PRIVACY POLICY
1. USER INFORMATION
Who is responsible for the processing of your personal data?
ILLESLEX S.L.P. is the data controller responsible for the processing of user's personal data, and informs you that these data will be processed in accordance with the provisions of Regulation (EU) 2016/679 of April 27 (GDPR), and Organic Law 3/2018 of December 5 (LOPDGDD).
What type of data do we request and process?
According to the form or method of obtaining your data, we always request the minimum necessary to fulfill the purposes outlined in each specific case.
Why do we process your personal data and for what purpose do we do it?
According to the form where we obtained your personal data, we will treat it confidentially in order to achieve the stated purposes:
In the form Contact
• To respond to inquiries or any type of request made by the user through any of the contact forms available on the website of the data controller. (Based on the legitimate interest of the data controller, Article 6.1.f GDPR
• To send commercial advertising communications via email, fax, SMS, MMS, social media, or any other electronic or physical means, present or future, that enables commercial communications. These communications will be carried out by the data controller and will be related to their products and services, or those of their partners or suppliers with whom they have reached a promotional agreement. In this case, third parties will never have access to personal data. (Based on the consent of the data subject, Article 6.1.a GDPR)
• To conduct statistical analysis and market studies. (Based on the legitimate interest of the data controller, Article 6.1.f GDPR)
In the form Newsletter
• To send newsletters, updates, offers, and online promotions. (Based on the consent of the data subject, Article 6.1.a GDPR)
In the form Curriculum
• To involve the data subject in the personnel selection process and analyze the applicant's profile with the aim of selecting a candidate for the vacant position within the data controller's organization. (Based on the consent of the data subject, Article 6.1.a GDPR)
In the form Testimonial
• To moderate and publish on the website the user's experiences, opinions, and suggestions regarding a product or service. (Based on the consent of the data subject, Article 6.1.a GDPR).
In the form Appointment
• To schedule appointments and meetings with the data controller. (Based on the legitimate interest of the data controller, Article 6.1.f GDPR)
Social Network
· Contact through Social Media platforms in order to maintain a relationship between the User and the data controller. This may include the following operations:
Process requests and inquiries.
Inform about activities and events.
Provide information about products and/or services.
Interact through official profiles.
The user has a profile on the same social network and has chosen to join the data controller's social network, thereby showing interest in the information published on it. Therefore, when requesting to follow our official page, the user gives consent for the processing of their data. The user can access the privacy policies of the social network at any time and configure their profile to ensure privacy.
Once the user becomes a follower or joins the data controller's social network, they can post comments, links, images, photographs, or any other type of content supported by the platform. In all cases, the user must be the owner of the published content, have copyright and intellectual property rights, or have the consent of the affected third parties.
Sending commercial communications related to the activities of companies within the Group, as well as external companies with which commercial collaboration or intermediation agreements have been established. (Based on the consent of the data subject, Article 6.1.a GDPR)
Instant Messaging
• Scheduling appointments and meetings with the data controller. (Based on the legitimate interest of the data controller, Article 6.1.f GDPR)
• Sending commercial advertising communications via email, fax, SMS, MMS, social media, or any other electronic or physical means, present or future, to customers, enabling commercial communications related to products or services that are similar to those initially contracted with the customer (Article 21.2 LSSI). (Based on the legitimate interest of the data controller, Article 6.1.f GDPR)
• Managing, maintaining, improving, or developing the services provided. (For the performance of a contract or pre-contractual measures, Article 6.1.b GDPR)
• Managing your online purchase or order, processing payment, and proceeding with shipping or activation based on the general contracting conditions. (For the performance of a contract or pre-contractual measures, Article 6.1.b GDPR)
• Sending commercial quotations for products and services. (For the performance of a contract or pre-contractual measures, Article 6.1.b GDPR)
• Sending commercial advertising communications via email, fax, SMS, MMS, social media, or any other electronic or physical means, present or future, enabling commercial communications. These communications will be carried out by the data controller and will be related to their products and services, or those of their partners or suppliers with whom they have reached a promotional agreement. In this case, third parties will never have access to personal data. (Based on the consent of the data subject, Article 6.1.a GDPR)
• Responding to inquiries or any type of request made by the user through any of the contact forms available on the website of the data controller. (Based on the legitimate interest of the data controller, Article 6.1.f GDPR)
Video surveillance
• Purpose: Security and access control, labor control, and internal activity monitoring.
• Legitimacy: Public interest in security and access control, and legitimate interest of the data controller based on Article 20.3 of the Workers' Statute.
• Data retention: A maximum of 30 days.
• Consent: Based on the consent of the data subject (Article 6.1.a GDPR).
Images and recordings
• File containing static and/or dynamic images. This includes publication in the media of the data controller or third parties.
• Consent: Based on the consent of the data subject (Article 6.1.a GDPR).
Customers and suppliers
• Commercial management with customers and suppliers.
• Legitimacy: Based on the legitimate interest of the data controller (Article 6.1.f GDPR)
Opt-out of advertising
• Management of data to prevent the sending of commercial communications to those who have expressed their refusal or objection to receiving them.
Based on the fulfillment of a legal obligation (Article 6.1.c GDPR)
Commercial advertising
• Advertising management and commercial prospecting. This includes data from legitimate sources of public access.
Based on the legitimate interest of the data controller (Article 6.1.f GDPR)
Rights of the data subjects
• Addressing requests from individuals in the exercise of their rights as established by the GDPR.
Based on the fulfillment of a legal obligation (Article 6.1.c GDPR).
Data of minors or vulnerable individuals
• The data controller will not collect or process personal data of children under the age of fourteen without fully complying with the requirements established in the applicable data protection regulations, regarding the duty to inform and obtaining any necessary consents. The collected data will be processed for the management of the informed purposes. The data controller has appropriate security measures in place to safeguard this data.
Based on the consent of the data subject (Article 6.1.a GDPR)
Legal representatives and contact persons
· In the event that you are a legal representative or contact person of any of the entities or individuals with whom the Foundation interacts, the data controller will process your data to monitor the development of the intended relationship.
Based on the consent of the data subject (Article 6.1.a GDPR)
For how long will we keep your personal data?
We will retain your personal data for no longer than necessary to fulfill the purpose of the processing or as required by applicable legal obligations. Once your data is no longer needed for these purposes, it will be securely deleted or anonymized to ensure the complete destruction of the data.
To whom do we disclose your personal data?
No data personal will be disclosed to third parties, except when necessary for the development and execution of the purposes of the data processing, to our service providers related to communications, with whom the data controller has signed confidentiality and data processing agreements as required by current privacy regulations.
Do we conduct international transfers?
In accordance with Article 44 of the GDPR, the authorization for international transfer of data to a country that has not been declared as having an adequate level of protection can only be granted if sufficient safeguards are obtained. Therefore, the authorization may be granted if the data controller provides a written contract between the data exporter and the data importer, which includes the necessary guarantees for the respect of data subjects' protection and ensures the exercise of their rights.
It is possible that the data controller may have service providers who have servers or offices in other locations, resulting in such transfers. To obtain the updated list of providers, please consult the data controller directly or contact them via info@illeslex.com
What are your rights?
The rights that the user is entitled to are:
Contact information to exercise your rights:
ILLESLEX S.L.P.. C/ Oms, 50 1A - 07003 Palma de Mallorca (Balearic Islands). Email: info@illeslex.com
Contact information of the Data Protection Officer: Consultancy X3 S.L., Jaume Balmes 26, 07005 Palma de Mallorca - gestion@grupox3.es.
2. THE MANDATORY OR OPTIONAL NATURE OF THE INFORMATION PROVIDED BY THE USER
Users, by checking the corresponding boxes and entering data into the fields marked with an asterisk (*) in the contact form or presented in download forms, expressly and freely give their unequivocal consent that their data is necessary to address their request by the service provider. The inclusion of data in the remaining fields is voluntary. The user guarantees that the personal data provided to the data controller is truthful and undertakes to notify any changes to such data.
The data controller informs that all the data requested through the website is mandatory, as it is necessary to provide an optimal service to the user. If not all the data is provided, it is not guaranteed that the information and services provided will fully meet the user's needs.
If you provide us with personal data of other individuals through any means, the data controller advises that you must do so with their consent and have previously informed them of the elements contained in this Privacy Policy. Additionally, the data controller undertakes to provide any relevant information to any third party whose data you provide us, in accordance with the provisions of Article 14 of the General Data Protection Regulation.
3. SECURITY MEASURES
In accordance with the provisions of current regulations on the protection of personal data, the data controller is complying with all the provisions of the GDPR and LOPDGDD regulations for the processing of personal data under its responsibility. The data controller explicitly adheres to the principles described in Article 5 of the GDPR, ensuring that personal data is processed lawfully, fairly, and transparently in relation to the data subject, and is adequate, relevant, and limited to what is necessary for the purposes for which it is processed.
The data controller guarantees that appropriate technical and organizational policies have been implemented to apply the security measures established by the GDPR and LOPDGDD in order to protect the rights and freedoms of users. The data controller has also provided users with the necessary information to exercise their rights.
For more information about privacy guarantees, you can contact the data controller at ILLESLEX S.L.P., C/ Oms, 50 1A - 07003 Palma de Mallorca (Balearic Islands). Email: info@illeslex.com. Contact information of the Data Protection Officer: Consultancy X3 S.L., Jaume Balmes 26, 07005 Palma de Mallorca - gestion@grupox3.es
4. DURATION
This privacy policy is effective as of 10/07/2023.
The data controller reserves the right to modify this policy to adapt it to future legislative or jurisprudential updates, or for other technical, operational, commercial, corporate, etc., reasons. If the rights of users are affected as a result of these changes, the data controller undertakes to provide information about the reasons for the modifications.