taking into account the deadlines provided for in data protection regulations. It should also be noted that the interested party or data subject may at any time lodge a complaint with the Spanish Data Protection Agency at www.aepd.es.
Security
The security measures adopted by the entity are those required in accordance with Article 32 of the GDPR. In this regard, the entity, taking into account the state of the art, the costs of implementation, and the nature, scope, context, and purposes of the processing, as well as the varying risks of probability and severity for the rights and freedoms of individuals, has established appropriate technical and organizational measures to ensure the level of security appropriate to the existing risk.
In any case, the entity has implemented sufficient mechanisms to:
- Ensure the permanent confidentiality, integrity, availability, and resilience of the systems and processing services.
- Restore the availability and access to personal data quickly in the event of a physical or technical incident.
- Regularly verify, assess, and evaluate the effectiveness of the technical and organizational measures implemented to ensure the security of the processing.
- Pseudonymize and encrypt personal data, where applicable.
Cookies
A cookie is a file or device that is downloaded onto a user's terminal equipment for the purpose of storing data that can be updated and retrieved by the entity responsible for its installation. In other words, it is a file that is downloaded onto your computer when you access certain websites. For more information, please refer to our Cookie Policy.