DATA PROTECTION POLICY

This is the KOA SOLAR data protection policy. It refers to the data that it processes in the exercise of its commercial activities in compliance with the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council, of April 27, 2016) and Organic Law 3 /2018, of December 5, Protection of Personal Data and guarantee of digital rights.

 

Who is responsible for the processing of personal data?

The person responsible for the processing of personal data is KOA SOLAR SL (hereinafter KOA SOLAR), with CIF B09738741 and address at Calle Castell de Montgrí, 21, 3º 1ª of Girona (CP 17007), telephone 686 16 81 57, email [email protected] and website www.koasolar.eco . Figure registered in the Mercantile Registry of .........., volume .......

 

For what purpose do we process the data?

At KOA SOLAR we process personal data for the following purposes.

 

Contact . Respond to the queries of the people who contact us through the contact forms on our website. We use them solely for this purpose.

 

Telephone attention . Respond by telephone to people who contact us in this way. In order to offer a higher quality of service, conversations can be recorded, previously notifying the person with whom we communicate.

 

Selection of personnel . Reception of CVs sent to us by people interested in working with us and management of personal data generated by participation in personnel selection processes, in order to analyze the adequacy of the candidate profile based on the positions vacancies or newly created. Our criteria is to keep for a maximum period of one year also the data of the people who do not end up being hired, in case a new vacancy or new job position occurs in the short term. However, in the latter case, we immediately delete the data if the person concerned asks us to.

 

Services to clients . Register new customers and additional data that may be generated as a result of the business relationship with customers. In the contracting process, essential data is requested, including bank details (current account or credit card number) that will be communicated to banking entities that manage the collection (they can only be used for this purpose). The commercial relationship entails other treatments, such as incorporating the data into accounting, billing or information to the Tax Administration.

 

Information about our products and services . While there is a contractual relationship with our customers, we use their contact information to communicate information related to this relationship, information that may circumstantially include references to our products or services, whether of a general nature or more specifically referring to their characteristics and customer needs.

 

Other product and service information . With the explicit authorization of the clients, once the contractual relationship has ended, the contact details are kept to send publicity related to our services or products, information of a general or specific nature, according to the interests of the client. This information is sent to those who, despite not having been a customer, request or accept it by filling out our forms.

 

Management of the data of our suppliers . The data of the suppliers from whom we obtain services or goods are registered and processed. They can be the data of people who act as freelancers and also data of representatives of legal entities. We obtain the essential data to maintain the commercial relationship, we use it solely for this purpose and we make our own use of this kind of relationship.

 

Video surveillance . When accessing our facilities, when applicable, the existence of video surveillance cameras is reported using approved signs. The cameras record images only of the points where it is justified to guarantee the safety of goods and people and the images are used solely for this purpose.

 

Users of our website . The navigation system and software that enables the operation of our website collect the data that is ordinarily generated in the use of Internet protocols. In this category of data there is, among others, the IP address or domain name of the computer used by the person who connects to the website. This information is not associated with specific users and is used for the exclusive purpose of obtaining statistical information on the use of the website. Our website does not use cookies (cookies) that allow the identification of specific natural persons, users of the site. The use of cookies is reserved to collect technical information to facilitate accessibility and efficient use of the site.

 

Other channels for obtaining data . We also obtain data through face-to-face relationships and other channels such as receiving emails, through our profiles on social networks, the registration of those who download our App. In all cases, the data is used only for explicit purposes. that justify the collection and treatment.

 

What is the legal legitimacy for data processing?

The data processing that we carry out has different legal grounds, depending on the nature of each processing.

In compliance with a pre-contractual relationship . This is the case of the data of possible clients or suppliers with whom we have relationships prior to the formalization of a contractual relationship, such as the preparation or study of budgets. It is also the case of the data processing of people who send us their curriculum vitae or who participate in selection processes.

In compliance with a contractual relationship . This is the case of relationships with our customers and suppliers and all the actions and uses that these relationships entail.

In compliance with legal obligations . Data communications to the tax administration are established by regulations governing commercial relations. It may be the case of having to communicate data to judicial bodies or security forces and bodies, also in compliance with legal regulations that require collaboration with these public bodies.

Based on consent . When we send information about our products or services, we process the contact details of the recipients with their authorization or explicit consent. The browsing data that we can obtain through cookies is obtained with the consent of the person who visits our website, consent that can be revoked at any time by uninstalling these cookies.

For legitimate interest . The images that we obtain with the video surveillance cameras are treated for the legitimate interest of our company to guarantee the security and preserve its assets and facilities. Likewise, based on the legitimate interest of the company, we process data from our clients in order to offer them customer service, inform them of offers or advantages in the services offered or products delivered or to know their degree of satisfaction with our commercial relationship.

 

To whom are the data communicated?

As a general criterion, we only communicate data to administrations or public powers and always in compliance with legal obligations. In the issuance and receipt of invoices, the data can be communicated to banking entities. In justified cases we will communicate the data to the security forces and bodies or to the competent judicial bodies. No data transfers are made outside the European Union (international transfer).

In another sense, for certain tasks we obtain the services of companies or people who provide us with their experience and specialization. On some occasions, these external companies must access personal data for which we are responsible. It is not exactly a transfer of data, but a processing order. Services are only contracted from companies that guarantee compliance with data protection regulations. At the time of contracting, their confidentiality obligations are formalized and their performance is monitored. This may be the case of data hosting services, computer support services or legal, accounting or tax advice.

 

How long do we keep the data?

We comply with the legal obligation to limit the data retention period to the maximum. For this reason, they are kept only for the time necessary and justified by the purpose for which they were obtained. In certain cases, such as the data that appears in the accounting documentation and billing, the tax regulations oblige to keep them until the responsibilities in this matter prescribe. In the case of the data that is processed based on the consent of the person concerned, they are kept until this person does not revoke that consent. The images obtained by the video surveillance cameras are kept for a maximum of one month, although in the event of incidents that justify it, they will be kept for the necessary time to facilitate the actions of the security forces and bodies or judicial bodies.

 

What rights do people have in relation to the data we process?

As provided in the General Data Protection Regulation, the people whose data we process have the following rights:

To know if they are treated . Anyone has, first of all, the right to know if we process their data, regardless of whether there has been a prior relationship.

To be informed at the collection . When the personal data is obtained from the interested party, at the time of providing them, they must have clear information on the purposes for which they will be used, who will be responsible for the treatment and the rest of the aspects derived from this treatment.

By accessing Very broad right that includes the right to know precisely what personal data is processed, what is the purpose for which it is processed, the communications to other people that will be made (if applicable) or the right to obtain a copy or to know the expected period of conservation.

To ask for rectification . It is the right to have inaccurate data that is processed by us rectified.

To request the deletion . In certain circumstances, there is the right to request the deletion of the data when, among other reasons, it is no longer necessary for the purposes for which it was collected and justified its treatment.

Request the limitation of treatment. Also in certain circumstances, the right to request the limitation of data processing is recognized. In this case, they will cease to be processed and will only be kept for the exercise or defense of claims, in accordance with the General Data Protection Regulations.

to portability .   It is the right to receive personal data in a structured, commonly used, machine-readable and interoperable format, or to request that it be transferred in this way to another Data Controller. This right is recognized when the processing is based on consent or a contractual relationship.

To oppose the treatment.   As a general criterion, when the data processing is based on the legitimate interest of the company, a person can allege reasons related to their particular situation, reasons that would force them to stop processing their data to the degree or extent that may cause them harm. , unless there are legitimate reasons to continue doing so or it is necessary to formulate or defend against claims.

Not to receive commercial information . We will immediately respond to requests not to continue sending commercial information to people who have previously authorized it.

 

How can rights be exercised or defended?

The rights that we have just listed can be exercised by sending a written request to KOA SOLAR SL at the postal address Calle Castell de Montgri, 21, 3º 1ª in Girona (CP 17007), or by sending an email to info @ koasolar.eco , indicating in all cases "Protection of personal data".

If a satisfactory response has not been obtained in the exercise of rights, it is possible to file a claim with the Spanish Agency for Data Protection, through the forms or other channels accessible from its website www.aepd.es.