PRIVACY POLICY

1.- Who is the Controller of your data?

The controller of data processing related to the different processes regarding the management of our users, clients or suppliers is ESFERATUM S.L. (hereinafter, THE CONTROLLER), with registered office for these purposes at C/fIGUEROLA, nº 1, CP 12526 VILAVELLA (Castellón), contact email: [email protected].

2.- What type of data do we have about you and how have we obtained it?

The categories of personal data that the CONTROLLER processes about its clients and suppliers are: identification data; postal and/or electronic addresses; commercial information; transaction data; bank details if the user wishes to direct debit payment.

We have obtained all the data mentioned above either directly from you by sending a contact form or by submitting a commercial offer, contractual proposal, etc. or through your company by providing us with identification data and other information necessary to carry out the purpose of the contractual relationship between the parties. It will be your or your company"s obligation to provide us with updated data in the event of modification.

3.- For what purpose do we process your data?

On behalf of the RESPONSIBLE Entity, we process the data provided to us by interested parties in order to manage different activities derived from specific procedures carried out in the area of ​​service provision, sales, after-sales service, supplier management, service quality, etc. In this way, we will use your data to carry out some of the following actions:

- Sending the information requested by you through the contact form on our website or any other means of contacting our company;

- Providing our clients with information on products and services of interest;

- Carrying out the administrative, fiscal and accounting management of our clients and/or suppliers.

We will not create commercial profiles based on the information provided and consequently we will not make automated decisions about you based on a commercial profile.

4.- How long will we keep your data?

The personal data provided by the user for the contracting of products and services will be processed for the time that the contractual relationship remains in force, which will begin at the time of formalization of the Contract and will end. The personal data provided will be kept for the time necessary to fulfill the purpose for which they are collected and to determine the possible responsibilities that may arise from the purpose, in addition to the periods established in the regulations on files and documentation.

5.- What is the basis of legitimacy for the processing of your data?

The legitimacy for the processing of your data is the consent obtained from the user, that derived from the use of digital platforms, the contracting of products or services, the regulations applicable at any given time.

User consents are obtained both at the time of user registration and in the different contracts or requests made within the digital platform and can be modified at any time by the user by exercising their rights. The processing may also be based, in the case of clients with contracts in force, on the legitimate interests of the CONTROLLER entity for the supply of products and the provision of its own services, loyalty actions, profiling to offer products or services similar to those contracted and to communicate these data to third-party companies for the performance of purely administrative procedures for the purposes necessary for the provision of the service, fraud prevention, claims and debt collection.

The legitimate interest includes the processing of user data for the management of security and access control of support information systems.

If, in order to manage a contract or request a specific one, it is necessary for the user to provide personal data of persons other than the owner, the user must inform them in advance and expressly of the content of this policy and obtain their prior consent for the processing of their data.

In order to register as a user on the digital platforms of the CONTROLLER, users must declare that they are of legal age, as they are restricted for minors, so you declare and guarantee with your registration that you are of legal age. In any case, the CONTROLLER is exempt from processing data carried out on minors without the consent of their parents or guardians.

6.- To which recipients will your data be communicated?

In the case of contracts, the data necessary to manage access to the network will be communicated to ESFERATUM S.L. and will be incorporated into a file under its responsibility, which may be accessed by those determined by legislation at any time.

The CONTROLLER also works with third-party service providers, such as sales channels, administrative support, telephone customer service, banks, debt collection companies, marketing and advertising, auditing and others who, in certain cases, may access your data, with the necessary guarantees, for the purposes of the processing.

In the event of non-payment by the Client for its services, the CONTROLLER may notify the Data Controllers of the solvency and credit files in compliance with the applicable regulations. It may also transfer the data to the competent entities, authorities and bodies in compliance with the corresponding legal and tax obligations. The personal data of these clients may be communicated to the agencies responsible for the protection of vulnerable consumers for the purposes of implementing the measures contemplated in RD 897/2017, which regulates the figure of the vulnerable consumer, as well as to any other Administration for the purpose legally determined.

7.- What are your rights as an affected or interested party?

Any person has the right to obtain confirmation as to whether the RESPONSIBLE entity is processing personal data that concerns them or not.

Specifically, interested parties may request the right to access their personal data, as well as receive it in a common and machine-readable format if the processing is carried out by electronic means (right to portability).

Likewise, interested parties may request the right to rectify inaccurate data or, where appropriate, request its deletion when, among other reasons, the data is no longer necessary for the purposes for which it was collected.

Additionally, in certain circumstances, interested parties may request the limitation of the processing of their data, or in certain circumstances and for reasons related to their particular situation, interested parties may exercise their right to object to the processing of their data. The CONTROLLER will stop processing the data, except for compelling legitimate reasons, or the exercise or defense of possible claims or in those exceptions established in the applicable regulations.

Likewise, we inform you that you have the right to withdraw your consents granted at any time, without affecting the legality of the processing based on the consent prior to its withdrawal.

Likewise, the User is informed that at any time they may exercise the aforementioned rights, or even revoke their consent, by writing to LUIS RAFAEL CORREIA GANDARA using the contact details that appear in Section 1, attaching a copy of their ID. In addition, you also have the right to file a claim with the Spanish Data Protection Agency, especially when you have not obtained satisfaction in the exercise of your rights: www.aepd.es.

8.- Data protection of website users.

In accordance with the current Regulation (EU) 2016/679, the CONTROLLER informs that the personal data of the website Users will be processed for the processing activity indicated in each data collection form on our website. Said processing of your data will be covered by your own consent. By clicking the “SEND” button, the User consents to the processing of his/her data by ESFERATUM S.L.

Likewise, we inform you that unless there is a legal obligation or express consent on your part, the CONTROLLER will not transfer your data to third parties. (In the event of transfer, inform the user of the data and to whom it will be transferred)

Likewise, the User is informed that at any time he/she may exercise the rights of access, rectification or deletion of data as well as other rights recognised in this document and regulated in Regulation (EU) 2016/679, by notifying ESFERATUM S.L., C/ Figuerola, nº 1, CP 12526 Vila-Vella –CASTELLÓN-, Contact email: [email protected]

Furthermore, in accordance with the provisions of Law 34/2002, of 11 July, on Information Society Services and Electronic Commerce, the CONTROLLER undertakes not to send advertising via email without first obtaining the express authorisation of the recipient. The User may object to the sending of advertising by checking the corresponding box.

9.- Other information of interest about our privacy policy

9.1 Security Measures

ESFERATUM S.L. adopts the security levels required by current European and Spanish data protection regulations, taking into account the state of the art, the costs of application and the nature, scope, context and purposes of the processing described, as well as the risks of varying probability and severity for your rights and freedoms as a person.

9.2 Modifications to our Data Protection and Privacy Policy

Occasionally, the CONTROLLER may make modifications and corrections to this section of the Data Protection Policy for Employees. Please check this section regularly to see any changes that may have occurred and how they may affect you.

9.3 Why is it necessary to accept this Data Protection and Privacy Policy?

This section of the Data Protection Policy for Employees provides you with all the necessary information in an easily accessible manner so that you can find out about the type of data that the CONTROLLER of the processing holds about its potential clients, clients and/or suppliers, the purposes pursued, the rights that the data protection regulations recognise for you as the affected person and how to exercise these rights. Therefore, by deliberately sending your personal data through our means of contact and/or by starting the commercial relationship with our company, we consider that you recognise and accept the processing of your personal data as described in this policy. This personal information will only be used for the purposes for which you have provided it to us or certain national or regional regulations enable us to do so.

In any case, we must warn you that a refusal on your part to provide us with certain requested data could hinder the development of the contractual relationship between the parties with possible serious consequences when providing the various services contemplated within the commercial contract entered into with the contracting party.

If you have any questions regarding this section of the Data Protection Policy, you can contact the CONTROLLER company using the address provided in the first section ‘Data Controller’ and we will be happy to assist you and answer any additional questions you may have.