Privacy Policy

 

 

Additional information on data protection

The data controller is:

• Identity: GESTIÓN INTEGRAL DE ALMACENES, S.L.
• N.I.F.: B63730071
• Address: C/ Can Cabanyes 88 - 08403 Granollers, Barcelona (Spain)
• Phone: (+34) 933904220
• E-mail: info@groupgia.com

 

Purposes and legal basis of processing

1. In general

The PERSON RESPONSIBLE FOR THE PROCESSING processes the personal data provided by its customers and/or users for the following purposes:

• • Purpose: To contact the interested party, attend to the requests for information received and answer the queries raised, download the catalog of products and/or services, provide the requested services, carry out administrative and accounting management, as well as send electronic commercial communications about our products and/or services or by conventional means, provided that the interested party has consented to the processing of their personal data for this purpose.
  • Legal basis that legitimizes this treatment: Execution of a contract in which the interested party is a party or for the application at the request of this of pre-contractual measures. Legitimate interest. The data subject's consent, which may be withdrawn at any time.

 

1. Electronic forms WEBSITE

The TREATMENT CONTROLLER processes the personal data provided by customers and/or users through the electronic forms for the collection of personal data existing on the WEBSITE for the purposes identified below:

In relation to the "Contact Form" and other queries (those that may be addressed through the e-mail accounts contained in the WEBSITE):

• • Purpose: To contact the interested party, respond to requests for information received and answer the queries raised, as well as send electronic commercial communications about our products and / or services or by conventional means, provided that the interested party has consented to the processing of their personal data for this purpose.
  • Legal basis that legitimizes this treatment: The consent of the person concerned, which may be withdrawn at any time.

In relation to the "Download catalog form":

• • Purpose: Allows the user, by filling out a previous form, to download the catalog of products and/or services, as well as to send electronic commercial communications about our products and/or services or by conventional means, provided that the interested party has consented to the processing of their personal data for this purpose.
  • Legal basis that legitimizes this treatment: The consent of the person concerned, which may be withdrawn at any time.

When the data requested in the electronic forms are necessary, the TREATMENT CONTROLLER will indicate such mandatory nature at the time of data collection from customers and / or users and not providing them will mean that the corresponding request can not be met.

 

Use of WhatsApp as a user service channel (integration with n8n).

The TREATMENT CONTROLLER makes available to customers and / or users of the website a communication channel through the WhatsApp application, with the sole purpose of answering queries, requests for information and manage, where appropriate, pre-contractual actions related to the products and / or services offered.

The user who contacts the TREATMENT CONTROLLER through this channel accepts the use of WhatsApp as a means of communication for the management of your query or request for information.

In order to optimize attention and automate certain managements, the data generated in WhatsApp conversations may be processed through the n8n platform, solely for the purpose of managing queries, requests for information or pre-contractual actions.

The data processed on n8n will be retained for the same period indicated for WhatsApp and under the same security measures and legal obligations.

 

Personal data processed

The following personal data may be processed as part of this communication:

• Phone number
• WhatsApp user name
• Profile picture
• Any other information voluntarily provided by the user during the conversation.

 

Legal basis for the processing

• When the communication is related to the request for information about products and/or services, the processing is based on the execution of pre-contractual measures at the request of the data subject, in accordance with Article 6.1.b of the General Data Protection Regulation (GDPR).
• In those cases in which the user provides data for different purposes (for example, receiving commercial communications), the processing will be based on the consent previously granted.

 

Duty of information

The TREATMENT CONTROLLER complies with the duty of information by means of a previous clause on the website and/or by means of an automatic or manual initial message that includes a direct link to the Privacy Policy.

 

Retention of data

The data will be kept for the time strictly necessary to answer the query and, where appropriate, while legal liability may arise from the established relationship. Subsequently, the data will be deleted or blocked in accordance with current regulations.

 

WhatsApp messaging service

WhatsApp is a service provided by WhatsApp Ireland Ltd., belonging to Meta Platforms, Inc. The use of this application may involve international data transfers to the United States.

Meta Platforms, Inc. adheres to the EU-US Data Privacy Framework. (Data Privacy Framework) , recognized by the European Commission by adequacy decision of July 10, 2023, which ensures an adequate level of protection in accordance with Article 45 of the GDPR.

It is recommended not to use this channel for sending particularly sensitive information. For more information on how WhatsApp treats personal data, please refer to its Privacy Policy.

 

User rights

The user may exercise, at any time, their rights of access, rectification, deletion, limitation of processing, portability and opposition to the processing of their data, as well as withdraw consent where appropriate. To do so, you may contact info@groupgia.com, indicating your request.

 

Security measures

The data will be treated with confidentiality and adopting the necessary technical and organizational measures to ensure their security in accordance with current legislation on data protection.

 

What kind of data do we process?

The TREATMENT CONTROLLER will process the personal data provided by users through the contact form available on this website, as well as those generated by their browsing, according to the following categories:

1. Data provided directly by the user: those that you voluntarily provide when filling out the contact form (name, email address and message). The user guarantees the veracity and updating of the data provided.
2. Data derived from the use of the website: in a limited way, connection and navigation data necessary for the correct functioning of the page may be obtained, such as IP address or technical identifiers, always in an anonymized or pseudonymized way.

 

The data provided through the contact form will be processed for the purpose of managing requests for information on the products and/or services offered.

No data from external sources are processed and no automated profiles are created for commercial or analytical purposes.

 

For what purpose do we use your personal data?

The personal data provided will be used exclusively to manage the queries made by users, to maintain the communication necessary to answer them and to comply with the applicable legal obligations.

The data will not be used for any other purpose and will not be transferred to third parties without prior consent, unless required by law.

The processing will be carried out in a lawful, fair and transparent manner, applying the appropriate technical and organizational measures to ensure the confidentiality and integrity of the information, in accordance with Regulation (EU) 2016/679 (RGPD) and Organic Law 3/2018 (LOPDGDD).

 

Register of Processing Activities

The personal data collected through the contact form are part of the Registry of Processing Activities (RAT) of the TREATMENT CONTROLLER, maintained and updated in accordance with the provisions of the RGPD and the LOPDGDD.

 

Addressees

The personal data of customers and/or users may be communicated to:

• Suppliers as part of the provision of IT services, automation tools, website hosting and email management, in their capacity as data processors.
• The n8n automation platform is used exclusively for internal management of queries and communications. This tool is hosted in infrastructure under the control of the TREATMENT CONTROLLER or in suppliers located within the European Economic Area, so it does not involve international transfers of personal data.
• Competent public authorities and agencies, when necessary for compliance with legal obligations.

Apart from these cases, no transfer of data to third parties is foreseen.

 

International transfers of personal data

• Google LLC, a company that provides certain technological services such as Google Analytics 4, reCAPTCHA, Google Maps and YouTube. Although, for users in the European Union, the contractual provider is usually Google Ireland Limited, personal data may be transferred to Google LLC in the United States. Such transfers are made under the EU-U.S. Data Privacy Framework Adequacy Decision (EU-U .S. ) . EU-U . S. Data Privacy Framework adequacy decision. The use of analytics tools such as Google Analytics 4 is only done when the user has previously given their consent through the website's cookie management system.
• Meta Platforms, Inc. the company that owns the Meta Ads and WhatsApp services, based on the EU-US Data Privacy Framework Adequacy Decision.
• Microsoft Corporation, owner of the Microsoft Clarity service, based on the EU-US Data Privacy Framework Adequacy Decision.

Apart from the cases mentioned above, no international data transfers are made to countries without a level of protection comparable to that of the EEA.

 

Retention periods

Personal data will be kept for the periods strictly necessary to fulfill the purposes for which they were collected and, in any case, for the following periods, which will prevail over any general criteria.

a) Customer data:

The personal data of customers will be kept for 6 years from the end of the contractual relationship, in compliance with legal obligations of a fiscal and mercantile nature. At the end of this period, the data will be duly blocked.

 

b) Contact forms, queries, requests for information and other similar forms:

Personal data will be kept until the complete attention of the request made or, where appropriate, until the end of the relationship with the user, and subsequently for the period necessary to meet possible legal liabilities.

 

c) WhatsApp conversations and n8n

Personal data generated from conversations held through WhatsApp and the n8n platform will be retained only for the time necessary to address the query, request or management made by the user. Once the management is completed, such data will be deleted, unless a contractual relationship or legal obligation arises from the conversation, in which case the data will be retained for the legally required periods and, subsequently, will be duly blocked.

 

Rights of the interested parties

Customers and/or users of the WEBSITE may exercise the following rights before the CONTROLLER OF PROCESSING, to the extent applicable: access to personal data, rectification, erasure (right to be forgotten), limitation of processing, data portability, opposition to processing and not to be subject to automated individual decisions and, when the processing is based on consent, the right to withdraw it at any time.

Clients and/or users may exercise these rights by means of a written and signed request sent to the postal address of the CONTROLLER OF THE PROCESSING located at C/ Can Cabanyes 88 - 08403 Granollers, Barcelona (Spain) or through the e-mail address .s e-mail address info@groupgia.com, attaching, in both cases the interested party, a legally valid proof of identity, such as a photocopy of the DNI/NIE or equivalent document, and clearly indicating the right he/she wishes to exercise.

Clients and/or users will also have the right to file a complaint before the competent Control Authority (Spanish Data Protection Agency) if they observe that the data protection officer has not been properly handled by the company.n de Datos) if they observe that the processing does not comply with the regulations in force or consider that their rights concerning the protection of their personal data have been violated, especially when they have not obtained satisfaction in the exercise of their rights, through the website https://www.aepd.es.

 

Attention to the rights of data subjects

These rights will be attended by the TREATMENT CONTROLLER within 1 month, which may be extended to 2 months if the complexity of the request or the number of requests received so requires. All this without prejudice to the duty to retain certain data in the legal terms and until the possible liabilities arising from a possible treatment, or, where appropriate, a contractual relationship.

In addition to the above, and in relation to data protection regulations, Users who so request, have the possibility of organizing the destination of their data after their death.

 

Sending of commercial communications

In compliance with the provisions of the Second Final Provision of Law 9/2014, of 9 May, on Telecommunications, which amends Law 34/2002, of 11 July, on information society services and electronic commerce, commercial communications sent by electronic means must be clearly identifiable as the User's personal data.The user who provides his or her personal or legal data to the company must be clearly identifiable as such, and the natural or legal person on behalf of whom they are made must also be clearly identifiable, without prejudice to the provisions of the regulations issued by the Autonomous Communities with exclusive competences on consumer affairs.

Users who provide their contact details to the CONTROLLER OF THE PROCESSING, through the electronic forms available on the website and who expressly check the acceptance box, "I accept the processing of my data to receive the requested information" and, optionally, check the box "I agree to receive electronic commercial communications", and who, optionally, check the box "I agree to receive electronic commercial communications".I agree to receive electronic commercial communications", expressly authorizes and grants express, free and unequivocal consent to the CONTROLLER OF PROCESSING to process your personal data for the purpose of sending you electronic communications of a commercial nature related to your interests.

The legal basis that legitimizes this treatment is the consent of the person concerned, which may be revoked at any time. The data provided will be kept for as long as the relationship with the interested party is maintained or for the years necessary to comply with legal obligations.

In compliance with the provisions of articles 21 and 22 of Law 34/2002, of July 11, 2002, on information society services and electronic commerce, the user may oppose the processing of their data and revoke the consent given to receive electronic informative communications by simply notifying the user that they wish to receive such information.The user may revoke his/her consent to receive electronic informative communications by simply notifying the CONTROLLER OF THE PROCESSING by means of a simple and free procedure, consisting of sending an e-mail to the e-mail address info@groupgia.com, indicating "UNSUBSCRIBE" or "DO NOT SEND" in the subject line of the message.

 

Social Networking Policy

The TREATMENT CONTROLLER maintains active profiles in the following Internet social networks for informative, informative and promotional purposes:

• Facebook: https://www.facebook.com/htwclimatizacion
• Instagram: https://www.instagram.com/htwspain/
• YouTube: https://www.youtube.com/@GIAGROUP/playlists
• LinkedIn:https://www.linkedin.com/company/gia-group

In these profiles, the TREATMENT CONTROLLER acts as direct data controller of the data of users who interact in these digital environments (for example: followers, subscribers, fans, people who comment or communicate through these channels).

The use made of these profiles is limited to:

• Sharing content related to the activities and objectives of the website and the entity.
• Disseminate news, events or relevant publications.
• Interact with users in the terms provided by the social network in question.

Personal data obtained through these social platforms will not be used for purposes other than those described, except with the express consent of the interested party.

Users should be aware that the information they share through these networks may be publicly visible, depending on the privacy settings of each profile, and that such interactions will be subject to the terms of use and privacy policies of each platform:

• Facebook → https://www.facebook.com/privacy/policy
• Instagram → https://privacycenter.instagram.com
• YouTube → https://www.youtube.com/intl/ALL_es/howyoutubeworks/privacy
• LinkedIn → https://es.linkedin.com/legal/privacy-policy

Users are advised to review these policies before interacting with our profiles, as the treatment of their data is also conditioned by the provisions of these platforms.

 

Accuracy of the data provided by the interested parties.

The client and/or user is responsible for ensuring that the information provided by filling in the electronic forms made available on the WEBSITE or by sending e-mails to the different accounts under the Internet domains htwspain.com and groupgia.com, is true, being responsible for the accuracy of all data provided and will keep it updated to reflect a real situation, being responsible for false or inaccurate information provided and the damage, inconvenience and problems that may cause the TREATMENT CONTROLLER or third parties.

 

IP Addresses

The website servers may automatically detect the IP address and domain name used by the user. An IP address is a number automatically assigned to a computer when it connects to the Internet. All this information is registered in an activity file of the server that allows the later processing of the data in order to obtain only statistical measurements that allow to know the number of page impressions, the number of visits to the web services, the order of visits, the access point, etc.

 

Security measures

The TREATMENT CONTROLLER guarantees that it has implemented on the WEBSITE the appropriate technical and organizational policies to apply the security measures established in Regulation (EU) 2016/679 of the European Parliament and of the Council (RGPD) and in the Organic Law 3/2018, of the Protection of Personal Data (Ley Orgánica 3/2018, de Protección de Datos Personales y garantía de los derechos digitales (LOPDGDD), in order to protect the rights and freedoms of customers and/or users, and has provided them with the appropriate information so that they can exercise them.

With the aim of protecting individual rights, especially in relation to automated processing, and in order to act transparently towards customers and/or users, the CONTROLLER OF THE PROCESSING has established a policy that covers all such processing, the purposes pursued, the legitimacy of such processing and the tools available to the customer and/or user so that they can exercise their rights.

The WEBSITE has the necessary technical and organizational security measures to guarantee the protection of the users' personal data. It also has an active SSL security certificate for the entire domain, which guarantees the encryption of communications between the user and the server.

In order to reinforce the security of the WEBSITE and prevent the automated sending of information, verification systems have been implemented to help protect the page against bots, spam and possible fraudulent activities.

The WEBSITE may use automation tools and third-party technological services for the management of forms, communications and internal processes, ensuring in any case compliance with current regulations on data protection.

These measures allow users to send their personal data securely through the electronic forms enabled on the website. In addition, other technical and organizational security measures are applied both internally on the server and in the hosting infrastructure of the WEBSITE.

The WEBSITE is hosted on the servers of AXARNET COMUNICACIONES, S.L., with N.I.F. B97193114 and address at Calle Duque de Sesto, 23 - 1ª Planta, 28009 Madrid (Spain), provider that provides hosting services to the TREATMENT CONTROLLER. The IP address assigned corresponds to a range located in Spain.

All information will be stored and managed with due confidentiality, applying the necessary computer security measures to prevent access or misuse of data, manipulation, deterioration or loss.

However, the client and/or user must take into account that the security of computer systems on the Internet is not absolute. When personal data is provided over the Internet, such information could be intercepted or processed by unauthorized third parties.

The TREATMENT CONTROLLER declines any responsibility for the consequences that such acts may have for the user when the user has published the information voluntarily.

The TREATMENT CONTROLLER assumes the commitment to ensure compliance at all times with the applicable regulations on the protection of personal data and, in particular, to implement appropriate safeguards to protect the rights and freedoms of data subjects.

In the event of a personal data security breach involving a risk to the rights and freedoms of natural persons, the TREATMENT CONTROLLER undertakes to notify the competent supervisory authority and, where appropriate, the data subjects, in accordance with the provisions of Articles 33 and 34 of Regulation (EU) 2016/679.

 

Acceptance and consent.

The client and/or user declares to have been informed of the conditions on personal data protection, accepting and consenting to the automated processing of the same by the TREATMENT CONTROLLER in the manner and for the purposes indicated in this Privacy Policy. Certain services provided on the WEBSITE may contain special conditions with specific provisions on personal data protection.

 

Changes in the present privacy policy

THE TREATMENT CONTROLLER reserves the right to modify this Privacy Policy to adapt it to new legislation, jurisprudence, interpretation of the Spanish Data Protection Agency, as well as industry practices.

In such cases, the TREATMENT CONTROLLER will announce on the websites the changes introduced reasonably in advance of their implementation.

This Privacy Policy is complemented by the Legal Notice, the Cookies Policy and the Terms and Conditions, if any, are established for certain products and / or services, if such access involves any specialty in the protection of personal data.