Privacy policy
PRIVACY POLICY on the processing of personal information
Arts. 12 et seq. of Regulation (EU) 2016/679 (GDPR)
PREAMBLE
In compliance with the provisions of the EU Regulation 2016/679 (hereinafter GDPR) we provide herewith information related to the processing of personal information provided by the data subject in relation to the controller (as defined below).
The information is provided in accordance with Art. 13 GDPR.
1. IDENTITY AND CONTACT DETAILS
The data controller is Chapp Global SLU, with registered address at Parque Científico Tecnológico - Edificio Polivalente 3, P3, Oficinas 305-306. 35017, Las Palmas de Gran Canaria / Spain and the contact information is: email: hello@chappsolutions.com, tel: 0034 928459581.
2. CONTACT DETAILS OF THE DATA PROTECTION OFFICER (DPD)
The Data Protection Officer is VTV Asesores S.L.P B-96256649. Contact person: Mr. Antonio Aguilar Navarro; tel: +34 963 531 136; email: privacidad@graconsultores.com
3. PURPOSE OF PROCESSING, LEGAL BASIS AND RETENTION PERIOD
*After deletion, data must be retained for an additional period of up to one year, depending on backup policies.
4. MANDATORY NATURE OF THE PROVISION OF DATA
It is obligatory to provide the controller with the information essential for the execution of the contractual relationship, as well as the information necessary to comply with the obligations dictated by law, regulations, public legislation or by Authorities with legitimacy to do so and by supervisory and control bodies (referred to in purposes a) and e) above).
Data that are not essential for the performance of the contractual relationship are qualified and considered supplementary and their provision by the data subject, if requested, is optional and subject to consent. Consent provided may be withdrawn by the data subject at any time by sending an email to the address: hello@chappsolutions.com. Such withdrawal shall in no way affect the lawfulness of processing based on the consents given prior to withdrawal of consent.
5. PROCESSING METHODS
Personal information will be recorded, processed and stored in the controller's files, in paper and electronic format, in compliance with the technical and organisational measures referred to in Art. 32 of the GDPR. The processing of the data subject's personal information may be any of the operations described in Art. 4, paragraph 1, point 2 of the GDPR.
Personal information will be processed using appropriate tools and procedures to ensure security and confidentiality. Such processing may be carried out directly or through third parties, either in paper or electronic format. In order to properly manage the relationship and fulfilment of legal obligations, personal information may be included in internal documentation of the controller and, if necessary, in documents and records required by law.
Your information may be processed by employees of the controller's company in order to fulfil the purposes mentioned above. These employees have been expressly authorised to process the information and have received appropriate operational instructions pursuant to Art. 29 GDPR.
6. CATEGORIES OF RECIPIENTS OF PERSONAL INFORMATION
The information may be communicated to and processed by external parties operating as autonomous data controllers under Articles 4 and 24 of the GDPR, such as, for example, supervisory and control authorities and bodies and, in general, public or private subjects entitled to request the information and/or persons acting as data processors under Art. 28 GDPR, such as other companies of the Zucchetti Group, professional consultancies/firms and/or legal professionals and tax advisors and insurance companies.
The information may be communicated to business partners of the controller for the performance of services related to the execution of the contract or for carrying out commercial actions, subject to your express consent.
7. TRANSFER OF DATA OUTSIDE THE EU
The information provided by the data subject will be processed in EU countries and/or Switzerland. In the event that the data subject's personal information is not processed in an EU country or Switzerland, the data subject's rights under EU regulations will be guaranteed and the data subject will be notified of this fact.
8. RIGHTS OF THE DATA SUBJECT
Pursuant to Articles 15 et seq. of the GDPR, the data subject may exercise the following rights:
- Access: to obtain information on whether or not the data subject's personal information is being processed and the right to access such information; manifestly unjustified, excessive or repetitive requests cannot be met;
- Rectification: correct/correct personal information if it is incorrect or outdated and complete information if it is incomplete;
- Erasure/forgetting: in some cases, obtaining erasure of the personal information provided; this is not an absolute right, as the data controller may have legitimate or lawful reasons for withholding the information;
- Limitation: the information will be stored, but may not be further processed, in the cases provided for in the regulation;
- Portability: moving, copying or transferring information from the controller's database to third parties. This applies only to information provided by the data subject for the performance of the contract or where express consent has been given and the processing is carried out by automated means;
- Objection to direct marketing;
- Withdrawal of consent at any time if the processing is based on consent.
It should be noted that - before processing requests - the controller may check the identity of the data subject in order to assess the legitimacy of the data subject.
To exercise these rights, the data subject may contact the Data Controller at hello@chappsolutions.com or call 0034 928459581. The Data Controller must respond within 30 days of receipt of the data subject's formal request.
In case you feel that your rights concerning the protection of your personal data have been violated, especially when you have not obtained satisfaction in the exercise of your rights, you can lodge a complaint with the competent Data Protection Supervisory Authority via its website: www.agpd.es.