Summary of information
Basic information on data protection:
Responsible: TOSCARIA SERVICIOS DE INGENIERÍA Y CONSULTORÍA S.L
- To show the services developed by TOSCARIA.
- Management and response to online queries.
- Sending promotions, advertising and event information.
Legitimation: Consent of the interested party. For more information continue reading.
Recipients: No data will be transferred to third parties, unless legally obliged to do so. Analytical results may be transferred at the request of installed tools. For more information consult the Cookies policy.
Rights: Access, rectify and delete data, limit and oppose the processing, data portability and withdraw consent.
Additional information: You can consult additional and detailed information on Data Protection by continuing to read this notice.
What does the processing of personal data mean?
Operations, management and technical procedures that are carried out in an automated or non-automated way and that make possible the collection, storage, modification, transfer and other actions on personal data, are considered to be processing of personal data.
What does use of the website entail?
Who is the data controller?
- Commercial name: TOSCARIA
- Fiscal name: TOSCARIA SERVICIOS DE INGENIERÍA Y CONSULTORÍA, S. L.
- CIF: B-15727647
- Address: C/ Ciudad de Lugo 31-33, Bajo Local 8B, CP:15004, A Coruña, Spain (ES)
- Telephone: +34 881 893 848
- Email: firstname.lastname@example.org
- Website: toscaria.com
TOSCARIA guarantees the confidentiality and privacy of personal data collected, having adopted security measures to prevent alteration, loss, treatment or unauthorized access and ensure the integrity and security of personal data, in accordance with the provisions of Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016, which implements Organic Law 3/2018 of 5 December on the Protection of Personal Data and Guarantees of Digital Rights, by providing the necessary technical means to prevent any alteration, loss, unauthorised access or misuse of the data processed, in accordance with the nature of the data, the state of technology, and the risks to which they are exposed.
For what purpose will we use the data collected?
TOSCARIA informs you that the personal data provided through this website, including the IP address, will be processed for the following purposes:
- To provide the requested product or service adequately and with all the guarantees.
- To send informative communications to the application for registration as a user or registration in the newsletter and events, either through the email provided on the website or through contact forms or user registrations.
- Manage and offer promotions, discounts and new services for advertising and commercial purposes.
- To carry out periodic analysis studies of the website for statistical purposes based on the data provided.
- To analyse user behaviour during web browsing.
With the express and informed consent, access by TOSCARIA to the data which, in accordance with the infrastructure of this website, is required to contact the user, manage comments on the blog, validations or recommendations on social networks and/or send the TOSCARIA newsletter is legalised.
What is the legitimacy of the processing?
The legitimacy of the different processing activities carried out by TOSCARIA are:
- For the purpose of service provision, the processing is based on the performance of a contract between the parties.
- For marketing and commercial management purposes, processing is based on the consent of the data subject.
- For purposes related to the analysis of user behaviour on the website, the processing is based on the legitimate interest of TOSCARIA, which is based on the search for improvement of the platform, its functionality, its adaptation to users and the provision of a more individualised service for the interested parties.
Do we pass on data?
TOSCARIA undertakes not to transfer data to third parties without having obtained the express consent of the users. However, it may disclose metrics and analytics requested by IT tools installed on the website that are not owned by TOSCARIA. Some of these services may be owned by third parties resident outside the European Union (Google, WordPress, etc.).
TOSCARIA tries and usually uses secure tools whose servers are preferably located in Spain, or failing that, in a member state of the European Union, or that comply with European law according to the guidelines and recommendations of the Spanish Data Protection Agency, the European Commission and the Community reference agreements on international data transfer, including obtaining certification on the Privacy Shield list.
What is our policy with data processors?
What do we do with the data on social networks?
TOSCARIA has channels on the social networks Facebook, Youtube, Linkedin and Twitter with the main purpose of publishing and disseminating information about the products offered through the TOSCARIA website, interacting with users and serving as a channel of attention and social interaction.
In the event that you access this website using an application that connects a social network with this website, you will be authorising the social network to share some data with TOSCARIA.
It is important that you are aware that if you have geo-located social media accounts, your location information when sharing on social media will be visible to third parties with whom you share or share your information.
What rights do users have? How can they exercise their rights?
How can you exercise your rights? At any time the user can withdraw their consent and exercise their rights of access, rectification, deletion, limitation, opposition and portability provided for in the Data Protection Regulation 679/2016 and the LO 3/2018 on Data Protection and Guarantee of Digital Rights, by sending an email to email@example.com or by sending postal mail to C/ Ciudad de Lugo 31-33, Bajo Local 8B, CP:15004, A Coruña, Spain (ES).
What do we need to verify your identity? In both cases, the user must enclose a copy of his/her national identity card, passport or other valid document that identifies him/her.
Is there a model for the exercise of rights? You can request our form by e-mail or by coming to our headquarters (both addresses described above).
You can also make use of the models and forms for the exercise of these rights available on the website of the Spanish Data Protection Agency, which can be found at the following address:
What do these rights consist of?
- Right to information: the data subject must be previously informed in an express, precise and unequivocal manner of, among other things, the existence of a file, the possibility of exercising his or her rights and the data controller.
- Right of access: this allows the citizen to know and obtain, free of charge, information about his or her personal data subject to processing.
- Right of rectification: This right is characterised by the fact that it allows for the correction of errors, the modification of data that prove to be inaccurate or incomplete and the guarantee of the accuracy of the information undergoing processing.
- Right of cancellation: This right allows for the deletion of data that proves to be inadequate or excessive, without prejudice to the duty to block data as set out in the LOPD.
- Right to object: The right of opposition is the right of the data subject not to have his or her personal data processed or to cease processing.
- Right of limitation: the user has the right to decide which personal data he/she does not want to be processed in the future, being able to exercise this right when he/she has previously contested the accuracy of the data; when the processing is unlawful and instead of exercising the erasure of the data he/she decides to limit it for future processing. In the case of restriction of processing, the restriction may be lifted if there is consent of the data subject; the possibility that the processing may affect the protection of the rights of another natural or legal person; court proceedings justifying the restriction; or there is an important public interest ground based on the legislation in force.
- Right of portability: you have the right to receive the personal data provided or to have them transmitted by TOSCARIA to another controller, in a structured, commonly used and machine-readable format, provided that the processing is carried out by automated means and the processing is based on the consent that the User once gave for one or more specific purposes, or for the performance of a contract to which he/she was a party. The right to portability shall not apply where the transmission is technically impossible; nor where it may adversely affect the rights and freedoms of third parties; nor where the processing has a public interest mission based on the legislation in force.
- Right to lodge a complaint with the Supervisory Authority: you have the right to lodge a complaint with the Spanish Data Protection Agency (supervisory authority in Spain) via the following link: aepd.es.
- Right to be forgotten: Removal of names from the list of search engine results.
- Advertising rights: Right to exclusion from telephone directories, Right not to receive unwanted advertising, Rights of subscribers and users of telecommunications services.
What security measures do we apply to the processing of personal data?
In order to protect the personal data of its users, TOSCARIA has security protocols and implements technical and organisational measures appropriate to the state of the art, taking into account the scope, context and purposes of the processing, as well as the risks of varying likelihood and severity for the rights and freedoms of data subjects, trying to be able to ensure the confidentiality, integrity, availability and resilience of the systems and services of the processing.
In addition, we take care to ensure the correct choice of its data processors, in compliance with Data Protection regulations.
In particular, TOSCARIA has the following measures in place:
- Privacy and security risk assessment strategy and disaster recovery plan designed to safeguard the continuity of our services and to protect our staff and our data.
- Incident Log: TOSCARIA staff use the incident log to report any incident related to the security of the information and personal data included in the files containing personal data they process.
- Periodic training and awareness-raising of our staff and collaborators to avoid errors in data management.
Identification and Authentication System: to give access only to the necessary data and to the specific profile that uses them.
Notification of breaches of personal data security
In the event of a breach of security of personal data, provided that such security breach is not unlikely to constitute a risk to the rights and freedoms of natural persons, TOSCARIA shall notify the Spanish Data Protection Agency within 72 hours of becoming aware of the incident, describing the nature of the breach, the possible consequences that may arise and the measures taken or proposed to remedy the security breach; and if possible, the categories and approximate number of data subjects and data affected shall be made known.
In addition, TOSCARIA shall notify data subjects as soon as possible when the personal data security breach is likely to result in a high risk to the rights and freedoms of natural persons, describing the possible consequences that may arise and the measures taken or proposed to be taken to remedy the security breach.
How long do we keep the data?
Personal data provided to TOSCARIA will be deleted after the relevant period for the exercise of claims has elapsed. In cases where the processing is based on the consent of the data subject, the data will be kept until the data subject requests its deletion or cancellation, or withdraws his or her consent, or until it is no longer necessary for the purpose for which it was collected.
As a user, you should be aware that we use Internet tools and platforms that install cookies that do not depend on us, so it is possible that the owners of these tools use such data for other uses, for which we are not responsible.
For this reason, it is advisable to read the Cookies policy to know which cookies are our own, which are from third parties, which are permanent, temporary or session cookies; and you can decide to uninstall the ones you consider appropriate, as this will not affect the result, comfort or browsing experience.
Privacy of minors
Following the instructions of the Spanish Data Protection Agency, minors under 14 years of age should not provide their personal data to TOSCARIA without the prior consent of their parents or guardians. With the publication of the European General Data Protection Regulation, the age of consent for the transfer of personal data is set at between 16 and 13 years of age, which is currently undefined.
In the event that TOSCARIA detects users who may be under 16 years of age, it reserves the right to request a copy of their ID card or equivalent document, or, where appropriate, the authorisation of their parents or guardians, causing their cancellation in the event of failure to prove compliance with this requirement or lack of response.
Responsibility of the user
As a user, you accept and guarantee that the personal data you provide are truthful, and you are solely responsible for any direct or indirect damage or harm that may be caused to TOSCARIA as the party responsible for this website or to third parties if you fill in any form with false data or data from third parties, causing deceit, damage or harm.
Please inform us of any changes that may occur in the data provided by sending an email to firstname.lastname@example.org.
TOSCARIA stores the user’s personal data on secure servers, protected against the most common types of attacks and located in Spain. However, and given that there is no invulnerable technology, the user must also put the means at their disposal to maintain the level of security of their data, by using strong passwords, periodically changing their passwords, avoiding using the same password in different accounts, as well as avoiding taking note of them in any physical or unencrypted format.
Prohibition for users to pass on data to third parties
TOSCARIA expressly prohibits users from sharing, providing or transferring to third parties any third party data that they may obtain as a result of contact, interaction or browsing or consultation through this website, unless they can prove the express authorisation of the user whose data they intend to transfer. We remind you that images are considered protected data and therefore no one may use them without the express consent of the person who appears in them.
As a user, you acknowledge your responsibility and undertake to hold TOSCARIA harmless against any possible claim, penalty, fine or sanction that you may be obliged to bear as a result of the user’s failure to comply with the aforementioned duty.
Applicable legislation and jurisdiction
TOSCARIA is based in Spain, specifically in the city of A Coruña, and is therefore bound by Spanish and European laws on Data Protection.
Therefore, the user accepts that claims or complaints against TOSCARIA arising from or related to the use of this website and more specifically to the processing of his/her personal data will be resolved by the court of competent jurisdiction located in A Coruña.
If you are accessing this site from a location outside Spain, you are responsible for complying with all applicable local and international laws.