1.- Legality, transparency and clear language
In addition to scrupulously complying with the law, we are also committed to being transparent with you and explaining what data we need and what we will be using it for, in simple and comprehensible terms.
Definitions of key terms
Data of a personal nature: any information relating to identifiable natural persons or enabling their identification.
User: the owner of the data.
Data controller: the person who determines the purposes and means of processing the user’s data before obtaining their consent and who assumes the responsibility for compliance with the General Data Protection Regulation (GDPR) and the LOPDGDD.
Interactions: some examples of interactions are when you visit our website or when you request us to contact you through our contact form. These interactions could result in data of a personal nature being processed.
Personal data processing: the operations or technical procedures whether automated or otherwise, which enable the collection, recording, storage, use, production, modification, restriction or cancellation, transfer or communication of data.
Consent: any freely given, unambiguous, specific and informed indication of the user’s wishes, by which they consent to the processing of their data.
Third parties: any natural or legal person who is external to Star TIC Innovación, S.A. and other than the user.
Data processor: the legal person, public authority, service or other body which provides a service to the controller and processes personal data on their behalf.
Transfer or communication of data: any revelation of data made to a third party.
Restriction: the identification and storage of personal data for the purposes of preventing its processing, except by the Public Administrations, Judges and Courts in order to attend to potential liabilities arising from the processing during the limitation period of said liabilities. The cancellation of the data will lead to its restriction and erasure.
Erasure: the physical elimination of the restricted personal data once the period of limitation (retention period) has ended.
What information we may collect from you and for what purpose
The personal data collected will depend on the type of interaction you have with us. In general, it will be data which you have voluntarily provided and which is characterised by having:
- A limited nature (we won’t ask you for more information than is strictly necessary for the purpose indicated).
- A specific purpose for which they are to be processed.
- A lawful basis that allows for such processing, which may consist of:
- Your express and freely given consent, which can be revoked at any time.
- The execution of a contract between yourself and Star TIC Innovación, S.A..
- The legitimate interest of Star TIC Innovación, S.A. that may consist of:
Producing statistics to better understand your needs and provide you with a better service, as well as to adapt our products, applications or website (among other things) to them.
Enabling the functioning of our website using technical and functional cookies.
Complying with the obligations and legal requirements involving the processing of personal data.
We may also collect information which is not necessarily of a personal nature using technology such as cookies on our website (see Use of tools for automatic data collection), without you being personally identified under any circumstances, and always subject to the conditions set out in our Cookies Policy.
Finally, we will process your data on occasion as a consequence of a request from a third party acting as data controller.
These are the main interactions that you may have with us:
None. Statistical information about the use of our website and information gathered using cookies (browser, date and time of connection, etc.). See Cookies policy
Enabling smooth browsing, adapted to your needs as a user.
Lawful basis for processing
Consent of the interested party.
You sign up to our newsletter or you agree to receive marketing communications
Sending you marketing and/or corporate information and informing you of news and promotional campaigns from Star TIC Innovación, S.A. and other related companies if you have previously given your consent. We will also use your email address to contact you if there is an issue with an order.
Lawful basis for processing
Consent of the interested party.
You request our contact through the contact form
First name and surname, email and phone nº.
Attending your contact request.
Lawful basis for processing
Consent of the interested party.
We do not use your personal data for automated decision-making that could adversely affect you or have legal consequences for you.
How long do we retain your data
We retain your data for the time necessary to meet the purpose for which it was collected, taking the legitimacy of the processing into account. If the same type of personal data is used for two or more different purposes, we will apply the longer storage limitation period and we will only allow access to those that need it in order to carry out their duties.
- For purposes related to the execution of the contract for the sale or use of a product, we will retain your personal data for as long as the contractual relationship remains valid or for as long as it is necessary to meet our contractual obligations, and for eight years afterwards in order to be able to deal with queries or requests for assistance. Where it concerns the provision of a service, the storage limitation period shall be four years from its inception.
- For purposes relating to marketing activities and commercial or corporate communication, we will retain your data for a period of five years from the last date that we obtained your consent. If you revoke it, we will restrict the personal data related to these purposes so that it cannot be used and we will delete it when one year has passed.
- For purposes related to the analysis and improvement of the user experience involving the use of personal data, we will retain your data for a maximum period of five years from obtaining your consent.
- For purposes connected with the fulfilment of our legal obligations, we will retain your data for the period specified by the specific applicable law (tax, trading, etc.) in each case.
Once the maximum storage limitation period has ended, we will delete your personal data as stipulated by the GDPR, meaning it shall be restricted, made anonymous, pseudonymised or totally erased.
How we protect your data
The data security principle requires that the necessary technical and organisational measures be adopted to ensure the security of the personal data and to prevent its alteration, loss or unauthorised access and processing.
At Star TIC Innovación we have taken as a reference the measures established in Title VIII of the Development Regulation of the Organic Law on Data Protection, approved by Royal Decree 1720/2007, of 21 December. On the basis of this and the provisions of the GDPR and the LOPDGDD, we have established additional measures that improve the control of the processes and the security of our privacy management model, by applying the best available practices. Your data is hosted on reliable servers and is protected by strict policies and security measures and, periodically, we submit to independent external audits to check the robustness of our management model and to explore opportunities for improvement.
Transfer and/or communication of the information to third parties
We may share personal data with service providers and authorised third parties for legitimate activities and purposes (for example, those which are necessary for the operation of processes or the provision of products and services provided by other companies, contracted by Star TIC Innovación, S.A. and who can assume the role of “Data processor”).
This communication may be bidirectional and shall always be protected by the existence of a contract that regulates it.
Some of these activities are:
- Carrying out commercial activities, marketing and other advertising campaigns.
- Operational and contractual relationship with our business partners (distributors, retailers, technical support, etc.).
- Operational and contractual relationship with our subsidiaries and any commercial representatives we may have.
On selecting the companies that provide us with these services, we have taken into account, among other factors, their compliance with the GDPR and the LOPDGDD (and they are actually susceptible to be audited by our team). They carry out the processing of personal data on the basis of the indications that we specify in writing in a contract and always in accordance with the provisions of the GDPR and the LOPDGDD. For example, you will never receive their marketing communications nor will they do anything with your data outside of the agreement with Star TIC Innovación, S.A and at the same time, in line with the purpose of collecting your data at the time that you gave us your consent.
If the processing of this personal data were to take place outside of the list of countries of members of the European Economic Area, it would be made on the basis of contractual clauses approved by the European Commission.
Remember that we may transfer your data to third parties when it is required for the fulfilment of our legal obligations (tax, trading, etc.) or at the request of a legal authority.
Use of tools for automatic data collection
- Cookies: Small data files that the internet server sends to the device you are using to access our website. They can be proprietary or third-party cookies (such as those arising from the use of the Google Analytics tool), they are only associated to your browser and do not themselves provide personal data. Cookies cannot harm your device and are very useful to us for identifying and resolving errors, and offering you a better user experience. You can read more in our Cookies Policy.
- Pixel tags: Pixel tags are tiny images with a unique identifier, which work in a similar way to cookies and serve to measure a specific activity. This technology allows us to track specific actions and to find out the users’ preferences and interest in the products.
- Web beacon: a transparent graphic image of 1 pixel x 1 pixel that can be integrated into digital content, videos and emails. For example, we use this technology when we respond to an email you have sent requesting technical assistance in order to know if you have read it.
Processing of children’s data
Our products, services and promotional campaigns are largely designed for and directed at adults. We will only collect and process your personal data if you are at least 14 years of age, which is the threshold set under the current Spanish legislation on data protection to determine whether you are under age or not. We will delete any personal data entered by any minor under the age of 14 years who does not comply with this condition within a limited time period. If you are aware of any personal data entered by a minor under the age of 14 years, please write to us at email@example.com so that we can proceed to remove it from our database.
As a user, you are responsible for the veracity, accuracy, validity and authenticity of the data that you provide to Star TIC Innovación, S.A.. You are also responsible for the information that you provide to us regarding third parties, from whom you are obliged to obtain their consent.
What are your rights and how to exercise them
Right to be informed: You have the right to obtain clear and easy-to-understand information about how we use your personal data and what your rights are. We give you this information in this policy.
Right of access and rectification: you have the right to obtain information about the personal data that we have and to request that we complete or rectify them when they are inaccurate, incomplete or out of date. To exercise this right, write to us at firstname.lastname@example.org and attach a copy of your ID, recognized digital certificate or official document that allows you to verify your identity. If you have a user and account, you can correct them yourself.
Right to erasure/to be forgotten: You have the right to request that we delete or remove your personal data, as long as it is possible and the company has no legal or legitimate reasons for keeping it. To exercise this right, write to us at email@example.com and attach a copy of your national ID or official document to enable the verification of your identity.
Right to restrict processing: The processing of your data will be subject to limitations (we can continue to store it but without using it) when any of the following circumstances apply: 1) you have requested verification of the accuracy of the data that we hold, 2) you have objected to the processing, 3) we no longer require your data for the purposes of processing or 4) the processing is unlawful.
Right to data portability: You have the right to request that we transfer your personal data to another data controller where possible. To exercise this right, write to us at firstname.lastname@example.org and attach a copy of your national ID or official document to enable the verification of your identity.
Right to withdraw your consent and the right object to direct marketing: You can withdraw your consent to the processing of your personal data at any time, and you can unsubscribe from our direct marketing communications. You can do this by clicking on the link “Unsubscribe” link that you will find in any email or communication that we send you, or by writing to us email@example.com.
Right to file a complaint with a control authority: If you believe that we have not respected your rights, you can file a complaint with the Spanish Data Protection Agency (www.agpd.es). We encourage you to contact our data protection officer in the first instance by writing to us at firstname.lastname@example.org so that we can assist you.
How to contact us
If you have any questions on how we use your personal data, you can contact our data protection officer:
Star TIC Innovación, S.A.
C/ Estrasburgo, 8, 28232
Las Rozas de Madrid
Our policy and procedures for managing personal information have been created in accordance with the requirements of the General Data Protection Regulation and the LOPDGDD, which constitutes our referential framework.
Date of application: 22 of june 2020.