1. INFORMATION FOR USERS
This Privacy Policy applies to all personal data that you may provide FAL Calzados de Seguridad, S.A. by any means (website, email, phone, in person, online or paper forms, etc.).
You hereby guarantee the accuracy and truthfulness of the personal data provided, holding FAL Calzados de Seguridad, S.A. harmless of any responsibility or liability in this regard, and undertake to keep it duly up to date and to notify FAL Calzados de Seguridad, S.A. of any changes to them.
The services offered by FAL Calzados de Seguridad, S.A. are not intended for minors, so if you are under 18 years of age, we kindly ask you not to send us your personal information. If we receive personal information from people under 18 years of age, it will be deleted as soon as we become aware of it.
2. DATA CONTROLLER
Identity: FAL Calzados de Seguridad, S.A.
Tax ID Code (CIF): A26268508
Registered office: Avenida de Logroño, 21 bis - 26580 Arnedo (La Rioja)
Mailing address: Apartado de Correos nº, 42 - 26580 Arnedo (La Rioja)
Phone no.: +34 941 380 800
Email address: This email address is being protected from spambots. You need JavaScript enabled to view it.
3. PURPOSES, RETENTION PERIODS AND LAWFULNESS OF THE PROCESSING ACTIVITIES
FAL Calzados de Seguridad, S.A., as the Controller of the personal data provided by you as well as any data that you may provide in the future, hereby informs you that such data will be processed in accordance with the provisions of current legislation on personal data, and hereby provides the following information on processing:
CONTACT / ENQUIRIES
Purpose of processing: to respond to and follow up on enquiries, requests or petitions received, as well as to stay in touch with the people who have shown an interest in the company, their products or services.
Data storage criteria: data will be kept for the time necessary to process and respond to the query.
Lawfulness of the processing of data: Article 6.1.f of the GDPR) the lawful basis for processing the data is based on the Controller’s legitimate interest to deal with and respond to the messages or requests received.
PRO FORMA INVOICES / QUOTES
Purpose of processing: the preparation and delivery of pro forma invoices and/or quotes requested by Data Subjects, as well as their follow-up over the phone, remotely or in person.
Data storage criteria: data will be kept in the system indefinitely as long as you do not request its deletion.
Lawfulness of the processing of data: Article 6.1.f of the GDPR) the lawful basis for processing the data is based on the Controller’s legitimate interest to deal with and respond to the messages or requests received.
CUSTOMERS
Purpose of processing: customer management, maintenance of contractual and/or business relationships with them, as well as administrative, accounting and tax management (invoicing, collections, etc.) of the company and compliance with the legal obligations that all this implies. This includes the contact details of natural persons who provide services to a legal entity, including individual professionals.
Data storage criteria: data will be kept for as long as the contractual and/or business relationships between both parties remain and there is no request to delete it, and in case there is, for the time provided for in the regulations in force (tax, commercial, etc.) with regard to the statute of limitations for liability.
Lawfulness of the processing of data: Article 6.1.b of the GDPR) the lawful basis for processing the data is the performance and maintenance of contractual and/or business relationships between both parties, as well as compliance with the legal obligations (tax, commercial, etc.) that all this implies.
USER REGISTRATION
Purpose of processing: user management and to manage and enable the use of the different services offered on the website and/or through the Controller’s App.
Data storage criteria: data will be kept in the system indefinitely as long as you do not request its deletion.
Lawfulness of the processing of data: Article 6.1.a of the GDPR) the lawful basis for processing the data is the consent provided by you at the time you provide your data.
SUPPLIERS
Purpose of processing: supplier management, maintenance of contractual and/or business relationships with them, as well as administrative, accounting and tax management (invoicing, collections, etc.) of the company and compliance with the legal obligations that all this implies. This includes the contact details of natural persons who provide services to a legal entity, including individual professionals.
Data storage criteria: data will be kept for as long as the contractual and/or business relationships between both parties remain and there is no request to delete it, and in case there is, for the time provided for in the regulations in force (tax, commercial, etc.) with regard to the statute of limitations for liability.
Lawfulness of the processing of data: Article 6.1.b of the GDPR) the lawful basis for processing the data is the performance and maintenance of contractual and/or business relationships between both parties, as well as compliance with the legal obligations (tax, commercial, etc.) that all this implies.
NEWSLETTER SUBSCRIPTION
Purpose of processing: to manage the sending of newsletters about the Controller, its products and services.Data storage criteria: data will be kept in the system indefinitely as long as you do not request its deletion.
Lawfulness of the processing of data: Article 6.1.a of the GDPR) the lawful basis for processing the data is the consent provided by you at the time you subscribe to the newsletter.
SENDING OF COMMERCIAL COMMUNICATIONS
Purpose of processing: to send information by any means, whether by post or electronically, on offers and promotions, events and activities and other advertising information from the Controller.Data storage criteria: data will be kept in the system indefinitely as long as you do not request its deletion.
Lawfulness of the processing of data: Article 6.1.a of the GDPR) the sending of commercial information to customers is based on the Controller’s legitimate interest to send them commercial communications about products or services similar to those engaged and thus build loyalty. Article 6.1.a of the GDPR) the lawful basis for commercial communications to users who are not customers is the consent provided by you at the time your data is collected.
However, in either case, you have the right to object to such processing and may do so using any means described in this document. The withdrawal of such consent shall in no case affect the maintenance of business relationships, but the processing of data for this purpose done beforehand shall not become unlawful because consent has been revoked.
COMPETITIONS / PRIZE DRAWS / PROMOTIONS
Purpose of processing: to manage and organise the participation of Data Subjects in prize draws, competitions or promotions held by the Controller and the sending of any communications related to the organisation thereof and, in the event of winning a prize, the publication of the name and/or image in the media that the Controller deems appropriate, as well as its websites, social media profiles and promotional materials in general with the aim of publicising the Controller’s activities.Data storage criteria: data will be kept for as long as necessary for the purpose of processing, and when it is no longer necessary for this purpose, for the period of time provided for by applicable legislation on the statute of limitations for liability.
Lawfulness of the processing of data: Article 6.1.a of the GDPR) the lawful basis for processing the data is based on the informed consent requested at the time your data is collected for your participation. Article 6.1.a of the GDPR) publication of the data concerning the results of the competition/prize draw is based on the Controller’s legitimate interest in accordance with their interests to promote, distribute and hold the event.
SENDING OF CVS
Purpose of processing: filing and registration of documentation and CVs voluntarily provided by Data Subjects for future selection processes of candidates for job vacancies in the company.Data storage criteria: data will be kept for one year at most, after which time the data will be deleted, ensuring full respect of confidentiality, both during processing and its subsequent destruction. In this regard, once the aforementioned period has passed, and if you wish to continue participating in the Controller’s selection processes, we kindly ask you to send us your CV again.
Lawfulness of the processing of data: Article 6.1.a of the GDPR) the lawful basis for processing the data is the consent provided by you at the time you provide your data to participate in selection processes.
REGISTRATION OF ACCESS TO FACILITIES
Purpose of processing: control and management of people accessing the Controller’s facilities, in order to comply with occupational health and safety regulations.Data storage criteria: data will be kept for the time necessary to fulfil the purpose for which it was collected and to determine any possible responsibility or liability that may arise from that purpose and from the processing of the data. The provisions of occupational health and safety regulations shall apply.
Lawfulness of the processing of data: Article 6.1.f of the GDPR) the lawful basis for processing the data is the Controller’s legitimate interest to ensure compliance with occupational health and safety regulations, as well as compliance with the legal obligations that may be applicable.
VIDEO SURVEILLANCE
Purpose of processing: temporary storage of images taken by video surveillance cameras in order to preserve the security of people, property, facilities and goods.Data storage criteria: data will be kept for 30 DAYS at most, except when they must be kept to provide evidence for the commission of acts that violate the integrity of people, property or facilities, or are provided to the courts and national law enforcement agencies.
Lawfulness of the processing of data: Article 6.1.e of the GDPR) processing is necessary for the performance of a task carried out in the interest of the general public to ensure the security of people, property and facilities.
4. DISCLOSURE OF DATA
In general, personal data will not be disclosed to third parties, except in cases where there is a legal obligation to do so or where it is necessary for the provision of services or for the maintenance and development of relationships including, but not limited to:
- Relevant public authorities, in order to comply with applicable regulations.
- Financial/banking institutions, for the management of collections and payments.
- Transport companies, for the shipment of products.
- Service providers engaged by the Controller, which will have the status of Processor.
International transfers
FAL Calzados de Seguridad, S.A. has no plans to do any international data transfers. Where necessary, they shall only be made to recipients that are located in a country, territory or one or several specific areas within that country or international organisation that have been declared by the European Commission to have an adequate level of protection or that are covered by one of the appropriate safeguards provided for in Article 46.2 of Regulation (EU) 2016/679.
5. RIGHTS OF DATA SUBJECTS
Anyone has the right to obtain confirmation as to whether or not the Controller is processing personal data concerning them, as well as to revoke any consent they may have given for any specific purpose at any time, without this affecting the lawfulness of the processing based on consent done prior to its withdrawal.You may also exercise your rights of access, rectification, erasure, data portability, restriction and objection to processing, as well as not being subject to automated decision-making, where applicable.
How can you exercise these rights?
You may exercise your rights concerning the protection of personal data by sending a letter by mail or email to the Controller, indicating “EXERCISE OF RIGHTS UNDER LOPD”, including a photocopy of your Spanish ID card (DNI) or other equivalent ID document and stating your name and surname(s), the request being made, address for notification purposes, date and signature. You may also exercise your rights through a legal representative, in which case, in addition to your Spanish ID card (DNI), you will also need to provide the Spanish ID card (DNI) of the representative and a document granting third-party representation.
Upon request, we will provide you with the forms to exercise such rights, indicating which right you wish to exercise. What complaint procedures are available?
If you believe your rights have been breached or the processing of your data does not comply with applicable regulations, you have the right to lodge a complaint with the supervisory authority: Spanish Data Protection Agency (www.aepd.es).
6. SOCIAL MEDIA
We would like to inform you that you can find us in social media. The processing of the data of people who become followers and/or make any link or connection through the Controller’s official social media accounts shall be governed by this section, the rest of the Privacy Policy, as well as the Terms and Conditions of Use, privacy policies and other access, acceptable use and similar policies of the relevant social media site. The provider will process your data for the purposes of properly managing their presence on the relevant social media site, inform you of the activities, products and/or services of the Controller or third parties that may be related to our activities, as well as for any other purpose that the social media regulations may allow.
7. COOKIES
This Website may use cookies and other similar technologies such as local shared objects, flash cookies or web beacons, which are small files that some platforms such as websites can install on your equipment (computer, tablet, smartphone, etc.). Their functions may vary: storing browsing preferences, compiling statistical information, enabling certain technical functionalities, storing information about your browsing habits or your equipment, etc.Cookies are useful for several reasons. From a technical standpoint, they let websites run more smoothly and tailored to your preferences, such as storing your language or currency preferences, etc. They also help website owners improve their services and make the advertising displayed on them more efficient, thanks to statistical information or information on user habits collected through them.
It is necessary to obtain the users’ informed consent for the installation and use of certain cookies. The cookies that require users’ consent are, among others, analytical cookies, advertising cookies and affiliation cookies, with the exception of technical cookies and cookies that are strictly necessary for the website to run or to provide the services expressly requested by users.
You may set your browser to be alerted of the presence of cookies and to stop them from being installed on your computer. Please read your browser’s instructions for further information. For more information about cookies, please read our Cookie Policy.
8. MANDATORY OR OPTIONAL NATURE OF INFORMATION PROVIDED BY USERS
By ticking the relevant boxes and entering data in the fields marked as mandatory on the different forms, you expressly, freely and unequivocally agree that your data is necessary for the provider to deal with your request while the data in the remaining fields is provided on a voluntary basis.If not all data is provided, the Controller cannot warrant that the information and services provided will be completely suited to your needs.
9. SECURITY MEASURES
In accordance with the provisions of the current regulations on the protection of personal data, the CONTROLLER is complying with all the provisions in the GDPR and LOPDGDD for the processing of personal data under their responsibility, and specifically with the principles described in the GDPR and LOPDGDD, which is why it is processed lawfully, fairly and in a transparent manner in relation to the data subject and adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed.The CONTROLLER warrants that they have implemented the appropriate technical and organisational policies to apply the security measures set out in the GDPR and the LOPDGDD in order to protect the rights and freedoms of users and has disclosed the appropriate information to them so that they can exercise their rights.