Privacy Policy

The Data Controller in accordance with the LO 3/2018 and the RGPDUE 2016/679 informs you that:

 

No personal data of users are collected through this website without their knowledge, nor are they transferred to third parties. All communication with AGPOGRAF S.A. by any means or through your e-mail address, or the forms on this website or your e-mail, implies express consent for your personal data as a Client/Supplier/Contact to be included in our Register of Activities and in files or databases owned by AGPOGRAF S.A., which you can consult and which will be kept for as long as the relationship is maintained or for the years necessary to comply with legal obligations.

 

The personal data that may be collected directly from the interested party will be treated confidentially and will be included in the corresponding processing activity.

 

The purpose of the data processing corresponds to each of the processing activities carried out by AGPOGRAF S.A. and that you have the right to obtain confirmation whether we are processing your personal data, therefore you have the right to access your personal data, rectify inaccurate data or request its deletion when the data is no longer necessary, by writing to Carrer Pujades, 124, Barcelona, 08005 or to the e-mail address: info@agpograf.com.

 

The user accepts the use of “permanent cookies” on this website.

Expanded Privacy Policy

In application of the new regulations in force regarding the protection of personal data, we inform you that the personal data we collect from customers, users, suppliers and contacts, we do so through our business relationship that unites us and also from our website.

 

These data are included in databases or automated files specific to each case and are registered in our Register of Activities according to the type of users and the services we provide, or they provide to us.

For what purpose do we collect your personal data?

The purpose of the collection and automated or manual processing of personal data is to maintain the commercial relationship and the performance of information tasks, and other activities related to the commercial relationship that unites us.

For what purposes do we process your personal data?

The personal data that form part of our database are processed for the purpose of managing the information provided to us by the interested parties in order to provide the service for which they contract us or we contract them and to manage the requests sent by any means, including commercial, promotional or advertising electronic communications.

 

We adopt the necessary measures to guarantee the security, integrity and confidentiality of the data in accordance with the provisions of Organic Law 3/2018, of 5 December, on Data Protection and Guarantee of Digital Rights and Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.

To whom will your data be communicated?

Your personal data will not be disclosed to third parties, unless required by law.  As data processors, we have contracted various service providers, who have undertaken to comply with the applicable data protection regulations at the time of contracting.

How long will we keep your data?

The personal data provided will be retained for as long as the business relationship is maintained or you do not request their deletion or consent is not revoked and for the period for which legal liabilities may arise for the services provided.

 

Personal data that are part of our database and have a contractual relationship will be retained for a maximum of five (5) years from the last invoice issued.  In some cases you may revoke your consent at any time.

What is the legitimacy for the processing of your data?

In the contractual relationship in force or that binds us, the legal basis for the processing of your data is the one stated and obliged by the Organic Law 3/2018, of 5 December, on Data Protection and Guarantee of Digital Rights and in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.

 

With regard to the free, specific, informed and unambiguous consent, we inform you by making this privacy policy available to you, that after reading it, if you do not agree, you can request access to your data in accordance with our Register of Activities.

What are your rights when you provide us with your data?

Any person has the right to obtain confirmation whether and how his or her personal data are processed.

 

Interested parties have the right to access their personal data, as well as to request the rectification of inaccurate data or, where appropriate, to request its deletion when, among other reasons, the data is no longer necessary for the purposes for which it was collected.

 

In certain circumstances, data subjects may request the limitation of the processing of their data, in which case we will only keep them for the exercise or defence of claims.

 

Furthermore, in certain circumstances and for reasons relating to their particular situation, data subjects may object to the processing of their data.

 

We also inform you that we may stop processing the data, except for compelling legitimate reasons, or the exercise or defence of possible claims.

 

We also inform you that you may exercise your rights of access, rectification, deletion, opposition and limitation of processing in accordance with the conditions and limits provided for in current legislation, by writing to us or by email. In any case, you must provide a copy of your ID card, passport or equivalent document. If you consider it appropriate, you may file a complaint with the Spanish Data Protection Agency (agpd.es).

How did we obtain your data?

The personal data we process comes from the data subjects’ own requests.

 

The categories of data processed, depending on the category of users and contacts, in general and not in particular may be:

 

  • Typified Data: Personal characteristics, employment details, or commercial/economic/financial information.
  • Identifying data: Name and surname, address, NIF / DNI, telephone/e-mail, bank account, and image.

 

No specially protected data are processed.

 

Rights of data subjects

 

1. Access right: The right to obtain from the controller confirmation as to whether or not personal data relating to him/her are being processed and, if so, the right of access to his/her personal data. As well as:

 

a. The purposes of the processing;

b. The categories of personal data concerned;

c. The recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third parties or international organisations;

d. If possible, the intended period of retention of the personal data or, if not possible, the criteria used to determine this period;

e. The existence of the right to request from the controller the rectification or erasure of personal data or the restriction or objection to the processing of personal data relating to the data subject;

f. The right to lodge a complaint with a supervisory authority;

g. Where the personal data have not been obtained from the data subject, any available information on their origin;

h. The existence of automated decisions, including profiling, the logic applied and the significance and intended consequences of such processing.

 

2. Rectification right: the right to obtain from the controller the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data supplemented, including by means of an additional statement.

 

3. Erasure right: the right to obtain from the controller the erasure of personal data concerning him/her, who shall be obliged to erase the personal data without undue delay if any of the following circumstances apply:

 

a. The personal data are no longer necessary for the purposes for which they were collected or otherwise processed;

b. The data subject withdraws the consent on which the processing is based;

c. The data subject objects to the processing;

d. The personal data have been processed unlawfully;

e. Personal data must be erased in order to comply with a legal obligation under Union or Member State law applicable to the controller;

f. Personal data have been obtained in connection with the provision of information society services to minors.

 

However, there are a number of exceptions where this right does not apply. For example, when the right to freedom of expression and information must prevail.

 

4. Opposition right: the right to object at any time to the processing of personal data concerning him/her.

The controller shall no longer process the personal data unless it can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the formulation, exercise or defence of claims.

 

5. Processing restriction right: the right to obtain from the controller the restriction of the processing of data where one of the following conditions is met:

 

a. The data subject challenges the accuracy of the personal data, within a period of time that allows the controller to verify the accuracy of the personal data;

b. The processing is unlawful and the data subject objects to the erasure of the personal data and requests instead the restriction of their use;

c. The controller no longer needs the personal data for the purposes of the processing, but the data subject needs them for the purposes of making, exercising or defending claims; and

d. The data subject has objected to the processing of his or her personal data.