Data protection policy

Legislation.
In compliance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free flow of such data (hereinafter GDPR), THE ASSOCIATION OF OWNERS OF THE RIUDELLOTS DE LA SELVA INDUSTRIAL ESTATE (hereinafter the THE ASSOCIATION) informs data subjects (hereinafter 'Users') how their personal data will be treated when accessing, browsing or acquiring the services of the THE ASSOCIATION. This privacy policy is applied in this web page under the main domain www.aprs.cat.

RESPONSIBLE FOR THE DATA PROCESSING.
Name: THE ASSOCIATION OF OWNERS OF THE RIUDELLOTS DE LA SELVA INDUSTRIAL ESTATE
NIF: G17369372
Address: Avinguda Mas Pins, 150 - 17457 Riudellots de la Selva (Girona)
Email: aprs@aprs.cat

PURPOSE AND LEGITIMACY OF PROCESSING.
THE ASSOCIATION will use the data provided by the User for the following purposes:

• To answer any request for information about the services offered by THE ASSOCIATION by the User
• To attend the membership applications to THE ASSOCIATION

The User must accept this privacy policy in order to receive this information from THE ASSOCIATION. The acceptance will take place by means of a declaration or a clear affirmative action, such as ticking a box provided for that purpose. Likewise, this privacy policy is made available to the User, so that the consent is free, specific, informed and unequivocal. In case the User does not provide THE ASSOCIATION with their data, or does so in an erroneous or incomplete way, it will not be possible to receive the requested information from the User.

CATEGORÍAS DE DATOS QUE SE TRATAN
THE ASSOCIATION trata las siguientes categorías de datos:

• Personal data: name, surname/s, e-mail address and telephone number

Understandably, this classification is an approximation and may not be exhaustive, especially if one takes into account the constant change that the subject matter undergoes and the consequent modifications.

RIGHTS FOR THE INDIVIDUALS.
The User may exercise the following rights with respect to his/her data:

• Access.
  The User shall have the right to obtain confirmation from THE ASSOCIATION as to whether or not his/her personal data is being processed, as well as access to such data.
• Rectification.
  The User shall have the right to obtain the rectification of inaccurate personal data concerning him/her. The User will also have the right to have his/her personal data completed, in case they are incomplete.
• Erasure.
  The User shall have the right to have his/her personal data deleted, provided that such data is no longer necessary for the purposes for which it was collected.
• Opposition.
  The User shall have the right to oppose the processing of data, provided that one of the reasons of Art.21 of the GDPR is given.
• Restriction.
  The User shall have the right to obtain from THE ASSOCIATION the restriction of data processing when the conditions set forth in Art.18 GDPR are met.
• Portability.
   The User has the right to receive the personal data provided by him/her to THE ASSOCIATION, in a structured, of commonly used and machine readable formats, and to transmit them to another data controller when the requirements of Art .20 GDPR are met.

RECIPIENT OF THE DATA.
The data will not be communicated to any third party outside THE ASSOCIATION except in the cases:

• Legal obligation.
• Express assignment. The User expressly authorizes the ASSOCIATION to assign his or her data to a third party.

THE ASSOCIATION may give access or transmit the personal data provided by the User to third party service providers with whom it has signed agreements for data processing, and that only access this information to provide a service in favour of and on behalf of the responsible party.

DURATION OF DATA PROCESSING
The data for the purposes set out in paragraph 3. Purpose and legitimacy of processing will be kept for a period of 5 years.

MINORS.
The use of this site is not authorized to anyone under 18.

PROTECTION OF RIGHTS.
THE ASSOCIATION iinforms the User that he/she may exercise the rights of access, rectification, erasure and portability of data and opposition and limitation to its processing, as well as not to be subject to decisions based only on the automated processing of his/her data when appropriate, which is granted by law.

THE ASSOCIATION informs the User that these rights have the following characteristics:

1. The exercise of their rights is free of charge, except in the case of manifestly unfounded or excessive requests (e.g., repetitive character), in which case THE ASSOCIATION may charge a fee proportional to the administrative costs incurred or refuse to act.
2. 2. The rights can be exercised directly or through your legal representative or volunteer.
3. 3. The request must be answered by THE ASSOCIATION within one month, although, if the complexity and number of requests is taken into account, the deadline can be extended by another two months.
4. 4. If THE ASSOCIATION does not act on the request, it will inform him/her, no later than one month, of the reasons for the failure to act and the possibility of complaining to a Control Authority.
5. 5. The User has the right to revoke the consent initially given, and to file claims for rights with the competent supervisory authority, as well as the right to effective judicial protection.

To exercise his/her rights THE ASSOCIATION offers the following means:

1. 1. By written and signed request addressed to THE ASSOCIATION at Av. Mas Pins nº150, 17457 Riudellots de la Selva (Girona).
2. 2. By sending scanned and signed form to the e-mail address aprs@aprs.com indicating in the subject Exercise of Rights LOPD.

In both cases, he/she must prove his/her identity by attaching a photocopy or, if applicable, a scanned copy of his/her ID card or equivalent document in order to verify that we only respond to the data subject or his/her legal representative, in which case he/she must provide proof of representation.

Likewise, and especially if the user considers that he/she has not been fully satisfied with the exercise of his/her rights, we inform him/her that he/she may file a complaint before the national control authority by contacting the Spanish Data Protection Agency, C / Jorge Juan, 6 - 28001 Madrid.

HOW DO WE PROTECT YOUR DATA?
In THE ASSOCIATION we are committed to protecting your personal data. We use measures, controls and procedures of physical, organizational and technological nature, reasonably reliable and efficient, oriented to preserve the integrity and the security of your data and to guarantee your privacy.

In addition, all personnel with access to personal data have been trained and are aware of their obligations in relation to the processing of the user's personal data.

In the case of the contracts we sign with our suppliers, we include clauses requiring them to maintain the duty of secrecy with respect to the personal data to which they have had access by virtue of the order placed, as well as to implement the necessary technical and organizational security measures to guarantee the confidentiality, integrity, availability and permanent resilience of the systems and services for processing personal data.

All these security measures are periodically reviewed to ensure their adequacy and effectiveness.

However, absolute security cannot be guaranteed and no security system is impenetrable. Therefore, in the event that any information processed and under our control is compromised as a result of a security breach, we will take appropriate steps to investigate the incident, notify the Supervisory Authority and, if appropriate, those users who may have been affected so that they can take appropriate action.

Last update: 07/23/2020.

Privacy Policy writing language: Spanish.

Languages available for reading the Privacy Policy: Spanish, Catalan and English.