1. USER INFORMATION
In accordance with the provisions of Regulation (EU) 2016/679 of 27 April 2016 (GDPR) and Act 3/2018 of 5 December on the Protection of Personal Data and guarantee of digital rights, you are hereby informed of the identity of the Data Controller, the purpose of the processing, the legitimacy for the processing of your data, the categories of recipients of transfers of your data (if any), the origin of your data processed if this is different from your voluntary submission and the rights that you have as a data subject.
2. INFORMATION REGARDING THE DATA CONTROLLER
Name of Data Controller: Grupo Nassau Beach Investment, S.L. Tax ID Code (CIF): B57451007
Full address: C/ Migjorn Gran 13. 07818 Ses Salines – Sant Josep, Ibiza (Balearic Islands, Spain).
3. INFORMATION REGARDING THE PURPOSE AND LEGITIMACY OF THE PROCESSING OF DATA
The operations envisaged to carry out the processing are:
For the legitimate interest of the Controller:
Economic and accounting management, tax management, administrative management, invoicing management, customer and supplier management, management of collections, payments and related services, history of business relations.
By express, unequivocal and informed consent of the data subject:
Selection of candidates for employees and collaborators.
Sending of commercial advertising communications by email, fax, SMS, MMS, social networks or any other electronic or physical means, present or future, that enable commercial communications. These communications will be carried out by the CONTROLLER and will be related to its products and services, or those of its collaborators or suppliers with whom it has reached a promotional agreement. In this case, third parties will never have access to personal data.
Receipt via the website and subsequent processing of CVs of those interested in forming part of the workforce of the Data Controller.
Conducting statistical studies.
Processing orders, applications or any type of request made by the user through any of the forms of contact made available to them.
Sending the website’s newsletter.
Data retention criteria: The data will be kept for the duration of the commercial relationship between the parties. Once this commercial relationship has ended, the data will be blocked in order to prevent the possibility of access, being unblocked only in the event that such data are required from the Data Controller by any legal authority (tax, commercial, labour or judicial) and only until the expiry date or legal statute of limitations. The data will subsequently be duly destroyed and with the appropriate guarantees to make it impossible to retrieve them.
4. INFORMATION REGARDING THE TRANSFER OR COMMUNICATION OF DATA
The personal data may be transferred for the maintenance of the commercial relationship and/or for the execution of operations, to Tax, Accounting and Commercial Consultants, Banks, Savings Banks and Financial Institutions, Tax Agencies and other competent Public Authorities. The data will not be communicated to other third parties, unless the Controller is legally obliged to do so.
No data will be transferred to third countries outside the European Economic Area or to International Organisations.
5. INFORMATION REGARDING THE RIGHTS OF THE DATA SUBJECT AND HOW TO EXERCISE THEM
Rights of the User and how to exercise them:
The data subject has the right to: access their data, have their data rectified, have their data deleted, data portability, limit the processing of their data, oppose the processing of their data, withdraw the consent given, lodge a complaint with the Supervisory Authority, lodge a judicial appeal.
You may exercise these rights by sending a duly substantiated letter to the Data Controller or its representative, specifying the right you wish to exercise, accompanied by a photocopy of your identification document. You may also request in advance that the Data Controller provide you with a standard form for the right you wish to exercise.
Exercising your rights will not entail any processing costs for the data subject, except for postage costs if you choose to send the request by post.
You may exercise your rights:
In person at the premises of the Data Controller, identifying yourself with your ID card or equivalent document.
By email to the address given in the section on the identification of the Data Controller and accompanied by a photocopy of your ID card or equivalent document.
By post (preferably registered) to the address given in the section on the identification of the Data Controller and accompanied by a photocopy of your ID card or equivalent document.
Contact details for exercising your rights:
C/ Migjorn Gran 13. 07818 Ses Salines – Sant Josep, Ibiza (Balearic Islands, Spain).
6. OBLIGATORY OR OPTIONAL NATURE OF THE INFORMATION PROVIDED BY THE USER
By checking the respective boxes and entering data in the fields marked with an asterisk (*) in the contact form or presented in download forms, Users expressly, freely and unequivocally accept that their data are necessary for the provider to deal with their request, the inclusion of data in the remaining fields being voluntary. The User guarantees that the personal data provided to the CONTROLLER is truthful and is responsible for communicating any changes to them.
The CONTROLLER expressly informs and guarantees users that their personal data will not be transferred under any circumstances to third parties, and that whenever any type of transfer of personal data is carried out, the express, informed and unequivocal consent of Users will be requested beforehand. All the data requested through the website are obligatory, as they are necessary for the provision of an optimum service to the User. In the event that all the data is not provided, there is no guarantee that the information and services provided will be completely tailored to your needs.
7. SECURITY MEASURES
In accordance with the provisions of the current regulations on personal data protection, the CONTROLLER complies with all the provisions of the GDPR regulations for the processing of personal data under its responsibility, and expressly with the principles described in Section 5 of the GDPR, by which they are processed in a lawful, fair and transparent manner in relation to the data subject and are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
The CONTROLLER guarantees that it has implemented appropriate technical and organisational policies to apply the security measures established by the GDPR in order to protect the rights and freedoms of Users and has communicated the necessary information to them in order for them to be able to exercise such rights and freedoms.