• Suppliers
  • External Access

Data Protection Policy

1.- Identity of the Controller

The information provided by the USER through any of the forms or methods of contact made available on the WEBSITE, which may content personal data, will be processed by GESTAMP SERVICIOS, S.A. (hereinafter, the “COMPANY”), with registered offices at Calle Alfonso XII, 16, 28014 Madrid and Tax ID No. A-82275330, as Controller.

2.- Purpose and legal basis of data processing

The COMPANY will need to process the USER's data both to meet the requests for information that the USER makes through the WEBSITE, as well as to provide any requested services or services that the USER decides to sign up to or register through any of the forms on the WEBSITE.

The legal basis that legitimates the processing of data collected through the WEBSITE by the COMPANY may be the USER’s express consent, the contractual relationship between the COMPANY and the USER or the legitimate interest of the COMPANY when, for example, offering COMPANY services and products equal or similar to those taken out or previously requested by the USER.

Any USER who contacts the COMPANY through the WEBSITE consents to the processing of the data provided through such contact in accordance with this WEBSITE Data Protection Policy.

Any USER who registers through any WEBSITE form must consent to the processing of their data in accordance with the Data Protection Policy provided along with said form, by checking the consent box enabled for this purpose.

THE COMPANY will process the information provided by the USER with different purposes, depending on the manner in which the data was collected:

•   To send information required by the USER.

•   To manage, administer, provide, extend, adapt and improve the services requested or the services that the USER has decided to take out or register for.

•   To design new services related to previous services.

The USER consents to the processing of their data for the purposes described, or when applicable, for the purposes described in the Data Protection Policy provided together with the subscription form regarding the WEBSITE's services, without prejudice to the right they have to revoke such consent.

3.- Transfer of Personal Data

The data that the USER provides to the COMPANY will not be disclosed to any third party, unless:

•   Disclosure is authorized by law.

•   The processing responds to the free and legitimate acceptance of a legal relationship, the development, compliance and control of which necessarily requires data to be transferred to third parties.

•   The data is requested by the Public Prosecutor’s Office or the Judges or Courts or by the Court of Auditors, in exercising the functions which with they are entrusted.

The COMPANY may transfer the data to companies of the Gestamp Group when there is a legitimate interest, for corporate or administrative purposes.

4. Compulsory or voluntary character of the requested information

The compulsory data for each form will be identified as such on the form itself. Failure to provide said information will effectively mean that the service requested by the USER cannot be provided.

5.- Storage of data

The period during which the personal data is stored will vary depending on the service, until the provision thereof has ended satisfactorily, or until the USER revokes their consent. At any rate, the time personal data is to be kept will be reduced to the minimum necessary, so it will only be kept while the purpose for which it was collected still exists. When keeping this data is no longer necessary, the COMPANY will keep the data that may be necessary during the legally established terms blocked, so that any issues related to the processing thereof may be addressed. After the legal terms, any personal data will be deleted, adopting the appropriate security measures to ensure the total erasure thereof.   

6.- Exercising of rights

The USER may exercise their rights of access, rectification, cancelation/erasure, objection, restriction and portability by means of an e-mail addressed to dataprotection@gestamp.com, or by writing to the address indicated above, identifying their capacity as USER of the WEBSITE, providing a photocopy of their National Identification Document, or equivalent identification, and specifying their request.

Additionally, if the USER considers that his/her personal data protection rights have been breached, he/she may lodge a complaint with the competent data protection authority (in Spain, Agencia Española de Protección de Datos (www.agpd.es).

7.- USER’s obligations regarding data protection

The USER guarantees that they are of legal age and that the information provided is accurate and true. The USER commits to informing the COMPANY of any modifications in the information provided, by sending an e-mail addressed to dataprotection@gestamp.com, identifying themselves as a USER of the WEBSITE and outlining the information that needs to be modified.

Additionally, the USER commits to keeping their passwords and identification codes secret, informing the COMPANY as soon as possible in the event of loss, theft or unauthorized access. Until such time as said notification is made, the COMPANY will be exempt from any liability that may arise from the wrongful use by unauthorized third parties of said passwords and identification codes.

In the event that the USER provides third party personal data for any purpose, they guarantee that they previously informed the affected parties and obtained their consent for the purpose of providing their data to THE COMPANY.

8.- Security measures

The COMPANY has adopted the technical and organisational measures needed to ensure the security of personal data and prevent the unauthorized alteration, loss, processing or access, taking into account the state of technology, the nature of the stored data, and the risks to which it is exposed.

9.- USER’s consent

The USER declares to have read and understood this document and expressly consents to the processing of their data in accordance with the conditions set forth herein.