This privacy policy establishes the basis on which GRATO COMPANY will process any personal information obtained in commercial management, always respecting the principles of legality, fairness, and transparency, as well as the other obligations and guarantees established in the current regulations on personal data protection (Regulation (EU) 2016/679 General Data Protection Regulation -GDPR- and Organic Law 3/2018 on Personal Data Protection and guarantee of digital rights -LOPDGDD-).
GRATO COMPANY (hereinafter THE DATA CONTROLLER) is the Data Controller for the personal data of the User and informs you that this data will be processed in accordance with the provisions of Regulation (EU) 2016/679 of April 27 (GDPR) and Organic Law 3/2018 of December 5 (LOPDGDD).
Address: C/ Rufino Peón, 17, 39300 Cartes, Cantabria, Spain
Maintain a commercial relationship with the User. The planned operations for processing are:
Sending commercial and advertising communications via email, fax, SMS, MMS, social media, or any other electronic or physical means, present or future, enabling commercial communications. These communications will be conducted by THE CONTROLLER and relate to its products and services, or those of its collaborators or suppliers with whom it has entered into promotional agreements. In this case, third parties will never have access to personal data.
Conducting statistical studies.
Processing orders, requests, or any type of inquiry made by the user through any of the contact forms provided.
Sending the newsletter of the website.
The provided data will be processed to manage the relationship established in commercial management, as well as to offer interested parties and customers information about products and services related to Grato company.
The legal bases for data processing are as follows:
Manage contractual relationships: The Data Controller will process your personal data for the provision of the described service(s).
Explicit consent of the data subject: Explicit consent constitutes a legal basis for processing data to send information about products and/or services.
You can revoke your consent at any time. All communications will provide easy ways to unsubscribe.
Compliance with legal obligations: Your data will be processed in this context of commercial management to ensure compliance with current legal obligations and to cooperate with legal and administrative authorities when necessary.
Users, by checking the appropriate boxes and entering data in the fields marked with an asterisk (*) on the contact form or download forms, expressly and freely accept that their data is necessary to address their request, by the provider, with the inclusion of data in the remaining fields being voluntary. The User guarantees that the personal data provided to THE CONTROLLER is truthful and is responsible for communicating any changes to them.
THE CONTROLLER informs and expressly guarantees users that their personal data will not be transferred in any case to third parties, and that whenever any type of transfer of personal data is made, the Users' prior, informed, and unequivocal consent will be sought. All data requested through the website is mandatory, as it is necessary for providing an optimal service to the User. In case not all the data is provided, it cannot be guaranteed that the information and services provided will fully meet their needs.
In compliance with the principles of data retention limitation, the collected data will be processed exclusively for the time necessary and for the purposes for which it was collected.
Data retention will be considered justified when:
There is a legal obligation to retain the data for a specific period.
They are necessary to respond to the contractual relationship.
They are used for historical and/or statistical purposes.
It may cause harm to the interests of third parties or the legitimate data owner.
They are necessary to ensure traceability and monitoring of a service.
The data and documentation serve as proof of an activity or service provided during the limitation periods of civil, criminal, administrative, or other actions that may arise from the activity or service provided. In such cases, the data will be blocked until their retention obligation has expired.
A longer retention period has been agreed upon by the interested parties.
THE DATA CONTROLLER will use personal data to ensure compliance with the contractual relationship or the information request made. No personal data will be communicated or transferred to third parties, except those necessary within the context of the contractual relationship and prior information to the data subject.
Additionally, data may be communicated to third parties duly authorized by law when necessary to comply with a legal obligation or at the request of an administrative or judicial authority.
In accordance with the provisions of current personal data protection regulations, THE CONTROLLER complies with all provisions of the GDPR for processing the personal data under its responsibility and explicitly with the principles described in Article 5 of the GDPR, whereby they are processed lawfully, fairly, and transparently in relation to the data subject and are adequate, relevant, and limited to what is necessary concerning the purposes for which they are processed.
THE CONTROLLER guarantees that it has implemented appropriate technical and organizational policies to apply the security measures established by the GDPR to protect the rights and freedoms of Users and has provided them with adequate information to exercise these rights.
The client or user has the following rights under the current legislation:
Access: allows the data subject to obtain information about whether their personal data is being processed and, if so, the right to obtain a copy of the personal data being processed.
Rectification: allows correcting errors and modifying data that is inaccurate or incomplete.
Deletion: allows data to be deleted and cease to be processed unless there is a legal obligation to retain them and/or other legitimate reasons for their processing prevail.
Restriction: under legally established conditions, allows the processing of data to be paused so that it is only retained for the exercise or defense of claims.
Objection: in certain circumstances and for reasons related to their particular situation, data subjects may object to the processing of their data. THE CONTROLLER will stop processing the data unless there are legitimate reasons or for the exercise or defense of possible claims.
Portability: allows the data subject to receive their personal data and be able to transmit them directly to another controller in a structured, commonly used, and machine-readable format.
THE CONTROLLER guarantees the adoption of necessary measures to ensure the exercise of these rights free of charge. For this exercise, you must identify yourself appropriately and contact us through the following channels: