SMART VIRTUAL ASSISTANT TECHNOLOGIES, S.L. (hereinafter SVACHAT) informs users of the website about its policy regarding the processing and protection of personal data of users and customers that may be collected while browsing or contracting its services.
In this sense, SVACHAT guarantees compliance with the regulations in force on personal data protection, reflected in REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).
Responsible for processing:
Responsible for the website: SMART VIRTUAL ASSISTANT TECHNOLOGIES, S.L
Contact address: C/ Ignacio Garrido, nº14, 1º-A, 41219, Las Pajanosas (Seville).
E-mail: firstname.lastname@example.org Tax Identification Number: B-87976445
Data Protection Officer:
Identification: Victor Lopez Perez
Contact address: Avenida República Argentina 29B, First Floor, Module 3, LBO Abogados.
DATA COLLECTION, PURPOSE AND PROCESSING
SVACHAT has a duty to inform users of its website about the collection of personal data that may be carried out. In this regard, SVACHAT will be considered responsible for processing the data collected through the means enabled for this purpose.
In turn, SVACHAT informs users of the purpose of the processing of data collected includes: the attention to requests made by users, inclusion in the contact list, the provision of services and management of the business relationship.
The operations, management and technical procedures that are carried out in an automated or non-automated way and that allow the collection, storage, modification, transfer and other actions on personal data, are considered as personal data processing.
All personal data collected via the SVACHAT website or platform and which is therefore considered to be personal data processing will be included in the Activity Register owned by the party responsible for the file.
The General Data Protection Regulation grants the interested parties the possibility of exercising a series of rights related to the processing of their personal data.
Users may exercise their rights of access, rectification, deletion, limitation and portability in accordance with the provisions of current legislation on the protection of personal data. In essence, each right allows you:
- Access: gives you the possibility to obtain a copy of the personal data being processed at your request, or you will be allowed remote access to a secure system offering direct access to the personal data.
- Portability: allows the interested party to obtain a copy in a structured format, of common use and mechanical reading of the data held by the File Manager.
- Rectification: the data subject shall have the right to obtain from the controller, without undue delay, the rectification of inaccurate personal data concerning him/her.
- Deletion: gives you the option to remove your personal data from a database when it is deleted:
- They are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
- The person concerned withdraws the consent on which the treatment is based.
- The data subject objects to the processing and no other legitimate grounds for the processing prevail.
- The personal data has been processed unlawfully.
- Personal data must be deleted in order to comply with a legal obligation under European Union law that applies to the controller.
- The personal data were obtained in connection with the provision of information society services on "Conditions applicable to the child's consent to information society services".
- Limitation of the treatment: it supposes the nonapplication of your personal data to the opportune operations of treatment. It may be requested when:
- The data subject has exercised the rights of rectification or opposition and the person responsible is in the process of determining whether to comply with the request
- The processing is unlawful, which would result in the deletion of the data, but the data subject objects to this
- The data are no longer necessary for processing, which would also result in their deletion, but the data subject requests limitation because he or she needs them for the formulation, exercise or defence of claims
To exercise these rights, the user must send a written communication, providing documentation that proves his/her identity (ID card or passport), to the following address: SMART VIRTUAL ASSISTANT TECHNOLOGIES, S.L; C/ Ignacio Garrido, nº14, 1º-A, 41219, Las Pajanosas (Seville). This communication must reflect the following information: name and surname of the user, the request, the address and the supporting data, also, and for greater facility of the interested party; it is allowed the possibility of the exercise of these rights by means of the remission of an electronic mail, including in any case the listed documentation, to the address: email@example.com.
The exercise of rights must be made by the user himself. However, they may be executed by an authorized person as the legal representative of the authorized person. In this case, documentation must be provided that accredits this representation of the interested party.
Inform you that the exercise of your rights will be completely free of charge, unless the request is manifestly unfounded or excessive, especially as regards repetition. In such cases, the person concerned may be charged a fee to compensate for the administrative costs of responding to the request or refusal to act.
The deadline for attending to your request will be ONE MONTH from the day it is received, and can be extended to TWO MONTHS for particularly complex requests, always with the appropriate notification to the interested party of the aforementioned extension of the deadline.
If we consider that the request has not been met, we guarantee to notify you within ONE MONTH.
PRINCIPLES WE APPLY TO PERSONAL DATA
In the processing of personal data, the following principles shall apply, in line with the requirements of the new European Data Protection Regulation:
- Principle of lawfulness, loyalty and transparency: the consent of the data subjects will always be required for the processing of personal data for one or more specific purposes, of which they will be informed in advance with absolute transparency.
- Data minimization principle: data will only be requested if strictly necessary in relation to the purposes for which it is required. The minimum possible.
- Principle of limitation of storage period: data will be kept for no longer than necessary for the purposes of the processing, depending on the purpose. The relevant retention period shall be reported, in the case of subscriptions, lists shall be periodically reviewed and records that have been inactive for a considerable time shall be deleted.
- Principle of integrity and confidentiality: data will be processed in a way that ensures adequate security of personal data and guarantees confidentiality.
DATA PROCESSING LEGITIMACY
The legitimization of the processing of your data is mainly consent, without prejudice to those other bases of legitimization provided for in the regulations and that could be applicable, being these the following:
- The processing is necessary for the execution of a contract to which the person concerned is a party or for the implementation at his request of pre-contractual measures.
- The processing is necessary for the fulfilment of a legal obligation applicable to the controller.
- The processing is necessary to protect the vital interests of the data subject or of another natural person.
- The processing is necessary for the performance of a task carried out in the public interest or in the exercise of public authority vested in the controller.
- Processing is necessary for the purposes of satisfying the legitimate interests pursued by the controller or by a third party, provided that such interests are not overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the data subject is a child.
The categories of data processed are:
- Identifying data.
- Among other data connected to the established processing purpose.
RETENTION PERIOD OF PERSONAL DATA
Personal data shall be kept until such time as the data subject requests their deletion or when they do not serve the purpose for which they were processed.
SECRECY AND DATA SECURITY
SVACHAT undertakes to use and process the personal data of the interested parties, respecting their confidentiality and using them in accordance with the purpose of the same, as well as complying with its obligation to save them and adapt all measures to prevent alteration, loss, or unauthorised processing or access, in accordance with the provisions of current data protection legislation.
SVACHAT reserves the right to modify this policy to adapt it to new legislation or case law, as well as to industry practices. In such cases, changes will be announced on this page reasonably in advance of their implementation.
In accordance with the LSSICE, SVACHAT does not carry out SPAM practices, so it does not send commercial mail by electronic means that have not been previously requested or authorized by the user. Consequently, in each of the forms on the website, the user has the opportunity to give their express consent to receive the newsletter, regardless of the commercial information requested.
In accordance with the provisions of Law 34/2002 on Information Society Services and Electronic Commerce, SVACHAT undertakes not to send commercial communications without duly identifying them.
COMPLAINT TO THE SPANISH DATA PROTECTION AGENCY
If you consider that your rights have not been properly addressed, you have the right to file a complaint with the Spanish Data Protection Agency, whose contact details are
Telephone: 901 100 099/ 912 663 517
Postal Address: C/ Jorge Juan, 6 28001-Madrid
Electronic Headquarters: https://sedeagpd.gob.es/sede-electronica-web/