Privacy policy

Data controller: Identity: Cudeman, S.A. Tax ID (CIF): A02066983 and postal address: P.I. Campollano, C/B Nº 98. CP:02007. Albacete. Telephone: 967242910 Email: cudeman@cudeman.com. DPO/SECURITY OFFICER contact: cudeman@cudeman.com

 

The Management / Governing Body of Cudeman, S.A. (hereinafter, the data controller) assumes the highest level of responsibility for, and commitment to, the establishment, implementation and maintenance of this Data Protection Policy, ensuring the continuous improvement of the data controller with the aim of achieving excellence in compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJEU L 119/1, 04-05-2016), and with the Spanish legislation on the protection of personal data (the Organic Law, specific sector legislation and their implementing regulations).

 

The Data Protection Policy of Cudeman, S.A. rests on the principle of proactive accountability, under which the data controller is responsible for compliance with the regulatory and case-law framework governing this Policy, and is able to demonstrate such compliance to the competent supervisory authorities.

 

In this regard, the data controller shall be governed by the following principles, which must serve all of its staff as a guide and frame of reference for the processing of personal data:

 

1. Data protection by design: the data controller shall apply, both at the time the means of processing are determined and at the time of the processing itself, appropriate technical and organisational measures, such as pseudonymisation, designed to implement data protection principles effectively, such as data minimisation, and to integrate the necessary safeguards into the processing.

 

2. Data protection by default: the data controller shall apply appropriate technical and organisational measures to ensure that, by default, only personal data that are necessary for each specific purpose of the processing are processed.

 

3. Data protection throughout the information life cycle: the measures ensuring the protection of personal data shall apply throughout the entire life cycle of the information.

 

4. Lawfulness, fairness and transparency: personal data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject.

 

5. Purpose limitation: personal data shall be collected for specified, explicit and legitimate purposes and shall not be further processed in a manner incompatible with those purposes.

 

6. Data minimisation: personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.

 

7. Accuracy: personal data shall be accurate and, where necessary, kept up to date; every reasonable step shall be taken to ensure that personal data that are inaccurate with regard to the purposes for which they are processed are erased or rectified without delay.

 

8. Storage limitation: personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes of the processing of the personal data.

 

9. Integrity and confidentiality: personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, through the application of appropriate technical or organisational measures.

 

10. Information and training: one of the keys to ensuring the protection of personal data is the training and information provided to the staff involved in processing them. Throughout the information life cycle, all staff with access to the data shall be appropriately trained and informed about their obligations in relation to compliance with data protection legislation.

 

11. Exercise of rights: You have the right to exercise, at any time, your rights of access, rectification, erasure, objection, the right to be forgotten and the right to data portability, by writing to: Cudeman, S.A., with address at P.I. Campollano, C/B Nº 98. CP:02007. Albacete, or cudeman@cudeman.com, enclosing a photocopy of your identity document. In addition, you may exercise your rights before the Supervisory Authority by contacting the AGENCIA ESPAÑOLA DE PROTECCIÓN DE DATOS (Spanish Data Protection Agency). CALLE JORGE JUAN, N16. CP: 28001- MADRID. The Data Protection Policy of Cudeman, S.A. is communicated to all staff of the data controller and made available to all interested parties.

 

Consequently, this Data Protection Policy involves all staff of the data controller, who must be aware of it and embrace it, treating it as their own, with each member being responsible for applying it and for verifying the data protection rules applicable to their activity, as well as for identifying and contributing any improvement opportunities they consider appropriate with the aim of achieving excellence in compliance with it.

 

This Policy shall be reviewed by the Management / Governing Body of Cudeman, S.A. as many times as deemed necessary in order to remain, at all times, in line with the provisions in force regarding the protection of personal data.

 

What personal data do we need?

 

From the moment you contact Cudeman, S.A., whether because you request information about our products or services or because you wish to become our customer, we need to process your personal data. As a general rule, we will need to process your identification, contact and location data, and other data necessary to carry out the purposes described to you in this clause.

 

The data we request from you are mandatory, so refusing to provide or disclose them, where this proves necessary, would make it impossible for us to provide the services you have requested or contracted. Likewise, your personal data must be truthful, complete, accurate and up to date, so any change to them must be communicated without delay. We inform you that Cudeman, S.A. will use your mobile telephone numbers, email and address to inform you about any matter related to the contracted service.

 

How do we obtain your personal data?

 

You will have provided them directly, or we will have accessed them as a result of your enquiries, requests or purchases of Cudeman, S.A. products and services.

 

Who is the controller of your personal data?

 

Cudeman, S.A., with Tax ID (CIF): A02066983 and postal address: P.I. Campollano, C/B Nº 98. CP:02007. Albacete. Telephone: 967242910 Email: cudeman@cudeman.com.

 

For what purposes do we process your personal data, and on what basis do we do so?

 

We process your identification and contact data for the purpose of invoicing the services/products contracted or responding to the questions you raise through our contact and comment forms. Cudeman, S.A. will not need to access data of minors or other specially protected data, unless they are necessary due to the type of products or services you wish to contract with Cudeman, S.A. The processing of these data is necessary to handle your request for information or, where applicable, for the necessary management of the requested purchase and the provision of the corresponding services. For how long will we keep your personal data? We will keep your data for as long as the purpose for which they were collected remains in place. When they are no longer necessary for that purpose, we will keep blocked those data that may be required during the legally established periods to address any matter relating to their processing, remaining at the exclusive disposal of Judges and Courts, the Public Prosecutor's Office or the competent Public Administrations. Once that period has elapsed, Cudeman, S.A. will proceed to erase your data.

 

On what basis do we process your data?

 

We rely on the provisions of Article 6 of the GDPR.

 

With whom do we share your personal data?

 

Your data will be disclosed or communicated to third-party companies or service providers in all those cases where this is necessary for the performance, fulfilment and monitoring of the provision of the requested service, or where a legal obligation exists. In this regard, your data may be disclosed, without limitation or exclusion, to bodies of the Public Administration where such disclosure is necessary for the provision of services arising from the commercial relationship.

 

Will international data transfers take place?

 

No international transfers will take place.

 

What security measures do we use?

 

The personal data communicated by the user to the website may be stored in automated or non-automated databases owned exclusively by the website, which assumes all technical, organisational and security measures that guarantee the confidentiality, integrity and quality of the information contained therein, in accordance with the provisions of the data protection legislation in force.

 

Communication between users and the website uses a secure channel, and the data transmitted are encrypted using HTTPS protocols. We therefore guarantee the best security conditions so that the confidentiality of users is assured.

 

What rights do you have when providing your data, and how can you exercise them?

 

Together with the right to be informed of the manner in which we are doing so in this clause, you have the following rights:

 

  • Right of access, to know which of your data are being processed, for what purposes, their origin, and whether we communicate or have communicated them to third parties;
  • Right of rectification of your data where they are incomplete or inaccurate;
  • Right of erasure of your data if the purpose for which you provided them no longer exists, the processing is not lawful, or you withdraw your consent, and in the other cases provided for by law;
  • Right to object, to prevent us from processing your data for certain purposes, or to request that we stop doing so, although this is only possible in the cases established by law;
  • Right to request the restriction of processing while the contesting of the accuracy of your data is being verified, or where you consider that the processing is unlawful and you object to the
    erasure of the data, or Cudeman, S.A. no longer needs the data but you need them for the establishment, exercise or defence of legal claims, or you have objected to the processing of
    the data for the satisfaction of a legitimate interest while the existence of that interest and its precedence over yours is being verified;
  • Right to data portability, to receive your data in a structured, commonly used electronic format and to be able to transmit them to another controller;
  • Right not to be subject to automated individual decision-making, so that we do not make a decision about you based solely on the processing of your data which produces legal effects in your personal sphere or similarly affects you.

 

To exercise any of these rights, you may write to: Cudeman, S.A., with address at P.I. Campollano, C/B Nº 98. CP:02007. Albacete, or cudeman@cudeman.com, enclosing a photocopy of your identity document. In addition, you may exercise your rights before the Supervisory Authority by contacting the AGENCIA ESPAÑOLA DE PROTECCIÓN DE DATOS (Spanish Data Protection Agency). CALLE JORGE JUAN, Nº16. CP: 28001- MADRID.