Privacy Policy
WEB PRIVACY POLICY GDPR – Refis Internacional
- IDENTIFICATION AND CONTACT
- DATA PROCESSING
- RIGHTS AND EXERCISE OF RIGHTS
- SECURITY MEASURES
- MINORS
- CONTROLLER. IDENTIFICATION AND CONTACT
Through this statement, Refis Internacional, S.L. – Refis, with registered office at Ramón Gallud street, nº 39, 4th floor, C.P. 03181, Torrevieja (Alicante), informs consumers and users of the website www.refis.com of its personal data protection policy, so that users may freely and voluntarily decide whether they wish to provide Refis with the personal data required for the provision of services or, where applicable, sale of products, offering of quotes previously requested by any means, and for answering queries, upon subscription, registration, or completion of any online data form.
Refis reserves the right to modify this Privacy Policy to keep it adapted to current data protection legislation. In such cases, Refis will announce the changes introduced on this website with reasonable advance notice before their implementation.
Visiting this website does not imply that the user is obliged to provide any information about themselves. Should the user provide any personal information, the data collected on this website will be processed fairly and lawfully, subject at all times to the principles and rights set forth in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR) and in current Spanish legislation on personal data protection.
In accordance with Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR), we inform you that the data provided by you will become part of a personal data processing operation.
BASIC INFORMATION 1st LAYER | ||||||||
CONTROLLER | Through this statement, Refis, with registered office at Ramón Gallud street, nº 39, 4th floor, Torrevieja (Alicante), C.P. 03181 and telephone: 966706397, informs consumers and users of the website www.refis.com of its personal data protection policy, so that users may freely and voluntarily decide whether they wish to provide Refis with the personal data required.
| |||||||
Visiting this website does not imply that the user is obliged to provide any information about themselves. Should the user provide any personal information, the data collected on this website will be processed fairly and lawfully, subject at all times to the principles and rights set forth in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR) and in current Spanish legislation on personal data protection.
| ||||||||
PROCESSING | CATEGORY OF DATA TO BE PROCESSED | PURPOSE of processing | LEGAL BASIS FOR PROCESSING | “Recipients” (of transfers) | INTERNATIONAL TRANSFER | DATA RETENTION PERIOD | RIGHTS OF DATA SUBJECTS | ORIGIN OF DATA |
Clients/Website Users
| Website user contact data. Analytical or profile data. Website visit data. Newsletter user data. Processing of Minors’ Data with consent from the parent, guardian, or legal representative. The sending of specially protected data is expressly prohibited. | Provide access to content for statistical purposes, apply measures aimed at website security Offer a communication channel between the user and the controller, The management and maintenance of users for the purposes of the services offered on the website. | Website user consent. Legitimate interest to manage the services offered through the Website. | Data transfers to various transferees detailed in the second information layer. The main recipient of the data is the website owner (Data Controller). | Not foreseen. | In any case, as long as the consent remains valid, i.e., until its deletion is requested. Legally established period to comply with legal obligations. | Information Access Rectification Objection Erasure Restriction | From the user or data subject themselves. |
Processing on Social Networks | Contact data: name and surname, telephone, and e-mail | Establishment and maintenance of relationships within social media environments | Express consent | Other users and social network providers E.g., Facebook, Twitter…. | Not foreseen. | The minimum necessary. Undetermined. Legally established period to comply with legal obligations. | Information Access Rectification Objection Erasure Restriction Portability No automated decision-making
| From the user or data subject themselves. |
Applicants to join the HR department.
| Identification data. | Management of the HR department. | Execution of a verbal or written agreement, pact, or contract | Not foreseen, except those legally established | Not foreseen in any case | The minimum necessary. Legally established period to comply with legal obligations. | Information Access Rectification Objection Erasure Restriction Portability | From the user or data subject themselves. |
BASIC INFORMATION 2nd LAYER | |||||||||||||||||
CONTROLLER | Through this statement, Refis Internacional, S.L., with registered office at Ramón Gallud street, nº 39, 4th floor, Torrevieja (Alicante), C.P. 03181 and telephone: 966706397, informs consumers and users of the website www.refis.com of its personal data protection policy, so that users may freely and voluntarily decide whether they wish to provide Refis with the personal data required.
| ||||||||||||||||
Visiting this website does not imply that the user is obliged to provide any information about themselves. Should the user provide any personal information, the data collected on this website will be processed fairly and lawfully, subject at all times to the principles and rights set forth in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR) and in current Spanish legislation on personal data protection.
| |||||||||||||||||
PROCESSING | CATEGORY OF DATA TO BE PROCESSED | PURPOSE of processing | LEGAL BASIS FOR PROCESSING | “Recipients” (of transfers) | INTERNATIONAL TRANSFER | DATA RETENTION PERIOD | RIGHTS OF DATA SUBJECTS | ORIGIN OF DATA | |||||||||
Clients/Website Users
| Website user contact data. Analytical or profile data. Website visit data. Newsletter user data. Processing of Minors’ Data with consent from the parent, guardian, or legal representative. The sending of specially protected data is expressly prohibited. | Provide access to content for statistical purposes, apply measures aimed at website security Offer a communication channel between the user and the controller, The management and maintenance of users for the purposes of the services offered on the website. | Website user consent. Legitimate interest to manage the services offered through the Website. | Data transfers to various transferees detailed in the second information layer. The main recipient of the data is the website owner (Data Controller). | Not foreseen. | In any case, as long as the consent remains valid, i.e., until its deletion is requested. Legally established period to comply with legal obligations. | Information Access Rectification Objection Erasure Restriction | From the user or data subject themselves. | |||||||||
Processing on Social Networks
| Contact data: name and surname, telephone, and e-mail | Establishment and maintenance of relationships within social media environments | Express consent | Other users and social network providers E.g., Facebook, Twitter…. | Not foreseen. | The minimum necessary. Undetermined. Legally established period to comply with legal obligations. | Information Access Rectification Objection Erasure Restriction Portability No automated decision-making
| From the user or data subject themselves. | |||||||||
Applicants to join the HR department.
| Identification data. | Management of the HR department. | Execution of a verbal or written agreement, pact, or contract | Not foreseen, except those legally established | Not foreseen in any case | The minimum necessary. Legally established period to comply with legal obligations. | Information Access Rectification Objection Erasure Restriction Portability | From the user or data subject themselves. | |||||||||
DATA CONTROLLER and contact details Through this statement, Refis Internacional, S.L., with registered office at Ramón Gallud street, nº 39, 4th floor, Torrevieja (Alicante), C.P. 03181 and telephone: 966706397, informs consumers and users of the website www.refis.com of its personal data protection policy, so that users may freely and voluntarily decide whether they wish to provide Refis with the personal data required for the provision of services or, where applicable, sale of products, offering of quotes previously requested by any means, and for answering queries, upon subscription, registration, or completion of any online data form. Refis reserves the right to modify this Privacy Policy to keep it adapted to current data protection legislation. In such cases, Refis will announce the changes introduced on this website with reasonable advance notice before their implementation.
| |||||||||||||||||
PROCESSING | CATEGORY OF DATA TO BE PROCESSED | PURPOSE of processing | LEGAL BASIS FOR PROCESSING | “Recipients” (of transfers or transmissions) | INTERNATIONAL TRANSFER | DATA RETENTION PERIOD | RIGHTS OF DATA SUBJECTS | ORIGIN OF DATA | |||||||||
Processing on Social Networks | Identification data. Data on commercial information (activities and businesses, subscriptions to publications, artistic, literary, scientific, or technical creations). | Comprehensive management of personal data of users of different social networks for the use of said social networks as a communication tool and their employment to establish and maintain legitimate relationships with said users. | The legitimate interest pursued by the data controller that legitimizes or legalizes the processing of your personal data is your express request or acceptance to register as a user of the corporate page on our company’s social network, provided that the interests or fundamental rights and freedoms of the data subject are not overridden by such interests.
| Organization or person directly related to the controller. Law enforcement agencies. Social network providers, social network users. Administration of Justice. | Not foreseen. | These will be kept as long as they are necessary or relevant for the purpose for which they were collected or recorded. Therefore, they will be canceled when they are no longer necessary to comply with the legitimate purposes described above, and will then be permanently and irreversibly deleted, once the temporary blocking period of the personal data has ended. | In accordance with the GDPR, we inform you of the existence of the right to withdraw your consent for the processing of your personal data, without affecting the lawfulness of processing based on consent before its withdrawal. We also inform you of your right to file a complaint, where applicable, with the national supervisory authority (Spanish Data Protection Agency – AEPD). | From the user or data subject themselves. | |||||||||
Clients/Website Users | Identification data. Personal characteristics. Economic data, where applicable, such as bank details (in no case, in the hypothetical event of payment by credit or debit card, will we retain the CVV security code) from the back of the card. Data on transactions of goods and services (goods and services supplied by the data subject, goods and services received by the data subject, financial transactions). Other types of data, where applicable, not specially protected or sensitive. | Manage user registration and access to the Website, manage the services made available to you through the Website, inform you of the processing and status of your requests, respond to your information request, manage all utilities and/or services offered by the platform to the user.
| The legitimate interest pursued by the data controller that legitimizes or legalizes the processing of your personal data is the execution of a written agreement or contract via Online, provided that the interests or fundamental rights and freedoms of the data subject are not overridden by such interests. | Organization or person directly related to the controller. Tax Administration (AEAT). Banks and savings banks and rural banks. Insurance entities. | Not foreseen. | These will be kept as long as they are necessary or relevant for the purpose for which they were collected or recorded. Therefore, they will be canceled when they are no longer necessary to comply with the legitimate purposes described above, and will then be permanently and irreversibly deleted, once the temporary blocking period of the personal data has ended. | In accordance with the GDPR, we inform you of the existence of the right to withdraw your consent for the processing of your personal data, without affecting the lawfulness of processing based on consent before its withdrawal. We also inform you of your right to file a complaint, where applicable, with the national supervisory authority (Spanish Data Protection Agency – AEPD). | From the user, data subject, or legal representative themselves. | |||||||||
Applicants to join the HR department.
| Economic data, academic and professional data, employment details, personal characteristics, transactions of goods and services, other types of classified data. | Comprehensive management of data of individuals applying to join the Human Resources department. Management of payroll and social security. Accounting, tax, and administrative management. Occupational Risk Prevention. Other purposes. | The legitimate interest pursued by the data controller that legitimizes or legalizes the processing of your personal data is the execution of a written agreement or contract via Online, provided that the interests or fundamental rights and freedoms of the data subject are not overridden by such interests. | Tax Administration (AEAT). Banks and savings banks and rural banks. Insurance entities with your prior express consent. Social Security organizations. | No International Transfers of personal data are foreseen. | These will be kept as long as they are necessary or relevant for the purpose for which they were collected or recorded. Therefore, they will be canceled when they are no longer necessary to comply with the legitimate purposes described above, and will then be permanently and irreversibly deleted, once the temporary blocking period of the personal data has ended. | In accordance with the GDPR, we inform you of the existence of the right to withdraw your consent for the processing of your personal data, without affecting the lawfulness of processing based on consent before its withdrawal. We also inform you of your right to file a complaint, where applicable, with the national supervisory authority (Spanish Data Protection Agency – AEPD). | From the user, data subject, or legal representative themselves. | |||||||||
EXERCISE OF RIGHTS OF DATA SUBJECTS
In accordance with Articles 15 to 22 of the EU GDPR, you may exercise the rights detailed below by sending a written request to the following address: Refis Internacional, S.L., Ramón Gallud street, nº 39, 4th floor, Torrevieja (Alicante), C.P. 03181, Tel: 966706397, in person at our office by proving your identity, or electronically by proving your identity, at the address info@refis.com.
Refis Internacional, S.L. informs the user that they have the following rights derived from the applicable regulations:
Right of access: allows the data subject to obtain information on whether Refis is processing personal data concerning them and, if so, the right to obtain information about their personal data undergoing processing.
Right to rectification: allows the correction of errors and the modification of inaccurate or incomplete data.
Right to erasure: allows data to be erased and cease to be processed by Refis, unless there is a legal obligation to retain them and/or other legitimate reasons for their processing do not prevail.
Right to restriction of processing: under the legally established conditions: a) the data subject contests the accuracy of the personal data, for a period enabling the controller to verify the accuracy of the personal data; b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead; c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims; d) the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject, allows the cessation of data processing, in such a way that Refis avoids their future processing. In attention and compliance with recital 67 of the GDPR, the methods for restricting the processing of personal data will be:
- Temporarily transfer selected data to another processing system.
- Prevent user access to selected personal data.
- Temporarily remove published data from a website.
- Clearly indicate in the system (automated file) that the data intended for processing has its processing restricted.
When restriction is exercised by the data subject, Refis will only retain them for the establishment, exercise or defense of legal claims.
Right to object: in certain circumstances and for reasons related to their particular situation, data subjects may object to the processing of their data. Refis will cease to process the data, unless there are compelling legitimate grounds, or for the establishment, exercise or defense of possible legal claims.
Right to data portability: allows the data subject to receive their personal data and transmit them directly to another controller in a structured, commonly used, and machine-readable format.
Right not to be subject to automated decisions producing legal effects:
You are informed that the processing of your data for the indicated purposes will not imply, on the part of Refis, the application of automated decisions producing legal effects for the data subject.
*Regarding the exercise of the aforementioned rights in the social media environment (access, rectification, objection, erasure, right to withdraw consent, restriction, portability, not to be subject to automated decisions producing legal effects), we can only act according to the possibilities offered by social networks, and users should contact them if they wish to exercise any such right. However, you can unsubscribe from our pages at any time by unfollowing them, although the social network might retain comments you previously made on our wall.
SENDING INFORMATIONAL COMMUNICATIONS
Regarding the sending of informational communications via e-mail or other equivalent electronic communication means, given that the user’s e-mail address is personal data when it allows identification, by collecting it in the online data form, the user expressly authorizes Refis to process it for sending commercial or promotional communications concerning the products or services provided by this company. These communications will be preceded by the word “advertising” at the beginning of the message and will clearly identify Refis. However, you can revoke your consent to receive informational communications at any time by simply notifying our e-mail address (info@refis.com) or by calling 966706397.
SECURITY MEASURES
Refis Internacional, S.L. has adopted all necessary technical and organizational measures to guarantee the security of personal data and prevent their alteration, loss, unauthorized processing, or access. The adopted security level is consistent with the nature of the personal data provided.
In accordance with Article 32 of the GDPR, Refis Internacional, S.L. as the data controller, taking into account the state of the art, the costs of implementation, and the nature, scope, context, and purposes of processing, as well as risks of varying likelihood and severity for the rights and freedoms of natural persons, shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, which shall include, among others:
- The pseudonymization and encryption of personal data;
- The ability to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services;
- The ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
- A process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.
When assessing the adequacy of the security level, particular account shall be taken of the risks presented by the processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored, or otherwise processed.
Refis Internacional, S.L. shall take steps to ensure that any natural person acting under the authority of the controller or the processor who has access to personal data does not process them except on instructions from the controller, unless required to do so by Union or Member State law.
MINORS
It is not permitted for minors under fourteen years of age, without the consent of their parents or legal guardians, to be attributed the status of user of this website, in accordance with the Organic Law on Personal Data Protection and Guarantee of Digital Rights (LOPDGDD), based on Article 8 of the GDPR. Non-compliance by the user with this condition will result in the deletion of the data provided.