PRIVACY POLICY
1. INFORMATION FOR THE USER
Who is responsible for processing your personal data?
COTE S.A. is the controller of the processing of the user’s personal data and informs you that such data will be processed in accordance with the provisions of Regulation (EU) 2016/679 of 27 April (GDPR) and Organic Law 3/2018 of 5 December (LOPDGDD).
What type of data do we request and process?
Depending on the form or method used to obtain your data, we always request the minimum necessary to fulfil the purposes detailed in each case.
For what purpose do we process your personal data and why?
Depending on the form where we have obtained your personal data, we will process them confidentially to achieve the following purposes:
In the Contact form
To respond to queries or any type of request made by the user through any of the means of contact made available on the controller’s website.
(for the legitimate interest of the controller, Art. 6.1.f GDPR)
To send commercial advertising communications by e-mail, fax, SMS, MMS, social networks, or any other electronic or physical means, present or future, that allows commercial communications to be made. These communications will be carried out by the controller and will be related to their products and services, or those of their collaborators or suppliers, with whom they have reached some promotional agreement. In this case, third parties will never have access to personal data.
(by consent of the data subject, 6.1.a GDPR)
To carry out statistical analysis and market studies.
(for the legitimate interest of the controller, Art. 6.1.f GDPR)
In the Newsletter form
To send newsletters, news, offers, and online promotions.
(by consent of the data subject, 6.1.a GDPR)
In the Request a Quote form
To send commercial quotes on products and services.
(for the performance of a contract or pre-contract, 6.1.b GDPR)
To send commercial advertising communications by e-mail, fax, SMS, MMS, social networks, or any other electronic or physical means, present or future, that allows commercial communications to be made. These communications will be carried out by the controller and will be related to their products and services, or those of their collaborators or suppliers, with whom they have reached some promotional agreement. In this case, third parties will never have access to personal data.
(by consent of the data subject, 6.1.a GDPR)
In the Curriculum form
COTE S.A.
COTE S.A.
To include the data subject in staff selection processes and analyse the applicant’s profile with the objective of selecting a candidate for the controller’s vacant position.
(by consent of the data subject, 6.1.a GDPR)
In the Comments form
To moderate and publish on the website the opinions regarding a publication.
(by consent of the data subject, 6.1.a GDPR)
In the User Registration form
To manage the user’s account in order to provide them with personalised access to the website and to the interactive services offered.
(by consent of the data subject, 6.1.a GDPR)
In the E-commerce form
To manage your online purchase or order, process payment, and arrange its shipment or activation, based on the general terms and conditions of contracting.
(for the performance of a contract or pre-contract, 6.1.b GDPR)
To manage, maintain, improve, or develop the services provided.
(for the performance of a contract or pre-contract, 6.1.b GDPR)
To conduct satisfaction and quality surveys.
(for the legitimate interest of the controller, Art. 6.1.f GDPR)
In the Reservations form
To formalise reservations at the controller’s establishment.
(for the performance of a contract or pre-contract, 6.1.b GDPR)
To send commercial advertising communications by e-mail, fax, SMS, MMS, social networks, or any other electronic or physical means, present or future, to clients, that enables commercial communications regarding products or services similar to those initially contracted by the client (Art. 21.2 LSSI).
(for the legitimate interest of the controller, Art. 6.1.f GDPR)
In the Appointments form
To schedule appointments and meetings with the controller.
(for the legitimate interest of the controller, Art. 6.1.f GDPR)
Social Networks
Contact through Social Networks in order to maintain a relationship between the User and the Controller, which may include the following operations: – To process your requests and queries. – To inform about activities and events. – To inform about products and/or services. – To interact through the official profiles. The user has a profile on the same social network and has decided to join the Controller’s social network, thus showing their interest in the information published on it. Therefore, by requesting to follow our official page, you provide your consent for the processing of your data. The User may access at any time the privacy policies of the respective social network, as well as configure their profile to ensure their privacy. Once the User follows or joins the Controller’s social network, they may publish comments, links, images, photographs, or any other type of content supported by the same. In all cases, the User must be the owner of the published content, hold the copyright and intellectual property rights or have the consent of the affected third parties. – Sending of communications
COTE S.A.
COTE S.A.
commercial relating to the activities of Group companies, as well as external companies with whom commercial collaboration or intermediary agreements have been established.
(by consent of the data subject, 6.1.a GDPR)
Instant Messaging
To schedule appointments and meetings with the controller.
(for the legitimate interest of the controller, Art. 6.1.f GDPR)
To send commercial advertising communications by e-mail, fax, SMS, MMS, social networks, or any other electronic or physical means, present or future, to clients, enabling commercial communications regarding products or services similar to those initially contracted by the client (Art. 21.2 LSSI).
(for the legitimate interest of the controller, Art. 6.1.f GDPR)
To manage, maintain, improve, or develop the services provided.
(for the performance of a contract or pre-contract, 6.1.b GDPR)
To manage your online purchase or order, process payment, and arrange its shipment or activation, based on the general terms and conditions of contracting.
(for the performance of a contract or pre-contract, 6.1.b GDPR)
To send commercial quotes on products and services.
(for the performance of a contract or pre-contract, 6.1.b GDPR)
To send commercial advertising communications by e-mail, fax, SMS, MMS, social networks, or any other electronic or physical means, present or future, that allows commercial communications to be made. These communications will be carried out by the controller and will be related to their products and services, or those of their collaborators or suppliers, with whom they have reached some promotional agreement. In this case, third parties will never have access to personal data.
(by consent of the data subject, 6.1.a GDPR)
To respond to queries or any type of request made by the user through any of the means of contact made available on the controller’s website.
(for the legitimate interest of the controller, Art. 6.1.f GDPR)
Video Surveillance
Purpose: Security and access control, staff control, and internal activity monitoring.
Legitimacy: Public interest for security and access control and the Controller’s legitimate interest based on Article 20.3 of the Workers’ Statute.
Retention: A maximum of 30 days
(by consent of the data subject, 6.1.a GDPR)
Images and Recordings
File containing static and/or dynamic images. Includes publication in the media of the data controller or third parties.
(by consent of the data subject, 6.1.a GDPR)
Clients and Suppliers
Commercial management with clients and suppliers
(for the legitimate interest of the controller, Art. 6.1.f GDPR)
Advertising Exclusion
COTE S.A.
COTE S.A.
Data management to avoid the sending of commercial communications to those who have expressed their refusal or opposition to receiving them.
(for compliance with a legal obligation, 6.1.c GDPR)
Commercial Advertising
Advertising management and commercial prospecting. Includes data from legitimate public access sources.
(for the legitimate interest of the controller, Art. 6.1.f GDPR)
Rights of Data Subjects
To deal with requests from citizens in the exercise of the rights established by the GDPR
(for compliance with a legal obligation, 6.1.c GDPR)
Prevention of Money Laundering
Data management for the prevention of Money Laundering and terrorist financing.
(for compliance with a legal obligation, 6.1.c GDPR)
Web Users, app and other platforms of the controller
Identification data of users accessing the corporate website.
(for the legitimate interest of the controller, Art. 6.1.f GDPR)
Training, courses, workshops, activities or similar
Management of access and usage conditions.
(for the legitimate interest of the controller, Art. 6.1.f GDPR)
WiFi Network Connection
• To carry out statistical analysis and market studies. (for the legitimate interest of the controller, Art. 6.1.f GDPR)
• To conduct satisfaction and quality surveys. (for the legitimate interest of the controller, Art. 6.1.f GDPR)
(by consent of the data subject, 6.1.a GDPR)
Data of Minors or Vulnerable Persons
The controller will not collect or process personal data of persons under fourteen years of age, without fully complying with the requirements set forth in the applicable data protection regulations, regarding the duty to inform and obtaining the necessary consents. The data collected will be processed for the management of the reported purposes. The controller has implemented appropriate security measures for the safety of such data.
(by consent of the data subject, 6.1.a GDPR)
Legal Representatives and Contact Persons
In the event that you are the legal representative or contact person of any of the entities or persons with whom the Foundation interacts, the controller will process your data to control the development of the intended relationship.
(by consent of the data subject, 6.1.a GDPR)
COTE S.A.
COTE S.A.
CREDIT INFORMATION
Credit information policy *Before contracting our services, we will necessarily process the personal data you have provided to us, as well as those we obtain from the Asnef File. During the customer registration process, we will process your personal data for the following purposes: 1- Manage your customer registration request and take the appropriate measures to manage the contracting of the service. 2- Assess your financial and credit solvency by consulting the Asnef, Cirbe and similar files, where we will assess your ability to meet the intended financial obligations. 3- Assist you during the process of contracting the intended services. 4- Analyse your current income and financial situation, all your assets and liabilities, including the data you provide us about your household or others you provide us, as well as any data we may request such as payslips, tax returns, etc. Similarly, we will also analyse information you provide as guarantor during the mortgage contracting procedure.
(by consent of the data subject, 6.1.a GDPR)
How long will we keep your personal data?
They will be kept for no longer than necessary to maintain the purpose of processing or as long as there are legal prescriptions that dictate their retention and when no longer necessary, they will be deleted with appropriate security measures to guarantee the anonymisation or total destruction of the data.
To whom do we disclose your personal data?
No disclosure of personal data to third parties is foreseen except, if necessary for the development and execution of the purposes of the processing, to our service providers related to communications, with whom the controller has signed the confidentiality and data processing contracts required by current privacy regulations.
Explicitly, data may be provided to companies working under the commercial brand of GRUPO BAUZA. If you wish to know which companies hold your data, you may request it by emailing [email protected].
Do we carry out international transfers?
In accordance with the provisions of Article 44 of the GDPR, the authorisation of international data transfers to a country not declared as having an adequate level of protection may only be granted if sufficient guarantees are obtained. Thus, it may be granted if the controller provides a written contract, concluded between the data exporter and importer, which sets out the necessary guarantees for the protection of data subjects and ensures the exercise of their rights.
It is possible that the controller may use providers whose servers or headquarters are located elsewhere and, therefore, such transfers are made. To consult the updated list of providers, contact the controller at [email protected].
What are your rights?
The rights available to the user are:
Right to withdraw consent at any time.
Right of access, rectification, portability, and erasure of your data, and to restrict or object to their processing.
Right to lodge a complaint with the supervisory authority (www.aepd.es) if you consider that the processing does not comply with the regulations in force.
COTE S.A.
COTE S.A.
Contact details for exercising your rights:
COTE S.A., C/ Bella Vista 2, – 07560 Cala Millor (Illes Balears). E-mail: [email protected]
2. MANDATORY OR OPTIONAL NATURE OF THE INFORMATION PROVIDED BY THE USER
The users, by ticking the relevant boxes and entering data in the fields marked with an asterisk (*) in the contact form or download forms, expressly, freely, and unequivocally accept that their data are necessary for the provider to deal with their request, the inclusion of data in the remaining fields being voluntary. The user guarantees that the personal data provided to the controller are true and undertakes to communicate any changes to them.
The controller informs that all data requested through the website are mandatory, as they are necessary for the optimal provision of a service to the user. Should not all data be provided, it cannot be guaranteed that the information and services provided will be completely tailored to your needs.
If, by any means, you provide us with personal data of other individuals, the controller warns that you must do so with their consent and having previously informed them of the matters contained in this Privacy Policy. Furthermore, the controller undertakes to provide any third party whose data you provide with the relevant information, in accordance with the provisions of Article 14 of the General Regulation.
3. SECURITY MEASURES
In accordance with the provisions of the regulations in force on personal data protection, the controller is complying with all the provisions of the GDPR and LOPDGDD for the processing of personal data under their responsibility, and expressly with the principles described in Article 5 of the GDPR, by which they are processed lawfully, fairly and transparently in relation to the data subject and are adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.
The controller guarantees that appropriate technical and organisational policies have been implemented to apply the security measures established by the GDPR and the LOPDGDD in order to protect the rights and freedoms of the users and has provided them with adequate information to enable them to exercise them.
For further information about privacy guarantees, you may contact the controller at COTE S.A., C/ Bella Vista 2, – 07560 Cala Millor (Illes Balears). E-mail: [email protected]
4. VALIDITY
This privacy policy is effective from 19/12/2022
The controller reserves the right to modify this policy to adapt it to future legislative or jurisprudential updates that may apply, or for other technical, operational, commercial, or corporate reasons. If, as a result of changes, users’ rights are affected, the controller undertakes to inform about the reasons.