Presentation and identification of the CONTROLLER
The website and logo is the property of IRIS Technology Solutions S.L. (hereinafter the CONTROLLER) with Value Added Tax ID number B64446123 and registered office in Carretera Esplugues local 39-41, 08940 Cornellà del Llobregat, provincial de Barcelona.
Description of activity
Through this website, the CONTROLLER wishes to inform you about its activities and services. The CONTROLLER may, depending on the development and progress of the company and the sector, extend its website to include new services, activities or contents, in order to improve the services and quality of the service provided. Conversely, the CONTROLLER also reserves the right to cancel, modify, substitute or restrict the contents, services or activities, expressly and without prior notice to the users.
This website is aimed at both customers and all other users who visit it (hereinafter referred to as USERS)
If you have any questions about these General Conditions, please contact us at email@example.com.
In compliance with the provisions of applicable national and European legislation on the protection of personal data, we inform you that the personal data that our customers or potential customers may provide us with (both referred to as the “Customer(s)”), either by using the form provided on our website (the “Website”), by sending an e-mail to the address provided for this purpose, by means of e-mails addressed to our professionals or by any other means of communication, will be included in a file of which IRIS Technology Solutions S.L. (hereinafter the CONTROLLER) with Value Added Tax ID number B64446123 and registered office in Carretera Esplugues local 39-41, 08940 Cornellà del Llobregat, Barcelona, is the owner and data controller.
Consent and collected data
Unless specifically stated to the contrary, all information we request from our Customers on the forms available on the Website is required. Refusal to provide the required data will make it impossible to deal with the specific request in question. Please inform us immediately of any changes to your data so that the information contained in our files is always up to date and free of errors. In this regard, the Customer declares that the information and data provided are accurate, up to date and truthful.
Purpose of processing and legal basis
The purpose of the processing by the CONTROLLER is to deal with the request made, answer your queries and requests for information and, where appropriate, maintain and manage the professional, commercial and/or contractual relationship established with any of our offices and/or professionals (hereinafter the “Service(s)”).
Who we communicate your data to
The CONTROLLER will not transfer your personal data to third parties, unless it is legally required or if the Customer has previously authorized us to do so or if it is necessary for the provision of the requested Services.
In order to be able to offer the appropriate Service to the Customer and to manage the relationship with you, the CONTROLLER contracts the provision of services from certain companies which, subject to compliance with the legal requirements, may be given access to your personal data solely for the purposes providing the Service.
International transfers of personal data
The General Data Protection Regulation (GDPR) offers several mechanisms to enable the transfer of personal data outside the European Union (EU). These mechanisms have been set up to check that the level of protection is adequate or to ensure the implementation of appropriate security measures when transferring personal data to a non-EU country.
This level of security can be achieved through standard contractual clauses. It is possible to confirm that the level of protection is adequate through verification procedures such as those in the EU-US Privacy Shield framework.
In our current contracts on data processing, we undertake to maintain a mechanism that enables the transfer of personal data outside the EU, as stipulated in the Data Protection Directive. In addition, we will make the appropriate commitment as of 25 May 2018 (inclusive), when the GDPR enters into force.
European data protection authorities have also confirmed that our standard contractual clauses meet the necessary security requirements. This demonstrates that IRIS Technology Group’s contractual commitments comply with the Data Protection Directive and provide a legal framework for the transfer of personal data from the EU to other parts of the world.
Period of storage of personal data
We will retain your personal data for the duration of the contractual relationship or, where applicable, until you state your wish to have your personal data deleted from our file. From that moment on, the CONTROLLER will keep your personal data blocked during the legally required periods, and in any event, for a period of 10 years in accordance with the regulations on the prevention of money laundering and financing of terrorism. We will destroy your personal data after the expiry of the legally required period.
Exercise of rights
You may exercise your rights of access, rectification, deletion, limitation of the processing, opposition and portability of personal data by sending a written communication with a photocopy of your ID card to the CONTROLLER at the following e-mail address: firstname.lastname@example.org.
Complaint to a supervisory authority
You are informed that you have the right to file a complaint with the Spanish Data Protection Agency (www.aepd.es) as the supervisory authority if you consider that the CONTROLLER has not processed your personal data in accordance with the applicable legislation on the protection of personal data.
The CONTROLLER undertakes to adopt the technical and organizational security measures established by law to guarantee the security of your personal data and to prevent their alteration, loss, unauthorized processing or access, taking into account the state of technology, the nature of the data stored and the risks to which they are exposed, all in accordance with the provisions of the applicable regulations.
Assignment of third party data to the CONTROLLER
In the event of providing the CONTROLLER with the personal data of third parties required for the provision of the Services, you declare that you have previously obtained their express consent to transfer them to the CONTROLLER.