Privacy Policy - NORTELIMP

Data Protection Policy

In accordance with Regulation (EU) 2016/679 of the Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of their personal data and the free movement of such data, and with Organic Law 3/2018, of December 5, on the protection of personal data and the guarantee of digital rights, the management of JOYANA SOLUTION SL informs customers, users, and the general public of the following aspects:

Introduction

This document constitutes the privacy policy of JOYANA SOLUTIONS SL regarding the processing of personal data of its customers.

For any questions on this matter, the customer can contact the Data Protection Officer at the postal address RUA DA COOPERATIVA, 2 – 36800 REDONDELA.

Additionally, you can contact the Data Protection Officer by email sent to the following address: joyanasolutions@gmail.com.

Who is the data controller of your data?

A) If you are a user of Joyana Solutions SL, the data controller is:

Data Controller HEADQUARTERS

JOYANA SOLUTIONS SL

B 94039500 RUA DA COOPERATIVA, 2

B) If we have your data because you requested information about any of the services and/or products offered through the NORTELIMP websites, the data controller of your data is JOYANA SOLUTIONS SL, with address at RUA DA COOPERATIVA, 2 36800 REDONDELA.

What personal data do we process and where do they come from?

In the course of your relationship with us, the following categories of personal data may be processed:

– Identifying and contact data of customers (including signature, image);
– Personal characteristics, social circumstances;
– Transactional data (payments, income, transfers, debts).

The data comes from the data subject themselves.

For what purpose do we process your personal data?

Personal data may be processed by the data controllers for the following purposes:

1.- Service provision: your personal data is processed in order to provide you with the requested service, for example:
– Attend any communication with NORTELIMP- JOYANA SOLUTIONS SL
– Manage any incident or claim raised by the customer;
– Conduct surveys to understand your opinion about the received service, which will be used solely to improve and develop our services;

2.- Handling information requests, complaints, suggestions, claims, exercising data protection rights, etc.: in these cases, your data will be processed to manage and handle the request by any means, including telephone and/or electronic communications.

3.- Compliance with legal obligations: it may be necessary to process personal data to comply with the relevant legal requirements. Specifically, to comply with legislation on data protection, taxation, labor, etc.

4.- Formalization and execution of the contract: the patient’s personal data are processed to manage the contractual relationship with the customer.

5.- Sending commercial communications by any means if additional consent is given: if you explicitly consent, your data may be shared for the purpose of informing you by any means for promotional and advertising purposes about restaurants, services, products, or events related to NORTELIMP (under no circumstances will your data be used to send you advertising content unrelated to NORTELIMP).

The collected data will be processed for the specified purposes and in no case in a manner incompatible with those purposes.

In any case, we process your data to always serve you with the same level of quality, regardless of the channel you use to communicate with us (website, mobile applications, whether in person, by phone, or online).

What is the legal basis for processing your data?

Purpose Legal Basis for Processing
Service provision Processing necessary for the execution of a service to which the data subject is a party; processing based on the data subject’s consent.
Handling requests Processing based on the data subject’s consent and/or the data controller’s legitimate interest.
Compliance with legal obligations Processing necessary for the fulfillment of a legal obligation applicable to the data controller.
Formalization and execution of the contract Processing necessary for the execution of a contract to which the data subject is a party.
Sending commercial communications Processing based on the data subject’s consent.

How long will we keep your data?

In general, your data will only be kept for the strictly necessary time for the purpose for which they were collected.

The provided personal data, as well as those derived from the commercial relationship, will be kept for the appropriate time in each case, and at least five years from the date of service provision, unless the regional and/or specific regulations establish a minimum retention period longer than indicated, in which case the applicable regulations will prevail.

After the aforementioned minimum period, and having ended the commercial and contractual relationship, the controller will keep your data duly blocked and pseudonymized during the periods corresponding to legal prescription.

Personal data provided for the purpose of managing any information request, complaint, suggestion, claim, exercising data protection rights, etc., will be kept for the time necessary to process the request, and in any case for the legally established time, as well as for the period necessary for the formulation, exercise, or defense of claims.

Data processed for compliance with legal obligations will be kept for the time established in the applicable legislation.

Data collected for the formalization and execution of the contract will be kept for the duration of the contractual relationship, as well as for the period necessary for the formulation, exercise, or defense of claims, at least five years.

Data processed for sending commercial communications will be kept until the data subject revokes consent and/or exercises their rights of opposition and/or deletion.

To which recipients will your data be communicated?

To ensure adequate service provision, it is necessary that certain service providers and/or group entities process data on behalf of the controller and as data processors. These entities may include, for example, auditing, physical security, archiving, storage or digitization of information, document destruction, legal advisory services, IT services, etc.

Your personal data will not be disclosed to third parties except by legal obligation, vital interest, or prior consent of the data subject.

All information provided to us will be treated confidentially and in strict compliance with the necessary security obligations to prevent access by unauthorized third parties.

What are your rights when you provide us with your data?

You may exercise your rights of access; rectification of inaccurate data; request deletion when, among other reasons, the data is no longer necessary for the purposes for which it was collected; under certain circumstances, you may also request the limitation of the processing of your data, in which case we will only keep them for the exercise or defense of claims; finally, and for reasons related to your particular situation, you may also exercise the right to object and data portability. Additionally, you may revoke, at any time, the consent given for the processing of your data.

The exercise of these rights, as well as the revocation of consent for the processing of your data, are free of charge, except in the cases provided for in Art. 12.5 of Regulation (EU) 679/2016.