Privacy Policy.

The Data Controller in accordance with LO 3/2018 and RGPDUE 2016/679 informs you that: Through this website, personal data is not collected from users without their knowledge, nor is it transferred to third parties.

All communication with EDUARDO CAPA SA by any means or through your email address, or the forms present on this ‘web site’ or your ‘e-mail’, implies express consent for your personal data as Client /Supplier/Contact, are incorporated into our Activity Registry and into files or databases owned by EDUARDO CAPA SA, which you can consult and will be kept as long as the relationship is maintained or for the years necessary to comply with legal obligations.

The personal data that may be collected directly from the interested party will be treated confidentially and will be incorporated into the corresponding processing activity. The purpose of the data processing corresponds to each of the processing activities carried out by EDUARDO CAPA SA and that you You have the right to obtain confirmation as to whether we are processing your personal data, therefore you have the right to access your personal data, rectify inaccurate data or request its deletion when the data is no longer necessary, by written communication to:

CARRETERA DE CAMPO REAL, 44 A 28500 – (ARGANDA DEL REY) – MADRID or email: fundicion@capaesculturas.com

The user accepts the use of “permanent cookies” on this website.

EXPANSION OF THE PRIVACY POLICY

In application of the new regulations in force regarding the protection of personal data, we inform that the personal data that we collect from clients, users, suppliers and contacts, we do so through our commercial relationship that unites us and also from our website. These data are included in databases or automated files specific to each case and are recorded in our Activity Registry according to the type of users and the services that we provide or provide to us.

For what purpose do we collect your personal data?

The purpose of the automated or manual collection and processing of personal data is to maintain the commercial relationship and the performance of information tasks, and other activities typical of the commercial relationship that unites us.

For what purpose do we process your personal data?

The personal data that are part of our database are processed in order to manage the information provided to us by interested parties in order to provide the service for which they hire us or we contracted and manage the requests sent through any means, including commercial, promotional, or advertising electronic communications. We adopt the necessary measures to guarantee the security, integrity and confidentiality of the data in accordance with the provisions of Organic Law 3/2018, of December 5, on Data Protection and Guarantee of Digital Rights and in Regulation (EU) 2016/ 679 of the European Parliament and of the Council, of April 27, 2016, regarding the protection of natural persons with regard to the processing of personal data and the free circulation of such data.

To which recipients will your data be communicated?

Your personal data will not be transferred to third parties, unless legally required. As data processors, we have contracted different service providers, having committed to comply with the regulatory provisions applicable to data protection at the time of contracting.

How long will we keep your data?

The personal data provided will be kept as long as the commercial relationship is maintained or its deletion is not requested or the consent is not revoked and for the period for which legal responsibilities may arise for the services provided. Personal data that is part of our database and has a contractual relationship will be kept for a maximum of five (5) years from the last invoice issued. In some cases they can revoke consent at any time.

What is the legitimacy for the processing of your data?

In the current contractual relationship or that unites us, the legal basis for the processing of your data is that established and required by Organic Law 3/2018, of December 5, on Data Protection and Guarantee of Digital Rights and in the Regulation (EU) 2016/679 of the European Parliament and of the Council, of April 27, 2016, regarding the protection of natural persons with regard to the processing of personal data and the free circulation of such data. With respect to free, specific, informed and unequivocal consent, we inform you by making this privacy policy available to you, that after reading it, if you do not agree, you can request access to your data in accordance with to our Activity Log.

What are your rights when you provide us with your data?

Anyone has the right to obtain confirmation as to whether and how their personal data is processed. Interested persons have the right to access their personal data, as well as to request the rectification of inaccurate data or, where appropriate, request its deletion when, among other reasons, the data is no longer necessary for the purposes for which it was collected. In certain circumstances, interested parties may request the limitation of the processing of their data, in which case we will only keep them for the exercise or defense of claims. Likewise, in certain circumstances and for reasons related to their particular situation, interested parties may object to the processing of their data.

We also inform you that we can stop processing the data, except for compelling legitimate reasons, or the exercise or defense of possible claims.

And we inform you that you may exercise your rights of access, rectification, deletion, opposition and limitation of processing according to the conditions and limits provided for in current legislation, by contacting us in writing or by email.

In any case, you must provide a copy of your ID, passport or equivalent document. If you consider it appropriate, you can file a claim with the Spanish Data Protection Agency (agpd.es).

How have we obtained your data?

The personal data we process comes from the interested parties’ own requests. The categories of data that are processed, depending on the category of users and contacts, in general and not in particular, may be:

▪ Typed Data: Personal characteristics, employment details, or commercial/economic/financial information

▪ Identification data: Name and surname, address, NIF / DNI, telephone/email, bank account, and image. No specially protected data is processed.

Rights of interested parties

1. Right of access: 

Right to obtain from the controller confirmation as to whether or not personal data concerning you are being processed and, if so, the right to access your personal data. As well as. The purposes of the treatment;

b. The categories of personal data in question;

c. The recipients or categories of recipients to whom the personal data were or will be communicated, in particular recipients in third parties or international organizations;

d. If possible, the envisaged period for which the personal data will be stored or, if not possible, the criteria used to determine this period;

e. The existence of the right to request from the controller the rectification or deletion of personal data or the limitation of the processing of personal data relating to the interested party, or to oppose such processing;

F. The right to file a complaint with a supervisory authority; g. When the personal data has not been obtained from the interested party, any available information about its origin;

h. The existence of automated decisions, including profiling, the logic applied, as well as the significance and intended consequences of such processing.

2. Right to rectification:

Right to obtain from the controller the rectification of inaccurate personal data that concerns you. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of an additional declaration.

3. Right of deletion:

Right to obtain from the controller the deletion of personal data that concerns him/her, who will be obliged to delete personal data without undue delay when any of the following circumstances occur:

a. The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

b. The interested party withdraws the consent on which the treatment is based;

c. The interested party opposes the treatment;

d. The personal data have been processed unlawfully;

e. The personal data must be erased for compliance with a legal obligation laid down in Union or Member State law applicable to the controller;

f. The personal data have been obtained in relation to the offer of information society services aimed at minors. However, a series of exceptions are regulated in which this right will not apply. For example, when the right to freedom of expression and information must prevail.

4. Right to object:

Right to object at any time to personal data that concerns you being processed. The controller will stop processing the personal data, unless it proves compelling legitimate reasons for the processing that prevail over the interests, rights and freedoms of the interested party, or for the formulation, exercise or defense of claims.

5. Right to limitation of treatment:

Right to obtain from the data controller the limitation of data processing when any of the following conditions are met:

a. The interested party challenges the accuracy of the personal data, during a period that allows the person responsible to verify its accuracy;

b. The processing is unlawful and the interested party opposes the deletion of the personal data and requests instead the limitation of its use;

c. The controller no longer needs the personal data for the purposes of the processing, but the interested party needs it for the formulation, exercise or defense of claims;

and d. The interested party has opposed the processing while it is verified whether the legitimate reasons of the person responsible prevail over those of the interested party.

Commercial communications

In application of the LSSI-CE, no advertising or promotional communications will be sent by email or other equivalent means of electronic communication that have not been previously requested or expressly authorized by their recipients. In the case of users with whom there is a prior contractual relationship, if this contract, authorizes the sending of commercial communications referring to products or services that are the same or similar to those that were initially the subject of contract or of professional or commercial interest with the user, contact, client or supplier.

In any case, the user, after proving his or her identity, may request that no more information be sent to him or her through the channels corresponding to this purpose.