PRIVACY POLICY
1. Identification of the Data Controller
In accordance with the provisions of REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter GDPR), we inform you that personal data will be processed by the following Data Controller:
- EPC FOCUS INVESTMENTS S.L.
- CIF: B72559255
- Address: C/ Sagasta 24, 3ºA, 28004, Madrid
- Contact email: info@grupodraisa.com
2. General Privacy Principles
When we collect and process your personal information, we are guided by the following practical principles:
- Personal data is processed fairly, lawfully, and transparently.
- Personal data is collected for specific, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
- Personal data is adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed.
- Personal data must be accurate and up to date. Inaccurate data will be corrected or deleted.
- Personal data must be kept in an identifiable format and only for as long as necessary.
- Personal data is kept secure through appropriate and effective technical and organizational measures against unauthorized or unlawful processing and against accidental loss, destruction, or damage, by implementing appropriate technical or organizational measures (“integrity and confidentiality”).
- We are committed to the principles of data protection by design and data protection by default.
3. Purposes of Collecting Personal Data
The purposes according to the processing are as follows:
- Contact with users: to attend to contact requests.
4. Legal Basis for Data Processing
- Users who have used any contact method: consent of the data subject.
5. Recipients and International Data Transfers
No communication to third parties is foreseen, except if required by law. No international data transfers will be made.
6. Retention Periods
- Users who have used any contact method: as long as the data is necessary to manage your request.
7. Rights of the Data Subject
As a data subject, you may address your communications and exercise your rights in accordance with the formalities imposed by REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
In all our operations related to your privacy, we strive to comply with current regulations, which contain a series of rights for the data subject listed below:
Your Rights |
What it Means |
Right to Information |
You have the right to clear, concise, transparent, and easily understandable information about how we use your personal data and your rights. |
Right of Access |
You have the right to access the personal data we hold about you (with certain limits). Manifestly unfounded, excessive, or repetitive requests may not be fulfilled. |
Right to Rectification |
You have the right to have your personal data corrected when it is inaccurate or no longer valid, or to have it completed when it is incomplete. |
Right to Erasure / Right to be Forgotten |
In certain cases, you have the right to request that your personal data be erased or deleted. It should be noted that this is not an absolute right, as we may have legal or legitimate reasons to retain them. |
Right to Object to Receiving Advertising |
The easiest way to unsubscribe is by clicking on the “unsubscribe” link in any email or communication we send you. You can also email us at info@grupodraisa.com |
Right to Withdraw Consent at Any Time |
If consent has been given for any of the purposes informed and determined in the processing to which we refer, you have the right to withdraw consent at any time, without affecting the legality of the processing based on consent prior to its withdrawal. |
Right to Object to Processing Based on Legitimate Interests |
You can object at any time to us processing your data when the processing is based on legitimate interests. |
Right to Lodge a Complaint with a Supervisory Authority |
If you have not obtained satisfaction in the exercise of your rights or the manner of exercising them, you can file a complaint with the Supervisory Authority. For more information on this right and how to exercise it, you can contact the Spanish Data Protection Agency www.aepd.es Tel. 901 100 099 and 91.266.35.17. C/Jorge Juan,6 28001-Madrid. |
Right to Data Portability |
You have the right to receive the personal data that concerns you and that you have provided to us in a structured, commonly used, and machine-readable format, to transmit it to another data controller when the processing is based on the execution of a contract or your consent and the processing is carried out by automated means. |
Right to Restriction of Processing |
You have the right to obtain the restriction of the processing of your data, although its exercise has two aspects: You can request the suspension of the processing of your data: -When you contest the accuracy of your personal data, for a period that allows the controller to verify its accuracy. -When you have objected to the processing of your personal data that the controller carries out based on legitimate interest or public interest, while verifying whether these reasons prevail over yours. Request the retention of your data: -When the processing is unlawful and you oppose the erasure of your data and instead request the restriction of its use. -When the controller no longer needs the personal data for the purposes of the processing, but the data subject needs it for the formulation, exercise, or defense of claims. |
How Can You Exercise Your Data Protection Rights?
To exercise your rights, you can email info@grupodraisa.com indicating in the subject “GDPR. RIGHTS” or similar. You should specify which of the rights you request to be satisfied.
You can use an official model from the Spanish Data Protection Agency: https://www.aepd.es/reglamento/derechos/index.html
8. Security
The security measures adopted are those required in accordance with the provisions of Article 32 of the GDPR. In this regard, considering the state of the art, the costs of implementation, and the nature, scope, context, and purposes of the processing, as well as the varying probability and severity of risks to the rights and freedoms of natural persons, the Data Controller has implemented appropriate technical and organizational measures to ensure a level of security appropriate to the existing risk.
The Data Controller has implemented sufficient mechanisms to:
- Ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services.
- Restore the availability and access to personal data promptly, in case of a physical or technical incident.
- Verify, evaluate, and assess, on a regular basis, the effectiveness of the technical and organizational measures implemented to ensure the security of the processing.
- Pseudonymize and encrypt personal data, where applicable.
9. Cookies
Cookies. A cookie is a small file that is automatically downloaded and installed on the user’s device through their browser (Internet Explorer, Firefox, Chrome, Safari…). The website only uses technical cookies, which do not require the user’s consent.
©EPC FOCUS INVESTMENTS S.L. All Rights Reserved.