Privacy policy
“In MARI CARMEN MESTRE VEGA, we process the information you provide us in order to deliver the requested service and carry out your billing. The data provided will be retained as long as the commercial relationship is maintained or for the time necessary to comply with legal obligations and address any responsibilities that may arise from fulfilling the purpose for which the data was collected. The data will not be transferred to third parties unless there is a legal obligation. You have the right to obtain information about whether MARI CARMEN MESTRE VEGA is processing your personal data, so you can exercise your rights of access, rectification, deletion, and data portability, as well as opposition and limitation to its processing, by contacting MARI CARMEN MESTRE VEGA, CRER/ LO COMO, 5 or via email at info@elxaletdetaull.com, attaching a copy of your ID or equivalent document. Furthermore, if you believe that your rights have not been fully satisfied, you can file a complaint with the national supervisory authority by contacting the Spanish Data Protection Agency, C/ Jorge Juan, 6 – 28001 Madrid. We also request your authorization to offer you products and services related to those contracted and to retain you as a customer.”
1. Purpose of the Data Processing Assignment
Through these clauses, FINQUES LAVAIX SL, located at AVD. VICTORIANO MUÑOZ, 17-BX and NIF B25593278, is authorized as the data processor to process on behalf of MARI CARMEN MESTRE VEGA, as the data controller, the personal data necessary to provide the service specified below.
The processing will consist of ADVISORY AND ACCOUNTING.
2. Identification of the Affected Information
For the execution of the services derived from fulfilling the purpose of this assignment, the entity MARI CARMEN MESTRE VEGA, as the data controller, makes available to the entity FINQUES LAVAIX SL the identification and banking data of its clients.
3. Duration
This agreement has a duration of , being automatically renewed unless decided otherwise by either party.
Once this contract ends, the data processor must return to the controller, or transmit to another processor designated by the controller, the personal data processed and delete any copies in its possession. However, it may keep the data blocked for the minimum time necessary to address any responsibilities that may arise from its relationship with MARI CARMEN MESTRE VEGA, securely and definitively destroying them at the end of that period.
4. Obligations of the Data Processor
The data processor and all its personnel are obliged to:
- Use the personal data subject to processing, or those collected for inclusion, only for the purpose of this assignment. Under no circumstances may the data be used for personal purposes.
- Process the data according to the documented instructions of the data controller. If the data processor considers that any of the instructions provided violates the General Data Protection Regulation or any other data protection provision, the processor will immediately inform the controller.
- Keep a written record of all categories of processing activities carried out on behalf of the controller, containing:
1 The name and contact details of the processor or processors and of each controller on whose behalf the processor acts and, where applicable, the representative of the controller or processor and the data protection officer.
2 The categories of processing carried out on behalf of each controller.
3 A general description of the appropriate technical and organizational security measures being applied.
- Not communicate or disclose the data to third parties unless expressly authorized by the data controller or in legally permissible cases. If the processor wishes to subcontract, in whole or in part, the services subject to this contract, it must inform the controller and request prior authorization.
- Maintain the duty of confidentiality regarding the personal data accessed by virtue of this assignment, even after the contract ends.
- Ensure that persons authorized to process personal data commit, expressly and in writing, to respect confidentiality and comply with the corresponding security measures, which the processor must inform them of appropriately.
- Keep available to the controller the documentation proving compliance with the obligation established in the previous section.
- Guarantee the necessary training in personal data protection for persons authorized to process personal data.
- When affected individuals exercise their rights of access, rectification, deletion, and data portability, as well as opposition and limitation of processing before the data processor, it must communicate this by email to the address indicated by the controller as promptly as possible. The communication must be made immediately and in no case beyond the next working day after receiving the request, along with any other information that may be relevant to resolve it. It will assist the controller, whenever possible, so that it can comply and respond to the exercise of rights.
- Notification of data security breaches:
The data processor will notify the data controller, without undue delay and through the email address indicated by the controller, of any data security breaches under its responsibility that it becomes aware of, along with all relevant information for documenting and communicating the incident. It will also notify any failure in its information processing and management systems that may jeopardize the security, integrity, or availability of the personal data processed, as well as any possible breach of confidentiality due to third-party access to the data and information accessed during the execution of the contract.
At a minimum, the following information will be provided:
a) Description of the nature of the personal data security breach, including, where possible, the categories and approximate number of affected data subjects, and the categories and approximate number of affected personal data records.
b) Contact details for obtaining more information.
c) Description of the possible consequences of the personal data security breach.
d) Description of the measures taken or proposed to remedy the personal data security breach, including, if applicable, measures taken to mitigate possible adverse effects.
If it is not possible to provide the information simultaneously, and to the extent that it is not, the information will be provided gradually without undue delay.
FINQUES LAVAIX SL, at the request of the controller, will communicate these data security breaches to the affected individuals as soon as possible when the breach is likely to result in a high risk to the rights and freedoms of natural persons.
The communication must be made in clear and simple language and must include the elements indicated by the controller in each case, at a minimum:
a) The nature of the data breach.
b) Contact details of the controller or processor where more information can be obtained.
c) Describe the possible consequences of the personal data security breach.
d) Describe the measures taken or proposed by the data controller to remedy the personal data security breach, including, if applicable, measures taken to mitigate possible adverse effects.
- Make available to the controller all necessary information to demonstrate compliance with its obligations, as well as to allow and contribute to audits or inspections conducted by the controller or another auditor authorized by it.
- Implement the necessary technical and organizational security measures to ensure the confidentiality, integrity, availability, and resilience of the personal data processing systems and services.
- Data destination:
Delete, return to the controller, or deliver, if applicable, to a new processor as determined by MARI CARMEN MESTRE VEGA, all personal data once the processing service provided is completed. Data destruction is not applicable when there is a legal provision requiring their retention, in which case they must be returned to the controller who will ensure their retention, duly blocked, while such obligation persists.
- The return must involve the total deletion of existing data on the computer equipment used by the processor. However, the processor may retain a copy of the data, duly blocked, while responsibilities may arise from the execution of the services provided to the data controller.
5. Obligations of the Data Controller
The data controller is responsible for:
a) Providing the processor with the necessary data to deliver the service.
b) Ensuring, prior to and throughout the processing, compliance with the current data protection provisions by the data processor.
c) Supervising the processing, including the possibility of requesting information to verify compliance with the obligations established in this contract.
1. Purpose of the Data Processing Assignment
Through these clauses, FINQUES LAVAIX SL, located at AVD. VICTORIANO MUÑOZ, 17-BX and NIF B25593278, is authorized as the data processor to process on behalf of MARI CARMEN MESTRE VEGA, as the data controller, the personal data necessary to provide the service specified below.
The processing will consist of ADVISORY AND ACCOUNTING.
2. Identification of the Affected Information
For the execution of the services derived from fulfilling the purpose of this assignment, the entity MARI CARMEN MESTRE VEGA, as the data controller, makes available to the entity FINQUES LAVAIX SL the identification and banking data of its clients.
3. Duration
This agreement has a duration of , being automatically renewed unless decided otherwise by either party.
Once this contract ends, the data processor must return to the controller, or transmit to another processor designated by the controller, the personal data processed and delete any copies in its possession. However, it may keep the data blocked for the minimum time necessary to address any responsibilities that may arise from its relationship with MARI CARMEN MESTRE VEGA, securely and definitively destroying them at the end of that period.
4. Obligations of the Data Processor
The data processor and all its personnel are obliged to:
- Use the personal data subject to processing, or those collected for inclusion, only for the purpose of this assignment. Under no circumstances may the data be used for personal purposes.
- Process the data according to the documented instructions of the data controller. If the data processor considers that any of the instructions provided violates the General Data Protection Regulation or any other data protection provision, the processor will immediately inform the controller.
- Keep a written record of all categories of processing activities carried out on behalf of the controller, containing:
1 The name and contact details of the processor or processors and of each controller on whose behalf the processor acts and, where applicable, the representative of the controller or processor and the data protection officer.
2 The categories of processing carried out on behalf of each controller.
3 A general description of the appropriate technical and organizational security measures being applied.
- Not communicate or disclose the data to third parties unless expressly authorized by the data controller or in legally permissible cases. If the processor wishes to subcontract, in whole or in part, the services subject to this contract, it must inform the controller and request prior authorization.
- Maintain the duty of confidentiality regarding the personal data accessed by virtue of this assignment, even after the contract ends.
- Ensure that persons authorized to process personal data commit, expressly and in writing, to respect confidentiality and comply with the corresponding security measures, which the processor must inform them of appropriately.
- Keep available to the controller the documentation proving compliance with the obligation established in the previous section.
- Guarantee the necessary training in personal data protection for persons authorized to process personal data.
- When affected individuals exercise their rights of access, rectification, deletion, and data portability, as well as opposition and limitation of processing before the data processor, it must communicate this by email to the address indicated by the controller as promptly as possible. The communication must be made immediately and in no case beyond the next working day after receiving the request, along with any other information that may be relevant to resolve it. It will assist the controller, whenever possible, so that it can comply and respond to the exercise of rights.
- Notification of data security breaches:
The data processor will notify the data controller, without undue delay and through the email address indicated by the controller, of any data security breaches under its responsibility that it becomes aware of, along with all relevant information for documenting and communicating the incident. It will also notify any failure in its information processing and management systems that may jeopardize the security, integrity, or availability of the personal data processed, as well as any possible breach of confidentiality due to third-party access to the data and information accessed during the execution of the contract.
At a minimum, the following information will be provided:
a) Description of the nature of the personal data security breach, including, where possible, the categories and approximate number of affected data subjects, and the categories and approximate number of affected personal data records.
b) Contact details for obtaining more information.
c) Description of the possible consequences of the personal data security breach.
d) Description of the measures taken or proposed to remedy the personal data security breach, including, if applicable, measures taken to mitigate possible adverse effects.
If it is not possible to provide the information simultaneously, and to the extent that it is not, the information will be provided gradually without undue delay.
FINQUES LAVAIX SL, at the request of the controller, will communicate these data security breaches to the affected individuals as soon as possible when the breach is likely to result in a high risk to the rights and freedoms of natural persons.
The communication must be made in clear and simple language and must include the elements indicated by the controller in each case, at a minimum:
a) The nature of the data breach.
b) Contact details of the controller or processor where more information can be obtained.
c) Describe the possible consequences of the personal data security breach.
d) Describe the measures taken or proposed by the data controller to remedy the personal data security breach, including, if applicable, measures taken to mitigate possible adverse effects.
- Make available to the controller all necessary information to demonstrate compliance with its obligations, as well as to allow and contribute to audits or inspections conducted by the controller or another auditor authorized by it.
- Implement the necessary technical and organizational security measures to ensure the confidentiality, integrity, availability, and resilience of the personal data processing systems and services.
- Data destination:
Delete, return to the controller, or deliver, if applicable, to a new processor as determined by MARI CARMEN MESTRE VEGA, all personal data once the processing service provided is completed. Data destruction is not applicable when there is a legal provision requiring their retention, in which case they must be returned to the controller who will ensure their retention, duly blocked, while such obligation persists.
- The return must involve the total deletion of existing data on the computer equipment used by the processor. However, the processor may retain a copy of the data, duly blocked, while responsibilities may arise from the execution of the services provided to the data controller.
5. Obligations of the Data Controller
The data controller is responsible for:
a) Providing the processor with the necessary data to deliver the service.
b) Ensuring, prior to and throughout the processing, compliance with the current data protection provisions by the data processor.
c) Supervising the processing, including the possibility of requesting information to verify compliance with the obligations established in this contract.
