IEDISA Privacy Statement
Version May 24, 2018
This privacy statement explains how IEDISA handles the personal data that we collect for the performance of our services. IEDISA respects your privacy and is committed to protecting and handling your personal data with the greatest care.
1. Which data does IEDISA collect?
IEDISA collects and processes only the personal data you provided:
Ex: your name, job title, contact information, …
The provision of specific data can be required to use our products and services. This will be shown when the information is requested.
2. For which purposes will your data be processed?
IEDISA collects and uses your personal data:
To provide information and reply to your questions; and provide products and services that you demand. And for legal issues (invoices,..)
3. Legal basis for processing personal data
IEDISA processes your personal data to provide our products and services to you, and to comply with legal obligations.
Where we process your personal data on the basis of your consent, you may withdraw your consent at any time by following the specific instructions in relation to the processing for which you provided your consent, by contacting us.
Where we process your personal data for a purpose other than that for which we collected it initially (and we rely on a legal basis other than consent or complying with legal obligations for this new purpose), we will ascertain whether processing for this new purpose is compatible with the purpose for which the personal data was initially collected.
4. How does IEDISA obtain data?
We obtain personal information about you when you apply for one of our services thereby answering questions we ask you.
5. Who has access to your data?
In view of the purposes mentioned above, or in the context of its service provision IEDISA WILL NOT share, pass on or in any other way make accessible your personal data to other service providers or third parties.
We have an authorisation policy for our systems, so that persons only have access to your data in so far as this is necessary for the performance of their tasks and within the framework of the purposes mentioned. All these individuals and organisations have agreed to treat your data confidentially and with the greatest care.
We are an international company, so outside the European Economic Area, IEDISA will use European Commission approved mechanisms, such as the Privacy Shield certification, and Standard Contractual Clauses as safeguards, such as the “(EU-)controller to (Non-EU/EEA-)controller” Decision 2004/915//EC(see Article 46 GDPR). If you wish to receive a copy of these safeguards, please contact us.
IEDISA shall implement appropriate technical and organisational measures to ensure an appropriate level of security against unlawful use, unauthorised access, alteration or unlawful destruction of your personal data.
7. Retention Period
IEDISA retains your personal data as long as necessary in view of the purposes set out above, or as long as prescribed by law. IEDISA will delete this data when requested by you in accordance with Section 9 “Your rights”.
9. Your rights
You may contact our Privacy Office (please see below) to exercise any of the rights you are granted under applicable data protection laws, which includes (9.1) the right to access your data, (9.2) to rectify them, (9.3) to erase them, (9.4) to restrict the processing of your data, (9.5) the right to data portability and (9.6) the right to object to processing.
1. Right to access
You may ask us whether or not we process any of your personal data and, if so, receive access to that data in the form of a copy. When complying with an access request, we will also provide you with additional information, such as the purposes of the processing, the categories of personal data concerned as well as any other information necessary for you to exercise the essence of this right.
2. Right to rectification
You have the right to have your data rectified in case of inaccuracy or incompleteness. Upon request, we will correct inaccurate personal data about you and, taking into account the purposes of the processing, complete incomplete personal data, which may include the provision of a supplementary statement.
3. Right to erasure
You also have the right to have your personal data erased, which means the deletion of your data by us and, where possible, any other controller to whom your data has previously been made public by us. Erasure of your personal data only occurs in certain cases, prescribed by law and listed under article 17 of the General Data Protection Regulation (GDPR). This includes situations where your personal data is no longer necessary in relation to the initial purposes for which it was processed as well as situations where it was processed unlawfully. Due to the way we maintain certain services, it may take some time before backup copies are erased.
4. Right to restriction of processing
You have the right to obtain the restriction of the processing of your personal data, which means that we suspend the processing of your data for a certain period of time. Circumstances which may give rise to this right include situations where the accuracy of your personal data was contested but some time is needed for us to verify its (in)accuracy. This right does not prevent us from continuing to store your personal data. We will inform you before the restriction is lifted.
5. Right to data portability
Your right to data portability entails that you may request us to provide you with your personal data in a structured, commonly used and machine-readable format and to have such data transmitted directly to another controller, where technically feasible. Upon request and where this is technically feasible we will transmit your personal data directly to the other controller.
6. Right to object.
10. How we look after this policy
If you have any questions regarding this policy or the processing of your personal data, please contact us:
Headquarters | Polg Ind Poliviso. C / Carpinteros, 25. EL VISO DEL ALCOR, 41520 Seville, Spain.