Castellano

Privacy policy

Processing Activities

What processing activities do we carry out with your personal data?
In compliance with Regulation (EU) 2016/679 and the Spanish Organic Law on Personal Data Protection, we inform you that your personal data may be subject to some of the following processing activities:

  • TR04 – Advertising campaigns (Legal basis: Law 34/1988 of November 11, General Advertising Law.)

  • TR08 – Collecting data subjects’ feedback/opinions (Legal basis: Regulation (EU) 2016/679 on data protection and the Spanish Data Protection Law.)

  • TR03 – Internal recruitment and staff selection (Legal basis: Royal Legislative Decree 3/2015 of October 23, approving the consolidated text of the Employment Act.)

  • TG01 – Accounting and bookkeeping management, as data controller (Legal basis: Royal Decree 1514/2007 of November 16, approving the General Accounting Plan.)

  • TG25 – Collection of data for internal tax management (Legal basis: Law 58/2003 of December 17, General Tax Law.)

  • TG12 – Internal payroll and labour management: data collection (Legal basis: Royal Legislative Decree 1/1994 of June 20, approving the consolidated text of the General Social Security Law.)

  • TR09 – Security regarding technical and organizational measures in the software used (Legal basis: Regulation (EU) 2016/679 and the Spanish Data Protection Law.)

  • TE08 – Personal Data Protection (Legal basis: Regulation (EU) 2016/679 and Organic Law 3/2018.)

  • TE02 – Occupational risk prevention (Legal basis: Law 31/1995 of November 8, on Occupational Risk Prevention.)

  • TE07 – Document destruction (Legal basis: Regulation (EU) 2016/679.)

  • TV01 – Sales / Provision of services (Legal basis: Commercial and tax legislation.)

  • TE03 – Transport services and/or parcel shipments (Legal basis: Royal Decree of August 22, 1885, publishing the Spanish Commercial Code.)

  • TR05 – Emails (Legal basis: Commercial Code and other applicable legislation.)

  • TR01 – Information requests received (Legal basis: Commercial Code and other commercial provisions.)

  • TR07 – Management of incidents and/or security breaches (Legal basis: Regulation (EU) 2016/679 and the Spanish Data Protection Law.)

  • TE04 – Management of internal legal matters (Legal basis: Applicable commercial and labour legislation.)

  • TE01 – Maintenance of IT systems (Legal basis: Commercial Code.)

 

Data Controller

Who are we?
We are the controller responsible for processing your data. Therefore, we expressly, precisely, and unequivocally inform both data subjects and the competent authorities of the following details regarding the data controller:

ARTSANA FINE ART, S.L.

B05476403

RIU MONTNEGRE, 49 VIVIENDA 1

CASTALLA

03420

ALICANTE

info@artsanafineart.com

 

Purposes

What do we use your personal data for?

Within this organization, we may process your personal data exclusively for the following purposes:

  • Verifying that all necessary technical measures are being carried out for proper management of personal data using the applied software.

  • Sending commercial and/or advertising information by email.

  • Managing information requests received from the data subject regarding our products or services.

  • Exclusive management of internal incidents detected in compliance with GDPR requirements.

  • Carrying out advertising campaigns to promote our services and/or products.

  • Collecting data subjects’ feedback/opinions.

  • Recruiting staff to fill necessary job vacancies.

  • Complying with all requirements established in the Occupational Risk Prevention Law.

  • Sending parcels and correspondence.

  • Managing any legal issues affecting the company.

  • Managing, maintaining, and repairing data storage/IT systems.

  • Actions to carry out internal labour management.

  • Actions to carry out internal tax and accounting management.

  • Complying with the principle of storage limitation of personal data.

  • Compliance with the requirements set forth in Regulation (EU) 2016/679 and Organic Law 3/2018.

  • Administrative management of individual customers.

  • Carrying out the sale or provision of the contracted service.

A commercial or user profile may be created based on the information provided or obtained. It is expressly stated that, under no circumstances, will profiles be created using a minor’s data.
The personal data you provide will be stored for as long as the contractual relationship lasts or, where applicable, until you exercise your right to object or withdraw the consent granted. To do so, you may refer to the relevant section on our website or send an email to the address indicated in the section relating to the data controller.

 

Lawful Basis (Legitimacy)

Why do we use your data? We are entitled to process your personal data for the following reasons:

Your unambiguous, informed, and explicit consent, in those cases where it is legally required. In no case shall withdrawal of such consent condition the performance of other processing activities based on a different lawful basis, nor shall such withdrawal affect the lawfulness of processing carried out prior to withdrawal.

A legal obligation applicable to the data controller.

The performance of a service agreement and/or the purchase contract for the corresponding products entered into by you.

The legal basis for processing your data is the data controller’s legitimate interest. Such interest is supported by a prior proportionality/balancing test between the controller’s legitimate interest and the interests, rights, and freedoms of the data subjects. This balancing test involved assessing the interest, evaluating the impact of processing on data subjects, weighing both concepts, and implementing additional safeguards. Since the final balancing outcome is favourable to the controller, processing may be carried out in accordance with applicable personal data protection regulations.

If you have any questions or need clarification, you may contact us via the email address provided in the section corresponding to the data controller.

 

Recipients

Who can we share your personal data with?

Your personal data may be disclosed to the following entities and bodies:

  • Tax Agency

  • State Public Employment Service

  • General Treasury of the Social Security

  • National Data Protection Agency

  • Banks and savings banks

Your personal data will not be transferred to any third country or international organization.

 

Sources (Data Origin)

What data do we process and how have we obtained it?

Your personal data will be included in the following files/records owned by the organization:

  • FG01 – Internal accounting management

  • FG02 – Internal labour management

  • FG15 – Internal tax management (data collection)

  • FE01 – IT maintenance

  • FE02 – Occupational risk prevention

  • FE03 – Transport and shipping

  • FE04 – Internal legal matters

  • FR01 – Information requests received

  • FR03 – Internal recruitment

  • FR04 – Advertising campaigns

  • FR05 – Emails

  • FR07 – Management of incidents and/or security breaches

  • FR08 – Collecting data subjects’ feedback/opinions

  • FR09 – Software and hardware security measures

  • FE07 – Document destruction

  • FE08 – Personal Data Protection

  • FP01 – Customers

The personal data we process in our organization comes from the following sources:

  • The data subject themselves

 

Rights

What rights can you exercise?

We guarantee the exercise of your rights regarding the processing of your personal data.

In particular, we inform you that you have the right to:

  • Obtain confirmation as to whether or not your data is being processed.
  • Exercise the right of access to your personal data held by us, obtaining information about the purposes of processing, the categories of data processed, potential recipients, retention period, origin of the data and, where applicable, profiling or automated decision-making.
  • Exercise the right to rectification. In this regard, we remind you that the personal data we hold must always accurately reflect reality, so do not hesitate to exercise this right if any data is modified, changed, or cancelled. You guarantee that any personal data you have provided to us by any means is true and accurate, and you undertake to notify us of any change or modification. You shall be solely responsible for any loss or damage caused to the controller or any third party due to communication of erroneous, inaccurate, or incomplete information.
  • For reasons related to your particular situation, object to the processing of your data, in which case our organization will stop processing the data unless there are legitimate grounds preventing this.
  • Request the erasure of your personal data when, among other reasons, it is no longer necessary for the purposes described above or we no longer have a lawful basis to process it.
  • Request portability of your data when processing is carried out by automated means and you are linked to our entity by a contract, or you have granted consent for such processing. In such cases, you have the right to receive your personal data in a structured, commonly used, machine-readable format, or to have it transmitted directly to another controller where technically feasible.
  • In certain circumstances, request restriction of processing, in which case we will only keep the data for the exercise or defence of legal claims.
  • Object to automated decision-making, including profiling.

These rights may be exercised free of charge, except in cases legally provided for, by means of a written and signed request from you or, where applicable, your representative, addressed to the data controller at the addresses provided in the first section, or in person at any of our establishments.

You also have the right to lodge complaints either with the Spanish Data Protection Agency (AEPD) (at https://www.agpd.es/) or with the relevant supervisory authority.

Likewise, you may apply to the Courts of Justice to claim compensation.

Finally, you have the right to withdraw your consent as easily as you granted it. To do so, you may refer to our website, where you will find the necessary information to quickly and easily revoke the authorization granted for these communications. You may also send an email to the address indicated in the section relating to the data controller.

We also inform you that for each processing activity we determine possible threats and impacts that may occur as a consequence, mitigating or eliminating potential harm where possible by applying the corresponding security measures, which are periodically reviewed to determine their effectiveness.

Our control system also enables compliance with the principles of data processing and allows us to demonstrate to the data subject the purpose limitation principle, the storage limitation principle, the data minimization principle, as well as the integrity and confidentiality principle.