DATA PROTECTION AND PRIVACY STATEMENT

Complying with the current legislation,  www.alex.es (hereafter referred to as “Website”) takes on the approach to compliance with the technical and organizational steps needed to reach the proper security level of the collected data.

Legislation followed by this Privacy Statement

This Privacy Statement is adjusted to the Spanish and European Standards concerning to the data protection on the internet. In particular, it respects the following rules:

• (EU) 2016/679 Regulation of the European Parliament and European Council on April 27th, 2016, related to the natural persons data protection regarding to the processing of any personal data and the free flow of information (EU General Data Protection Regulation – GDPR).
• 34/2002, on July 11th, Law of Information Society Services and Electronic Commerce (LISSEC).

Identity of the personal Data Controller

The responsible for the the processing of personal data collected in https://www.alex.es/ is: RUEDAS ALEX, S.L.U., holder of Fiscal Identification Number B65844177, registered at the Huesca Business Register in volume 620, sheet 79, H HU 12274, with the representative: ALBERTO ASENS GARCIA (hereafter referred to as “Data Controller”). His contact details are:

Address: C/ Comunidad Castilla y León, s/n - 2250 Fraga (Huesca)

Telephone number: 974035345

E-mail address: rgpd@alex.es

Principles applicable to the processing of personal data

The processing of the User's personal data will submit following the provisions of article 5 of the GDPR:

• Principle of legality, loyalty and transparency: User's consent will be required at all times after a fully transparent information about the purposes of the personal data collected.
• Principle of the limitation of the purpose: personal data will be collected with concrete, explicit and legitimate purposes.
• Principle of minimization of data: personal data collected will be only those strictly necessary in relation to the purposes for which they are processed.
• Principle of accuracy: personal data must be accurate and always updated.
• Principle of limitation of the term of conservation: personal data will only be maintained in a way that allows the identification of the User during the time necessary for the purposes of their processing.
• Principle of integrity and confidentiality: personal data will be processed in a way that guarantees their security and confidentiality.
• Principle of proactive responsibility: the Data Controller will be responsible for ensuring that the above principles are met.

Categoríes of personal data

The categories of data that are processed in http://www.alex.es are only identifying data. In no case will be special categories of personal data processed in the sense of article 9 of the GDPR.

Legal basis for the treatment of personal data

The legal basis for the processing of personal data is the consent that www.alex.es undertakes to seek the User's consent for the processing of his/her personal data for one or more specific purposes.

User may withdraw the consent at any time. It will be as easy as it was when subscribing. As a general rule, the withdrawal of consent will not condition the use of the Website.

On the occasions when the User must or may provide his/her data through forms to make inquiries, request information or for reasons related to the content of the Website, he/she will be informed in case that the completion of any of them is mandatory because they are essential for the proper development of the operation performed.

Purposes of the processing to which personal data are meant

Personal data are collected and managed by www.alex.es in order to facilitate, expedite and comply with the commitments provided between the Website and the User or the maintenance of the relationship set in the forms that he/she latter completes or to respond to an application or inquiry.

Likewise, the data may be used for a commercial purpose of personalization, operational and statistical, and activities of the corporate purpose of www.alex.es, as well as for the extraction, storage of data and marketing research to adapt the content offered to the User and improve the quality, operation and browsing through the Website.

The moment that personal data are obtained, the User will be informed about the purpose or specific purposes of the processing to which the personal data will be assigned; that is, the use or uses that will be given to the information collected.

Retention terms of personal data

Personal data will be retained for as long as it is necessary in order to fulfill the purpose for which they are collected and, in any case, till the User requests his deletion.

As we collect personal data, we will inform the User about the envisaged storage term or criteria to determine this term.

Recipients of personal data

We do not share the User's personal data with any third party outside our organization.

In any case, as we collect personal data, we will inform the User about the recipients or categories of recipients of the personal data.

Personal information of minors

Following the provisions of the articles 8 of the GDPR and 13 of the RDLOPD, only those over 14 years of age may grant their consent for the legally processing of their personal data by www.alex.es. If it is a minor under 14, the consent of the parents or guardians will be necessary for the processing, and this will only be considered legal in the measure in which they have authorized it.

Secrecy and security of personal data

http://www.alex.es is committed to adopt the necessary technical and organizational measures, according to the level of security appropriate to the risk of the data collected, so as to guarantee the security of personal data and avoid the accidental or illegal destruction, loss or alteration of personal data transmitted, storaged or otherwise processed, or unauthorized communication or access to these data.

However, because www.alex.es can not guarantee the inexputability of the internet or the total absence of hackers or others who fraudulently access personal data, the Data Controller undertakes to notify the User without undue delay when a violation of the security of personal data that is likely to entail a high risk for the rights and freedoms of natural persons. Following the provisions of Article 4 of the GDPR, violation of the security of personal data means any breach of security that causes the destruction, loss or accidental or illegal alteration of personal data collected, storaged or otherwise processed, or the unauthorized communication or access to these data.

Personal data will be processed as confidential by the Data Controller, who undertakes to inform and guarantee through a legal or contractual obligation that such confidentiality is respected by its employees, associates, and any person to whom the informations is made accessible.

Rights deriving from the processing of personal data

The User has the following rights, provided in the GDPR, on www.alex.es and may, therefore, exercise them to the Data Controller:

• Right to access: any User may contact us to get confirmation as to whether or not http://www.alex.es is processing User’s personal data as well as obtain information about his/her personal details and the treatment that www.alex.es has processed or processes, or the information available about the source of those data and the recipients of the communications performed or expected.

• Right to rectification: any User has the right to modify any inaccurate personal data or, taking into account the purposes of the process, incomplete.

• Right to erasure ("the right to forget"): any User has the right, provided that the current legislation does not establish otherwise, to have personal data we process about him/her erased from our systems if they are no longer necessary for the related purposes; the User has withdrawn his consent to the processing and this does not have another legal basis; the User opposes the processing and there is no other legitimate reason to continue with it; personal data have been processed unlawfully; personal data should be deleted in compliance with a legal obligation; or personal data have been obtained as a result of a direct offer of information society services to a minor under 14. In addition to suppressing the data, the Data Controller, taking into account the available technology and the cost of its application, must take reasonable measures to inform those responsibles who are processing the personal data of the interested party's request to delete any link to those personal data.

• Right to the limitation of the processing: it is the User's right to limit the processing of their personal data. The User has the right to obtain the limitation of the treatment when he challenges the accuracy of his/her personal data; the processing is illegal; the Data Controller no longer needs the personal data, but the User needs it to make claims; and when the User has opposed the processing.

• Right to data portability: in case that the processing is carried out by automated means, the User will have the right to receive from the Data Controller his/her personal data in a structured format, of common use and mechanical reading, and to transmit them to another person in charge of the processing. Whenever technically possible, the Data Controller will transmit the data directly to that other person in charge.

• Right of opposition: it is the User's right to not carry out the processing of his/her personal data or to withdraw the treatment thereof by http://www.alex.es

• Right not to be subject to a decision based only on automated processing, including profiling: it is the User's right not to be the subject of an individualized decision based only on the automated processing of his/her personal data, including the processing of profiles, existing unless the current legislation establishes the contrary.

All these things considered, the User can exercise these rights by sending a written communication addressed to the Data Controller with reference “GDPR- http://www.alex.es with the following specifications:

• User's name, surname and copy of his/her ID card. In cases of representation, the identification of the User's representative will be also needed, as well as the document accrediting this representation. The copy of the ID card could be replaced by any other valid mean accrediting the identity.
• Request with the underlying reasons of the demand or information willing to access.
• Address for the notifications purposes.
• Date and applicant's signature.
• Any kind of documentation certifying the request.

This application and any other attached document can be sent to the following address and / or e-mail address:

Address: C/ Comunidad Castilla y León, s/n - 2250 Fraga (Huesca)

E-mail address: rgpd@alex.es

Claims to the control authority

In case that the User considers that there is a problem or infringement of the current regulation in the way in which his/her personal data are being processed, he/she will have the right to effective judicial protection and to present a claim to a control authority, in particular, in the State in which he/she has his/her habitual residence, place of work or place of the alleged infringement. In the case of Spain, the control authority is the Spanish Agency for Data Protection (http://www.agpd.es).

III. ACCEPTANCE AND CHANGES IN THIS PRIVACY STATEMENT

It is necessary that the User reads and agrees with the conditions of the data protection contained in this Privacy Statement and Cookies Policy, as well as that he/she accepts the processing of his personal data so that the Data Controller can proceed in the proper way, during the terms and for the purposes indicated. The use of the Website implies the acceptance of the Privacy Statement and Cookies Policy.

http://www.alex.es reserves the right to modify its Privacy Statement and Cookies Policy, according to its own criteria, or motivated by a legislative, jurisprudential or doctrinal change in the Spanish Agency for Data Protection. Changes or updates to this Privacy Statement and Cookies Policy will be notified explicitly to the User.

This Privacy Statement and Cookies Policy was updated on May 25th, 2018 in order to adapt to (EU) 2016/679 Regulation of the European Parliament and European Council, on April 27th, 2016, related to the natural persons data protection regarding to the processing of any personal data and the free flow of information. (EU General Data Protection Regulation – GDPR).