DATA PROCESSING POLICY

Starting on May 25, 2018, the General Data Protection Regulation (hereinafter, “GDPR”) takes effect, and at Espiral Microsistemas S.L.U. we value your privacy and the protection of your data, and we take steps to ensure this.

In this Data Processing Policy we explain to you which personal data we compile and how we use it. We have attempted to draw up this policy in a clear and simple form to make it easy for you to understand, so that you can determine on a free and voluntary basis whether you wish to provide your personal data or those of the members of your organization to Espiral Microsistemas S.L.U..

DATA PROCESSOR

  • Identity of data processor: Espiral Microsistemas S.L.U.

  •  Tax ID No./Tax ID Code: B52553419

  •  Address: Espacio Tecnológico de El Molinón – Estadio de El Molinón, 100 - C.P. 33203 Gijón (Asturias) Spain

  •  Telephone: +34 984 107 637

If you would like to consult matters relating to the processing of your personal data, you can write to us at e-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.

DATA THAT WE COLLECT

We compile, store and process the personal data needed to provide our services, and we ensure that they are adequate, relevant and not excessive for the legitimate purpose of processing. In specific, the information that we compile is:

  • Information about our clients needed to provide them with the service that they contract with us, including identification and contact information, business and economic information and bank data. Although the majority of this information is of a business nature, personal data may be included, mainly referring to the contact persons of the companies that are our clients.
  • Information about our suppliers, including identification and contact information, economic information and bank data needed to manage the services that they supply to us. Although the majority of this information is of a business nature, personal data may be included, mainly referring to our suppliers’ contact persons.
  • Information about our partners or external collaborators needed to manage the projects that we carry out together, including identification and contact information, professional and economic information and bank data. Although the majority of this information is of a business nature, personal data may be included, mainly referring to our business partners’ contact persons.
  • At the internal level, Espiral Microsistemas S.L.U. compiles, stores and processes the personal data of our employees, which includes all information needed to manage the employment relationship that brings us together and to comply with legal obligations on the subject. This information includes, but is not limited to, identification and contact data, bank and training data on the workers.

In all cases, the data subjects guarantee and are responsible for the accuracy, exactness, validity and authenticity of the Personal Data provided, and they commit to keep them properly updated.

ACCESS TO PERSONAL DATA

For the adequate provision of the services that we offer, the Espiral Microsistemas S.L.U. staff may have access to information and certain personal data, mainly contract data, included in the files. In these cases, Espiral Microsistemas S.L.U. commits to ensure that both the company and its staff safeguard the confidentiality and security of this data, for which purpose it will comply with the necessary confidentiality agreements and contracts for external processing.

PURPOSE OF PROCESSING

The processing of the personal data that we collect has as its purpose:

  • To manage the provision of the service requested and/or contracted
  • To manage the employment relationship that brings us together
  • To manage the commercial communications, by mail or by electronic media, in those cases where there is the option of de-registration by the user, on new products and/or services offered by Espiral Microsistemas S.L.U.
  • To manage the subscription to the newsletter and subsequent sending of the newsletters
  • Invitations to take part in our events, webinars and presentations
  • To manage requests for contact with our company through the channels available for this purpose on our corporate web page or product page or using our apps.

COMMITMENTS OF ESPIRAL:

  • We only request the personal information that is actually needed to provide you with the services that you require.
  • We never share our users’ personal information with anyone else, except to provide you with the best service, comply with the law or if we have been granted your express authorization.
  • We never use your personal data for a purpose different from the one expressed in this privacy policy.

LEGITIMATE BASIS

The legal basis for processing your personal data is the consent granted at the start of the commercial, employment or professional relationship or the conclusion of the contract that brings us together. The user’s consent for processing and transfer of their data may be revoked at any time. To do so, the data subject must make a request at the address This email address is being protected from spambots. You need JavaScript enabled to view it.

Regarding the purpose of keeping you informed of new developments related with us or our service, the legal basis that enables us to carry out this processing is based on your express consent, which you granted to us when you initiated your relationship with Espiral Microsistemas S.L.U..

WHEN DO YOU PROVIDE US WITH YOUR PERSONAL DATA?

  • When we conclude a contractual relationship.
  • When you use our tool.
  • By taking part in a promotion, event, fair, seminar or congress.
  • By submitting your CV in paper format or by electronic means.
  • By filling out the contact form on our website.
  • By subscribing to our newsletter.
  • Through our Social Networks[1].

RIGHTS

You have a right:

- to access your personal data

- to request rectification of inaccurate data

- to request cancellation when, among other reasons, the data are no longer necessary for the purposes for which they had been collected.

- Under certain circumstances, you may request the limitation of the processing of your data. In this case, we will only store them for the lodging of or defense from complaints.

- Also, and under certain circumstances and for reasons related with your specific situation, data subjects may object to the processing of their data. In this case Espiral Microsistemas S.L.U. will cease to process the data, except for legitimate compelling reasons or for the lodging of or defense from possible complaints.

- As a data subject, you have the right to data portability, and you will have the right to have the personal data transferred directly from one responsible party to another when this is technically possible.

WHICH THIRD PARTIES DO WE SHARE YOUR DATA WITH?

To provide you with the best service, we can only share your data with ESPIRAL MICROSISTEMAS, S.L.U., and only for the purpose of performing the contractual obligations that bring us together in a more efficient and effective manner. The processing that ESPIRAL conducts of the personal data provided is completely confidential, since the same security measures apply that are applied to all companies of the group, and this processing will be conducted in keeping with the purposes indicated above.

We will never sell or transfer your data to third parties unless you expressly authorize us or a law or court authority obligates us to do so.

As we have indicated above, in some situations we work with partners or collaborators who offer part of our services. These suppliers may only use your data to provide the corresponding services. Hence they cannot use this information for their own purposes or transfer it to third parties.

WHERE ARE YOUR DATA STORED?

We make use of different applications to process certain data. In order to guarantee your privacy, these applications are subject to strict rules, and the data are always stored within the European Union.

SECURITY AND CONFIDENTIALITY OF YOUR DATA

At Espiral Microsistemas S.L.U. we make a strict commitment to the security of the information that we handle and to compliance with the legal requirements applicable to us. 

In this respect, in order to ensure confidentiality, accessibility and integrity of both the information that we handle (and especially the personal data), and of the systems, networks, applications and databases used for its processing, at Espiral Microsistemas S.L.U.:

  • We conduct periodic assessments of the risks associated with information security and with personal data protection, thus analyzing our situation with respect to the risk and defining action plans as a result.
  • We hold the ISO 27000 certificate issued by AENOR (the Spanish Association for Standardization and Certification).
  • An Information Security Policy has been defined, and we are equipped with mandatory internal Data Protection procedure that must be complied with by the different parties involved in information processing.
  • Campaigns of raising awareness and training of the organization’s internal staff have been conducted, which are necessary to ensure compliance with these policies and procedures.

In the event that, as a user or a data subject, you detect a security incident or breach, or any vulnerability that could be affected, Espiral Microsistemas S.L.U. makes available to the data subjects the address: This email address is being protected from spambots. You need JavaScript enabled to view it.. You can use this address to communicate anything that you consider adequate or necessary to improve the security of our information and systems.

HOW LONG DO WE STORE YOUR DATA?

The user data will be stored during the period necessary for fulfilling each purpose, for legal provisions that may be applicable, for contractual obligations and the expectations and requirements of our clients or until the user requests de-registration from Espiral Microsistemas S.L.U., objects or revokes their consent.

MODIFICATIONS OF OUR PRIVACY POLICY

If our privacy policy must be modified due to changes in regulations or criteria issued by the Spanish Data Protection Agency, then you will be appropriately notified of any change that it would be necessary to introduce to comply with the law.

 

[1] If you wish to control the information that we obtain automatically from social networks you can do so using your profile options in each of the social networks where you have an account. For this purpose, you must open a session in the social network and manage from your user profile the information that you allow the network to make public and to whom you allow access to this information..

Espiral MS. Equipo I+D+i. · Espacio Tecnológico Molinón · Tel. (+34) 985 099 215