In terms of data protection, Lipidos Toledo, S.A., should be considered the Data Controller, in relation to the files/processing identified in this policy, specifically in the Data Processing section.
Below are the details identifying the owner of this website:
Person responsible for processing: Lípidos Toledo, S.A.
Postal address: Calle Juan de La Cierva, 331, 45600, Talavera de La Reina, (Toledo).
E-mail address: firstname.lastname@example.org
The personal data requested, in its case, will consist only of those strictly indispensable to identify and attend the request made by the owner of the same, from now on the interested parties. Such information will be treated in a loyal, lawful and transparent manner in relation to the interested parties. On the other hand, personal data will be collected for specific, explicit and legitimate purposes and will not be further processed in a way that is incompatible with those purposes.
The collected data from each individual shall be adequate, relevant and not excessive in relation to the corresponding purposes for each case, and shall be updated whenever necessary.
The owner of the data will be informed, prior to the collection of their data, of the general points regulated in this policy so that they can give their express, precise and unequivocal consent to the processing of their data, in accordance with the following aspects.
Purposes of treatment
The explicit purposes for which each of the processing operations is carried out are set out in the information clauses incorporated into each of the data collection channels (web forms, paper forms, voiceovers or posters and information notes).
Nevertheless, the personal data of the interested party will be treated with the exclusive purpose of providing an effective response and attending to the requests made by the user, specified together with the option, service, form or system of data collection used by the owner.
As a general rule, prior to processing personal data, Lipidos Toledo, S.A. obtains express and unequivocal consent from the owner of the data, by incorporating informed consent clauses into the different information collection systems.
However, in the event that the data subject’s consent is not required, the basis of legitimacy of the processing under which Lípidos Toledo, S.A. operates is the existence of a specific law or regulation authorising or requiring the processing of the data subject’s data.
Target group / Recipients
As a general rule, Lipidos Toledo, S.A. does not proceed to the transfer or communication of data to third parties, except as required by law. However, if necessary, such transfers or communications of data are informed to the interested parties through the clauses of informed consent contained in the various channels of personal data collection.
As a general rule, personal data are always collected directly from the data subject, however, in certain exceptions, data may be collected through third parties, entities or services other than the data subject. In this regard, this will be conveyed to the data subject through the informed consent clauses contained in the different information collection channels and within a reasonable period of time, once the data has been obtained, and no later than one month.
The information collected from the interested party will be kept as long as it is necessary to comply with the purpose for which the personal data were collected, so that, once the purpose has been fulfilled, the data will be cancelled. Such cancellation will result in the blocking of the data, which will be kept only at the disposal of the Public Administrations, Judges and Courts, in order to meet any possible liabilities arising from the processing. Once the aforementioned period has expired, the information will be destroyed.
For information purposes, below are the legal deadlines for the conservation of information in relation to different matters:
|Documentation of a labour or social security-related nature||4 years||Article 21 of Royal Legislative Decree 5/2000, of 4 August, approving the revised text of the Law on Offences and Penalties in Social Order|
|Accounting and tax documentation for commercial purposes||6 years||Art. 30 Trade Code|
|Accounting and tax documentation for tax purposes||
|Articles 66 to 70 General Tax Law|
|Building access control||
|Guide on the use of video cameras for security and other purposes of the AEPD|
Guide on the use of video cameras for security and other purposes of the AEPD
Organic Law 4/1997 of 4 August 1997, regulating the use of video cameras by the security forces in public places
Organic Law 4/2015 of 30 March on the protection of public safety
Rights of the interested parties
The data protection regulations grant a series of rights to interested parties or data owners, website users or users of the social network profiles of Lipidos Toledo, S.A.
The rights of the persons concerned are as follows:
- Right of access: the right to obtain information as to whether their own data are being processed, the purpose of the processing, the categories of data concerned, the recipients or categories of recipients, the retention period and the origin of such data.
- Right of rectification: the right to obtain the rectification of inaccurate or incomplete personal data
- Right of erasure: right to obtain the erasure of data in the following cases:
- Where the data are no longer necessary for the purpose for which they were collected
- When the holder withdraws consent
- Where the data subject objects to the processing
- When they are to be removed in compliance with a legal obligation
- Where the data have been obtained by virtue of an information society service on the basis of Article 8(1) of the European Data Protection Regulation
- Right to object: the right to object to a certain processing operation based on the consent of the data subject.
- Right of limitation: the right to obtain limitation of the processing of data when one of the following conditions is met:
- Where the data subject contests the accuracy of the personal data, for a period enabling the company to verify the accuracy of the data.
- Where the processing is unlawful and the data subject opposes the deletion of the data.
- When the company no longer needs the data for the purposes for which they were collected, but the data subject needs them for the formulation, exercise or defence of claims.
- Where the data subject has objected to the processing while it is being verified whether the legitimate interests of the company prevail over those of the data subject.
- The right of portability: the right to obtain data in a structured, commonly used and machine-readable format and to transfer them to another controller where:
- Processing is based on consent
- Processing is carried out by automated means
- Right to lodge a complaint with the competent supervisory authority
Interested parties may exercise the aforementioned rights by contacting Lipidos Toledo, S.A., by writing to the following address: Calle San Romualdo, 12-14 – 3º 1 28037 Madrid (Madrid), indicating in the Subject line the right they wish to exercise.
In this respect, Lipidos Toledo, S.A. will deal with your request as soon as possible, taking into account the deadlines set out in data protection regulations.
The security measures adopted by Lipidos Toledo, S.A. are those required, in accordance with the provisions of Article 32 of the RGPD. In this respect, Lipidos Toledo, S.A., taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing, as well as the variable risks of probability and seriousness for the rights and freedoms of natural persons, has established the appropriate technical and organisational measures to guarantee the level of security appropriate to the existing risk.
In any case, Lipidos Toledo, S.A. has implemented enough mechanisms to:
- Guarantee the confidentiality, integrity, availability and permanent resilience of the processing systems and services.
- Restore the availability and access to personal data quickly, in the event of a physical or technical incident.
- Verify, evaluate and assess, on a regular basis, the effectiveness of the technical and organizational measures implemented to ensure the security of processing.
- Pseudonymize and encrypt personal data, where appropriate.