This Privacy Policy applies to the processing of personal data by TOSSADIVERS SL (hereinafter the "Company") within its websites, apps and any other electronic means or digital platform in which the company processes personal data.
Data controller
TOSSADIVERS SL with NIF B04953709, registered at Avda. Mar Menuda 4, 17320 Tossa de Mar (Girona) and email info@tossadivers.com is the controller of the data provided. We inform you that this data will be processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
Legitimacy of data processing
The legitimacy for the processing of your data is the consent obtained from the user. Users, by ticking the corresponding box, expressly and freely and unambiguously accept that their data is necessary to attend to their request by the provider. The user guarantees that the personal data provided is truthful and is responsible for communicating any modification thereof.
All data requested through the web service are mandatory, as they are necessary for the provision of the service. If all data is not provided, it is not guaranteed that the information and service provided will be fully adjusted to your needs.
The legal basis for data processing is the European Regulation 2016/679 of the European Parliament and of the Council:
- Art 6.1 a) the data subject has given consent to the processing of their personal data for one or more specific purposes;
- Art 6.1 b) processing is necessary for the performance of a contract to which the data subject is party or for the application at their request of pre-contractual measures;
- Art 6.1 c) processing is necessary for compliance with a legal obligation applicable to the controller.
Purpose of processing
The purpose is to maintain a commercial relationship with the user of the company's websites, apps and any other electronic means or digital platforms. To carry out the processing, the planned operations are:
- Processing orders, requests or any type of petition made by the user through any of the contact forms made available.
- Sending commercial advertising communications related to our products and services by any electronic or physical means, present or future, when the user has given their consent.
- If you provide us with your CV data or send us your CV, we will use your data for contact management and selection processes we carry out.
Data retention
Data will be retained as long as there is a mutual interest in maintaining the purpose of the processing. When no longer necessary for that purpose, they will be deleted with appropriate security measures to guarantee their complete destruction. Personal data provided by the data subject will be maintained even if deletion is requested, limiting its processing solely for compliance with legal obligations and/or the exercise or defence of claims.
Your rights when you provide us with your data
The user has the rights of access, rectification, deletion, opposition and portability of their data. As well as the right to lodge a complaint with the supervisory authority, www.aepd.es, if they consider that the processing does not comply with current regulations.
Your rights are:
- To know whether we process your data or not.
- To access your personal data we hold.
- To rectify data that is incorrect.
- To request deletion of your data or withdraw consent given.
- To request limitation of the processing of your data, in which case it will only be retained in accordance with current regulations.
- Data portability: your data will be provided in a structured, commonly used format. We can also send it to the new controller you indicate. Only valid in certain cases.
To exercise your rights, the user must send a copy of their ID or passport to: TOSSADIVERS SL with NIF B04953709, registered at Avda. Mar Menuda 4, 17320 Tossa de Mar (Girona) and email info@tossadivers.com
To whom will your data be communicated
The Company expressly informs and guarantees users that their personal data will not be transferred to third parties under any circumstances except where there is a legal obligation. If any transfer of personal data is made, the express, informed and unambiguous consent of the users will be previously requested.
Minors
If you are a minor user, you must have the prior consent of your parents or guardians before including your personal data on our website. The "Company" is exempt from any responsibility for non-compliance with this requirement.
Security measures
In accordance with current data protection regulations, the provider complies with all regulatory provisions for the processing of personal data and the principles described in Article 5 of the GDPR.
We guarantee that appropriate technical and organisational policies have been implemented to apply the security measures established by the GDPR in order to protect the rights and freedoms of users and have communicated the appropriate information so that they can exercise them.
International data transfers
The data we collect is stored within the European Economic Area. In the event that data may be transferred and processed in a country outside the European Economic Area, such as for "cloud storage", we inform you that any transfer outside the European Economic Area is made to companies that are part of the EU-US Privacy Shield and that guarantee an adequate level of protection of personal data.
Users may also communicate with the "Company" through its social media profiles. These profiles may be located in the United States; data transfers will be covered by the agreement between the US and the European Union (Privacy Shield), or the explicit consent of the data subject, as applicable. The aforementioned Privacy Shield agreement is a legally binding and enforceable instrument between the EU and the US, which is considered by the European Commission to provide adequate guarantees for the protection of personal data.