At ATyges we are committed to ensuring that your personal information is protected and is not used improperly.
In this document we explain who the data controller is, for what purpose your personal information will be processed, the legitimacy for the treatment, how we collect it, why we collect it, how we use it, the rights that assist you and are also explained the processes we have in place to protect your privacy.
By providing us with your personal information and using our websites, we understand that you have read and understood the terms related to the personal data protection information that are exposed. ATyges assumes the responsibility of complying with current legislation on national and European data protection, and has the objective of treating your data in a lawful, loyal and transparent manner.
Considerations to take into account
Who is responsible for the treatment?
The definition of data controller is described in the General Data Protection Regulation, and is as follows:
“Responsible for the treatment” or “person in charge” : the natural or legal person, public authority, service or other body that, alone or together with others, determines the purposes and means of the treatment.
In other words, ATyges is the data controller. This means that we have jointly determined the objectives or purposes and established the necessary means in the treatment to protect your personal data.
If you have any type of query, comment or concern, or if you want to make a suggestion about how we use personal information, you can send an email to the ATyges Data Protection Officer at the email address email@example.com
Information about ATyges
Trade name ATyges
- Corporate name: ATyges Ingeniería SLL
- Registered office: Fernando Camino, 15
- Mail: firstname.lastname@example.org
- Telephone: 95 20 20 600
- NIF: B93115855
- Mercantile Registry of Malaga; T 4862, L 3770, F 196, S 8, H MA108582
- Website: www.atyges.es
FOR WHAT PURPOSE DO WE COLLECT YOUR PERSONAL INFORMATION?
The main reason why we collect your personal information is to facilitate and improve the service that you as a customer expect from us.
We collect your personal information to manage your purchases, orders or requests that you make to us, either in one of our offices or through our web pages or applications, by phone or in a paper form.
Next, we include the main purposes that we have identified in ATyges:
- Comply with legal obligations, including, without limitation, Law 10/2010 on the prevention of money laundering and financing of terrorism.
- Manage the contracting of products or services offered by ATyges, including distance selling and management of shipments and returns.
- Manage a personal account with a single registration to be used in the acquisition of products and services offered on any ATyges website.
- Channel requests for information, suggestions and complaints from clients for their management and resolution.
- Conduct surveys to improve our services.
- Carry out market research and commercial prospecting, reports on consumption habits, statistical data and market trends, in order to offer you products and services that may be of interest to you.
- Perform profiles and analysis on the behavior of our clients when using our websites or applications, but only if you give us your consent.
- Inform about our latest products, offers, opportunities, etc. The channels we usually use are: email, postal mail, telephone, SMS, Push message, but only if you give us your consent.
- Manage the VAT refund for purchases by non-resident tourists in the European Community.
- Manage the selection of personnel.
- Analyze the orders made by the user / customer in order to prevent fraud.
HOW DO WE COLLECT INFORMATION ABOUT YOU?
We collect personal information about you by different means, in some cases you will contact us to share your personal information, and in other cases we collect your personal data using other means. Below we will explain the different ways in which we collect personal information about you and some examples in which we use such information.
INFORMATION THAT YOU PROVIDE US
We collect personal information that you provide us through some of the ATyges websites, email, mobile phone, when you hire a service, when you fill out a form, or others. In any case, at the time of collection you will be informed of the person responsible for the treatment, the purpose of the treatment, the recipients of the information, as well as the way to exercise the rights granted by the current legislation on data protection.
For example: it is likely that you provide us with information when you contact our customer service, place a purchase order, register on our websites, update your preferences and account information, fill out a questionnaire, participate in a contest, etc.
Generally, the personal information that you provide us with are: name and surname, address, ID, date of birth, email, contact telephone number and payment information. In very particular cases, and depending on the purpose and intended use of your data, data on personal, academic and professional characteristics, employment details, commercial information, social, economic and insurance circumstances, transfers of goods and services, may be collected.
If you have never asked us to send you commercial communications, you can sign up for the different newsletters that we make available to you or by sending us an email to email@example.com
INFORMATION WE COLLECT FROM YOUR VISITS ON OUR WEBSITES
We collect and store limited personal information and anonymous global statistics of all those users who visit our websites, either because you actively provide such information or you are simply browsing our websites. The information we collect includes the Internet protocol (IP) address of the device you are using, the browser program you use, your operating system, the date and time of access, the Internet address of the website from which you accessed our websites and also information about how you use our websites.
We use this information to know the loading time of our websites, how they are used, the number of visits to the different sections and the type of information that most attracts visitors. It also helps to identify if the website is working correctly, and if we detect failures or errors in the operation, solve them and improve the performance of our websites, in order to offer a better service to all users.
The use of social networks is becoming more and more frequent and in this sense ATyges is present in most of them, and is another way of contacting you.
The information we collect through social media sometimes includes personal information that is available online and to the public. We always make sure that all the information we use is attributed to its source correctly or is made anonymous.
These social networks may have their own privacy policies, through which they will explain how they use and share your personal information. We recommend that you carefully review the privacy policies before using these social networks to be sure that you agree with the way in which your personal information is collected and shared.
WHAT IS THE LEGITIMATION FOR THE PROCESSING OF PERSONAL INFORMATION?
For the treatment of your personal information we rely on legitimation for several reasons:
- For the fulfillment of a contract and / or commercial relationship.
- For the fulfillment of different legal obligations.
- For legitimate interest, for example, for security reasons, fraud prevention, to improve our services and products through market research, or to manage requests, queries or possible claims that may arise.
- With your consent, for example, to send personalized offers from ATyges.
TO WHOM CAN WE COMMUNICATE YOUR PERSONAL INFORMATION?
In some cases, it is necessary for us to communicate the information that you have provided to third parties in order to provide the requested service, for example, logistics, transport and delivery services, etc.
Likewise, there are companies that provide us with other types of services such as: information technology (information storage and processing), security services, financial services, auditing services, etc.
These third parties only have access to the personal information they need to carry out those services. They are required to keep your personal information confidential and may not use it in any other way than what we have requested.
In all cases, ATyges assumes responsibility for the personal information you provide us, and we ask those companies with whom we share your personal information to apply the same degree of information protection as we do.
Likewise, your personal information will be available to public administrations, Judges and Courts, for the attention of possible responsibilities arising from the treatment.
LINKS TO THIRD PARTY WEBSITES
In the event that we provide links to websites that are not operated or controlled by ATyges, you will be promptly informed since ATyges does not have any control over said sites nor are they responsible for their content, nor do they have control over the way in which that third parties collect and use your personal information are neither responsible nor make any representations about third party websites.
These websites surely have their own privacy policies, by which they will explain how they use and share your personal information. We recommend that you carefully review the privacy policies before using these websites to ensure that you are satisfied with the way your personal information is collected and shared.
FOR HOW LONG DO WE STORE YOUR PERSONAL INFORMATION?
We only store your personal information to the extent that we need it in order to be able to use it according to the purpose for which it was collected, and according to the legal basis for its treatment in accordance with applicable law. We will keep your personal information as long as there is a contractual and / or commercial relationship with you, or as long as you do not exercise your right to suppress and / or limit the processing of your data.
In these cases, we will keep the information duly blocked, without giving it any use, as long as it may be necessary for the exercise or defense of claims or some type of judicial, legal or contractual responsibility may arise from its treatment, which must be attended to and for which recovery is necessary.
HOW CAN YOU EXERCISE YOUR RIGHTS?
The data protection regulations allow you to exercise your rights of access, rectification, opposition, deletion, limitation of treatment, portability and not being the subject of individualized decisions before the person responsible for the treatment.
These rights are characterized by the following:
- Your exercise is free.
- If the requests are manifestly unfounded or excessive (for example, repetitive character), the person in charge may:
- Charge a fee proportional to the administrative costs incurred.
- Refusing to act.
- Requests must be answered within one month, although, if the complexity and number of requests are taken into account, the period can be extended for another two months.
- The person in charge is obliged to inform you about the means to exercise these rights. These means must be accessible and this right cannot be denied for the sole reason that you choose another means.
- If the request is submitted by electronic means, the information will be provided by these means when possible, unless the interested party requests otherwise.
- If the person in charge does not act on the request, they will report the reasons for their non-action and the possibility of claiming before a Control Authority within a month at the latest.
- You can exercise the rights directly or through your legal representative.
- It is possible that the person in charge is the one who attends your request on behalf of the person in charge if both have established it in the contract or legal act that binds them.
Right of access
The right of access admits that you can contact the person responsible for the treatment to find out whether or not your personal data is being processed.
Right of rectification
The right of rectification admits that you can obtain the rectification of your personal data that are inaccurate without undue delay from the person responsible for the treatment.
Taking into account the purposes of the treatment, you have the right to complete incomplete personal data, including through an additional declaration.
In your request, you must indicate what data you refer to and the correction to be made. In addition, when necessary, you must accompany your request with the documentation that justifies the inaccuracy or incompleteness of your data.
Right of opposition
The right of opposition, as its name indicates, means that you can object to the person in charge of processing personal data in the following cases:
- When they are subject to treatment based on a mission of public interest or legitimate interest, including profiling.
- When the treatment is for direct marketing purposes, including also the profiling mentioned above.
Right of erasure
The right of deletion may be exercised before the person in charge requesting the deletion of your personal data when any of the following circumstances occurs:
- If your personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed.
- If the processing of your personal data has been based on the consent that you gave to the person in charge, and you withdraw it, provided that the aforementioned treatment is not based on another cause that legitimizes it.
- The treatment of the person in charge was based on legitimate interest or the fulfillment of a mission of public interest, and no other reasons have prevailed to legitimize the processing of your data.
- To have your personal data subject to direct marketing, including the creation of profiles related to said marketing.
- If your personal data has been unlawfully processed.
However, this right is not unlimited, in such a way that it may be feasible not to proceed with the deletion when the treatment is necessary for the exercise of freedom of expression and information, for the fulfillment of a legal obligation, for the fulfillment of a mission carried out in the public interest or in the exercise of public powers conferred on the person in charge, for reasons of public interest, in the field of public health, for archival purposes of public interest, scientific or historical research purposes or statistical purposes, or for the formulation, exercise or defense of claims.
The person responsible for the treatment will be obliged to block the data when it proceeds to its rectification or deletion.
The blocking of the data consists of the identification and reservation of the same, adopting technical and organizational measures, to prevent its treatment, including its visualization, except for the making available of the data to the judges and courts, the Public Prosecutor’s Office or the Competent Public Administrations, in particular data protection authorities, for the demand of possible responsibilities derived from the treatment and only for the limitation period of the same.
After this period, the data must be destroyed.
Right to limitation of treatment
This new right consists in obtaining the limitation of the processing of your data by the person in charge, although its exercise has two aspects:
You can request the suspension of the processing of your data:
- When you contest the accuracy of your personal data, for a period that allows the person responsible for its verification.
- When you have opposed the processing of your personal data that the person in charge carries out based on the legitimate interest or mission of public interest, while he or she verifies if these reasons prevail over yours.
Request the data controller to keep your data:
- When the treatment is illegal and you have opposed the deletion of your data and instead request the limitation of its use.
- When the person in charge no longer needs the personal data for the purposes of the treatment, but the interested party needs them for the formulation, exercise or defense of claims.
Right to portability
The purpose of this new right is to further strengthen the control of your personal data, so that when the treatment is carried out by automated means, you receive your personal data in a structured, commonly used, machine-readable and interoperable format, and can transmit them to another data controller, provided that the treatment is legitimized based on consent or within the framework of the execution of a contract.
However, this right, by its very nature, cannot be applied when the treatment is necessary for the fulfillment of a mission of public interest or in the exercise of public powers conferred on the person responsible.
WHERE CAN YOU EXERCISE YOUR RIGHTS?
To be able to exercise your rights ATyges puts at your disposal the following means:
- By means of a written and signed request addressed to ATyges, Avda Juan López Peñalver, 21, 1º, 29590 Málaga, Ref. LOPD, attaching a photocopy of the ID or document that proves the identity of the applicant.
- Sending a completed and signed form along with a photocopy and / or scanned copy of the DNI or document that proves the identity of the applicant to the email address firstname.lastname@example.org
- By calling 95 20 20 600.
HOW DO WE PROTECT YOUR PERSONAL INFORMATION?
We are committed to protecting your personal information. We use appropriate technical and organizational measures in order to protect your personal information and privacy, and we review these measures periodically. We protect your personal information through the use of a combination of both physical and computer or logical security controls, including access controls that restrict and manage the way your personal information and personal data are processed, administered and managed. We also ensure that our employees are properly trained to protect your personal information. Our procedures indicate that we may require proof of identity before sharing your personal information with you.
In accordance with our guarantee of security and confidentiality, we are especially interested in offering you the highest level of security and protecting the confidentiality of the personal information you provide us. For this reason, commercial transactions are carried out in a secure server environment under the SSL (Secure Socket Layer) protocol .
If at any time you have problems accessing any part of our website, it may be due to the model or version of your browser or the configuration of its options. If you need us to help you find the solution or if you have any questions regarding the operation of our purchasing system, call us at 95 20 20 600 . We will be delighted to assist you.
Internet is a medium that makes it possible to carry out commercial transactions through the network. Therefore, one of the main concerns for users who use the Internet is the security of data on the network.
As an Electronic Commerce transaction, the entire process of carrying out a commercial agreement is understood, including the contact between both parties: client and company. The aspects that every commercial transaction must meet must be:
- The Authentication that guarantees us the legal or physical personality with which we communicate.
- Integrity, that is, the content of the communication between both parties cannot be modified.
- Confidentiality, which consists of the guarantee that no unauthorized person can know the content of the communication.
WHAT PRECAUTIONS MUST BE TAKEN INTO ACCOUNT?
These are some of the precautions that we advise our clients should take:
- Do not provide the username or password to anyone.
- Do not write it down in easily accessible places: computer, calendar, etc.
- Always use our SSL security system.
- Always disconnect the browser session after having accessed a security zone or having entered the user or password into the system.
MODIFICATIONS TO THIS DATA PROTECTION INFORMATION
We will review and update the data protection information when there are changes in the legislation or in any of the procedures for the treatment of your personal information.