PROTECTION OF PERSONAL DATA
ACISA adopts the necessary measures to ensure the security, integrity and confidentiality of its data according to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and for all other matters by Organic Law 3/2018 of 5 December on the Protection of Personal Data and guarantee of digital rights and Law 34/2002 of 11 July on Information Society Services and Electronic Commerce.
PERSONAL DATA CONTROLLER
The entity responsible for processing the personal data provided by the user when accessing and using the website is AERONAVAL DE CONST. E INST. S.A., (hereinafter ACISA), the data controller, with Tax ID: A28526275, registered office at C/ Bahía de Pollensa 13 – 28042 – Madrid, registered in the Madrid companies registry, Book 4959, page 75, Sheet 392 47, 1st entry, telephone +34 913819220.
Data Officer contact: DPD@aldesa.es
ACISA pledges to apply the computer security measures set out in the aforementioned regulations to prevent access to or improper use of the data, its manipulation, deterioration, or loss.
DURATION OF DATA STORAGE
Your personal data will be kept for the time necessary to fulfil the purpose for which they were collected. If your data is used for several purposes that require us to keep it for different periods of time, we will apply the longest retention period.
In any case, we limit access to your data only to those who need to use it to perform their duties.
Our data retention periods are based on business needs, so access to personal data that is no longer needed will be strictly limited to compliance with legal obligations or they will be securely destroyed.
Marketing purposes: we will retain your data for marketing purposes for two years from the date we last obtained your permission to send you marketing communications unless you opt-out of such marketing communications by revoking your consent.
Contractual purposes: with respect to the use of your data to manage any contractual obligation we have with you, we will retain such data for the duration of the contract and for ten years thereafter, in order to respond to any subsequent inquiries or complaints.
Purposes related to compliance with legal and regulatory obligations: certain data must be maintained for the periods required by specific regulations (tax, commercial, money laundering, etc.).
PURPOSES OF DATA PROCESSING
Automated and non-automated operations, processes, and technical procedures to collect, store, modify, and transfer personal data are considered forms of personal data processing.
At ACISA, we process the personal data provided by the user through www.acisa.es to include this data in our contact agenda, manage the requested business relationship, and we use this information as a means of contact with the company. Processing this data also involves sending any requested information and responding to queries or questions sent by the user through the website, providing interested parties with offers of services that are of interest to them.
The fields in the form must be filled in so that ACISA can comply with the purposes mentioned above.
The user may object to receiving commercial communications at any time by sending an email to the address indicated above.
LEGITIMACY FOR DATA PROCESSING
The use of your data under the conditions described above is permitted by European and Spanish data protection regulations according to the following legal bases:
- You have given your consent (you have been presented with a consent form to authorise the processing of your data for certain purposes, which you may revoke at any time);
- Your data needs to be processed to manage and maintain a contract signed with you;
- Your data needs to be processed to comply with our legal obligations;
- We use your data in response to a legitimate interest and our reasons for doing so outweigh the potential harm to your data protection rights;
There may be purposes that are permitted under other legal bases; in such cases, we will make every effort to identify the legal basis in question and communicate it to you as soon as we become aware of its existence.
HOW DO WE PROTECT YOUR DATA?
We use several security measures to ensure the protection, security, integrity, and availability of your data.
Although it is not possible to guarantee absolute protection against intrusion when transmitting data over the Internet or from a website, we and our subcontractors and business partners make every effort to maintain physical, electronic, and procedural safeguards to ensure the protection of your data according to the relevant legal requirements. The measures we use include the following:
- We limit access to your data only to those who need to do so for the tasks they perform;
- As a general rule, we transfer the collected data in encrypted format;
- We only store the most sensitive data (such as credit card data) in encrypted format;
- We have installed perimeter protection systems for IT infrastructures (firewalls) to prevent unauthorised access (by hackers for example), and regularly monitor access to IT systems to detect and stop any misuse of personal data.
Where we have given you (or where you have chosen) a password that enables you to access certain parts of our websites or any other portal, application, or service under our control, you are responsible for maintaining the secrecy of the password and for complying with any other security procedures that we notify you of. You will not be able to share your password with anyone.
HOW DO WE OBTAIN YOUR PERSONAL DATA?
We collect your personal data on several occasions:
- Each time you contact us directly, for example, through www.ACISAgroup.com or through our customer service hotlines, to request information about our products and services.
- When you purchase a product or service.
- When you participate in our marketing campaigns, for example, by filling out a response card or participating in a promotion that requires you to complete an on-line form with your personal data.
Our products and services, as well as promotional campaigns, are mostly targeted and designed for adults. In this regard, we will only collect and process your personal data if you are at least 14 years old. We reserve the right to verify the age of people providing personal data. Data of anyone under the age of 14 will be deleted.
We would appreciate your help in keeping your personal information up to date by informing us of any changes in your contact details or preferences.
The personal data collected will not be used for profiling or automated decision making.
WHAT INFORMATION CAN WE OBTAIN ABOUT YOU?
- Contact details
- name, address, telephone, email
- information you provide about your preferences, for example, the type of products.
- use of the web and communications
- sales information
- information about purchases made on the website, as well as complaints and claims
Customer service, promotions, and advertising – to respond to inquiries and present offers and new products
We collect your contact information, preference information and web usage and communications data; we may also use sales and service information that you have provided through the website to determine what offers and news may be of most interest to you and to contact you about these offers based on your marketing preferences.
Promotional and advertising processes are only carried out when you have consented to them.
Fulfilment of legal and regulatory obligations – to fulfil our legal obligations to comply with requests for information from judicial bodies, regulatory and supervisory agencies, and law enforcement agencies.
All data controllers are subject to the laws of the countries in which they operate and must comply with them. These obligations include the provision, in certain circumstances, of personal data to judicial bodies, regulatory or supervisory bodies and law enforcement agencies. These data processing operations are based on the existence of a legal obligation to collaborate with such organisations.
We use various service providers to offer the products and services mentioned above.
Although it is not possible to guarantee absolute protection against intrusion when transmitting data over the Internet or from a website, we and our subcontractors and business partners make every effort to maintain physical, electronic, and procedural safeguards to ensure the protection of your data according to the relevant legal requirements.
All your data is stored on secure servers (or secure physical copies) owned by us or our subcontractors or business partners, and our security criteria and policies (or our subcontractors or business partners equivalent policies) apply to the access and use of your data.
We inform you that, as a general rule, international transfers outside the European Economic Area (EEA) are not carried out. If data is transferred outside the EEA, THE ORGANISATION shall have the appropriate guarantees for such a data transfer in accordance with the requirements established by the General Data Protection Regulation.
On the other hand, only third parties with whom ACISA has a legal or contractual obligation to provide the data to, including, for example, the Ombudsman and Judges and Courts interested in the proceedings related to the claims filed, will have the right to access this personal data.
Under the terms established in current legislation, the user may exercise their rights to access, modify or delete their data, to limit the processing of their data or oppose to it, to request the portability of their data, and to revoke the consent given, at any time. These rights are recognised in the aforementioned European Regulation (GDPR). The user may exercise these rights by contacting:
To exercise these rights, the user must prove their identity by providing their name and surname, a photocopy of their ID card or equivalent identification document. The user should detail their request, provide an address for notification purposes, and sign and date the request.
Likewise, the user may complain to the Spanish Data Protection Agency, especially when they are not satisfied that their rights have been upheld, by writing to the agency at C/ Jorge Juan, No. 6, 28001 – Madrid, or through the website: https://www.agpd.es