General privacy policy

GENERAL PRIVACY POLICY

On this website, the personal data of users may be gathered, and it will be done in accordance with the legislation in force. At SORIGUÉ, we will only collect, process, store, transmit, or proceed to erase personal data that is necessary, and we will always maintain the principle of data minimisation.

Furthermore, our guiding principle shall always be transparency with our clients and our website users, which is why we are going to give the most information possible about the use of personal data and its intended purpose.

All the processes at SORIGUÉ that involve processing personal data shall be carried out in strict compliance with the provisions established in EU Regulation 2016/679.

This Policy establishes the basis with which SORIGUÉ, as a “Data Controller”, manages the personal data of website users, users requesting information, and visitors.

This policy details elements related to the website, notwithstanding other information related to the General Data Protection Regulation, which may be detailed in other policies and which can be made available to you through different means.

You can make as many queries as you would like regarding privacy and the General Data Protection Regulation by contacting the email address rgpd@sorigue.com

 

Data Controller Information

Identity: SORIGUÉ, S.A.U. (hereafter SORIGUÉ)
CIF [TAX IDENTIFICATION NUMBER]: A25007832.
Postal Address: : Alcalde Pujol, 4, 25006 Lleida
Telephone: +34 901 020 002
Email: sorigue@sorigue.com
Email for GDPR Information: rgpd@sorigue.com

Personal Information

The purpose of our website is to provide information to internet users about the activities, products, and services that are developed by SORIGUÉ.

Merely visiting our website can cause cookies to be stored. Please consult the information related to our Cookies Policy.

You send us questions to our company email sorigue@sorigue.com, although it will be necessary for personal data to be collected in that instance, and we will process your personal data for the requested delivery or to resolve the issues or questions that you have sent us.

This information is always collected with your voluntary, informed, and express consent. The personal information that you provide to us will be processed securely and confidentially.

Your data will not be used for purposes other than those described; if necessary, you will always be informed ahead of time, and your consent will be required.

Purpose of Processing

Purpose

The purpose of collecting and processing this data is to be able to manage the requests made by website users, and to be able to send the Newsletter when it is requested.

When a relationship beyond what is described is derived from these communications, the purpose shall be expanded to cover those described in our Records of Processing Activities.

Basis of Processing

The obtained data shall be processed under your consent, which may be revoked at any time. Said consent shall be expressly communicated at each point of the website where it is required; and simple, free, and accessible systems for opposing the processing of your data when you consider it appropriate have also been established.

Providing personal data implies that said data are true, exact, and that they should be updated when they change.

Records of Processing Activities

WEBSITE USER MANAGEMENT
Purpose of Processing
Managing contact data for website users. Managing queries. Managing information derived from cookies. Managing Newsletter
Legitimacy of Processing
Consent/legitimate interest
Categories of Personal Data:
Identification data: First and last names; identifier; email. Telephone number. Professional data (position and contact data).
Rights of the Affected Subjects
Access, rectification, elimination, opposition, restriction, and withdrawal of consent. 
Third-party Access to Personal Data
Service providers with access to data (website / platform(s) designers and providers; storage services; maintenance; and support for our databases, software, and web applications). Collaborators for marketing / publicity activities for Newsletter mailings.
CLIENT MANAGEMENT
Purpose of Processing
Managing contact data for clients and potential clients.
Legitimacy of Processing
Agreement/Legitimate interest
Categories of Personal Data:
Identification data: first and last names; identifier, DNI [National Identity Card]; email. Professional data (position and contact data). 
Rights of the Affected Subjects
Access, rectification, elimination, opposition, restriction, and withdrawal of consent.
Third-party Access to Personal Data
IT service providers with access to data (website / platform(s) designers and providers; storage services; maintenance; and support for our databases, software, and web applications). Collaborators in charge of managing client relations. 
TECHNICAL MARKET
Purpose of Processing
Advertising and marketing activities for products and services associated with the business Group and its foundation. Relations with the press and media.
Legitimacy of Processing
Consent/legitimate interest
Categories of Personal Data:
Identification data: First and Last Names; DNI [National Identity Card]; email; telephone. Professional data (position and contact data).
Rights of the Affected Subjects
Access, rectification, elimination, opposition, restriction, and withdrawal of consent.
Third-party Access to Personal Data
IT service providers with access to data (website / platform(s) designers and providers; storage services; maintenance; and support for our databases, software, and web applications). Collaborators managing secondary publicity and marketing activities.
EXERCISE OF RIGHTS/ NOTIFICATION OF SECURITY BREACHES
Purpose of Processing
Exercising rights contained in the European General Data Protection Regulation (GDPR), as well as the possible notification of security breaches to interested parties.
Legitimacy of Processing
Legal obligations according to the European General Data Protection Regulation.
Categories of Personal Data:
Identification data: First and Last Names; DNI [National Identity Card]; email.
Rights of the Affected Subjects
Access, rectification, and elimination.
Third-party Access to Personal Data
IT service providers with access to data (designers and website / platform(s) providers; lodging services; maintenance; and support for our databases, software, and web applications). 

Categories

Collected data

The data that can be collected from the website shall be identification data (full name) and contact information (email and telephone number).

Occasionally, we may also process other unique numerical identifier data such as the IP address of your computer, the identifier of your mobile device, or information that we obtain through cookies.

Whenever you send us an email or use of specific forms (that we can embed), we will be collecting the data that you submit to us in the message, which we may need to use to give you an answer.

If you use social networks to contact us, it is possible that we may collect your image on our profile.

Recipients

The personal data that is provided may be shared with entities that help us manage the commercial communications processes and provide and maintain technological services (for example, the website or email). In addition, we have external collaborators who help us with design, development, marketing and publicity.

In accordance with SORIGUÉ policy, we only contract entities that offer sufficient guaranties to apply the appropriate technical and organisational measures, so that the data processing they perform for us is in accordance with the requirements of the data protection regulation and guarantees the protection of the rights of the interested party.

We do not sell or exchange personal information; we only share or give access to data to the providers or subcontractors who have been previously evaluated and with whom we maintain confidentiality agreements.

In addition, the Control Authority can have access to your data.

International Transfers

Generally, personal data will not be processed outside of the EU. However, we have providers who may store information outside of the European area, such as our social networks (Facebook®, Twitter®, Instagram®, Vimeo®, and Pinterest®) or tools that help us to manage the foundation’s activities (for example, MailChimp® or Google®). All the providers are Privacy Shield certified, which demonstrates that their security measures meet the European area requirements.

Some of the cookies that we use are from third parties and are being transferred outside of the European area. However, these providers are Privacy Shield certified.

Our external providers must meet the security and due diligence measures in the provision of their services. In some cases, they abide by security standards such as ISO/IEC 27001 or the ISAE International Standard on Security.

If, in the future, there are other recipients headquartered in a country outside of the EU/ECC who, additionally, do not have the same level of security required in the EU, we will update our policy and inform you of it at length.

Third-party Links

In some cases, we may provide access to third-party websites or applications (for example, social networks) from our website. We cannot guarantee the security available in these external environments. Please read the legal policies associated with these third parties carefully. If a user detects that these third parties are not complying with the regulations or are affecting users’ integrity, please inform us via email at rgpd@sorigue.com.

Storage Periods

Our corporate policy dictates that we will only keep your personal data for the time that is absolutely necessary for each purpose of processing. The storage period will generally be set by a legal requirement, which shall be applicable to us either for providing a service or because we must maintain evidence of compliance. In any case, the periods will vary based on each one of the processing activities that we perform.

To determine the storage period, the following criteria, among others, are used:

-Data associated with cookies. 12 months after the consent of each user.
-Exercising rights, during the period indicated by the legislation in force for the exercise of responsibilities.

In any case, the data will be cancelled once the purpose for which the data was collected has been met, initially after 3 years.

When the data are no longer needed in order to comply with the established obligations and duties, they will be deleted in an orderly and safe manner.

User Rights

We guarantee the right to exercise the rights you have as owner of your personal data. To exercise your rights before SORIGUÉ, you simply have to contact us via email at rgpd@sorigue.com.

Generally speaking, here is a brief explanation of your rights;

  • You have the right to obtain confirmation regarding whether we are processing your personal data. 
  • You have the right to access your personal data, to request to rectify any incorrect data, or to request that it be erased when, among other reasons, the data is no longer necessary for the purpose for which we collected it. 
  • You have the right to withdraw your consent, however, this withdrawal does not affect the legitimacy of the processing prior to withdrawal. If you do not wish to receive information from our Newsletter, you can mention this in any message (following the detailed steps to unsubscribe) or by sending a message to the email address rgpd@sorigue.com.

Whenever technically possible, we will always try to grant you the right to receive your data or to provide it to third parties in a structured, accessible, and machine-readable format in accordance with the regulations of art. 20 of the General Data Protection Regulation of the EU.

Rights in detail

But we want to give you information that is a little more detailed:

  1. The right to clearly and transparently obtain information regarding how your personal data is processed, the purpose of processing, the storage period, the transfer of data to third parties, or the international processing of the same, and the possibility of presenting claims to the Spanish Data Protection Agency.
  2. The right to access and know what personal data we are processing.
  3. The right to request:
    • The suspension of processing while your data is being rectified.
    • We store your personal data for the exercise of actions or claims in defense of your interests.
  4. The rectification of personal data that is inexact or incomplete.
  5. The right to erase your personal data when the purpose of processing no longer exists, or when you revoke consent, they will be erased except for under the legal obligation to store them.
  6. The right to oppose the processing of your personal data.
  7. The right to limit the processing of your personal data to specific activities.
  8. The right to the portability of your personal data, which operates under specific circumstances in which data processing is automated whenever possible.

Remember that you have the right to revoke / withdraw your consent at any time.

How to Exercise your Rights

To process your request to exercise your rights, which is free of charge, you can contact us via the following email address rgpd@sorigue.com. To exercise these rights, you must accurately verify your identity using a valid identity document. If you are acting on behalf of a third party, you will need to present us with the document authorising representation.

Protection before the Control Authority

You can present claims to protect your rights to the Spanish Data Protection Agency at its electronic headquarters or to the postal address Calle Jorge Juan 6, 28001, Madrid [Spain]. If you need more information, please visit the website www.agpd.es.

Security Measures

It is corporate policy to maintain the technical and organisational measures, which are necessary in order to guarantee the security of personal data and avoid their unauthorised alteration, loss, processing, or access thereto, in compliance with the legislation in force to protect personal data.

All the security measures developed and implemented are based on risk management. All the measures have been considered based on the requirements established in the General Data Protection Regulation.

We require our providers to implement our measures. All staff with access to personal data at our entity, either their own or those belonging to third parties, must follow these security measures.

It is the policy of our group to maintain the security, integrity, and confidentiality of personal data. Non-compliance with our regulations will be investigated.

Any action that intends to attack our security measures, which is done consciously, shall result in actions by our IT department and specialised providers to protect the data and investigate the source.

Security Violation Notice

When we detect that we have been the victim of a security violation that affects your personal data, we will proceed to mitigate the damages. Furthermore, we will notify the Control Authority within a period of 72 hours. Personal data owners whose data appears to be compromised shall receive an email with the necessary information and, if necessary, the security measures that should be carried out to avoid negative effects.

Security Measures as a User

As an internet user, we want to give you some guidelines on how to safely use the internet. With regard to both smartphones and computers, you should keep your device’s operating system and software up-to-date. Maintain the latest versions of the browsers that you use. Disable unnecessary browser add-ons by using the options to control the installed add-ons.

You should have an antivirus program that is up-to-date and activated. It is recommended that you have some kind of anti-malware and anti-spyware software.

Remember to update your passwords periodically and try to maintain the security criteria (at least 8 characters, including numbers and symbols). Avoid information that can be easily guessed or simple patterns. Maintain security elements on your mobile devices in order to be able to access them.

Do not trust emails sent by banking entities or providers. Never provide personal information or security codes over the internet.

Minimize access to public Wi-Fi networks, which helps to avoid sharing information or accessing services that involve signing in with a username and password.

Changes in Policy

Any change in our privacy policy shall be published and shall take effect from the day of publication. This policy is published on the reference date that appears at the footer.

If any user considers that an element is not applicable and needs to be expanded or modified, please communicate that via email to rgpd@sorigue.com.

Translation

This policy is available in several languages. In the event that there are discrepancies between different versions of this text, the version in Spanish will be considered the official and original policy. Therefore, the policy will always be interpreted in conformity with the terms set forth in the Spanish version.

Any error, omission, or ambiguity shall not be considered the responsibility of our entity.

Cooperation

It is the policy of SORIGUÉ to cooperate and collaborate on anything that may be required by the Control Authority.

In addition, we shall, at all times, try to facilitate: compliance with the legal provisions established in the privacy legislation in force and in a direct way; the exercise of the rights of the interested parties; and the management of incidents.

Communications and Contact.

To facilitate contact with our users and with any third party who may be interested in communicating with us, we have a free method of communication—email—that guarantees the access of any user: sorigue@sorigue.com / rgpd@sorigue.com -

To unsubscribe from our mailing list, you can follow the instructions provided in the messages themselves or send us an email to rgpd@sorigue.com.

DATE PUBLISHED: 06/06/2018