privacy-policy

 

>>>

Epigraph Basic information (1st layer, summarized) Additional information (2nd layer, detailed)
 

Responsible

the processing of personal data

ONIAD ADVERTISING S.L CIF: B99501751

Address: Avda. del Rosario nº 8, Edif. Nodriza. 50410, Cuarte de Huerva, (Zaragoza) rgpd@grupoarelux.com

 

 

+ information

Purpose

the processing of personal data

Provision of e-commerce and online marketing services Sending information about our products and services  

+ information

 

 

Legitimation

the processing of personal data

We process your data to comply with a legal obligation, to provide the services we are required to provide, to manage sales of our products, to provide contracted services or for legitimate purposes, such as making our activity known  

 

 

+ information

 

“Recipients” (of assignments or transfers)

Cessions

– Competent public administration (Social Security, Tax Agency, other…)

– Banks/Financial institutions

 

+ information

 

 

 

Rights of clients and users

We recognize our customers and users their rights of access, rectification, deletion and portability of their data, and the limitation or opposition to their processing, which can be exercised in the manner legally provided at the addresses above  

 

 

+ information

 

 

 

Responsible for processing of personal data

ONIAD ADVERTISING S.L CIF: B99501751

Address: Avda. del Rosario nº 8, Edif. Nodriza. 50410, Cuarte de Huerva, (Zaragoza)

Email: rgpd@grupoarelux.com Activity:

Representante legal en España:

 

Purpose of the processing of personal data

Provision of e-commerce and online marketing services

Sending information about our products and services

 

 

 

 

 

 

 

Legitimation of the processing of personal data

We treat your data to comply with a legal obligation, to provide the services we are required to provide, to manage the sales of our products or for legitimate purposes such as publicizing our activity.

Obligation or not to provide data and consequences of not doing so: You must answer all questions raised or give all the information requested because otherwise the operation can not be performed or not provide the services requested. No more information is requested than is strictly necessary for the purposes for which it is intended.

Data retention periods or criteria: Those stipulated by tax legislation with respect to the prescription of responsibilities and those stipulated by civil or mercantile legislation for claiming payments or proving the correct provision of the service or the operation carried out.

Automated decisions, profiles and applied logic: Not adopted

– You have the right to withdraw your consent

– You have the right to complain to the Supervisory Authority. In Spain the Spanish Data Protection Agency (www.agpd.es)

 

Recipients of personal data communications

– Competent public administration (Social Security, Tax Agency, other…)

– Banks/Financial Institutions

 

There are no international transfers of personal data outside of authorized cases.

 

 

 

Rights of customers and users

We recognize our customers and users their rights of access, rectification, deletion and portability of their data, and the limitation or opposition to its processing, which can be exercised in the manner legally provided at the addresses indicated above. See our procedure for rights of control of personal data by its holders here:

CONTROL RIGHTS MANAGEMENT PROCEDURE OF ThOS INTERESTED IN YOUR PERSONAL DATA.

 

CONTROL RIGHTS MANAGEMENT PROCEDURE OF THE INTERESTED TO THEIR PERSONAL DATA.

PROCEDURE FOR THE EXERCISE OF THE RIGHT OF ACCESS

  1. A person interested in the Entity makes a communication to this exercising their right of access to their personal data.
  2. The person receiving the communication will immediately forward it to the SAFETY AND PRIVACY RESPONSIBLE1 or to the SAFETY AND PRIVACY RESPONSIBLE1 or to the SAFETY AND PRIVACY RESPONSIBLE1.
  3. After the access request has arrived, the RESPONSIBLE FOR SAFETY AND PRIVACY or THE RESPONSIBLE FOR TREATMENT will examine the request so that resolve2 on it within a maximum period of one month from the reception of the request3 .
  4. .
In order to proceed with such an examination, the SAFETY AND PRIVACY RESPONSIBLE must take into account what is specified in the ANNEX to this procedure.

>.
This resolution may be FAVOURABLE or FAVOURABLE:.

  1. FAVOURABLE RESOLUTION of the access request:

If the request is granted and the person in charge does not provide the legally required information with his or her communication, access shall be effective within ten days of said communication.

The information provided, whatever the medium in which it is provided, will be given in legible and intelligible form, without using codes or codes that require the use of specific mechanical devices.
Such information shall comprise:

All the basic data of the person concerned.

Those resulting from any elaboration or computer process.

Available information on the origin of the data.

The transferees of the data.

The specification of the specific uses and purposes for which the data were stored.1 If the following have been named

2 If you do not have personal data of those affected must also communicate the same within the same period. The data controller must reply to the request addressed to him in any case, regardless of whether or not the data subject’s personal data are included in his information systems.

3 Once the period of time has elapsed without the request for access being expressly answered, the interested party may lodge the complaint provided for in article 12.4. of the General Regulation on the Protection of Personal Data (RGPD).

The affected party may opt to receive the information through one or more of the following consultation systems: On-screen display.

Written, copy or photocopy sent by post, certified or not.

Telecopy.

Electronic mail or other electronic communications systems.

Any other system that is adequate to the configuration or material implantation of the treatment or to the nature of the treatment, offered by the person in charge.

Therefore, the TREATMENT RESPONSIBLE will deliver the information according to the system to which the interested party has opted .

These systems from consultation from >strong>projected treatment may be restricted depending on the configuration or material implementation of the treatment or the nature of the treatment, provided that the treatment offered to the affected party is free of charge and ensures written communication if required.

If the data controller offers a certain system to make the right of access effective and the data subject rejects it, the data controller will not be held responsible for the possible risks to the security of the information that may derive from the choice.

B) DISFAVORABLE RESOLUTION:

>
The TREATMENT RESPONSIBLE may deny access to personal data within a maximum period of one month from receipt of the request when:

    1. The right has already been exercised in the twelve months prior to the application , unless a legitimate interest al

is credited.

  1. Access may also be denied in cases where provides a law or a rule of community law directly applicable or when >strong>these >avoid al responsible del >treatment reveal to those affected the treatment of the data to which the access refers.
>
RIGHTS GUARANTEE . The interested party to whom the exercise of the rights of opposition, access, rectification or suppression is totally or partially denied may inform the Data Protection Agency or, as the case may be, the competent body of each Autonomous Community, which must ensure that the denial comes from or is not appropriate.

The maximum period in which the express decision on the protection of rights must be issued is six months.

A contentious-administrative appeal will be filed against the decisions of the Data Protection Agency.

    • In any case, the TREATMENT RESPONSIBLE will inform the affected person of his/her right to collect protection from the Spanish Data Protection Agency or, as the case may be, from the control authorities of the autonomous communities.

.

 

  1. To communicate this resolution, the communication will be sent in such a way that it accredits both the fulfillment of the same, and its Correspondence to the person responsible for the treatment the proof of the fulfillment of the duty of response, having to keep the accreditation of the fulfillment of the mentioned duty.

What is the right of access?

The right of access is the the right of the data subject to obtain information on whether his or her own personal data:.

They are being processed, the purpose of the processing, if any, is being carried out.

Available information on the origin of such data.

The communications made or planned thereof.

By exercising this right, the data subject may obtain from the data controller: Information relating to specific data

Data included in a certain treatment

The totality of your data submitted to treatment.

How do you exercise your right of access?

> How do you exercise your right of access?
The right of access can be exercised by means of communication addressed to the TREATMENT RESPONSIBLE . You can exercise it:

The affected person , proving their identity, as planned. Required: Name and surname of the interested party.

Photocopy of his national identity document, or of his passport or other valid document that identifies him and, where appropriate, of the person representing him, or equivalent electronic instruments; as well as the document or electronic instrument accrediting such representation. The use of an electronic signature identifying the person concerned shall exempt the presentation of photocopies of the DNI or equivalent document.

Request in which the request is specified.

Address for notification purposes, date and signature of the applicant.

Documents accrediting the petition, if any.

In the event that the application does not meet the requirements specified here, the TREATMENT RESPONSIBLE must request their correction.

When the affected person is in situation of incapacity or minority of age that makes it impossible for him/her to exercise this right personally, it may be exercised by his/her legal representative , in which case it will be necessary for him/her to prove such condition.

The right of access may also be exercised through voluntary representative , expressly designated for the exercise of the right. In this case, the identity of the represented party must be clearly accredited by means of a copy of his National Identity Document or equivalent document, and the representation conferred by him.

The right of access will be DENIED when the request is made by a person other than the affected person and it is not accredited that the same acts on behalf of that person..

The right of access of the interested party to the documentation of the history of the Entity cannot be exercised to the detriment of the right of third parties to the confidentiality of the data contained therein collected in the therapeutic interest of the interested party, nor to the detriment of the right of the professionals participating in its elaboration, which can oppose to the right of access the reservation of their subjective annotations .

Health centres and individual exercise physicians will only facilitate access to the history of the deceased interested parties’ Entity to the persons linked to it, for family reasons or in fact, except u> where the deceased would have expressly forbidden it and so is credited . In any case, the access of a third party to the history of the Entity motivated by a risk to its health will be limited to the pertinent data. No information will be provided that affects the privacy of the deceased or the subjective notes of professionals, or that harms third parties.

The interested party must be granted a simple and free medium for the exercise of the right of access.

The cases in which the data controller establishes as a means for the data subject to exercise his rights the sending of registered letters or similar, the use of telecommunications services that imply an additional tariff for the data subject or any other means that imply an excessive cost for the data subject shall not be considered in accordance with the provisions of the General Regulation on the Protection of Personal Data (RGPD).

When the TREATMENT RESPONSIBLE has services of any kind for the attention to its public or the exercise of claims related to the service provided or the products offered to it, the affected party may be granted the possibility of exercising their right of access through such services . In this case, the identity of the interested party will be considered accredited by the means established for the identification of the clients of the responsible party in the provision of their services or contracting of their products.

The >responsible del treatment must adopt < <<appropriate measures <for guarantee <which>guarantee <which> must be adopted appropriate measures which must be guaranteed </. persons from your >organization that has access to personal data can report on the procedure to be followed by the affected to exercise their right.

PROCEDURE FOR THE EXERCISE OF THE RIGHT OF OPPOSITION

(Article 21 of the General Regulations on the Protection of Personal Data (RGPD)).

    1. A person interested in the Entity makes a communication to the Entity exercising their right to object to their personal data, including or not their history
    2. The person receiving the communication will immediately forward it to the SAFETY RESPONSIBLE Y

.

  1. After the opposition request has arrived, the RESPONSIBLE FOR SECURITY AND PRIVACY will examine the request so that the RESPONSIBLE FOR TREATMENT resolves 4 on it within the maximum period of ten days from receipt of the request5. In order to proceed with this examination, the SAFETY AND PRIVACY RESPONSIBLE must take into account what is specified in the ANNEX to the present procedure.
  2. If you do not have personal data of the affected must also communicate the same within the same period. The data controller must reply to the request addressed to him in any case, regardless of whether or not the data subject’s personal data are included in his information systems.
  3. After the period without expressly responding to the request for opposition, the interested party may file the claim provided in the article 12.4. of the General Regulations for the Protection of Personal Data (RGPD).
  4. .

This resolution may be FAVOURABLE or FAVOURABLE:

>.

  1. FAVOURABLE RESOLUTION:

In this case the treatment is not carried out of the personal data of the interested or the treatment is stopped . It is given in the following assumptions :

The information provided, whatever the support in which it is provided, will be given in legible and intelligible form, without using keys or codes that require the use of specific mechanical devices.

Such information shall comprise:

When your consent is not required for treatment, as a consequence of the concurrence of a legitimate and well-founded reason , referring to your specific personal situation, which justifies it, provided that a law does not provide otherwise. When the opposition is based on this assumption, in the application it must be stated the justified and legitimate reasons relating to a specific personal situation of affected, which justify the exercise of this right .

In the case of treatments whose purpose is to carry out advertising and commercial prospecting activities, .

When the purpose of the treatment is to make a decision referred to the affected person and based solely on an automated treatment of their personal data .

In any case, reliable notification will be made to the interested party.

B) DISFAVORABLE Resolution:

>
The RESPONSIBLE FOR THE TREATMENT must reasonably deny the interested party’s application in the term maximum of ten days counting from the reception of the application, with reliable notification to the interested party .

In any case, the TREATMENT RESPONSIBLE will inform the affected person of his/her right to collect protection from the Spanish Data Protection Agency or, as the case may be, from the control authorities of the autonomous communities.

In order to communicate this resolution, the communication will be sent in such a way that it accredits both the fulfillment of the same, as well as its content. The data controller shall be responsible for proving compliance with the duty to respond, and shall retain the accreditation of compliance with the aforementioned duty.

Right of opposition to decisions based solely on automated data processing.

>
Stakeholders have the right to not be subject to a decision with legal effects on them or that significantly affects them, that is based solely on automated data processing to evaluate certain aspects of their personality, such as their job performance, credit, reliability or behaviour.>.

However, the persons concerned may be subject to one of these decisions when that decision is taken:

    1. It has been adopted in the framework of the conclusion or execution of a contract at the request of the interested party , as long as he is given the opportunity to make whatever he deems appropriate, in order to defend his right or interest. In any case, the TREATMENT RESPONSIBLE must inform the affected person beforehand, clearly and precisely , that decisions will be taken with the characteristics indicated above and will cancel the data in the event that the

is not finally held.

    1. Is authorized by a norm with the rank of Law that establishes measures that guarantee the legitimate interest of

.

The right of opposition can be exercised by means of communication addressed to the TREATMENT RESPONSIBLE . You can exercise it:

The affected person , proving their identity, as planned. The following is required: Name and surname of the interested party.

Photocopy of his national identity document, or of his passport or other valid document that identifies him and, where appropriate, of the person representing him, or equivalent electronic instruments; as well as the document or electronic instrument accrediting such representation. The use of an electronic signature identifying the person concerned shall exempt the presentation of photocopies of the DNI or equivalent document.

Request in which the request is specified.

Address for notification purposes, date and signature of the applicant.

Documents accrediting the petition, if any.

In the event that the application does not meet the requirements specified here, the person responsible for processing must request their correction.

When the affected person is in a situation of incapacity or minority of age which makes it impossible for him/her to exercise this right personally, it may be exercised by his/her legal representative , in which case it will be necessary for him/her to prove this condition.

The right of opposition may also be exercised through voluntary representative , expressly designated for the exercise of the right. In this case, the identity of the represented party must be clearly accredited by means of a copy of his National Identity Document or equivalent document, and the representation conferred by him.

The right to object will be DENIED when the request is made by a person other than the affected person and it is not accredited that the same is acting on behalf of that person..

The interested party must be granted a simple and free medium for the exercise of the right of opposition.

The provisions of General Regulation on Personal Data Protection (RGPD) the cases in which the data controller establishes as a means for the interested party to exercise his/her rights the sending of registered letters or similar, the use of telecommunications services that imply an additional tariff for the affected party or any other means that imply an excessive cost for the interested party will not be considered in conformity with the provisions of General Regulation on Personal Data Protection (RGPD) the cases in which the data controller establishes as a means for the interested party to exercise his/her rights the sending of registered letters or similar, the use of telecommunications services that imply an additional tariff for the affected party or any other means that imply an excessive cost for the interested party.

When the RESPONSIBLE FOR THE TREATMENT has services of any kind for the attention to his public or the exercise of claims related to the service provided or the products offered to the same , the affected person may be granted the possibility of exercising his right of opposition through said services . In this case, the identity of the interested party will be considered accredited by the means established for the identification of the clients of the responsible party in the provision of their services or contracting of their products.

The RESPONSIBLE FOR THE TREATMENT must attend the request of opposition exercised by the affected even if the same had not used the procedure established specifically for the purpose by him, provided that the interested party has used a means to accredit the sending and receipt of the request, and that it contains the elements referred to above.

The TREATMENT RESPONSIBLE must take the appropriate measures to ensure that people of your organization who have access to personal data can report the procedure to be followed by the affected for the exercise of their right of opposition .

PROCEDURE FOR THE EXERCISE OF RECTIFICATION AND SUPRESSION RIGHTS .

.
(Article 16 of the General Regulations on the Protection of Personal Data (RGPD)).

    1. An interested party of the Entity makes a communication to the Entity exercising its right of rectification or its right of suppression to its personal data, including or not its history

.

    1. The person receiving the communication will immediately forward it to the SAFETY RESPONSIBLE Y

.

    1. After the request for rectification or the request for suppression has arrived, the PRIVACY AND SAFETY RESPONSIBLE will examine the request so that the TREATMENT RESPONSIBLE resolves 6 about it within the maximum period of ten days counting from the receipt of the request7.

.

In order to proceed with such an examination, the SAFETY AND PRIVACY RESPONSIBLE must take into account what is specified in the ANNEX to this procedure.

>.
Said resolution may PROVIDE or REFUSE the exercise of the right of rectification or suppression:

A) GIVING RECTIFICATION of data:

>
In this case the modification of the data will take place that result to be inaccurate or incomplete, previous reliable notification to the interested .

B) SUPPRESSION of the SUPRESSION of the data:

>
In this case, the data suppression will occur which result in inadequate or excessive , without prejudice to the duty to block according to General Personal Data Protection Regulation (RGPD), previous >strong>reliable notification to the interested party .

In cases in which the interested party invokes the exercise of the right of suppression to revoke the previously given consent, the provisions of the General Data Protection Regulations Personal (RGPD) shall apply.

6In the event that you do not have personal data of the affected must also communicate the same within the same period. The data controller must reply to the request addressed to him in any case, regardless of whether or not the data subject’s personal data are included in his information systems.

7 Once the period has elapsed without any express response being given to the request for rectification or deletion, the interested party may lodge the complaint provided for in article 12.4. of the General Regulation on the Protection of Personal Data (RGPD).

C) Rejection of the RECTIFICATION of data:

>
The right of rectification may be refused in cases where a law or a directly applicable rule of Community law so provides or where such rules prevent the controller from disclosing to data subjects the processing of the data to which access relates.

This decision shall be notified to the data subject.

D) Rejection of the DELETION of the data:

>.
Deletion shall not proceed when:

Personal data must be kept for the periods laid down in the applicable provisions.

Personal data must be kept for the periods provided for in the contractual relations between the person or entity responsible and the data subject that justified the processing of the data.

A law or a rule of Community law directly applicable or when these prevent the data controller from disclosing to the data subjects the processing of the data to which the access refers.

In any case, the TREATMENT RESPONSIBLE shall inform the data subject of his/her right to collect protection from the Spanish Data Protection Agency or, as the case may be, from the control authorities of the autonomous communities.

In order to communicate this resolution, the communication will be sent in such a way that it accredits both the fulfillment of the same, as well as its content. The data controller shall be responsible for proving compliance with the duty to respond, and shall retain the accreditation of compliance with the aforementioned duty.

ANNEX DATA SUPRESSION OR RECTIFICATION PROCEDURE

>> The person responsible for the treatment will have to keep the accreditation of the fulfillment of the mentioned duty.

How are the right of rectification and suppression exercised?

    1. IN THE RECTIFICATION APPLICATION it should be indicated:

.

 

    1. A which data is
    2. The correction there is to
    3. Must be accompanied by supporting documentation of the

.

 

2. IN THE SUPRESSION APPLICATION, the interested party must indicate:

 

  1. A which data is
  2. Provide to the effect the documentation that justifies it, in its

If the rectified or cancelled data had been previously transferred , the TREATMENT RESPONSIBLE must communicate the rectification or deletion made to the transferee , within the same period , so that the latter, also within ten days counted from receipt of such communication, also proceeds to rectify or cancel the data.

The rectification or deletion made by the transferee will not require any communication to the interested party , without prejudice to the exercise of rights by the interested parties recognized in the General Regulation of Protection of Personal Data (RGPD).

The right to rectification and deletion may be exercised by means of communication addressed to the TREATMENT RESPONSIBLE . You can exercise it:

The affected person , proving their identity, as planned. Required: Name and surname of the interested party.

Photocopy of his national identity document, or of his passport or other valid document that identifies him and, where appropriate, of the person representing him, or equivalent electronic instruments; as well as the document or electronic instrument accrediting such representation. The use of an electronic signature identifying the person concerned shall exempt the presentation of photocopies of the DNI or equivalent document.

Request in which the request is specified.

Address for notification purposes, date and signature of the applicant.

Documents accrediting the petition, if any.

In the event that the application does not meet the requirements specified here, the TREATMENT RESPONSIBLE must request their correction.

When the affected person is in a situation of incapacity or minority of age which makes it impossible for him/her to exercise these rights personally, they may be exercised by his/her legal representative , in which case it will be necessary for him/her to prove such condition.

The rights may also be exercised through voluntary representative , expressly designated for the exercise of the right. In this case, the identity of the represented party must be clearly accredited by means of a copy of his National Identity Document or equivalent document, and the representation conferred by him.

The rights will be DENIED when the request is made by a person other than the affected person and it is not accredited that the same acts on behalf of that person..

A simple and free remedy for the exercise of the rights of rectification and deletion shall be granted to the data subject.

The provisions of General Regulation on Personal Data Protection (RGPD) will not be considered in accordance with the cases in which the data controller establishes as a means for the interested party to exercise his rights the sending of registered letters or similar, the use of telecommunications services that imply an additional tariff for the affected party or any other means that imply an excessive cost for the interested party.

When the TREATMENT RESPONSIBLE has services of any kind for the attention of its public or the exercise of claims related to the service provided or the products offered to it, the possibility may be granted to the affected party to exercise its rights of rectification and suppression through such services . In this case, the identity of the interested party will be considered accredited by the means established for the identification of the clients of the responsible party in the provision of their services or contracting of their products.

The TREATMENT RESPONSIBLE must attend to the request for rectification and suppression made by the affected even if the same had not used the procedure specifically established for the purpose by him, provided that the interested party has used a means to accredit the sending and receipt of the request, and that it contains the elements referred to above.

The RESPONSIBLE FOR THE TREATMENT must adopt the appropriate measures to guarantee that the people of your organisation who have access to personal data can inform of the procedure to be followed by the affected for the exercise of their rights .

When the laws applicable to certain specific treatments establish a special procedure for the rectification or deletion of the data contained therein, the provisions of the same will apply.

PORTABILITY RIGHT

.
The personal data concerning him/her, which he/she has provided to the Entity, will be given to the interested parties who request it.

Delivery will be in a structured format, commonly used and mechanically readable.

If requested, they shall be transferred to another controller where it is technically possible and the processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) or on a contract pursuant to Article 6(1)(b) and (b) of the European Data Protection Regulation and the processing is carried out by automated means.

The exercise of the right referred to in paragraph 1 of this Article shall be without prejudice to Article 17 of the European Data Protection Regulation on the right of deletion of applicant data subjects.

That right shall not apply to processing which is necessary for the performance of a task carried out in the public interest or in the exercise of public authority conferred on the controller.

This right referred to in paragraph 1 shall not adversely affect the rights and freedoms of others.

The right to portability shall refer only to automated processing operations directly or indirectly subject to the will or authorisation of the data subject (based on consent or on a contractual relationship).

The right will be extended to “Current Data” understood not only as those related to the present moment, without taking into account those that have been provided by the interested party or obtained through the use of the product or service previously contracted and that at the time of exercising the right are being processed.

Due to its complexity, in the event that an interested party exercises this right, each case will be studied in a specific way, seeking specialised professional help if necessary.

RIGHT OF LIMITATION

.
This right shall be granted to the persons concerned if one of the following conditions is met:

    1. The interested party challenges the accuracy of the personal data, during a period that allows the responsible to verify the accuracy of the
    2. The processing is unlawful and the data subject opposes the deletion of personal data and requests instead the limitation of his
    3. The data controller no longer needs the personal data for the purposes of processing, but the data subject needs them for the formulation, exercise or defence of

.

    1. The interested party has opposed the treatment under Article 21, paragraph 1, while verifying whether the legitimate motives of the responsible party prevail over those of the

.

Effects of the exercise of the right by the interested parties

>
Where the processing of personal data has been restricted, such data may be processed only with the consent of the data subject or for the purpose of making, pursuing or defending claims, or for the protection of the rights of another natural or legal person or for reasons of substantial public interest of the Union or of a particular Member State, with the exception of storage.

Any data subject who has obtained limitation of processing in accordance with the foregoing shall be informed by THE ENTITY prior to the lifting of such limitation.

Because of the complexity of the case where a data subject exercises this right, each case will be studied on a case-by-case basis, seeking specialised professional assistance if necessary.