This Privacy Policy has been developed in accordance with the provisions of the Organic Law on the Protection of Personal Data in force, as well as Regulation 2016/679 of the European Parliament and Council of April 27, 2016, regarding the protection of natural persons with regard to the processing of personal data and the free movement of such data, hereinafter referred to as the GDPR.
The purpose of this Privacy Policy is to inform the data subjects, whose personal data is being collected, about the specific aspects related to the processing of their data. This includes, among other things, the purposes of the processing, the contact details to exercise the rights that apply to them, the retention periods of the information, the security measures, and other relevant details.
In terms of data protection, KERAFRIT S.A. should be considered the Data Controller in relation to the files/processing identified in this policy, specifically in the section "Data Processing."
The following are the identifying details of the owner of this website:
Data Controller: KERAFRIT S.A.
Postal Address: Ctra. Valencia-Barcelona, Km 44,1. Apdo Correos 113, 12520 Nules (Castellón) Spain
Email Address: info@kerafrit.com
The personal data requested, where applicable, will only consist of what is strictly necessary to identify and address the request made by the data subject, hereinafter the interested party. This information will be processed in a lawful, fair, and transparent manner in relation to the interested party. Furthermore, the personal data will be collected for specific, legitimate purposes and will not be processed in a way that is incompatible with those purposes.
The data collected from each interested party will be adequate, relevant, and not excessive in relation to the specific purposes of each case and will be updated when necessary.
The data subject will be informed, prior to the collection of their data, of the general points regulated in this policy, so that they can provide explicit, precise, and unequivocal consent for the processing of their data, in accordance with the following aspects.
Purposes of the processing.
The explicit purposes for which each of the processing activities is carried out are outlined in the information clauses included in each data collection method (web forms, paper forms, voice recordings, signs, and informative notes).
However, the personal data of the interested party will be processed solely to provide an effective response and address the requests made by the user, as specified alongside the option, service, form, or data collection system used by the data subject.
Legitimacy
As a general rule, prior to processing personal data, KERAFRIT S.A. obtains the explicit and unequivocal consent of the data subject by including informed consent clauses in the various data collection systems.
However, when consent is not required from the interested party, the legal basis for the processing carried out by KERAFRIT S.A. is the existence of a specific law or regulation that authorizes or requires the processing of the data of the interested party.
Recipients
As a general rule, KERAFRIT S.A. does not transfer or disclose data to third parties, except when legally required. However, if necessary, such transfers or communications of data will be informed to the interested party through the informed consent clauses in the different data collection methods.
Origin
As a general rule, personal data is collected directly from the interested party. However, in certain exceptions, data may be collected through third parties, entities, or services other than the interested party. In this case, this will be communicated to the interested party through the informed consent clauses in the various data collection methods and within a reasonable period of time, once the data has been obtained, and no later than one month.
Retention periods
The information collected from the interested party will be retained as long as necessary to fulfill the purpose for which the personal data was collected, so that once the purpose is fulfilled, the data will be canceled. This cancellation will result in the blocking of the data, which will be retained only for the purposes of public authorities, judges, and courts, to address any potential liabilities arising from the processing, for the statute of limitations period. Once this period has passed, the information will be destroyed.
For informational purposes, the following are the legal retention periods for information concerning different matters:
DOCUMENT | DEADLINE | LEGAL REF. |
Employment or social security-related documentation | 4 years | Article 21 of Royal Legislative Decree 5/2000, of 4 August, approving the revised text of the Law on Offences and Penalties in the Social Order. |
Accounting and tax documentation for commercial purposes | 6 years | Section 30 of the Commercial Code |
Accounting and tax documentation for tax purposes | 4 years | Articles 66 to 70 General Tax Law |
Building access control | 1 month | Instruction 1/1996 of the AEPD |
Video surveillance | 1 month | Instruction 1/2006 of the AEPD Organic Law 4/1997 |
In relation to the browsing data that may be processed through the website, in the event that data subject to regulations is collected, it is recommended to consult the Cookie Policy published on our website.
Data protection regulations grant a series of rights to the data subjects or data owners, website users, or users of KERAFRIT S.A.'s social media profiles.
The rights granted to the interested parties are as follows:
Right of access: The right to obtain information about whether their personal data is being processed, the purpose of the processing, the categories of data being processed, the recipients or categories of recipients, the retention period, and the origin of the data.
Right of rectification: The right to obtain the rectification of inaccurate or incomplete personal data.
Right of erasure: The right to obtain the erasure of data in the following cases:
When the data is no longer necessary for the purposes for which it was collected.
When the data subject withdraws consent.
When the data subject objects to the processing.
When the data must be erased to comply with a legal obligation.
When the data was obtained through an information society service based on the provisions of Article 8(1) of the General Data Protection Regulation (GDPR).
Right of objection: The right to object to a specific processing activity based on the data subject's consent.
Right to restriction of processing: The right to obtain the restriction of data processing when any of the following situations apply:
When the data subject disputes the accuracy of the personal data, for a period that allows the company to verify its accuracy.
When the processing is unlawful and the data subject objects to the erasure of the data.
When the company no longer needs the data for the purposes for which it was collected, but the data subject needs it for the formulation, exercise, or defense of legal claims.
When the data subject has objected to the processing while verifying whether the legitimate grounds of the company prevail over those of the data subject.
Right to data portability: The right to obtain the data in a structured, commonly used, and machine-readable format, and to transfer it to another data controller when:
The processing is based on consent.
The processing is carried out by automated means.
Right to file a complaint with the competent supervisory authority.
Data subjects may exercise the above rights by contacting KERAFRIT S.A. in writing, sent to the following address: Ctra. Valencia-Barcelona, Km 44,1. Apdo Correos 113, 12520 Nules (Castellón) Spain, indicating the right they wish to exercise in the subject line.
In this regard, KERAFRIT S.A. will address the request as soon as possible, in accordance with the deadlines set out in data protection regulations.
