Privacy Policy

Privacy Policy

 

DISTRIBUIDORA INTERNACIONAL CARMEN, S.A.U, (hereinafter called as DICSA) considers as a basic objective to ensure the privacy and confidentiality of the personal data of Users collected through any system, which allows for the transmission of data and declares its commitment to comply with the regulations established on personal data protection; General Regulation for Data Protection ((UE) Regulation 2016/679 of the European Parliament and Council, of 27 April 2016, on the protection of individuals with regards to the processing of personal data and the free movement of such data and repealing Regulation 95/46/CE). In this respect, you are informed the following aspects:

 

1. Data controller

Distribuidora Internacional Carmen, S.A.U,

Legal head office:C/ Virgen del Buen Acuerdo s/n. Pol. Ind. Alcalde Caballero. 50015 Saragossa, Spain

Email: lopd@dicsaes.com

Phone: +34 976 46 41 06

Tax ID Number: A50081546

Registry Data: Registered at the Zaragoza Mercantile Register, Volume 1498, Book 0, Section 8º, sheet 182, pag number Z-11134, Inscription 5th. Date: 24-11-2001.

 

 

2. Data security

DICSA guarantees the adoption of the necessary technical and organisational measures to maintain the confidentiality, integrity and security of personal data and to prevent its loss, alteration, unauthorised access or processing, taking into account the state of technology and the nature of the data stored, being aware that Internet security is not impregnable.


3. The purpose of processing the data provided

The collection and automated treatment of the Personal Data in DICSA have the purpose of: 


- Maintenance of the contractual relationship established with the owner of the data and DICSA.


- The execution, maintenance and management of any actions between the owner of the data and Dicsa: commercial, administrative, accounting, employment, marketing, human resources, or any other service which the owner of the Data may request of DICSA, in order to be able to manage the commercial or the labor relationship established with DICSA and for maintenance purposes of reported the data to DICSA and that govern the contractual relationship between both parties.

- Dispose the applicant data that choose to take part of the selection process promoted by DICSA.


The sending of technical, operational, publicity and promotional information regarding the products provided by DICSA, ensure that has given its consent to this or there is a prior contractual relation, provided that the provider shall have legally obtained the contact details of the recipient and used them to send commercial communications referring to products or services of its company that are similar to those initially at issue in the contract between provider and customer. (Article 21.2 of Act 34/2002 of 11 July on Information Society Services and Electronic Commerce).

 

In case data will be used for any other purposes than those for which they have been collected.



4. Duty of disclosure and affected person´s consent


Data requests will be incorporated into the liability treatment system of DICSA, and that they will be dealt with the purpose and legal basis established in the enclosed clause of each form existing to the effect, as well as an appropriate level of protection, according to General Data Protection Regulation.

 

Accordingly, web sections where we gather personal data are:

 

·        Contact form (http://www.dicsaes.com/portal/ebusiness/ecommerce/form/contactar.html) with the purpose of contact and to be able to follow-up your request and sending commercial information if you have given your permission.

·    Forms for requesting platform digital access, in order to generate user accounts and to facilitate access to content and services published on the platform.

·        Form “work with us”is worked out with the aim to collect applicant data that want to participate in our selection process.

 

In both cases, the legitimacy of data processing is based on the interested party's consent, by submitting your personal data, once the supply conditions have been accepted and have been ticked the corresponded boxes.

 

If it has been requested your consent to the processing of personal data (as is the case of commercial information) we inform you that you may retire contact details at any time.

 

 

5. Data retention

 

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, once accomplished the purpose for which they were collected, the data will be automatically cancelled. Such cancellation leads to the data being blocked and maintained solely at the disposal of the public administrations, judges and the courts, for the purpose of determining any liability arising from the processing, and for the duration of such liability. Once this period is over, your personal details will be deleted.

For information, the follow up provides the legal deadlines of storing of information, in relation of different matters:

 

DOCUMENT

PERIOD

LEGAL FRAMEWORK

Documentation concerning employment or social security

4 years

Article 21 of Royal Legislative Decree 5/2000, of 4 August, approving the revised text of Law on Social Order Infractions and Sanctions

Legal and accountancy documentation for mercantile purposes

6 years

Art. 30 of the Commercial Code

Legal and accountancy documentation for tax purposes

4 years

Articles 66 and 70 General Tax Law

CV Database (applicants)

2 years

Non applicable

Data to contact persons

Request removal

Non applicable

 

 



6. Transfer of Data


We share your data with service providers that help us or providing support (controllers and processors of data), with which has been signed the prescriptive contract according to the terms of Article 28 of EU GDPR (General Data Protection Regulation) .

 

Apart from these cases, DICSA will not disclose their personal data to third parties unless this information is necessary for the compliance with one of the purposes directly related to the legitimate functions of the grantor and the grantee, or unless the owner has given his consent to that effect, or unless the cession is authorized by a law.



7. Data subject rights

 

The applicable laws for data protection give certain rights to holders of the data. You have the right to:

 

•           Right of Access: User has the right to obtain information on his/her personal data are being subject to treatment, the purpose for which data are processed, the categories of data collected, the recipients or categories of recipients, the retention period and data source.

 

•           Right of rectification: The data subject shall have the right to obtain from the data controller the rectification without delay of inaccurate or incomplete personal data.

 

•           Right to have data blocked: The data subject shall have the right to obtain from the data controller the blocking of data:

•          When the data subject withdraw consent to treatment

•          If the data subject opposed to treatment

•         The personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject

•         The personal data have been collected in relation to the offer of information society services referred to in Article 8 (1) EU GDPR

 

•           The right to object: Right object against their processing is based on the data subject's consent.

 

•           Right to restrict processing: The data subject shall have the right to obtain from the controller restriction of processing in the following circumstances:

 

•         The accuracy of the data is contested (for a period to enable the controller verify the accuracy.

•         The processing is unlawful and the data subject objects to the erasure of the data and requests restrictions of their use instead.

•         The controller no longer requires the data for their purposes but the data subject require them for the establishment, exercise or defence of legal claims.

•       The data subject has objected to processing based on the grounds of legitimate interests or tasks carried out in the public interest under official authority, pending verification.

 

•           The right of portability: The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided:

•           Where the processing is based on the individual’s consent or for the performance of a contract

•           When processing is carried out by automated means

 

•           Right to lodge a complaint with a supervisory authority



Data subjects can exercise the rights mentioned, by contacting DICSA in the following address in writing: C/ Virgen del Buen Acuerdo s/n. Pol. Ind. Alcalde Caballero. 50015 Zaragoza or by contacting us through the following email address: lopd@dicsaes.com, attaching in all the cases, a copy of a valid identity card or any other legally valid means.