1.- DATA CONTROLLER

  • Data controller: AGROINDUSTRIAL KIMITEC, S.L. (hereinafter referred to as the “Company” or “Data Controller”).
  • NIF/CIF: B04612909
  • Registered office: Paraje Cerro de Los Lobos S/N, Building Maavi Innovation Center, 04738 – Vícar (ALMERIA).
  • E-mail address for data protection issues: lopd@kimitec.com.

2.- OBJECT AND SCOPE OF APPLICATION

This policy:

  • Defines the Company’s commitment to personal data confidentiality and its responsibilities regarding the transmission of such information;
  • aims to ensure that all staff, be it direct employees or contracting parties, are aware of their responsibilities regarding personal data confidentiality,
  • and is applicable to the entire company’s personnel, including temporary employees and agencies, contracting parties and volunteers, and to any personal information registered in any format, including paper, electronic and any other media.

All employees, contractors and associates share the responsibility of ensuring that all information assets are managed in accordance with this policy.

3.- GOVERNING LAW

Our Privacy Policy complies with the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), and with Spanish legislation on Personal Data Protection, insofar it does not contravene the aforementioned Regulation.

This document is also governed by the Law 34/2002, of July 11, on the services of information society and electronic commerce.

The Company may amend this Privacy Policy to comply with new legislative, legal or interpretation developments set out by the Spanish Data Protection Agency. This Privacy Policy may be supplemented by the Legal Notice, the Cookies Policy and the General Terms and Conditions that, if necessary, are offered for specific products or services, when access to them involves special regulations in terms of personal data protection.

4.-PURPOSE OF DATA PROCESSING

Personal data will be processed for the necessary purposes to successfully fulfill the business relationship with our customers, potential customers and providers; the employment relationship with the employees, and the selection process with the candidates to a work position, if applicable.

In particular, this organization will be able to process personal data for the following purposes:

  • Check that all technical measures are being implemented for the proper management of personal data with the applied software.
  • Send commercial and/or advertising information related to the products and services offered by our company, which are described on this website, as well as send news about our company and any updates in our catalog of products and services per e-mail or post.
  • Manage information requests about our products or services received by the data subject.
  • Purchase of our services by accepting the corresponding quotation/order, and/or by signing a commercial contract.
  • Manage exclusively internal incidents detected regarding compliance with the GDPR.
  • Gather the opinion of the data subjects.
  • Select staff members to cover job vacancies, if applicable.
  • Send packages and other correspondence.
  • Manage any legal problem affecting the company.
  • Manage, maintain and repair IT storage systems.
  • Manage our own work activities.
  • Manage our own financial and accounting activities.

A commercial or user profile may be created based on the information provided or obtained.

5.- DATA PROCESSING LEGITIMACY

By filling out the forms and providing your data, or checking the box “I accept the Privacy Policy” and clicking to submit the data, or by sending e-mails to the Company through the e-mail accounts enabled for such a purpose, you expressly confirm that you have read and accepted this Privacy Policy, and you give your unequivocal and express consent to the processing of your personal data for the purposes and under the conditions described herein.

The company is legitimated for the processing of your personal data based on one of the following purposes:

  • Your unequivocal, free and informed consent when it is legally required, but in no case its withdrawal will affect the processing of other data otherwise legitimated, and it will not impact the lawfulness of the processing prior to the withdrawal.
  • A legal obligation of the data controller.
  • The execution of the service agreement and/or the sales agreement for the corresponding products, signed by you.
  • The legal basis for the data processing is the legitimate interest of the data controller. That interest relies on the previous assessment of the proportion and weighting of both the legitimate interest of the data controller and the interests, rights and freedoms of the data subjects. Such weighting will take into account the evaluation of the interest, the impact of the processing on the data subjects, the balance between both aforementioned concepts and the implementation of additional warranties. If final weighting is favorable to the data controller, the processing may be carried out according to applicable regulations on personal data protection.

For questions or doubts, please contact us at the e-mail address provided in the Data Controller section.

6.- DATA RECIPIENTS

Only if required, the Company will transfer user data to third parties. External service providers (for example, payment services providers or delivery companies) commissioned by the Company may use the data to provide the corresponding services, according to the legitimate purposes included in current data protection regulations. The Company strives to guarantee personal data security when these are transmitted, and ensures that external service providers comply with confidentiality requirements and implement the appropriate measures to protect personal data. Those third parties are obliged to guarantee that the information is processed in accordance with current data protection regulations. When the law requires the transmission of personal data to public entities or other subjects, only the data that are strictly required to comply with said legal obligations will be disclosed.

7.- DATA PROCESSING AND STORAGE DURATION

Data processing for the aforementioned purposes will be maintained for as long as it is required to fulfill the purpose with which they were collected (for example, while the commercial relationship lasts), and to comply with the legal obligations that result from such data processing. Furthermore, we will retain your personal data from the time you give us your consent until you withdraw it or request a processing restriction. In such cases, we will block and still retain your data for the specific period required by law. To do so, use the address indicated in the Data Controller section.

8.- CONFIDENTIALITY OBLIGATION

All Company personnel (including collaborators) is obliged to maintain the personal information that is being processed confidential.

9.- DATA CATEGORIES

The data collected fall into the category of “identification data”, such as: First and last name, telephone, postal address, company, e-mail address, and the IP address from which you are accessing the data collection form.

  1. ACCURACY AND TRUTHFULNESS OF COLLECTED DATA

Only the data subject will be responsible for the truthfulness and accuracy of the data provided to the Company, and the Company is exempt from any related responsibility. Data subjects guarantee and are in all cases liable for the accuracy, validity and authenticity of the personal data provided, and are committed to keep them duly up-to-date. Data subjects commit to provide complete and correct information.

The Company does not take any responsibility for the truthfulness of the information that is not self-elaborated and expressly stemming from a different source; thus, it takes no responsibility either for hypothetical damages caused by the use of such information.

The company is exempt from liability for damages that the data subject may suffer as a result of errors, defects or omissions in the information provided by external sources.

11.- PERSONAL DATA OF MINORS

In principle, the services of the Company are not specifically meant for minors.

However, if any of them was meant for children below the age of fourteen, in accordance with Article 8 of the GDPR and Article 7 of the LO3/2018, December 5, (LOPDGDD), the Company will require a valid, free, unequivocal, specific and informed consent to the processing of the children’s data from their legal guardians. In such a case, the national Personal Identification Number will be required, or any other identification document of those giving their consent.

Regarding children over fourteen years of age, their data may be processed with their consent only, except in those cases where the Law requires the intervention of the holders of parental responsibility over the child.

You hereby certify that you are over 14 years of age and that you have the legal capacity required to give your consent regarding the processing of your personal data as set out in this Privacy Policy.

12.- SECURITY MEASURES

As part of our commitment to guarantee the security and confidentiality of your personal data, we inform you that we have taken the necessary technical and organizational measures to ensure the security of personal data and prevent their alteration, loss and unauthorized processing or access, to the extent allowed by the current state of the art, the nature of the data stored and the risks to which they are exposed, in accordance with Art. 32 of the GDPR EU 679/2016.

The Company has implemented the personal data protection security levels legally required, and tries to implement any other additional means and technical measures within their power to avoid the loss, misuse, alteration, unauthorized access and theft of the personal data that are being processed.

The Company is not responsible for hypothetical damages that may arise from interferences, omissions, interruptions, computer viruses, telephone breakdowns or disconnections during the operation of this electronic system, caused by external reasons out of the company’s control; for delays or blockages in the use of this electronic system caused by deficiencies or overloads in telephone lines or in the center for data processing, in the Internet system or in other electronic systems; nor for damages that may be caused by third parties by means of illegitimate interferences beyond the control of the Company.

Despite that, the control system implemented by the Company allows to comply with the principles relating to the processing of the data subject’s personal data, including the principles of purpose limitation, storage limitation, data minimisation, and integrity and confidentiality.

13.- DISCLOSURE OF DATA

No data disclosure or international data transfers are planned, except for those authorized by tax, commercial and telecommunications laws, or required by a judicial authority.

14.- LINKS TO EXTERNAL WEBSITES

The Company’s website may include links to other websites. When you click on one of those links and access an external website, the visit will be subject to the privacy policy of that specific website, leaving the Company completely exempt from any liability regarding their privacy policy.

15.- RIGHTS OF THE USER

The Company guarantees the exercise of the rights pertaining to the data subject regarding the processing of his/her personal data. Data subjects have the right to obtain confirmation as to whether we are processing personal data concerning them or not. Data subjects have the right to access their personal data, as well as to request the rectification of inaccurate data or, if necessary, to request their erasure when, among other reasons, the data are no longer necessary in relation to the purposes for which they were collected. Under certain circumstances, data subjects may request the restriction of the processing of their personal data, in which case we will retain them only for the exercise or defense of legal claims. Data subjects may object to the processing of their data for reasons related to their particular situation. The Data Controller shall no longer process the personal data except for compelling legitimate reasons, or for the exercise or defense of legal claims.

In particular, in compliance with current data protection regulations, we inform you that you can:

  • Exercise the right of access to the personal data held by the company.
  • Exercise the right to rectification when your personal data that are being processed by the Company are inaccurate or untrue.
  • Exercise the right to object to the processing of your personal data, in which case the Company will stop processing the data unless there are legitimate grounds that prevent it from doing so.
  • Exercise the right to erasure of your personal data when, among other reasons, they are no longer necessary for the purposes of their processing, or when their processing is no longer legitimate.
  • Exercise the right to data portability when the processing is carried out by automated means, and provided that it is linked to the Company based on a signed contract, or when consent has been given for the processing.

In such cases, the data subject shall have the right to receive his/her personal data in a structured, commonly-used and machine-readable format, or to their transmission to another controller, when technically feasible.

  • Exercise the right to restriction of the processing of your personal data, in which case they will be retained only for the exercise or defense of legal claims.
  • Exercise the right to not be subject to individual decision-making. Data subjects may request that no decisions are made only based on an automated system, including the creation of profiles, which might have legal consequences for them or a significant impact on them.

Those rights may be exercised for free, except in those cases legally provided, by sending a written request signed by you, or if applicable, by your representative, addressed to the data controller at the postal and e-mail addresses provided in the first section.

You also have the right to lodge a complaint, either with the Spanish Agency for Data Protection or with the corresponding supervisory authority.

Likewise, you can appeal to Court to claim a compensation.

Finally, we hereby inform you that you have the right to withdraw your consent as easily as you gave it. To do so, use the e-mail address indicated in the Data Controller section.

16.- EXERCISE OF USER RIGHTS

To exercise your rights, you may send a written notification to Paraje Cerro de Los Lobos s/n, ZIP code 04738, Vícar (Almería), or an e-mail to the Data Controller or, if applicable, to the data protection officer at lopd@kimitec.com, to request the appropriate form for the exercise of the corresponding right. Alternatively, you may contact the competent supervisory authority for additional information on your rights. Please remember to attach a copy of an identification document.