The personal data will be retained for a period of six (6) years, in compliance with the current accounting regulation, and if necessary for ten (10) years according to the regulation of prevention of money laundering.
In any case, POLYLUX, S.L. will retain your personal data while needed in terms of our service agreement, unless you request to remove them. Also, the company will retain during the needed period of time to comply with the legal obligations that in each case corresponds depending on the data classification.
4. What is the legitimacy of processing your personal data?
The basis for legitimacy for processing personal data is the common interest and the user’s consent.
5. To which recipients your personal data shall be disclosed to?
Your personal data can only be disclosed to third parties related to POLYLUX, S.L. concerning the managing of their product and/or services for the same purposes referred previously, as well as to the public administration or competent authorities, when required by the applicable law.
POLYLUX, S.L. has established agreements and security measures with third parties, to guarantee the appropriate security level for data protection along all the information flow related.
6. What are your rights related to data protection?
You can request access, modification, suppression, limit the data processing, portability and oppose to the personal data processing at any time.
For revoking consent to the delivery of commercial messages and exercise you right referred previously, send an e-mail to email@example.com including your ID (document accreditation). With the exception that you have already requested this previously by clicking in the option available, located in the footnote of the electronic messages, in such case, we already have this information.
If you do not receive a positive answer and want to make a claim or obtain more information about any of such rights, you can address the Spanish Agency for Data Protection (www.agpd.es).
7. What is the information criteria of stored personal data?
Basic ID data is stored and related for sending proposals, marketing and commercial information, to create invoices, for example, name, shipping address, NIF/CIF/ID number, bank account information, if the client wants to have direct debit payment.
8. What is the storage policy for data/availability/backups and location?
Information is not deleted unless it is requested by the user and it proceeds (see ítem 3). It is always available, even though it can be blocked for marketing / commercial mailings, if the suppression rights are exercised, limitation to the processing or opposition by part of the user.
Security copies are performed to the servers that store the data, and are properly controlled and guarded.
9. What is the privacy and security policy of the information and its access?
The access of the data base is protected by user and password.
In the case of the remote access, it is performed by VPN protocol.
10. What is the response policy against security and impact analysis?
POLYLUX, S.L. has taken appropriate technical protection and organizational measurements, these measurements have been applied to the affected personal data for the potential security violation. There is no access to the clients / users for third parties that are not authorized to access them.
POLYLUX, S.L. has performed a risk analysis of the vulnerability of the personal data and its impact regarding security and the privacy of the clients / users, such analysis is kept updated.
11. ? What is the policy for deleting or unsubscribing from the service?
POLYLUX, S.L. disable client / user accounts that decide to unsubscribe and that have exercised the right to suppression. In this case, data of the client / user will be disabled and kept for as long is required by the applicable regulation, exclusively to account for legal obligations that justify the past relationship between parties.
12. Who is our designated employee responsible for matters related to security and data protection?
POLYLUX, S.L. is not obliged to designate a DPD (Delegado de Proteccion de datos / Data protection responsible) according to the current law.
In case that POLYLUX, S.L. identifies a security personal data breach, users will be notified at the earliest opportunity about it, and in such case that the risk is high; the competent authority will also be notified.
The registered user preserves at all times, the possibility to exercise its rights of access, correction, opposition, suppression, limited treatment, portability or cancellation and opposition to the processing of the data. Also, and in compliance with the law 34/2002, of July 1st, of the services of the information society and electronic commerce, the user can revoke at any time the given consent for receiving commercial / marketing communication. In case of doubt, and in order to exercise the mentioned rights, you can address POLYLUX, S.L. by sending an e-mail to firstname.lastname@example.org or by post mail at: POLYLUX, S.L., Av. de Roma, 18-26, 08290 Cerdanyola del Vallès - Barcelona