PRIVACY POLICY
1.What personal data do we process?
We collect and process your personal data within the scope of our activities with the aim of achieving a high level of personalisation with regard to the service we provide you with.
We may collect your character data, including but not limited to:
If you are our CONSUMER:
- identifying data (for example, name, identity card number and passport number, nationality, place and date of birth, gender, photograph, IP address);
- contact information (for example, postal address and e-mail address, telephone number);
- banking, financial and transaction data (details of cash transfers, for example);
- data you provide us with to enable us to manage the Customer Service.
If you are our CLIENT:
- identifying data (for example, name, identity card number and passport number, nationality, place and date of birth, gender, photograph, IP address);
- contact information (for example, postal address and e-mail address, telephone number);
- banking, financial and transaction data (for example, details on bank accounts, cash transfers, assets, investor profiles, credit history, debts and expenses);
If you are our PROVIDER:
- identifying data (for example, name, identity card number and passport number, nationality, place and date of birth, gender, photograph, IP address);
- contact information (for example, postal address and e-mail address, telephone number);
- banking, financial and transaction data (for example, details on bank accounts, cash transfers, assets, investor profiles, credit history, debts and expenses);
If you are our DISTRIBUTOR:
- identifying data (for example, name, identity card number and passport number, nationality, place and date of birth, gender, photograph, IP address);
- contact information (for example, postal address and e-mail address, telephone number);
- banking, financial and transaction data (for example, details on bank accounts, cash transfers, assets, investor profiles, credit history, debts and expenses);
If you are our RETAILER:
- identifying data (for example, name, identity card number and passport number, nationality, place and date of birth, gender, photograph, IP address);
- contact information (for example, postal address and e-mail address, telephone number);
- banking, financial and transaction data (for example, details on bank accounts, cash transfers, assets, investor profiles, credit history, debts and expenses);
We never ask for personal data related to your health, your racial or ethnic origins, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data in relation to your sexual preferences or data related to convictions and criminal offences (data from criminal records) unless this is necessary to meet a legal obligation, or to satisfy specific consumer needs, for example.
2.Why do we use your personal data and what legal grounds do we have to do so?
Compliance with legal and regulatory obligations
We may process your personal information to comply with various legal and regulatory obligations. These include, but are not limited to: the General Law on the Defence of Consumers and Users, the General Tax Law, the Corporate Tax Law, the Account Auditing Law, the Value Added Tax Law, the Civil Code and the Code of Commerce.
The execution of an agreement (provision of services, business, online, etc.)
Moreover, we process your personal information to enter into and execute our agreements, including, among others, the following purposes:
- information on our products and services;
- to help you and to respond to your requests;
- to evaluate your request for the provision of services;
- to execute any type of activity you request;
- to execute agreed upon services;
- to comply with both supply and demand obligations;
Legitimate interest
We process your personal data in order to market our products and services, to improve our internal risk management and to defend our legal rights, including:
- to personalise our range of products and services supplied to you or the entity you represent by:
- improving the quality of our products and services
- advertising products or services that meet your circumstances and profile.
3.Who do we share your personal data with?
In order to achieve the aforementioned purposes, we only share your personal data with the following third parties, by way of illustration but not limitation:
- Data may be disclosed to the following entities to meet legal requirements:
- The State Tax Administration Agency;
- Banking and financial entities;
- Entities dedicated to compliance and non-compliance with monetary obligations;
- Other Public Authorities with competence in the matter
- The processors of the data are providers that process personal data on behalf of GREFUSA, in the exercise of the provision of a service, and are listed below:
- Providers of management services, such as advisers, managers and consultants;
- Providers of compliance services, such as auditors and certifiers;
- Providers of a computer services, such as infrastructure, telecommunications, software, hardware, consultants, equipment and digital communication services
- Providers of general services, such as maintenance, security, cleaning and auxiliary services
4.International transfers of data
In the case of international transfers outside the European Economic Area (EEA), the European Commission has acknowledged that certain non-EEA countries provide an adequate level of data protection, and as such your data will be transferred with the appropriate guarantees provided in accordance with this legitimation basis for the processing of your information.
In the case of transfers to non-EEA countries, whose level of protection has not been acknowledged by the European Commission, we will use other legitimation bases established under the General Data Protection Regulation.
In order to obtain a copy of these safeguards or details of where they are available, please send a written request to the address provided in section 8.
5.How long do we keep your personal data for?
We will keep your personal data on file for: (i) the period of time established by the applicable legislation in each area; or (ii) the period of time we need to meet our obligations. Most of the personal data collected in relation to a specific client is kept for the duration of the contractual relationship with that client, and the data in all the records required pursuant to item V and VII, chapter I of Law 24/1988 of 28 July is kept for five years. Furthermore, data subject to the requirements of the law on the prevention of money laundering and the financing of terrorism must be kept for a period of ten years after the end of the business relationship in question.
As a general rule, data will be kept for the time required to fulfill the purpose for which it has been collected and to determine any liabilities that may arise from the purpose and the processing of the data, in accordance with the regulations set forth in this Privacy Policy, in addition to the periods of time established in the applicable filed and documented regulations.
If you would like more information on the period of time for which your personal data is stored or the criteria used to determine this period of time, please contact us at the address provided in section 8.
6.What are your rights and how can you exercise them?
Pursuant to the applicable data protection laws, you have certain rights with respect to your personal data. In accordance with the General Data Protection Regulation, you can exercise the following rights:
- Access: you can obtain information related to the processing of your personal data and a copy of that personal data.
- Amendment: if you believe your personal data is inaccurate or incomplete, you can ask to change that personal data.
- Cancellation: you may ask for your personal data to be deleted, to the extent permitted by law.
- Limitation: you may ask for the processing of your personal data to be limited.
- Opposition: you can oppose the processing of your personal data due to reasons related to your particular situation. You have the right to object to the processing of your personal data for direct marketing purposes, including the creation of profiles related to such activity.
- Withdrawal of consent: when you have given your consent for the processing of your personal data, you have the right to withdraw it at any time.
- Portability: when legally and technically possible, you have the right to ask us to return the personal data you have submitted to us or, when technically possible, to a third party.
If you need more information, or if you wish to exercise any of the aforementioned rights, please send a letter or an e-mail to the address provided in section 8. Please include a copy of your National Identity Document to enable us to verify your identity.
In accordance with the applicable regulations, in addition to the aforementioned rights, you also have the right to file a complaint with the data protection control authority in your country.
7.How can you monitor any changes to this data protection notification?
In a world of constant technological change, we may have to periodically update this Data Protection Notification. We suggest you check the most recent version of this notification on a regular basis.
Moreover, we will inform you of any significant changes through our website or through our usual communication channels.
8.How can you contact us?
If you have any questions with regard to the processing of your personal data, this Data Protection Policy, or if you would like a copy of it in your own language, please contact us.
If you wish to clarify any doubts or exercise your rights, please send a request to:
- GREFUSA S L
- Taxpayer (CIF) N°: B46140885
- In relation to data protection, by e-mail to: rgpd@grefusa.com
- To the following address, by post: Av. De La Llibertad D’Ensenyança, 20 46600-Alzira (Valencia)
You can also contact the Spanish Data Protection Agency on their website: https://sedeagpd.gob.es/ or by letter to the following address: Agencia Española de Protección de Datos, Calle Jorge Juan 6, 28001 Madrid, Spain.
Please include a copy/scan of your identity card to enable them to identify you.
9.ADDITIONAL INFORMATION
9.1. USE OF SOCIAL NETWORKS
GREFUSA is present on the social networks, and implements measures of a technical, administrative and organisational nature in its systems with the aim of protecting information of a personal nature and preventing it from being lost, stolen, disclosed, altered or used in an unauthorised manner. Their privacy policies and conditions of use are illustrated in the following table:
NAME OF THE NETWORK | PRIVACY POLICY | CONDITIONS OF USE |
https://twitter.com/es/privacy | https://twitter.com/es/tos | |
https://help.instagram.com/155833707900388 | https://help.instagram.com/478745558852511 | |
https://www.facebook.com/privacy/explanation | https://www.facebook.com/policies?ref=pf | |
https://www.linkedin.com/legal/privacy-policy?_l=es_ES | https://www.linkedin.com/legal/user-agreement | |
YOUTUBE | https://policies.google.com/privacy?hl=e | https://policies.google.com/terms?hl=es |