Last Updated: 10/03/2021
Related with our web site: www.unirisco.com
UNIRISCO GALICIA SCR S.A. (hereinafter “UNIRISCO”, or “Data Controller”), with registered address at Edificio Emprendia-Campus Vida (Santiago de Compostela) and Tax Identification Number A15763329, is responsible for processing the data provided by users through the Web.
You can contact with UNIRISCO by postal mail at the above address, by e-mail at firstname.lastname@example.org.
Data undergoing processing
- Our Website will access to the following data:
- Browser type, version and settings
- Operating system and version
- Cookies, according to Cookies Policy of Data Processor
- Contact information provided by the user at our Contact Form: name, surname and email
- Social network contacts:
- Profile information
- Contact data
- Events notice:
- Identification data: name, surname
- Related company
- Informative communications
- Identification data: name, surname.
- Related company.
PURPOSE OF DATA PROCESSING
The Data Controller will process the identification and contact data that the User provides through the contact form of the Website, or by contacting the Data Controller via email, as well as other data abovementioned that the User includes when contacting for the following purposes:
- Sign in, access and use of the APP.
- Manage the requested service, answer requests, or process requests.
- Inform by electronic means, concerning an application.
- Provide information to the Users about UNIRISCO Services.
- Carry out analysis and improvements on the Webs about UNIRISCO services.
- Improve the business strategy.
- Analyze user experience and troubleshoot incidents at our Website
- Improve UNIRISCO marketing strategy.
In addition, UNIRISCO can process the User contact data in order to provide commercial advice. In this case, the treatment is based on the rightful interests pursued by the Data Controller in order to engage in a commercial relationship.
2. Social network contacts:
The personal data available in the Social Networks profiles, as well as those that the User provides to the Data Controller when contacting him/her through this channel, will be treated with the purpose of:
- Manage service, reply to the request, or process a request.
- Answer the queries or requests.
- Establish a user-Data Controller relationship, and create a community of followers.
In this case, the processing is based on the acceptance of a contractual relationship in the social network environment that applies, and in accordance with its privacy policies, so UNIRISCO recommend you the prior consultation.
UNIRISCO will only be able to consult or cancel the data in a restricted way as it has a specific profile. These data will be treated as long as the user allows it through the different interactions that each social network allows. The User must make any rectification of the data or restriction of information or publications through the configuration of his/her profile in the social network.
3. Events notice:
These data will be processed in order to inform the User and give him access to the event in which has subscribed.
4. Informative communications:
Rights of the User:
The GDPR recognizes that the User has several rights, which UNIRISCO as Data Controller is obliged to guarantee the following rights:
- Information: to know if your data is being processed or not.
- Access: to access the personal data object of the treatment.
- Rectification: request a rectification of the data if it is are inaccurate.
- Withdraw consent: request the deletion of the data if it is no longer necessary for the purposes for which it was collected or if you withdraw the consent granted.
- Restrict Processing: request the limitation of the data processing, in some cases, in which case it will only be conserved in accordance with current regulations.
- Portability: the portability of the data, which will be provided in a structured, commonly used or machine-readable format; or they may be sent to the new designated Responsible. It is only valid under certain circumstances.
- Complain: File a claim with the Spanish Data Protection Agency or competent control authority.
In order to facilitate the process, and comply with the principle of accuracy of the data, if any data is modified, the Data Controller appreciates the User communicates that modification.
In order to exercise the aforementioned rights, the User can request a form at email@example.com , or use those provided by the Spanish Data Protection Agency or an authorized third party. These forms must be signed electronically and accompanied by a copy of ID card or passport in force. The user could send these forms by mail or postal mail at the address of the Data Controller indicated at the beginning of this text.
According to the exercised right, UNIRISCO will take a maximum of one month from the date of receipt the request to reply, and two months if the subject is very complex, in which case the User will be previously notified. In any event, UNIRISCO will adopt the necessary measures to preserve the rightful interests of the User.
Processing of third party data
As a general rule, the Data Controller will only process the data provided by its owners. In the event of receiving data from third parties, such Users must first be informed and asked for their consent. UNIRISCO will be exempt from any liability for incompliances with this requirement.
Data of Minors
UNIRISCO will not process data from minors under 14 years of age. Therefore, the User must refrain from providing them if he or she is under that age or, if applicable, from providing data from third parties under that age. UNIRISCO denies any liability due to failure to comply with this requirement by the User.
Security measures we apply
UNIRISCO has adopted an optimal level of information security, adopting the appropriate technical and organizational measures according to the state of technology to avoid the loss, misuse, alteration, unauthorized access or subtraction of Personal Data.
Communication to third parties
UNIRISCO won’t disclosure your personal data to third parties, except in the cases stated below:
- Legal obligation.
- Court injunction
- Public authorities, banks and financial entities for the collection of the provided service.
- Data Processors or Subprocessors in the extent necessary for the provision of the service, whom will have signed a contract for the provision of services that requires them to maintain the same level of privacy as the Data Controller in compliance with the GDPR.
International Transfer of Personal Data
UNIRISCO don´t data transfers outside the European Economic Area.
Conservation of personal data
Personal data will be kept at the UNIRISCO systems while the User are willing to use the services provided by UNIRISCO. Once the User decide to withdraw his/her consent, the data processed for each purpose will be maintained anonymized during the legally stipulated deadlines, including the period in which judicial authorities may request them, taking into account the limitation period for legal actions.
The data processed will be maintained as long as the aforementioned legal deadlines do not expire, if there is a legal maintenance obligation, or if the legal term does not exist, until the interested party requests their suppression or revocation of the consent granted.
UNIRISCO will keep all the information and communications related to the provision of the service, while the guarantees of the products or services last, to attend to possible claims.
UNIRISCO informs you that, as a service provider of data hosting and in accordance to 34/2002 Law, from 11th july, of Information Society Services and E-commerce (LSSI), will retain for a maximum period of 12 months the essential information to identify the origin of the storage data and the starting date of the service provided. This retention aims to compliance with legal obligations which may arise from the relationship with the User.
Modification and updated