Privacy policy
1. Purpose
The purpose of this Privacy Policy is to inform persons (hereinafter, users or data subjects) who visit our website (hereinafter, the website or the site) about the manner in which we collect, process and protect the personal data they may choose to provide to us by any means (forms, emails, telephone, contracts, etc.) and, after reading this policy, to freely decide whether they wish us to process their data. Additionally, this policy serves to expand upon the information previously provided to data subjects in the information clauses included in our data collection processes.
Likewise, this policy seeks to comply with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter, the RGPD — General Data Protection Regulation) and with the Ley Orgánica 3/2018, de 5 de diciembre, de Protección de Datos Personales y garantía de los derechos digitales (hereinafter, LOPDGDD — the Spanish Organic Law on Personal Data Protection and the Guarantee of Digital Rights).
2. Who is the data controller?
| Identity – Entity: | VIVES Y MARI, S.L. |
| Tax ID (CIF/NIF): | B46023321 |
| Postal address: | C/ Les Moreres, Parc. 35, 46950 Xirivella (Valencia) España |
| Telephone: | 963 793 360 |
| Email: | info@vivesymari.es |
| Corporate purpose: | Textile Manufacturing |
| Website: | https://www.vivesymari.com/ |
| Registration details: | Registered in the Valencia Mercantile Registry, Volume 4438, Book 1750, Folio 165, Section 8, Sheet 24596 |
3. What personal data do we process and how do we obtain it?
For the conduct of our business activities, it is essential to process personal data, which may be collected by digital means (e.g. email, web forms or questionnaires), by completing paper documents (e.g. contracts or forms), or through in-person or telephone conversations. In all cases, the data shall be processed fairly, lawfully and transparently.
The categories of data that our organisation will process about data subjects are:
- Identification data: first name and surnames, national ID or equivalent document, and signature.
- Contact data: telephone number, email address, postal address.
- Commercial data: quotations, purchasing terms, service and/or purchase management and history, outcome of contacts (telephone, email, messaging and other communication channels).
- Accounting data: income and expense records, invoicing data.
- Banking data: bank accounts and cards.
- Transactions in goods and services: bank transfers and direct debits, amounts and descriptions.
- Browsing data: analysis of time spent on our website, pages visited, demographic data (e.g. age, gender, language).
Our organisation does not collect special category data (e.g. health data, ethnic origin, political opinions or religious beliefs), but should it become necessary to process such data, you will be informed and your prior express consent will be requested.
Accordingly, the data requested shall be adequate, relevant and limited to what is strictly essential and necessary, and shall be processed only by personnel and/or collaborators authorised by our organisation, who shall have signed a confidentiality commitment and undertake to comply with the security measures necessary to guarantee the confidentiality, integrity and availability of the data processed, as well as all other legally established requirements under the RGPD (General Data Protection Regulation). Therefore, the data shall be processed lawfully.
The data to be processed are provided by the data subject themselves or by their legal representative, although it may be the case that we delegate certain functions to collaborators who are responsible for collecting your data, but they will always be processed with your prior express consent.
In the event that a data subject does not provide the requested data or provides incomplete or incorrect data, it will not be possible to fulfil and maintain the relationship with them.
The categories of data that we may process about a person will depend on the relationship they hold with our organisation, as set out below:
Clients
Identification, contact, commercial, accounting, banking, goods and services transaction, financial data and handwritten or digital signatures shall be processed, and may only be collected if you provide them to us.
Information requesters
Whether the information requested is by telephone or in writing (e.g. email or web forms), we will request and process your identification, contact and commercial data.
Suppliers
Identification, contact, commercial, accounting, banking, goods and services transaction and financial data shall be processed. These data may be processed throughout all stages of the business relationship.
Job applicants
For this category of data subjects, curriculum data, identification, contact and other data related to their professional or personal characteristics will be processed upon receipt of their application by any means (e.g. in person, by email, via web forms). Data may also be collected during recruitment interviews (in person or by video conference), and employment applications may also reach us through a collaborator to whom we have delegated certain functions.
Social media users
We maintain a presence on various social media platforms and may process identification, contact, commercial and other data that the user enables to be viewed or shared with other users of the social network.
Complainants
Identification, contact and personal information, whether your own or that of third parties, that you wish to bring to our attention in connection with the complaint submitted to us, shall be processed.
Visitors
Identification and contact data shall be processed, collected when the data subject provides them upon accessing our premises, or when their contact within our organisation provides them to us to grant access.
Website users
When visiting our website, and only if the user expressly authorises it, analytical data (e.g. visit duration or pages visited) and even demographic data (e.g. gender, age, country or language) may be collected. For more information, please visit our Cookie Policy.
Further information for data subjects
The legally required information shall be made available to data subjects in the corresponding information clauses included in the various data collection channels, so that you may freely and expressly decide whether you wish the personal data requested to be processed by our organisation.
All categories and types of personal data processed shall be duly identified in the corresponding processing activities owned by our organisation.
4. What will your data be used for?
In general terms, the processing of personal data carried out by our organisation is intended to fulfil and maintain the relationship with different groups of persons, such as clients or suppliers. This also applies to other persons who contact us proactively through our web forms, by telephone or in person, by email or post, as in the case of job applicants or information requesters, users of our website/blog or social media, and data subjects in general.
Depending on that relationship, the processing of your data serves different purposes, which we detail below by way of illustration and not limitation:
Clients
Your personal data will be processed to identify you, to fulfil and maintain the pre-contractual and contractual relationship including the sending of commercial communications by various means, to respond to enquiries, to conduct quality surveys, to provide our services and/or sell goods, for accounting and invoicing management, for the transaction of goods and services, for collections management, for incident and complaint management and for the exercise of rights, for quality control, for creditworthiness checks, and for any other purposes to which we are obliged in order to fulfil that relationship, to comply with the laws to which we are subject and to pursue our legitimate interests.
Prospective clients or information requesters
We will process your personal data to respond to your general information requests, to identify you, to send or deliver quotations and information about the goods and/or services of interest to you, including in our response (verbal, written or digital) the commercial information related to your request. We will also make follow-up contacts by various means to learn about the decisions made regarding the commercial proposals we have sent you.
Job applicants
Your data will be processed to include you in our selection processes and talent pool, to identify you, and to contact you and inform you about vacancies, interview scheduling and other matters related to your candidacy.
Suppliers and collaborators
Your personal data will be processed for the purpose of maintaining the business relationship, whether for requesting quotations, purchasing goods or engaging services, for identification, for accounting management, for the transaction of goods and services, and for any other purposes necessary to fulfil that relationship, our legal obligations and legitimate interests.
Social media users
We will process your personal data to maintain the relationship as users of the same social network, to identify you, to contact you, and to share news and other personal data that you allow to be shared with other members of the social network.
Complainants
Personal data will be processed to identify you, to manage your complaint and to contact you regarding its status, as well as to comply with our legal obligations and legitimate interests.
Visitors
Data from visits to our premises will be processed to identify you, to comply with our obligations regarding occupational risk prevention, and for security and access control purposes at our facilities.
Website users
Data may also be processed for various purposes (e.g. visit analysis) when you accept the installation of cookies upon visiting our website. For more information, please visit our Cookie Policy.
Further information for data subjects
The legally required information shall be made available to data subjects in the corresponding information clauses included in the various data collection channels (e.g. forms, recorded messages, contracts, etc.) and in other media that we will make available to you (e.g. signs, invoices, legal notices, etc.), so that you may freely and expressly decide whether you wish the personal data requested to be processed by our organisation.
If you do not provide the data we request or if the data provided are incomplete or incorrect, it will not be possible to respond to your information request or to maintain a relationship with you.
Data shall not be further processed or used for purposes other than those accepted by the data subjects.
The purposes underlying the processing of personal data shall be duly identified in the corresponding processing activities owned by our organisation.
5. Why do we process your data (legal basis)?
The processing of your personal data by our organisation is carried out on one or more of the following legal bases:
- If you provide your express, free, informed and unequivocal consent, since we inform you at the time of collecting your data and in greater detail through this privacy policy, that after reading it and if you agree, you may voluntarily authorise us to process your data for one or more purposes by ticking the checkboxes provided for this purpose on our web forms, through your verbal consent (voice recording required) or by signing the information clauses that we provide at each point when requesting your personal data.
- For the performance of a contract to which you are a party or for the implementation of pre-contractual measures at your request.
- Where the processing is necessary for compliance with a legal obligation applicable to our organisation.
- Where the processing is necessary for the purposes of the legitimate interests pursued by our organisation or by a third party, provided that such interests are not overridden by the interests or fundamental rights and freedoms of the data subject.
In this regard, our organisation has carried out a balancing test weighing our legitimate interests against the rights and freedoms of the data subject, always respecting their fundamental rights.
Where the user is under 14 years of age, the consent of a parent, guardian or legal representative shall be required in order to process their data. The user is solely responsible for the accuracy of the data submitted to us.
6. Data Retention
The personal data provided shall be retained for as long as we maintain a relationship with you and for the time necessary to fulfil the purpose for which your data were collected.
Once that relationship has ended, we shall keep them blocked where it is necessary to retain them until the limitation period for liabilities has expired, solely for the purposes of claims or legal actions, as well as to comply with our legal obligations, for example:
| Data subjects | Sectoral scope | Legal basis | Retention period |
|---|---|---|---|
| Clients, Suppliers | Accounting | Art. 30.1 Código de Comercio | 6 years from the last accounting entry |
| Clients, Suppliers | Tax | Art. 66 Ley General Tributaria | General period: 4 years; in the event of losses during the financial year: 10 years; invoices: 5 years |
| Employees | Employment | Art. 21 del Real Decreto Legislativo 5/2000 – Orden Social | 4 years |
| Employees | Occupational risk prevention | Art. 4.3 del Real Decreto 5/2000 – Orden Social | 5 years |
| Clients | User information at internet service providers | Art. 5 de la Ley 25/2007 | 12 months from the date of the communication. The data to be retained are those established in Article 3 of the Act. Following consultation with the operators, this period may be extended by regulation to a maximum of 2 years or a minimum of 6 months. |
| Clients, Suppliers, Visitors, Job applicants, Employees | Video surveillance | Art. 22.3 LOPDGDD | 1 month |
| Job applicants | Job applications | Guía AEPD – Relaciones laborales | 1 year |
7. Profiling
We do not create profiles nor are automated decisions made using your personal data; however, should we do so, you will be informed and prior authorisation will be requested.
Likewise, you have the right to object to this type of processing at any time by writing to our organisation at info@vivesymari.es.
8. Data Disclosure
As a general rule, our organisation does not disclose personal data to third parties, although there may be cases where this is necessary. For example:
If you are a client or supplier, your personal data may be disclosed to third-party entities by legal obligation (e.g. the Spanish Tax Agency) or in those cases and to those entities necessary to provide our services or pay invoices (e.g. banking institutions).
Likewise, your personal data as a client or supplier may be processed by certain suppliers to whom we delegate some of our obligations (e.g. accounting advisors), all of whom have committed, through a data processing agreement, to comply with the same security measures implemented by our organisation, as well as to be bound by the duty of secrecy and confidentiality regarding the personal data processed, among other obligations in the field of personal data protection.
If you are a job applicant, your data will not be disclosed to third-party entities unless we are legally required to do so.
If you are an information requester or user of our website, your data will not be disclosed to third-party entities unless we are legally required to do so.
In general terms, we may disclose your personal data to Judges, Courts, the Public Prosecutor and/or the competent Public Authorities in the event of potential claims where we are required to do so.
9. International Data Transfers
In the event of transfers to third-party entities located in countries outside the European Economic Area, we will inform you and request your prior express consent.
10. Security Measures
Our organisation has implemented all necessary technical and organisational measures to protect the personal data processed, preventing their loss, theft or unauthorised use.
These measures have been established based on the type of data processed and the purposes underlying such processing. They are periodically verified through our internal compliance controls for data protection regulations and through external audits.
11. Your Rights
You, as the holder of your personal data, acting on your own behalf or through your legal representative (e.g. persons under 14 years of age), may contact our organisation at any time and request the exercise of your rights in the field of personal data protection.
We explain below what these rights are:
Right of Access
You have the right to know and to request the following information from us at any time:
- Whether or not we are processing your personal data.
- The purposes of the processing, as well as the categories of personal data being processed.
- The origin of your data, where they were not provided by you.
- The recipients or categories of recipients to whom your personal data have been or will be disclosed, including, where applicable, recipients in third countries or international organisations.
- Information on the appropriate safeguards relating to the transfer of your data to a third country or international organisation, where applicable.
- The envisaged retention period, or where this is not possible, the criteria used to determine that period.
- Whether automated decision-making exists, including profiling, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing.
- A copy of the personal data undergoing processing.
Right to Rectification
To request the rectification of your personal data when they are inaccurate, as well as the completion of incomplete data.
Right to Object
You may object to the processing of your data when they are incorrect or when processing is no longer necessary.
In the event that you act in the capacity of a person denounced or affected by a complaint within the framework of Ley 2/2023, you may not exercise your right to object, as it is presumed (subject to proof to the contrary) that there are grounds legitimising the processing of your personal data, in accordance with Article 31.4 of the Act.
Right to Erasure
To request the deletion of your data for any of the following reasons:
- Your data are no longer necessary for the purposes for which they were collected or processed.
- You have not given consent for the processing of your data.
- When you have exercised the right to object.
- When the data have been unlawfully processed.
- When the data must be erased for compliance with a legal obligation.
Right to Restriction of Processing
You may request the exercise of this right when one or more of the following conditions apply:
- When you contest the accuracy of your data, for a period enabling the controller to verify their accuracy.
- When the processing is unlawful and you oppose the erasure of your data and instead request the restriction of their use.
- When the data are no longer needed for the purposes of the processing, but the data subject requires them for the establishment, exercise or defence of legal claims.
- When you have objected to processing pursuant to Article 21(1), pending verification as to whether the legitimate grounds of the controller override those of the data subject.
Right to Data Portability
This refers to the right to obtain the data relating to you in a structured, commonly used and machine-readable format, as well as to transmit those data to another controller for further processing.
Right not to be subject to automated decisions
The right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
How to exercise your rights
To exercise any of your rights, you should write to VIVES Y MARI S.L., either by post to: C/ Les Moreres, Parc. 35, 46950 Xirivella (Valencia) or by email to: contacto@vivesymari.com, stating the rights you wish to exercise. If you are acting on behalf of another person, you must provide proof of your representation.
If you wish to submit any suggestion or enquiry regarding the processing of your personal data, you may contact the Data Protection Officer:
BUSINESS ADAPTER, S.L.
Ronda Guglielmo Marconi, 11, 26, (Parque Tecnológico) 46980 Paterna (Valencia).
We inform you that you have the right to lodge a complaint with the Agencia Española de Protección de Datos (Spanish Data Protection Agency) at: C/ Jorge Juan, 6, 28001 Madrid or at www.aepd.es.
12. Commitment to Personal Data Protection
Scope of application
Our commitment to personal data protection shall be binding on all departments and employees of our organisation, as well as on third parties acting on our behalf.
Purpose
We have established protocols for the processing of your personal data, in accordance with the provisions of European and Spanish data protection regulations.
Principles
We shall process your data with lawfulness, fairness, transparency, data minimisation, accuracy, storage limitation, integrity, confidentiality and accountability.
Special categories of data
Our organisation prohibits the processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, data concerning health, or data concerning sexual orientation, except in the cases legally authorised and with the prior consent of the data subject.
Rights of data subjects
Our organisation shall respond to your requests for the exercise of rights as promptly and diligently as possible.
Record of Processing Activities, Impact Assessment and Security Measures
Our organisation shall maintain a record of processing activities and shall analyse the purposes of processing, categories of data subjects and data, recipients, international transfers, retention periods, etc., in order to assess the risks of processing and implement the security measures necessary to guarantee the confidentiality, integrity and availability of personal data.
Likewise, for each processing activity, the need to carry out a Data Protection Impact Assessment has been analysed and the obligation to appoint a Data Protection Officer has been determined, establishing, where necessary, that the person appointed to this role possesses sufficient knowledge and experience in accordance with the applicable regulations.
Oversight
We have external assistance advising us in this area, monitoring all publications issued by the competent supervisory bodies and other European and Spanish entities related to data protection regulations, in order to comply with these regulations at all times.
13. Updates to this Policy
Our organisation reserves the right to amend this Policy without prior notice. We therefore recommend that you consult it each time you visit our website.
Last updated 19 July 2023