PRIVACY AND DATA PROTECTION POLICY
Abanza (hereafter also referred to as the Website) commits to adopting the necessary technical and organizational measures, according to the appropriate level of security for the risk of the data collected, in compliance with current legislation.
Laws included in this privacy policy:
This privacy policy is adapted to current Spanish and European regulations regarding the protection of personal data on the internet. Specifically, it respects the following rules:
Identity of the entity responsible for processing personal data:
ABANZA Tecnomed, S.L., a Spanish company, with registered office at C/ Nueva 8-11 and VAT ID B71173397, established indefinitely by deed authorized on February 13, 2014, before the Notary of Pamplona, Ms. María Pilar Chocarro Ucar, with number 176 of her protocol and registered in the Commercial Register of Navarra, Volume 1707, Sheet NA-33866, Entry 1. Duly represented by Mr. Juan Abascal Azanza. Contact details are as follows:
Address: Calle Nueva (mutilva/mutiloa), 8 – OF 5, Aranguren, 31192, Navarra
Contact phone: 948 04 46 43
Contact email: contact@abanzamed.com
Registration of Personal Data:
In compliance with the GDPR and LOPD-GDD, we inform you that the personal data collected by Abanza, through forms extended on its pages, will be incorporated and processed in our files in order to facilitate, expedite and fulfill the commitments established between Abanza and the User or the maintenance of the relationship established in the forms filled out by the latter, or to respond to a request or query. Also, in accordance with the GDPR and LOPD-GDD, unless the exception provided for in Article 30.5 of the GDPR applies, a record of processing activities is maintained that specifies, according to its purposes, the processing activities carried out and other circumstances established in the GDPR.
Principles applicable to the processing of personal data:
The processing of the User's personal data will be subject to the following principles collected in Article 5 of the GDPR and in Article 4 and subsequent of the Organic Law 3/2018, of December 5, on Personal Data Protection and guarantee of digital rights:
Categories of personal data:
The categories of data processed at Abanza are only identifying data. In no case are special categories of personal data processed within the meaning of Article 9 of the GDPR.
Legal basis for the processing of personal data:
The legal basis for the processing of personal data is consent. Abanza commits to obtaining the express and verifiable consent of the User for the processing of their personal data for one or several specific purposes.
The User will have the right to withdraw their consent at any time. It will be as easy to withdraw consent as to give it. As a general rule, the withdrawal of consent will not condition the use of the Website.
On occasions where the User may or must provide their data through forms to make inquiries, request information or for reasons related to the content of the Website, they will be informed if the completion of any of them is mandatory because they are essential for the proper development of the operation performed.
Purposes of the processing for which the personal data are intended
Personal data is collected and managed by Abanza for the purpose of facilitating, expediting, and fulfilling the commitments established between the Website and the User or the maintenance of the relationship established in the forms filled out by the latter or to attend a request or inquiry.
Likewise, the data may be used for a commercial purpose of personalization, operational and statistical, and activities of the corporate purpose of Abanza, as well as for the extraction, data storage, and marketing studies to adapt the Content offered to the User, as well as to improve the quality, functioning, and navigation of the Website.
At the moment personal data is obtained, the User will be informed about the specific purpose or purposes of the processing to which the personal data will be destined; that is, the use or uses that will be given to the collected information.
Periods for retaining personal data
Personal data will only be retained for the minimum time necessary for the purposes of their processing and, in any case, only for the following period: 12 months, or until the User requests its deletion.
At the moment personal data is obtained, the User will be informed about the period during which the personal data will be kept, or when that is not possible, the criteria used to determine this period.
Recipients of personal data
The User's personal data will not be shared with third parties.
In any case, at the moment personal data is obtained, the User will be informed about the recipients or categories of recipients of the personal data.
Personal data of minors
Respecting the stipulations of articles 8 of the GDPR and 7 of the Organic Law 3/2018, of December 5, on Personal Data Protection and guarantee of digital rights, only those over 14 years of age may give their consent for the lawful processing of their personal data by Abanza. If it is a minor under 14 years, the consent of the parents or guardians for the processing is required, and this will only be considered lawful to the extent that they have authorized it.
Secrecy and security of personal data
Abanza commits to adopting the necessary technical and organizational measures, according to the appropriate level of security to the risk of the data collected, so as to guarantee the security of personal data and avoid their accidental or unlawful destruction, loss or alteration, or the unauthorized communication of or access to such data.
The Website has an SSL certificate (Secure Socket Layer), which ensures that personal data is transmitted securely and confidentially, as the transmission of data between the server and the User, and in feedback, is fully encrypted or encrypted.
However, because Abanza cannot guarantee the impregnability of the internet nor the absence of hackers or others fraudulently accessing personal data, the Data Controller commits to inform the User without undue delay when a violation of the security of personal data that is likely to entail a high risk to the rights and freedoms of natural persons occurs. Following the stipulations of article 4 of the GDPR, a violation of the security of personal data is understood to be any violation of security leading to the accidental or unlawful destruction, loss, or alteration of personal data transmitted, stored, or otherwise processed, or the unauthorized communication of or access to such data.
Personal data will be treated as confidential by the Data Controller, who commits to informing and guaranteeing through a legal or contractual obligation that such confidentiality is respected by its employees, associates, and any person to whom the information is made accessible.
Rights derived from the processing of personal data
The User has over Abanza and may, therefore, exercise against the Data Controller the following rights recognized in the GDPR and the Organic Law 3/2018, of December 5, on Personal Data Protection and guarantee of digital rights:
Therefore, the User may exercise their rights through written communication directed to the Data Controller with the reference "GDPR-abanzamed.com", specifying:
Name, surname of the User, and a copy of the ID. In cases where representation is admitted, the identification by the same means of the person representing the User, as well as the document accrediting the representation, will also be necessary. The photocopy of the ID can be replaced by any other legally valid means that proves identity.Request with specific reasons for the request or information to which access is wanted.Address for notification purposes.Date and signature of the applicant.Any document that proves the request being made.This request and any other attached document can be sent to the following address and/or email:
Postal address: Calle Nueva (mutilva/mutiloa), 8 – OF 5, Aranguren, 31192, Navarra
Email: contact@abanzamed.comLinks to third-party websites
The Website may include hyperlinks or links that allow access to web pages of third parties other than Abanza, and therefore not operated by Abanza. The owners of such websites will have their own data protection policies, being themselves, in each case, responsible for their own files and their own privacy practices.
Complaints to the supervisory authority
In case the User considers that there is a problem or infringement of the current regulations in the way their personal data are being processed, they have the right to effective judicial protection and to lodge a complaint with a supervisory authority, in particular, in the State in which they have their habitual residence, place of work, or place of the alleged infringement. In the case of Spain, the supervisory authority is the Spanish Data Protection Agency (http://www.agpd.es).
ACCEPTANCE AND CHANGES TO THIS PRIVACY POLICY
It is necessary for the User to have read and agreed with the conditions on the protection of personal data contained in this Privacy Policy, as well as to accept the processing of their personal data so that the Data Controller can proceed with it in the form, during the periods, and for the purposes indicated. The use of the Website will imply the acceptance of the Website's Privacy Policy.
Abanza reserves the right to modify its Privacy Policy, according to its own criteria, or motivated by a legislative, jurisprudential, or doctrinal change of the Spanish Data Protection Agency. Changes or updates to this Privacy Policy will not be explicitly notified to the User. It is recommended that the User consult this page periodically to be aware of the latest changes or updates.
This Privacy Policy was updated to comply with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR) and the Organic Law 3/2018, of December 5, on Personal Data Protection and guarantee of digital rights.
Extended privacy statement
WHO IS RESPONSIBLE FOR THE PROCESSING OF YOUR DATA?Name: ABANZA TECNOMED SLTax ID (C.I.F./N.I.F.): B71173397Registered Office: Calle Nueva 29, 31192 Mutilva (Navarra)Phone: 948044643Email: contact@abanzamed.com
Purpose of Processing Your Personal Data
In accordance with the provisions of the EU Regulation 679/2016 and the Organic Law 3/2018 of December 5 on personal data protection and guarantee of digital rights, we inform you that the personal data you provide us and those generated during your relationship with us are processed for the following purposes:
How Long Will We Keep Your Data?
The personal data provided will be retained as long as their deletion is not requested by the interested party or their legal representative, and as long as they are necessary - including the need to keep them during the applicable limitation periods - or pertinent for the purpose for which they were collected or recorded.
Data retention will be conditioned to the legal obligation that ABANZA TECNOMED SL has to keep them. Once those periods have passed, the data will be destroyed or deleted, ensuring that the information contained on the media is not recoverable.
Legitimization
The legal basis for processing your data is the consent given by the interested party, obtained expressly and unequivocally through the completion and, where appropriate, sending of the paper or electronic forms in which your data are collected. Consent is expressly manifested by the signature of the interested party or the sending of the forms available on the website.
Processing necessary for the performance of a contract or the provision of a service to the interested parties, in which they are a party, or for the application at their request of pre-contractual measures (Art. 6.1.a and b GDPR), is also a cause of legitimization.
ABANZA TECNOMED SL is also entitled to process your data to comply with legal obligations and to satisfy legitimate interests, provided these do not override the interests or fundamental rights of the interested parties.
Recipients of Your Data
Your data will not be transferred to any entity without your consent, except for legally provided transfers. Consent will be expressly requested for the transfer of your data to any other entity.
As a result of managing the authorized purposes, your data may be communicated to entities or persons directly related to ABANZA TECNOMED SL and the services it provides. Also, your personal information will be available to public administrations, judges, and courts for the attention of possible liabilities arising from the processing, provided these transfers are covered by law.
Your data may also be transferred to companies providing us with advisory, IT maintenance, marketing, training, or auditing services. These entities only have access to the personal information necessary to perform such services, being required through a "data processing assignment contract" to maintain confidentiality, not use the information for other purposes, and adopt measures to ensure the integrity and availability of the information.
International data transfers outside the European Union space or to entities that do not meet the data protection standards established by the EU Regulation 679/2016 are not anticipated.
Origin of Your Data
The personal data processed by ABANZA TECNOMED SL are provided by the interested party or obtained from publicly accessible sources.
Categories of Data Processed
ABANZA TECNOMED SL will process the data you supply, which may include the following categories:
Your Rights
Any person has the right to obtain confirmation on whether ABANZA TECNOMED SL is processing personal data concerning them.
Interested parties have the right to access their personal data, as well as to request the rectification of inaccurate data or, where appropriate, request its deletion when, among other reasons, the data are no longer necessary for the purposes for which they were collected.
Under certain circumstances and for reasons related to their particular situation, interested parties may oppose the processing of their data. ABANZA TECNOMED SL will stop processing the data, except for compelling legitimate reasons, or the exercise or defense of possible claims.
Also, under certain circumstances provided for in Article 18 GDPR, interested parties may request the limitation of the processing of their data, in which case ABANZA TECNOMED SL will only process them, with the exception of their conservation, with the consent of the interested party or for the formulation, exercise, or defense of claims, or with a view to protecting the rights
Under certain circumstances, as stipulated in Article 18 GDPR, interested parties may request the restriction of processing of their data. In such cases, ABANZA TECNOMED SL will process the data, except for their storage, with the consent of the interested party or for the establishment, exercise, or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or a particular Member State.
If applicable, as a result of exercising the right to erasure or opposition to processing of personal data in the online environment, interested parties have the right to be forgotten in accordance with the jurisprudence of the Court of Justice of the EU.
By virtue of the right to data portability, interested parties have the right to receive their personal data, which they have provided to a data controller, in a structured, commonly used, and machine-readable format, and have the right to transmit those data to another controller without hindrance.
Every interested person has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her, except for the exceptions provided in Article 22(1) GDPR.
Interested parties have the right to the erasure of their data due to the disappearance of the purpose that motivated the processing or collection, revocation of consent when it is the basis for legitimizing the processing, or for other reasons contained in Article 17 GDPR. The erasure will be carried out by performing high-level deletion of the data contained in automated supports and the physical destruction of non-automated supports.
How Can Rights Be Exercised?
Rights can be exercised through a written request always accompanied by a copy of the ID or another document that proves the identity of the interested party, addressed to the addresses specified in the header.
What Means of Complaint Are Available?
If you believe that your rights have not been adequately addressed, you have the right to file a complaint with the Spanish Data Protection Agency (Agencia Española de Protección de Datos, AEPD), whose contact details are: Telephone numbers: 901 100 099 / 91.266.35.17, Postal address: C/ Jorge Juan, 6, Madrid.