Privacy Policy

The OWNER of the website undertakes to protect the privacy of users who access this website and/or any of its services. The use of the website and/or any of the services offered by the OWNER implies the User’s acceptance of the provisions contained in this Privacy Policy.

Please note that although there may be links from our website to other websites, this Privacy Policy does not apply to the websites of other companies or organizations to which the website may redirect. The OWNER does not control the content of third-party sites and accepts no responsibility whatsoever for the content or privacy policies of such sites, as indicated in our Legal Notice.

In compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR) and Organic Law 3/2018 of 5 December on Personal Data Protection and Guarantee of Digital Rights (LOPDGDD), we provide you with the following information on the processing of your personal data:

Who is responsible for processing your data?

The Data Controller responsible for processing your data is Itisa, S.L., Tax ID No. B17014283, with registered office at Crta. N-II, km 710 – 300, Postcode 17458, Fornells de la Selva (hereinafter, “Itisa, S.L.”).

Our details are included in the Legal Notice of this website.

Principles applied by Itisa, S.L. to the personal information of data subjects

When processing personal data of data subjects, Itisa, S.L. will apply the following principles in accordance with current data protection regulations:

• Principle of lawfulness, fairness and transparency: I will always require your consent for the processing of your personal data for one or more specific purposes, which I will inform you about in advance with complete transparency.

• Principle of data minimization: I will only request data that are strictly necessary in relation to the purposes for which I require them. The minimum possible.

• Principle of storage limitation: Data will be retained no longer than necessary for the purposes of processing. Depending on the purpose, I will inform you of the applicable retention period. In the case of subscriptions, I will periodically review my lists and delete records that have remained inactive for a considerable period of time.

• Principle of integrity and confidentiality: Your data will be processed in such a way as to ensure adequate security of personal data and guarantee confidentiality. You should know that I take all necessary precautions to prevent unauthorized access to or improper use of my users’ data by third parties.

For what purpose do we process your personal data?

With the consent of the data subject or based on the legitimate interests of Itisa, S.L., we will use the data subject’s information to carry out some of the following actions on the basis of the relevant legal grounds:

• Respond to calls, emails or enquiries from our Clients and Users.

• Carry out the execution, management and billing of contracts entered into by our Clients through the channels established for this purpose.

• Send information and commercial communications regarding contracted services and keep you informed about news and offers of interest concerning new products and/or services of Itisa, S.L.

• Manage claims or complaints submitted to Itisa, S.L. through the channels established for this purpose.

How long will we keep your data?

The personal data provided by the data subject will be kept while the relationship and/or contract between the data subject and Itisa, S.L. remains in force and, once terminated, will be blocked until the applicable limitation periods have expired.

If the data subject has consented to the processing, the data will be retained until the data subject requests their deletion, at which time they will be blocked until the applicable limitation periods have expired.

What is the legal basis for processing your data?

The legal basis for processing your data for the purposes described above is your consent, freely given by checking the acceptance boxes on the data collection forms on our website (Art. 6.1.a GDPR).

As a legal basis, there is also the possibility that the processing of the data provided may be necessary for the performance of a contract to which the data subject is party or for the implementation, at the request of the data subject, of pre-contractual measures (Art. 6.1.b GDPR), or in order to comply with a legal obligation applicable to the data controller (Art. 6.1.c GDPR).

To whom will your data be disclosed?

The personal data of the data subject may be disclosed to the following recipients:

• Public Administrations (Tax Authorities, Social Security, Town Councils, Regional Government, Provincial Councils) and Courts and Tribunals, when required by applicable law.

• Providers rendering services to Itisa, S.L. related to the management of the formalized contract and acting as data processors, such as financial institutions, fraud detection and prevention entities, technology service providers, logistics, transport and delivery providers and collaborators, customer service providers, lawyers or consultancy firms, banks or legal or natural persons linked to Itisa, S.L.

• Providers and collaborators rendering marketing and advertising services, only where the data subject has expressly given consent.

In any case, third parties with whom certain personal data of the data subject are shared must have previously demonstrated that they have adopted appropriate measures to protect such data.

What are your rights when you provide us with your data?

Any person has the right to obtain confirmation as to whether or not we are processing personal data concerning them. Data subjects have the right to access their personal data, as well as to request rectification of inaccurate data or, where appropriate, request erasure when, among other reasons, the data are no longer necessary for the purposes for which they were collected.

In certain circumstances, the data subject shall have the right to request restriction of processing, in which case we will only retain them for the exercise or defence of legal claims.

In certain circumstances and for reasons relating to their particular situation, data subjects may object to the processing of their data. In this case, Itisa, S.L. will cease processing the data, except for compelling legitimate grounds or for the exercise or defence of possible legal claims.

The data subject will also have the right to receive the personal data concerning them, which they have provided to Itisa, S.L., in a structured, commonly used and machine-readable format, and to transmit those data to another controller where the processing is based on consent or on a contract and is carried out by automated means.

Likewise, the data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or significantly affects them, unless such decision is necessary for entering into or performing a contract with Itisa, S.L. and is authorized by applicable European Union or national law, or is based on the explicit consent of the data subject.

The data subject shall have the right to object at any time, on grounds relating to their particular situation, to personal data concerning them being processed on the basis of public interest or the legitimate interests pursued by Itisa, S.L. or a third party, including profiling, so that Itisa, S.L. ceases processing the personal data, unless compelling legitimate grounds for the processing can be demonstrated which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims.

Likewise, the data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or significantly affects them, unless such decision is necessary for entering into or performing a contract with Itisa, S.L. and is authorized by applicable European Union or national law, or is based on the explicit consent of the data subject.

Finally, the data subject shall have the right to lodge a complaint with the data protection authorities.

Third-party data

If the data subject has provided personal data of third parties, they guarantee that they have lawfully obtained such data and that they have provided the affected person with the necessary information regarding the processing of their data, assuming responsibility for obtaining the consent of any affected person for the disclosure and processing of their personal data by Itisa, S.L. and by the recipients contemplated in this Privacy Policy.

How can you exercise your rights?

The rights of access, rectification, erasure, objection, portability and restriction, as well as the right not to be subject to automated individual decisions, may be exercised by sending a written request together with a copy of your ID document to the following email address: itisa@itisa.net .

How have we obtained your data?

The personal data processed by Itisa, S.L. come from:

• Contact form.

• Whistleblowing channel form.

You, as a User, guarantee that the personal data provided are accurate and are responsible for notifying any modification. Data that must be entered in a field marked with an asterisk are mandatory in order to provide the requested service.

What data do we process?

The categories of data we may process are:

• Identification data (name and surname, Tax ID/National ID, address, telephone number).

• Any other personal data necessary for the proper execution of the relationship between the Data Subject and Itisa, S.L.

Refusal by the data subject to provide certain data could hinder the development of the relationship between the data subject and Itisa, S.L., thereby affecting the provision of services by Itisa, S.L.

If the data subject has any questions regarding this section, they should contact Itisa, S.L. through the address provided in the “Data Controller” section.

What security measures do we apply?

We apply the security measures established in Article 32 GDPR. Therefore, we have adopted the necessary security measures to ensure a level of security appropriate to the risk of the data processing we carry out, with mechanisms that allow us to guarantee the confidentiality, integrity, availability and permanent resilience of processing systems and services.

Some of these measures include:

• Informing staff about data processing policies.
• Performing regular backups.
• Controlling access to data.
• Regular verification, assessment and evaluation processes.

Changes to our Privacy Policy

Occasionally, Itisa, S.L. may make changes and corrections to its Privacy Policy. Please check this section regularly to review any changes that may have been made and how they may affect you.

How have we obtained your data?

The personal data processed by Itisa, S.L. come directly from the Data Subject and have been collected through the data collection forms available on our website.

You, as a User, guarantee that the personal data provided are accurate and are responsible for notifying any modification. Data that must be entered in a field marked with an asterisk are mandatory in order to provide the requested service.