Data protection policy

This is the data protection policy of PUBLICIDAD PERMANYER SL. It refers to the data it processes in the exercise of its editorial activities in compliance with the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and the Council, of 27 April 2016).

Who is the data controller?
The data controller is PUBLICIDAD PERMANYER SL (hereinafter PUBLICIDAD PERMANYER), with VAT No B08327512, domiciled at calle Mallorca, 310, 08037 Barcelona, telephone 93 207 5920, e-mail permanyer@permanyer.com, www.permanyer.com. Entity registered in the Companies Registry Office of Barcelona, volume 8.730, folio 219, page 72.874.

Who is the Data Protection Officer?
The Data Protection Officer (DPO) is the person who supervises the compliance of the data protection policy of PUBLICIDAD PERMANYER, guaranteeing that the personal data are adequately processed and that the persons’ rights are protected. One of his/her functions is to answer to any doubt, suggestion, claim or complaint of the data subjects. You may contact the Data Protection Officer, by sending a letter to Calle Mallorca 310, 08037 Barcelona, telephone 93 207 59 20 or by email at dpd@permanyer.com.

With what purpose we process the data?
At PUBLICIDAD PERMANYER we process the personal data for the following purposes. Contact.

To answer the consultations of the persons who contact us by means of the contact forms of our webpage. We use them only for this purpose.

Telephone support.

To answer the call of the persons who contact us by phone. To offer more quality in the service, the conversations may be registered, the person with whom we are communicating being previously informed.

Selection of personal.

Receipt of curricula vitae addressed to us by people interested in working with us and management of the personal data generated due to the participation in personal selection processes, with the purpose of analysing the adequacy of the applicants’ profiles according to the vacancies or newly created positions. Our criterion corresponds to storing for a maximum period of one year also the data of persons who are not hired, given that a new vacancy or a new position may occur in the short term. However, in this case, we delete the data if it is so requested by the applicant.

Service to customers.

To register the new customers and the additional data that may be generated as a result of a commercial relationship with the customers. When the customers contract our services, indispensable data is requested, in particular bank data (number of current account and of the credit card) which will be disclosed to bank entities which manage the collection of amounts (they can only use them for this purpose). The commercial relationship and the provision of services involve other types of processing, such as incorporating the data into the accounting and the invoicing systems or the information to the tax administration. The subscription of our publications involves a data processing according to what is mentioned in this section.

Information of our products and services.

In the contractual relationship with its customers, PUBLICIDAD PERMANYER SL uses their contact data to transmit information related with this relationship, information which can incidentally include references to our products or services, either of a general nature or concerning more specifically the customer’s characteristics and needs.

Subscribers.

We register the data of our subscribers with the purpose of managing the publication subscriptions which are made, renewed or cancelled. In the context of the contractual relationship, the data can be disclosed to the Tax Administration and to bank entities with the purposes of collecting fees.

Other information of products and services.

With the explicit authorisation of the customers, after the end of the contractual relationship, the contact data is stored to send advertising concerning our services or products and information of a general or specific nature according to the customer’s characteristics. This information is sent to those who, in spite of not having been a customer, ask us or accept it by filling in our forms.

Management of our suppliers’ data.

We register and process the data of the suppliers from which we have obtained services or goods. This data may concern natural or legal persons. We obtain the indispensable data to maintain a commercial relationship, the data is used solely for this purpose and we use the data appropriately according to this type of relationship.

Video surveillance.

When a person accesses our facilities, he/she is informed, if applicable, of the existence of video surveillance cameras through approved signs. The cameras record only images of areas where it is justified to ensure security both of property and persons; the images are used solely with this purpose.

Users of our web.

The navigation system and the software which allows the operation of our web collect the data which is ordinarily generated in the use of Internet protocols. This category of data includes, among others, the IP address and the domain name of the computer used by the person who connects to the website. This information is not associated with specific users and it is used for the exclusive purpose of obtaining statistical information on the use of the website. Our web does not use cookies which would allow for the identification of specific persons using the website. The sole purpose of use of cookies is to collect technical information to facilitate the accessibility and the efficient use of the website.

Other channels for the obtaining of data.

We also obtain data in result of face-to-face relationships and other channels such as email or through our profiles on social media. In all cases the data is only used for explicit purposes which justify its collection and processing.

What is the legal ground for the data processing?
The various types of data processing that we carry out have different legal grounds according to their specific nature.

In case of a precontractual relationship. This is the case of data of potential customers or suppliers with which we have relationships prior to the formalisation of a contractual relationship, for example in the case of the drawing up of studies or estimates. It is also the case of the processing of the data of persons who have sent us their curricula vitae or who participate in selection processes.

In case of a contractual relationship. This is the cases of relationships with our subscribers, customers and suppliers and of all the actions and the uses which these relationships involve. In the fulfilment of legal obligations. The communications of data to the tax administration are established by rules regulating the commercial relationships. It is possible that data must be disclosed to judicial bodies or to law enforcement authorities also in compliance with legal rules which impose the cooperation with these public services.

On the basis of consent. When we send information of our products or services, we process the contact data of the recipients with their authorisation or explicit consent. The navigation data which we may obtain through cookies are obtained with the consent of the person visiting our web, a consent which may be withdrawn at any moment by removing these cookies.

For legitimate interest. The images obtained with the video surveillance cameras are processed for the legitimate interest of our company in preserving its goods and facilities. Our legitimate interest also justifies the processing of data obtained from the contact form.

To whom is the data disclosed?
As a general rule, we only disclose data to public administrations or authorities for the fulfilment of legal obligations. When issuing invoices to customers the data may be disclosed to bank entities. In justified cases, we shall disclose the data to law enforcement authorities or to the competent judicial bodies. Additionally, in case we have obtained consent, the data can be disclosed to other companies of our group for the previously indicated purposes. No data shall be transferred outside the scope of the European Union (international transfer).

Moreover, for certain tasks, we obtain the services of companies or persons that offer us their experience and expertise. In some occasions these external companies need to access the personal data of which we are the controller. The data is not actually transferred, as those external companies act as data processors. We only contract the services of companies which guarantee compliance with the data protection legislation. When the services are contracted their confidentiality obligations are formalised and their action is monitored. This can be the case of services of data hosting, of services of IT support or of legal or tax consultancy.

For how long do we store the data?
We fulfil the legal obligation of limiting as far as possible the period for the storage of the data. Therefore, the data is stored only for the period which is necessary and justified for the purpose for which it was obtained. In certain cases, such as in the case of the data contained in accounting and invoicing documents, the tax legislation obliges us to store the date until the liabilities on this matter expire. In case the data which processed based on the consent of the interested person, they shall be stored until the person withdraws his/her consent. the images obtained by the video surveillance cameras is stored for a maximum period of one month, however in case of incidents justifying this, it is stored for the period which is necessary to facilitate the action of the law enforcement authorities or the judicial bodies.

What are the rights of the data subjects?
As provided for in the General Data Protection Regulation, the data subjects have the following rights:

To know if the data is processed. Any person has, first of all, the right to know if we process his/her data, irrespective of there having been or not a prior relationship.

To be informed at the time of collection. When the personal data is obtained from the interested person himself/herself, at the time he/she provides it, he/she must be clearly informed of the purposes for which it is collected, of who will be the data controller and of the remaining aspects related with this processing.

To access. A very broad right which includes the right to know exactly which personal data is subject to processing, which is the purpose of the processing, the communications which will be made to other persons (if applicable) or the right to obtain a copy or to know the estimated storage period.

To request rectification. This is the right to have inaccurate data processed by us rectified.

To request deletion. In certain circumstances there is the right to request the data deletion when, among other reasons, it is no longer necessary for the purposes for which it was collected, and which justified the processing.

To request limitation to processing. Also, in certain circumstances the right to request the limitation to the data processing is recognised. In this case the data shall no longer be processed and shall only be stored for purposes of defence against claims, in accordance with the General Data Protection Regulation.

To portability. In the cases provided for in the legislation we recognise the right to obtain the personal data in a machine-readable structured format of common use, and to transmit it to another controller, if it is so decided by the interested person.

To oppose the processing. A person can invoke reasons related with his/her specific situation which lead to his/her data being no longer processed due to the fact that such processing can cause a damage, except for legitimate reasons or for the defence against claims.

Not to receive commercial information. Requests for us not to continue sending commercial information to persons who have previously authorised such sending shall be immediately met.

How can the data subjects exercise or defend their rights?
The above-mentioned rights can be exercised by sending a written request to PUBLICIDAD PERMANYER SL, Calle Mallorca 310, 08037 Barcelona, telephone 93 207 5920, or by sending an email to permanyer@permanyer.com, indicating in all cases «Personal data protection».

If you have not received a satisfactory response in the exercise of your rights, it is possible to submit a complaint to Agencia Española de Protección de Datos (Spanish Data Protection Agency), by using the forms or other channels which are accessible on its webpage www.agpd.es.

In all cases, either to submit complaints, ask for clarifications or make suggestions, you can address the Data Protection Officer by sending an email to dpd@permanyer.com.