Privacy policy
___
This Privacy Policy has been developed in accordance with the provisions of Regulation 2016/679 of the European Parliament and the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and the free movement of such data, hereinafter GDPR, as well as Organic Law 3/2018 of 5 December on the Protection of Personal Data and Digital Rights (hereinafter LOPDGDD) and other applicable regulations.
This Privacy Policy aims to inform individuals who provide their personal data, and/or the data of the person they represent, about the specific aspects regarding the processing of their data, the purposes of the processing, the contact details to exercise their rights, the data retention periods, and the security measures, among other things.
WHO IS THE DATA CONTROLLER?
In terms of data protection, INSCA TRADEMARK, S.L should be considered the Data Controller concerning the personal data processing carried out by this entity.
The contact details of the Data Controller are as follows:
-
Data Controller: INSCA TRADEMARK, S.L
-
NIF: B12241600
-
Physical Address: CAMINO DE ALCORA, 34, ALMAZORA, CP 12550 (CASTELLÓN), 12550, ALMAZORA/ALMASSORA, CASTELLÓN
-
Email: info@insca.com
-
Phone: 964 043 004
WHAT PERSONAL DATA DO WE PROCESS?
All information collected by INSCA TRADEMARK, S.L will be processed fairly, lawfully, and transparently.
The data requested in each processing operation will consist solely of those strictly necessary to achieve the intended and informed purpose in each case.
Thus, the data collected will be adequate, relevant, and not excessive concerning the purposes for which they are processed in each case. Additionally, your personal data will be collected for specific, explicit, and legitimate purposes, and will not be further processed in a manner incompatible with those purposes. They will also be updated whenever necessary.
Generally, within the scope of the different activities carried out by the organization, the following types of data are collected:
-
Identification data.
WHERE DO THE PERSONAL DATA COME FROM?
As a rule, personal data is always collected directly from the data subject; however, in certain exceptions, data may be collected through third parties, entities, or services other than the data subject.
In this regard, this will be informed to the data subject through the informative clauses contained in the different data collection methods and within a reasonable time or at the first communication with the data subject.
FOR WHAT PURPOSES DO WE PROCESS PERSONAL DATA?
Generally, personal data is processed for the following purposes:
-
Contact: Respond to requests for information received about the products and services we offer, as well as respond to any other type of question sent by users.
-
ChatBot: Respond to any other type of question sent by users through the chat.
-
Internal Information System (whistleblower channel: Process personal data to manage the internal or ethical whistleblower channel, investigate facts and propose remedial measures, prevent regulatory breaches and correct those already detected, as well as contribute to the organization's efficiency by continuously improving internal processes for managing and controlling illegal or unethical behavior within the organization.
Through these processes, no user profiles are created, nor are automated decisions made based on these data.
WHAT IS THE LEGITIMACY FOR DATA PROCESSING?
Generally, the data subject's consent is the legal basis for data processing according to the aforementioned purposes. This consent is expressed through a statement or a clear affirmative action, such as checking a box provided for this purpose, voluntary subscription, or by submitting data through forms. This consent can be revoked at any time by contacting the company through its contact means. Generally, we will request your consent for uses for purposes other than those for which you initially gave it.
Specifically, and for the processing operations indicated below, the following legal bases are used:
-
Internal Information System (whistleblower channel): The purpose of the processing is legitimized by a legal obligation: Law 2/2023 of 20 February regulating the protection of persons who report regulatory infringements and the fight against corruption.
HOW LONG DO WE KEEP PERSONAL DATA?
Generally, personal data is processed for the time necessary to fulfill the purpose for which they were collected, as long as the service is provided or the contractual relationship exists, there is mutual interest, and/or for the time stipulated by the corresponding regulations.
Once the established retention criteria have been met, the data will be canceled. This cancellation will result in the data being blocked and kept only at the disposal of Public Administrations, Judges, and Courts, to address potential responsibilities arising from the processing, for the period of limitation of these responsibilities. After this period, the information will be destroyed.
Specifically, for the processing operations indicated below, data is kept for the following periods:
-
Internal Information System (whistleblower channel): Data will be kept as long as necessary to fulfill the purpose for which they were collected. In any case, three months after the data is entered, it will be deleted from the whistleblower system unless the purpose of retention is to provide evidence of the functioning of the legal entity's crime prevention model. After the mentioned period, the data may continue to be processed by the body responsible for investigating the reported facts, but not kept in the internal whistleblower information system.
WITH WHOM DO WE SHARE PERSONAL DATA?
To fulfill the aforementioned purposes, personal data may be shared with:
-
Group companies.
-
Internal Information System (whistleblower channel): Data will be kept as long as necessary to fulfill the purpose for which they were collected. In any case, three months after the data is entered, it will be deleted from the whistleblower system unless the purpose of retention is to provide evidence of the functioning of the legal entity's crime prevention model. After the mentioned period, the data may continue to be processed by the body responsible for investigating the reported facts, but not kept in the internal whistleblower information system.
WHAT RIGHTS CAN YOU EXERCISE?
According to European regulations, you have the following rights:
-
Right of Access: The right to request information from the file controller about whether your personal data is being processed.
-
Right to Rectification: The right that allows the affected person to request the modification of inaccurate or incomplete data.
-
Right to Object: The right of a person to object to the processing of their personal data or request the cessation of such processing.
-
Right to Automated Individual Decisions: The right not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects concerning them or significantly affects them similarly.
-
Right to Restriction: The right to suspend the processing of the user's personal data in certain cases.
-
Right to Erasure or Oblivion: The right to have the data subject's personal data deleted.
-
Right to Data Portability: The right to request the data controller to provide personal data in a structured and clear format to another controller.
-
Right to file a complaint with the competent supervisory authority if you believe that the processing does not comply with current regulations.
HOW TO EXERCISE YOUR RIGHTS?
The applicant can exercise their rights through the following means:
-
Email to info@insca.com.
-
Postal mail to CAMINO DE ALCORA, 34, ALMAZORA, CP 12550 (CASTELLÓN), 12550, ALMAZORA/ALMASSORA, CASTELLÓN.
In both cases, documentation may be required to prove the applicant's identity.
In any case, you can request the protection of the Spanish Data Protection Agency through its website.
Your request will be addressed as soon as possible and considering the deadlines provided in the data protection regulations.
WHAT COULD BE THE CONSEQUENCES OF NOT PROVIDING INFORMATION?
The data requested in the fields marked with an asterisk, or identified as mandatory, or provided through the means where the information is provided, are those strictly necessary concerning the purpose for which they are collected, either for the optimal provision of a service to the data subject or due to a legal obligation imposed on the data controller or a requirement necessary to enter into a contract, the inclusion of data in the remaining fields is voluntary.
If all the data is not provided, it is not guaranteed that the information and services provided will fully meet your needs.
Therefore, if the required data is not provided or is provided incorrectly or incompletely, it will not be possible to process your request, making it impossible to provide you with the requested information or to carry out the contracted services.
Similarly, the user guarantees that the information transmitted in any of the forms is true, accurate, and corresponds to their own data.
WHAT SECURITY MEASURES HAVE WE IMPLEMENTED?
The security measures adopted by INSCA TRADEMARK, S.L are those required under Article 32 of the GDPR.
In this regard, considering the state of the art, the application costs, and the nature, scope, context, and purposes of the processing, as well as the varying probability and severity risks to the rights and freedoms of natural persons, appropriate technical and organizational measures have been established to ensure a level of security appropriate to the existing risk.
In any case, INSCA TRADEMARK, S.L has implemented sufficient mechanisms to:
-
Ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services.
-
Restore the availability and access to personal data quickly, in the event of a physical or technical incident.
-
Regularly verify, evaluate, and assess the effectiveness of the technical and organizational measures implemented to ensure processing security.
-
Enable data and communication encryption.
CHANGES TO THIS PRIVACY POLICY
From time to time, this Privacy Policy may be revised in order to update changes in current legislation, update the procedures for collecting and using personal information, the appearance of new services or the exclusion of others. These changes will be effective as of their publication on the website, so it is important that you regularly review this Privacy Policy in order to remain informed of any changes.