Privacy policy
PRIVACY POLICY OF https://insca.com/
This Privacy Policy has been developed in accordance with the provisions of Regulation 2016/679 of the European Parliament and Council of April 27, 2016, concerning the protection of natural persons regarding the processing of personal data and the free movement of such data, hereinafter referred to as the GDPR, as well as Organic Law 3/2018, of December 5, on Data Protection and digital rights (hereinafter, LOPDGDD) and other applicable regulations.
This Privacy Policy aims to inform natural persons who provide their personal data, and/or those of the person they represent, about the specific aspects relating to the processing of their data, the purposes of the processing, contact details for exercising their rights, data retention periods, and security measures, among other things.
WHO IS RESPONSIBLE FOR THE PROCESSING?
In terms of data protection, INSCA TRADEMARK, S.L should be considered the Data Controller concerning the processing of personal data carried out by this entity.
Below are the contact details of the Data Controller:
- Identity of the Controller: INSCA TRADEMARK, S.L
- Tax ID: B12241600
- Physical address: CAMINO DE ALCORA, 34, ALMAZORA, CP 12550 (CASTELLÓN), 12550, ALMAZORA/ALMASSORA, CASTELLÓN
- Email: [email protected]
- Phone: 964 043 004
WHAT PERSONAL DATA DO WE PROCESS?
All information collected by INSCA TRADEMARK, S.L will be processed fairly, lawfully, and transparently.
Furthermore, the data requested in each of the processing activities will consist solely of those strictly necessary to achieve the intended and informed purpose in each case.
Thus, the data collected will be adequate, relevant, and not excessive concerning the purposes for which they are processed in each case. Additionally, your personal data will be collected for specific, explicit, and legitimate purposes, and will not be processed further in a manner incompatible with those purposes. They will also be updated whenever necessary.
Generally, within the framework of the various activities carried out in the organization, the following types of data are collected:
- Identifying data.
WHERE DO THE PERSONAL DATA COME FROM?
As a rule, personal data is always collected directly from the data subject. However, in certain exceptions, data may be collected through third parties, entities, or services other than the data subject.
In this regard, this will be informed to the data subject through the information clauses contained in the different data collection methods and within a reasonable period or during the first communication with the data subject.
FOR WHAT PURPOSE DO WE PROCESS PERSONAL DATA?
Generally, personal data is processed for the following purposes:
- Newsletter: To send information through the provided means about updates, events, news, products, and services related to us or our industry.
- Contact: To respond to information requests received about the products and services we offer, as well as any other type of questions sent by users.
- Quote Request: To manage the sending of the requested quote.
- Catalog Request: To manage the sending of the Woodlook series catalog or any other requested catalog.
- Project: To respond to information requests received regarding the user’s planned project.
- ChatBot: To respond to any other type of questions sent by users through the chat.
- Internal Information System (whistleblowing channel): To process personal data to manage the internal whistleblowing channel or ethical channel, investigate incidents, propose resolution measures, prevent regulatory breaches and correct those already detected, and contribute to the efficiency of the Organization’s operations through the continuous improvement of internal processes for managing and controlling illegal or unethical behavior.
These processing activities do not involve profiling users who browse the web nor automated decisions based on these data.
WHAT IS THE LEGITIMATION FOR THE DATA PROCESSING?
Generally, the consent of the data subject is the legal basis for data processing according to the previously described purposes. This consent is expressed through a declaration or a clear affirmative action, such as ticking a box provided for this purpose, voluntary subscription, or by sending data through forms. This consent can be revoked at any time by contacting the company through its contact means, and generally, we will seek your consent for uses for purposes other than those initially given.
Specifically, for the processing activities indicated below, the following legitimizing bases are used:
- Internal Information System (whistleblowing channel): The purpose of the processing is legitimized by a legal obligation: Law 2/2023, of February 20, regulating the protection of persons who report regulatory breaches and fight against corruption.
HOW LONG DO WE KEEP PERSONAL DATA?
Generally, personal data is processed for the time necessary to fulfill the purpose for which it was collected, while the service is provided or the contractual relationship exists, there is mutual interest, and/or for the time stipulated in the corresponding regulations.
After the criteria of the established time periods are met, the data will be canceled. This cancellation will result in the blocking of the data, being kept only at the disposal of Public Administrations, Judges, and Courts to address potential responsibilities arising from the processing, for the duration of the prescription period. After this period, the information will be destroyed.
Specifically, for the processing activities indicated below, the data will be kept for the following periods:
- Internal Information System (whistleblowing channel): Data will be kept as long as necessary to fulfill the purpose for which it was collected. In any case, three months after the data entry, it will be deleted from the whistleblowing system unless the purpose of keeping it is to leave evidence of the functioning of the crime prevention model by the legal entity. After the mentioned period, the data may continue to be processed by the body responsible for investigating the reported facts, but they will not be kept in the internal whistleblowing system.
WHO DO WE SHARE PERSONAL DATA WITH?
To fulfill the aforementioned purposes, personal data may be shared with:
- Group companies.
- Internal Information System (whistleblowing channel): Data will be kept as long as necessary to fulfill the purpose for which it was collected. In any case, three months after the data entry, it will be deleted from the whistleblowing system unless the purpose of keeping it is to leave evidence of the functioning of the crime prevention model by the legal entity. After the mentioned period, the data may continue to be processed by the body responsible for investigating the reported facts, but they will not be kept in the internal whistleblowing system.
WHAT RIGHTS CAN YOU EXERCISE?
According to European regulations, you have the following rights:
- Right of Access: The right to request information from the data controller about whether your personal data is being processed.
- Right of Rectification: The right to request the modification of inaccurate or incomplete data.
- Right of Opposition: The right to object to the processing of your personal data or to cease it.
- Right of Automated Individual Decisions: The right not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects concerning you or significantly affects you in a similar way.
- Right to Restriction: The right to suspend the processing of your personal data in certain cases.
- Right to Erasure or Forgetting: The right to the deletion of your personal data.
- Right to Portability: The right to request that the data controller provide your personal data in a structured and clear format to another controller.
- Right to lodge a complaint with the competent supervisory authority if you believe that the processing does not comply with the current regulations.
HOW TO EXERCISE YOUR RIGHTS?
You can exercise your rights through the following means:
- Email to [email protected].
- Postal mail to CAMINO DE ALCORA, 34, ALMAZORA, CP 12550 (CASTELLÓN), 12550, ALMAZORA/ALMASSORA, CASTELLÓN.
In both cases, if necessary, documentation may be required to verify the identity of the requester.
In any case, you can request the protection of the Spanish Data Protection Agency through its website.
Your request will be addressed as soon as possible, considering the timeframes stipulated in the data protection regulations.
WHAT COULD BE THE CONSEQUENCES OF NOT PROVIDING INFORMATION?
The data requested in the fields marked with an asterisk or identified as mandatory, or those provided through the means where the information is provided, are those strictly necessary in relation to the purpose for which they are collected, or to provide optimal service to the data subject, or due to a legal obligation imposed on the data controller or a requirement necessary to subscribe to a contract. Including data in the remaining fields is voluntary.
If not all data is provided, it is not guaranteed that the information and services provided will fully meet your needs.
Therefore, if the required data is not provided or is incorrect or incomplete, your request cannot be processed, making it impossible to provide the requested information or carry out the service contract.
Similarly, the user guarantees that the information provided in any forms is truthful, accurate, and corresponds to their own data.
WHAT SECURITY MEASURES HAVE WE IMPLEMENTED?
The security measures adopted by INSCA TRADEMARK, S.L are those required in accordance with the provisions of Article 32 of the GDPR.
In this regard, considering the state of the art, implementation costs, and the nature, scope, context, and purposes of the processing, as well as the varying risks of probability and severity for the rights and freedoms of natural persons, appropriate technical and organizational measures have been established to ensure a level of security appropriate to the risk.
In any case, INSCA TRADEMARK, S.L has implemented sufficient mechanisms to:
- Ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services.
- Restore the availability and access to personal data promptly in the event of a physical