The General Data Protection Regulation (Regulation (EU) 2016/679) harmonises Data Protection legislation throughout the European Union, increasing the protection of individuals and giving them greater control over their personal data.
Who is responsible for the processing of your personal data?
CORPORACIÓN FINANCIERA AZUAGA S.L., CIF: B01657584 with address at: Plaza Alcalde Sánchez Monteseirín, 2 – 18 – 41092 Seville (hereinafter CFA).
For what purpose do we process your personal data?
The data that CFA collects by different means (website, e-mail, electronic forms or forms and paper documents) as part of its activity are processed for the following purposes:
- Maintenance, development and fulfilment of the contractual relationship with our customers and suppliers.
- To manage and process any type of request for information in relation to our services.
- To send commercial information about our services.
- To process orders or any type of request made by the user through any of the forms of contact made available on the website.
- Selection of candidates for a job position.
- Management of the CFA’s Claims Channel (criminal/compliance prevention system approved by the company).
How long do we keep your data?
In the case of suppliers, customers, partners and staff, we retain your data for the duration of the contractual relationship with us and thereafter for the period of time established in the applicable legislation in force.
In relation to personnel selection processes, the data will be kept for the duration of the process and, in the event that the CV is of interest, it will be kept for a period not exceeding one year, after which time it will be deleted or destroyed.
In relation to actions aimed at commercial prospecting, the data will be kept until the data subject objects to the processing or withdraws his or her consent.
The data obtained through the Claims Channel will be kept for a maximum period of three months from their introduction, after which they will be deleted. Exceptions will be made in cases where the purpose of retention is to leave evidence of the operation of the criminal prevention/compliance system adopted by the company. In any case, after this period, the data will be processed only by the body in charge of internal control and compliance functions (compliance officer).
Why do we use your personal data?
Your personal data are processed by CFA on the following legal bases:
- Your consent or have been voluntarily provided by you by any means. In this regard, the inclusion of personal data in files is absolutely voluntary and their collection is duly announced.
- The maintenance, development and execution of a contractual relationship that we maintain with you, in the case of: (i) provision of services; (ii) labour, commercial, administrative relationship, among others.
- For legitimate interest, always respecting your right to the protection of personal data, honour and privacy, for the development and dissemination of our services, to analyse the quality of the service offered and the degree of user satisfaction, as well as to carry out studies and statistical analyses.
- Compliance with legal obligations applicable to CFA (in accordance with Directive 2019/1937 on the protection of persons reporting breaches of EU law, as well as the resulting transposing legislation).
To whom will we disclose your data?
Your data will be kept under strict security measures that guarantee their confidentiality and security. Likewise, they will only be communicated to the following entities and for the following purposes:
- The data of customers or interested parties will not be disclosed to third parties, unless it is necessary for the provision of the service requested by the customer or the assessment of the operations requested.
- Public bodies and authorities and Courts and Tribunals when there is a legal obligation to provide the data
- Entities and suppliers that provide services to CFA for the correct execution of our activities and projects. These entities and suppliers are duly accredited and sign the corresponding data processing contract with us in compliance with the data protection regulations in force.
Examples of the services provided by our suppliers that may involve the processing of your personal data on behalf of CFA include, but are not limited to: multidisciplinary professional services, logistics, legal advice, technological services, IT services, courier and delivery services, maintenance, security and surveillance, advertising and marketing, etc.
What security measures do we apply to personal data?
We apply the necessary security measures to prevent theft, alteration or unauthorised access to data, taking into account the state of the art, the costs of implementation, and the nature, scope, context and purposes of the processing, as well as risks of varying likelihood and severity to the rights and freedoms of natural persons.
In the case of outsourced services, we require and ensure that the processor implements appropriate technical and organisational measures to ensure a level of security appropriate to the risks involved, as set out in art. 32 of the General Data Protection Regulation.
We also carry out Impact Assessments on those processing operations that we consider may have a risk to the rights and freedoms of individuals, to implement the necessary and appropriate measures to prevent a breach of confidentiality.
What channels do we use to obtain your data?
CFA obtains personal data through the following channels:
- Forms/Questionnaires (Electronic or paper)
- Exchange of business cards.
- Those authorised to receive communications addressed to the Claims Channel.
What categories of data do we process?
We process the following categories of data, based on the circumstances of your relationship with us:Identification data.
- Employment data.
- Academic and professional data.
- E-mail addresses.
- Commercial information.
- Economic and financial data.
What are your rights?
Everyone has the right to know whether CFA processes their personal data. You also have the right to:
- Access your personal data,
- Request the rectification of inaccurate data.
- Request deletion when, among other reasons, the data is no longer necessary for the purposes for which it was collected,
object to the processing of your data for advertising purposes or on grounds relating to your particular situation.
- In certain circumstances, request the restriction of the processing of your data, in which case we will only keep them for the exercise or defence of claims.
- To withdraw, if you wish, the consent you have given, without affecting the lawfulness of the processing we have carried out prior to such withdrawal.
When you exercise your rights of erasure, objection, restriction or withdrawal of consent, CFA will cease to process your data, except for compelling legitimate reasons or for the exercise or defence of any claims.
You may exercise all these rights by contacting:
CORPORACIÓN FINANCIERA AZUAGA S.L., CIF: B01657584 with Address at: Plaza Alcalde Sánchez Monteseirín, 2 – 18 – 41092 Seville or by e-mail to the following address: firstname.lastname@example.org
Remember, whenever you exercise any of the rights that we have set out above, to accompany your request with a copy of your ID card or equivalent document that allows us to verify your identity.
Likewise, if you are not satisfied with how we have dealt with your rights, you may file a complaint with the Spanish Data Protection Agency, through the website www.aepd.es.