In order to comply with the provisions in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, ADVANTICSYS hereby informs its Customers and websites users that any personal data supplied through the forms obtained in its websites shall be recorded in a file named “CLIENTES” for which ADVANTICSYS is the Controller and also the Processor and located at ADVANTICSYS´s registered address at c/ Zurbano, 83 3A, 28003 Madrid, Spain.
The Processors are the following: a) Arsys Internet S.L.U., located at EU (Spain), only for purposes of storing personal data; and b) Google Ireland Limited, located at EU (Ireland), for the purpose of managing our Concordia Cloud Platform. All personal data are sent encrypted to Google.
By filling any form in ADVANTICSYS´s websites, Users consent: (i) to the processing of their personal data by ADVANTICSYS for the purposes mentioned below; (ii) to receive promotional offers of ADVANTICSYS´s and its suppliers and partners’ Products and Services; and (iii) to the fact that ADVANTICSYS may make such data available to its partners or suppliers to the sole purpose of enabling service provision.
Any request by Users in connection with their rights mentioned below, shall be answered by ADVANTICSYS´s Data Protection Officer within a month.
Transparency and Information
What type of personal data do we collect?: the forms in our websites only collect name, email address and country or origin. The forms in our online shop collect additional information, such as address, telephone and credit card number. Disclosure of these data is compulsory for making any purchase through our online shop. ADVANTICSYS does not collect any sensitive data (Articles 9&10) from Users through the forms in its websites.
Why do we collect your personal data? ADVANTICSYS warrants that the purposes of this personal data processing shall be lawful at all times, namely: (a) to provide You access to ADVANTICSYS´s websites, online shop, products and services; (b) to respond to Your requests for information; (c) to send You information on ADVANTICSYS products and services; (d) to allow those of our partners who help us provide and improve our products and services, send you tailored information on related products or services, or provide you access to additional services; and (e) for R&D purposes, allowing ADVANTICSYS develop new products and services or improve the existing ones.
What do we do with your personal data? Our processing shall be the following:
Collection, always with your consent, either by filling our forms, by delivering your business card to our salesforce, or by entering a contractual relationship with ADVANTICSYS by purchasing our products and/or services. ADVANTICSYS shall not process any personal data not directly obtained from you. Any user feeling that his/her personal data have been disclosed to us without his/her consent, may contact our DPO to ascertain the source from which his/her personal data originate, and to exercise any of the rights mentioned below. ADVANTICSYS reserves its right to exclude from any service for which prior registration is required, any user having provided false or inaccurate data, notwithstanding any other legal action to which ADVANTICSYS may be entitled.
- Storage: our main suppliers are Arsys Internet S.L. whose servers are located in Spain and Google Ireland Limited, whose servers are located in Ireland. As already mentioned, our Concordia Cloud Platform data bases are sent encrypted to Google.
- Structuring of Users data by market, product, service, etc.
- Pseudonymisation meaning the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately. This is what we do with any data obtained through Concordia Cloud Platform services, which are obtained only to provide Customers access to their historical.
- Profiling: ADVANTICSYS shall not make any profiling by using personal data.
- Disclosure by transmission to some of ADVANTICSYS´s service providers or partners (Recipients), who help us provide the services you enjoy by using our websites or purchasing our products and services.
- Cross-border transfer: Cross-border transfer of data may exist, as ADVANTICSYS´s service providers and partners may be either in the European Union or in third countries, always within a Privacy Shield Framework
- Consultation and use by Libelium, for the purposes explained above.
- Restriction, erasure or destruction, as per your request, or when the term of data processing, as explained below, comes to an end.
Personal data shall be processed by using the security measures requested by the Regulation to avoid any personal data breach (meaning a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed). Users may nevertheless be aware of the fact that the existing security measures for computer systems on the Internet are not entirely trustworthy.
For how long do we store your personal data? personal data will be stored for the period strictly needed to serve the purposes described above and in connection with each kind of processing, for instance: (i) for the term of the contractual relationship entered with ADVANTICSYS and six years following its termination, according to Spanish Accountancy Regulations; (ii) as long as you do not exercise your right to erasure; (iii) for six years after your last statement of interest.
How can YOU exercise your rights? Please contact ADVANTICSYS´s Data Protection Officer (DPO), by email (email@example.com) or at the following address: ADVANTIC SISTEMAS Y SERVICIOS, S.L. Attn. Data Protection Officer, C/ Zurbano 83, 3A. 28003 Madrid (Spain). Users may request from the DPO at any time access to and rectification or erasure of personal data or restriction of processing concerning their data, as well as data portability; Users may, at any time, withdraw consent without affecting the lawfulness of processing based on consent before its withdrawal; Users may at any time lodge a complaint with the Spanish Agency on Data Protection (www.agpd.es) or with any other Supervisory Authority;
Right of Access
Users shall have the right to obtain from our DPO confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to their personal data. Our DPO shall provide a copy of the personal data undergoing processing. For any further copies requested by User, the DPO may charge a reasonable fee based on administrative costs. Where User makes the request by electronic means, the information shall be provided in a commonly used electronic form.
Right to Rectification and Erasure
Users shall have the right to obtain from the DPO without undue delay the rectification of inaccurate personal data concerning him or her, and to have incomplete personal data completed, including by means of providing a supplementary statement.
Users shall also have the right to obtain from the DPOr the erasure of personal data concerning him or her without undue delay, in the circumstances set forth in Section 17 of the Regulation.
Right to restriction of processing
Users shall have the right to obtain from the DPO restriction of processing in the circumstances set forth in section 18 of the Regulation.
Right to data portability
Subject to the restrictions in Section 20 of the Regulation, Users shall have the right to receive their personal data in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
(a) the processing is based on consent previously granted; and
(b) the processing is carried out by automated means.
In exercising his or her right to data portability Users shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.
Right to object and automated individual decision-making
Users shall have the right to object at any time to processing of personal data for direct marketing purposes, for scientific or historical research purposes or statistical purposes pursuant to Article 89(1) of the Regulation.
Moreover and subject to the limitation in Section 22 of the Regulation, Users hall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.