Privacy Policy
In accordance with the provisions of the current data protection legislation, Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter, GDPR), as well as Organic Law 3/2018, of December 5, on the Protection of Personal Data and Guarantee of Digital Rights (hereinafter, LOPD-GDD), the user is informed in accordance with the provisions of Articles 13 of the GDPR and 11 of the LOPD-GDD:
RESPONSIBLE
Who is responsible for processing your data?
Corporate Name: CASCO ANTIGUO COMERCIAL, S.L (hereinafter referred to as CASCO ANTIGUO)
CIF: B79683579
Address: CALLE JORGE JUAN, 118, - 28028, MADRID (MADRID)
Email: [email protected]
Website: WWW.CASCOANTIGUO.COM
PURPOSE
What is the purpose of processing your personal data?
CASCO ANTIGUO processes your information for:
Maintaining the business relationship and providing the contracted service.
Preparing a quote tailored to your needs.
Managing email communications with interested parties.
Carrying out the company’s selection processes.
Managing the company’s employees and human resources.
Sending commercial information related to the sale of products and items for commercial, professional, military diving, oceanography, rescue, and recovery.
Controlling the security of the facilities (video surveillance).
Managing training activities.
How long will we keep your data?
The personal data you provide will be retained as long as the business relationship is maintained. However, to ensure maximum transparency with you, we indicate that the general retention periods we work with are:
Generic identification data (email, name, surname, phone, etc.): for as long as the business relationship lasts or until consent is revoked. In any case, they will be deleted when they are no longer needed for the purpose for which they were collected.
Law on Offenses and Sanctions in Social Order (obligations regarding affiliation, registrations, terminations, contributions, salary payments…); Articles 66 and following of the General Tax Law (accounting books…): four (4) years.
Personal actions without a special deadline (article 1964 Civil Code): five (5) years.
Accounting, tax, and labor (article 30 Commercial Code - accounting books, invoices…): six (6) years.
Labor: contracts, time records, salary and contribution receipts, identification documents, four (4) years; in the case of occupational hazard prevention reports, health or accident files, contracts with prevention services, five (5) years.
Data subject to the Law on Preventing Money Laundering and Terrorism Financing (article 25): ten (10) years.
Selection processes: two (2) years from the submission of the curriculum vitae.
Video surveillance: thirty (30) days, except for recording an offense and/or crime.
Additionally, due to the sending of commercial information, even if the relationship between the parties ends, the responsible party will continue to retain your information for sending newsletters related to our products and services. You will always be able to exercise the rights recognized by current regulations by contacting us through the means that is most convenient for you.
Disaggregated and anonymized data: no retention period.
Despite the existence of these general periods, we inform you that we will periodically review our systems to delete data that are no longer legally required.
LEGITIMACY
What is the legitimacy for processing your data?
According to the purposes of data collection, the processing of your data is necessary for:
Managing the business relationship you have entered into and contracted with us.
Execution of a contract (enabled by Article 6.1.b GDPR)
Consent of the data subject (enabled by Article 6.1.a GDPR)
Preparing a tailored quote for your needs.
Execution of a contract and/or pre-contractual relationship (enabled by Article 6.1.b GDPR)
Managing email communications with interested parties.
Consent of the data subject (enabled by Article 6.1.a GDPR)
Legitimate interest (enabled by Article 6.1.f GDPR)
Carrying out the company’s selection processes.
Consent of the data subject (enabled by Article 6.1.a GDPR)
Managing the employees and internal human resources of the company.
Contractual execution (enabled by Article 6.1.b GDPR)
Sending commercial communications.
Consent of the data subject (enabled by Article 6.1 GDPR)
Consent of the data subject (enabled by Article 20 LSSICE)
Legitimate interest (enabled by Article 6.1.f GDPR and 21.2 LSSICE)
Controlling the security of the facilities (video surveillance).
Legitimate interest (enabled by Article 6.1.f GDPR)
Managing training activities.
Execution of a contract (enabled by Article 6.1.b GDPR)
Consent of the data subject (enabled by Article 6.1.a GDPR)
Additionally, all collected data are necessary for the provision of the service. However, those data marked with an asterisk (*) are mandatory. If the mandatory data is not provided, the responsible party will not be able to provide the contracted service.
Finally, we inform you that only individuals over 14 years old may provide personal data on this website. According to LOPD and GDD, in the case of individuals under 14 years old, it is mandatory to obtain the consent of their parents or guardians for us to process their personal data.
Furthermore, only individuals over 18 years old may contract our services. In the case of individuals under 18 years old, obtaining the consent of their parents or legal guardians will be a prerequisite for us to provide the offered services, unless the minor is emancipated.
RIGHTS OF THE DATA SUBJECTS
What rights do I have regarding data protection?
In accordance with the provisions of Articles 13 GDPR and 11.2.c) LOPDGDD, you can exercise any of the following rights by contacting us at the postal address CALLE JORGE JUAN, 118, - 28028, MADRID (MADRID) or at the email address [email protected]. In any case, according to current regulations, you have the following rights recognized in Articles 15 to 22 GDPR and 12 to 18 LOPDGDD:
The right to request access to personal data relating to the data subject.
The right to request rectification or deletion.
The right to request restriction of processing.
The right to object to processing.
The right to data portability.
You can request forms to exercise your rights from the Responsible Party through the email address mentioned in the Responsible's details. Additionally, you can file a complaint with the Spanish Data Protection Agency (AEPD). More information can be found in Section VII of this document.
RECIPIENTS
To whom will your data be communicated?
You will always be informed, and when appropriate, your express consent will be requested to transfer your personal data or to conduct international transfers in accordance with current regulations (arts. 13.1.e) and 44 GDPR, as well as art. 11.1 and 40 LOPDGDD 3/2018). Therefore, we inform you that the third parties with whom the Responsible Party works have their servers located within the EU, EEA, or Switzerland, with adequate security measures to ensure appropriate and confidential data processing.
Outside of the aforementioned cases and unless legally required, your data will not be transferred or communicated to any third party, except in legally provided cases or when strictly necessary for the provision of a service. Generally, data may be transferred to:
Providers of technological services.
Payment service providers.
Courier and parcel companies.
Third parties or intermediaries, as service providers, who operate in our own name (management, consulting, collaborating freelancers…).
Third parties responsible for processing, collaborators, or closely related to the Responsible Party for the exclusive purpose of providing our services.
Group companies or those closely related when necessary for the provision of any of our products/services.
DATA TRANSFER
Data transfers will be carried out with the utmost confidentiality, using the necessary measures, such as signing confidentiality agreements or adhering to their privacy policies established on their respective websites. The User may refuse the transfer of their data to the Data Processors by submitting a written request through any of the aforementioned means. The responsible party will not transfer or communicate your data to any third party, except in legally provided cases or when the provision of a service necessitates a contractual relationship with a Data Processor. Thus, the User agrees that some of the personal data collected may be provided to these Data Processors (payment platforms, management services, intermediaries, etc.) when necessary for the effective execution of a contracted service or purchased product. The User also agrees that, in the case of service provision, these services may be, in whole or in part, subcontracted to other individuals or companies, which will be considered as Data Processors, with whom the appropriate confidentiality agreement has been established or who have adhered to their privacy policies outlined on their respective websites. The User may refuse the transfer of their data to the Data Processors by submitting a written request through any of the aforementioned means.
ORIGIN OF YOUR DATA
How did we obtain your data?
The personal data that CASCO ANTIGUO uses comes from the data subject themselves, thus complying with the provisions of Articles 13 GDPR and 11 LOPDGDD mentioned earlier, or from group or collaborating companies, about which you can obtain more information by writing to the email address [email protected] or by visiting the office of the Responsible Party at the postal address indicated in this document.
What categories of data do we handle?
The categories of personal data that we process include:
Identification data
First name
Last name
DNI / NIE / Passport or equivalent document
Postal addresses
Email addresses
Gender
Date of birth
Place of birth
Contact phone number (mobile / landline)
Commercial information: self-generated and from third parties
Economic data
Bank account number
Credit card number
Curriculum vitae
Academic data
Qualifications
Hobbies
Membership in associations or clubs
Video surveillance
Image
The processing of sensitive data will be carried out in accordance with the provisions of Articles 9 GDPR and 9 LOPDGDD, informing the data subject about which data will be used by the responsible party.
ADDITIONAL INFORMATION
Security Measures: Users of the responsible party’s website are informed that security measures, both technical and organizational, have been adopted to prevent the loss, misuse, alteration, unauthorized access, and theft of data, thus ensuring the confidentiality, integrity, and quality of the information contained therein, in accordance with the current data protection regulations. The personal data collected in the forms will only be processed by the personnel of the responsible party or the designated Data Processors. Additionally, the Website has SSL encryption that allows Users to securely send their personal data through the contact or registration forms on the website.
Social Media: The data controller has profiles on some of the main social networks (Facebook, Instagram), recognizing itself in all cases as the Data Controller of the data of its followers, fans, subscribers, commenters, and other User profiles (hereinafter, followers) published by the controller.
The purpose of data processing by the controller, when not prohibited by law, is to inform its followers about its activities and offers by any means that the social network allows, as well as to provide personalized user service. The legal basis for legitimizing this processing will be the consent of the data subject, which may be revoked at any time.
In no case will the responsible party extract data from the social networks unless specific and express consent is obtained from the User (for example, for conducting a contest).
Confidentiality: The information provided by the User will be considered confidential in all cases and may not be used for purposes other than those described herein. The responsible party undertakes not to disclose or reveal information about the User's claims, the reasons for the requested advice, or the duration of their relationship with the User.
Truthfulness of Data: The User declares that all data provided by them is true and accurate and undertakes to keep it updated. The User will be responsible for the truthfulness of their data and will be solely responsible for any conflicts or disputes that may arise due to false information. It is important that, in order for us to keep personal data updated, the User informs the responsible party whenever there has been any modification in the data.
CONTROL AUTHORITY
We make the utmost effort to comply with data protection regulations, as it is our most valuable asset. However, we inform you that if you believe your rights have been impaired, you can file a complaint with the Spanish Data Protection Agency (AEPD), located at C/ Jorge Juan, 6. 28001 – Madrid. More information about the AEPD can be found at http://www.aepd.es/.