In accordance with the provisions of the current regulations on personal data protection, we provide you with the following information:

1. INFORMATION TO THE INTERESTED PARTY AND/OR USER

Smartfix, Tecnología e Innovación, S.L. provides you with this privacy policy to inform you, in detail, about how personal data that you as a data subject and/or user provide or have provided, through any means (website, email, telephone, in person, online or paper forms, etc.), are or will be treated.

Smartfix, Tecnología e Innovación, S.L. has adopted all technical and organizational measures necessary to ensure the confidentiality, integrity, availability and resilience of the personal data in its custody.

Responsibility of the interested party and/or user
By providing your data, you as the interested party and/or user (hereinafter the Interested Party), guarantee that you are over 18 years of age and that the data provided to Smartfix, Tecnología e Innovación, S.L. are true, accurate, complete and up to date. To this end, the Interested Party confirms that he/she is responsible for the veracity of the data provided and that he/she will keep such information conveniently updated, so that it corresponds to his/her real situation, being responsible for any false or inaccurate data that he/she may provide, as well as for any damages, direct or indirect, that may result from it.

2. PERSON IN CHARGE OF THE TREATMENT

Identity: Smartfix, Tecnología e Innovación, S.L.
NIF: B71367197
Postal address: Pol. Ind. Las Labradas – C/ Comunidad Foral de Navarra, 5 – 35100 Tudela (Navarra)
Telephone: 948 848 892
E-mail: info@smartfixsl.com

3. PURPOSES, STORAGE PERIODS AND LEGITIMACY OF THE PROCESSING OPERATIONS

Smartfix, Tecnología e Innovación, S.L., as Data Controller ofthe personal data of the Interested Party, as well as those that may be provided in the future, informs you that these data will be treated in accordance with the provisions of current regulations on personal data protection, so you are provided with the following information about each of the treatments carried out by Smartfix, Tecnología e Innovación, S.L.:

CONTACT / INQUIRIES

• Purpose of processing: to respond and follow up on queries, requests for information, suggestions and complaints, as well as to maintain contact with those who have shown interest in the company, its products or services.
• Data retention criteria: data will be retained for the time necessary to process and respond to the query.
• Legitimation for data processing: RGPD: 6.1.f) the legal basis for data processing is based on the Legitimate Interest of the Data Controller to attend and respond to communications or
  requests received.

PROFORMA INVOICES / QUOTATIONS

• Purpose of the treatment: the preparation and delivery of pro forma invoices and/or estimates requested by the Interested Parties, as well as to be able to follow up on them by telephone, telematically or in person.
• Data retention criteria: data will be retained for as long as there is a mutual interest in doing so, or the data subject requests its deletion.
• Legitimacy for data processing: the processing is necessary for the implementation at the request of the Data Subject of pre-contractual measures (RGPD: 6.1.b), as well as the processing necessary for the satisfaction of the Legitimate Interest of the Controller to prepare and follow up the budgets requested by the
  data subject (RGPD: 6.1.f).

USER REGISTRATION

• Purpose of processing: the management of users and to manage and enable the use of the various services offered on the website and / or through the App. of the Data Controller.
• Data retention criteria: data will be kept in the system indefinitely as long as the data subject does not request its deletion.
• Legitimation for data processing: RGPD: 6.1.a) the legal basis for data processing is the consent provided by the Data Subject at the time of providing their data.

CUSTOMERS

• Purpose of processing: customer management, maintenance of contractual and/or commercial relationships with them, manage the contracting of products and/or services, as well as for administrative management (billing, collections, etc.), accounting and tax management of the company and for compliance with the legal obligations that all this implies.
  Also to establish contact with people who provide services in a legal entity (company, organization, etc.), as well as with individual entrepreneurs and liberal professionals, in order to establish or maintain relationships of a business nature (“business to business”, B2B) with them.
• Data retention criteria: data will be retained for as long as the contractual and/or commercial relations between both parties are maintained and their deletion is not requested and, in the event of doing so, for the time provided for by the regulations in force (tax, commercial, etc.) regarding the statute of limitations of responsibilities.
• Legitimation for data processing: RGPD: 6.1.b) the legal basis for the processing of data is the execution and maintenance of contractual and/or commercial relations between both parties, as well as compliance with legal obligations (tax, commercial, etc.) that all this implies. The processing of contact data of a professional nature for business relationships is legitimized by the Legitimate Interest of the Controller in order to contact, establish and/or maintain business relationships with the legal entity in which the Interested Party provides its services, as well as with individual entrepreneurs and liberal professionals (RGPD: 6.1.f and LOPDGDD: 19).

SENDING COMMERCIAL COMMUNICATIONS

• Purpose of processing: to send commercial information by any means, postal or electronic, about products and/or services related to mechanical fastening systems (painted rivets, flower and extra long flower) and other information of the Data Controller that may be of interest to the Data Subject (events, activities, etc.).
• Data retention criteria: the data will be kept in the system indefinitely as long as the data subject does not request its deletion and, in case of deletion, for the time necessary for the statute of limitations of responsibilities.
• Legitimation for data processing: the sending of commercial information to customers is based on the legitimate interest of the Data Controller to send commercial communications about products or services similar to those contracted and thus achieve their loyalty (Art. 6.1.f of the RGPD). The processing may also be legitimized by the consent provided by the Data Subject (Art. 6.1.a of the GDPR). However, in either case, the Data Subject has the right to object to this processing and to withdraw consent, and may do so by any of the means described in this document. The exercise of these rights shall in no case affect the maintenance of business relationships and data processing carried out prior to the exercise of these rights shall not lose its lawfulness.

SUPPLIERS

• Purpose of processing: management of suppliers, maintenance of contractual and/or commercial relations with them, as well as administrative (billing, collections, etc.), accounting and tax management of the company and for compliance with the legal obligations that all this implies. Also to be able to establish contact with people who provide services in a legal entity (company, organization, etc.), as well as with individual entrepreneurs and liberal professionals, in order to establish or maintain business-to-business (B2B) relations with them.
• Data retention criteria: data will be retained for as long as the contractual and/or commercial relations between both parties are maintained and their deletion is not requested and, in the event of doing so, for the time provided for by the regulations in force (tax, commercial, etc.) regarding the statute of limitations of responsibilities.
• Legitimation for data processing: RGPD: 6.1.b) the legal basis for the processing of data is the execution and maintenance of contractual and/or commercial relations between both parties, as well as compliance with legal obligations (tax, commercial, etc.) that all this implies. The processing of contact data of a professional nature for business relationships is legitimized by the Legitimate Interest of the Controller in order to contact, establish and/or maintain business relationships with the legal entity in which the Interested Party provides its services, as well as with individual entrepreneurs and liberal professionals (RGPD: 6.1.f and LOPDGDD: 19).

4. DATA COMMUNICATION

In general, personal data will not be communicated to third parties, except in cases where there is a legal obligation or where it is necessary for the provision of services or for the maintenance and development of relations, such as, but not limited to:

• Public Administrations, Judges and Courts, for the fulfillment of legal obligations, as well as for the attention of possible responsibilities derived from the applicable regulations.
• Financial/banking entities, for the management of collections and payments.
• Payment Service Providers, for the management of collections and payments (Mastercard, VISA, PayPal, etc.).
• Transportation companies, for the delivery and/or collection of products.
• Service providers contracted by the Controller, who will have the status of Data Processor.

Although it is not a transfer of data, in order to carry out some of the treatments indicated or to provide you with a service, it may be that third party companies, acting as Data Processors (our suppliers), access your information to carry out the aforementioned treatment or service. These persons in charge access your data following our instructions and without being able to use them for a different purpose and maintaining the strictest confidentiality.

International transfers
Smartfix, Tecnología e Innovación, S.L. does not plan to make international transfers of your data to countries outside the European Economic Area (EEA). In those cases where it is necessary, they will only be made to recipients that are located in a country, a territory or one or more specific sectors of that country or international organization that has been declared adequate level of protection by the European Commission; or are under the “EU-US Data Privacy Framework” agreement; or that are covered by any of the appropriate safeguards provided for in Article 46.2 of Regulation (EU) 2016/679.

5. RIGHTS OF THE INTERESTED PARTIES

Any person has the right to obtain confirmation as to whether or not the Data Controller is processing personal data concerning him/her, as well as to withdraw, at any time, any consent he/she may have given for any specific purpose, without affecting the lawfulness of the processing based on the consent prior to its withdrawal.

Data protection regulations allow you to exercise your rights of access, rectification, deletion and portability of data and opposition and limitation to their processing, as well as not to be subject to decisions based solely on the automated processing of your data, where applicable. These rights are characterized by the following:

• It is free of charge, except in the case of manifestly unfounded or excessive requests (e.g. repetitive nature), in which case the Data Controller may charge a fee proportional to the administrative costs incurred or refuse to act.
• You may exercise your rights directly or through your legal representative or volunteer.
• We must respond to your request within one month, although, taking into account the complexity and number of requests, the deadline may be extended by an additional two months.
• We are required to inform you about the means to exercise these rights, which must be accessible and we may not deny you the exercise of the right solely because you choose another means. If the request is submitted electronically, the information will be provided electronically whenever possible, unless you ask us to do otherwise.
• If the Data Controller does not comply with the request, he/she will inform you, within one month at the latest, of the reasons for his/her inaction and the possibility to complain to a Supervisory Authority.

How to practice these rights?
Interested parties may practice their rights by sending a written communication to the postal or e-mail address of the Data Controller, indicating in the reference “EXERCISE OF DPA RIGHTS”, including: request in which the request is specified, address for notification purposes, date and signature. Upon request, we will provide you with the forms to exercise these rights, indicating which right you wish to exercise.

Likewise, and especially if you consider that you have not obtained full satisfaction in the practice of your rights, we inform you that you may file a complaint with the National Control Authority by contacting the Spanish Data Protection Agency, C/ Jorge Juan, 6 – 28001 Madrid.

6. SOCIAL NETWORKS

Smartfix, Tecnología e Innovación, S.L. uses social networks and this is another way to reach you. The information collected through the messages and communications you post may contain personal information that is available online and accessible to the public. These social networks have their own privacy policies, which explain how they use and share your information, so we recommend that you consult them before using them to confirm that you agree with the way in which your information is collected, treated and shared.

The processing of data of persons who become followers and/or make any link or connection action through the social networks of the official pages of the Data Controller shall be governed by this privacy policy and by the privacy policies of the social networks themselves. The Data Controller will process your data for the purposes of properly managing your presence in the relevant social network, sending personal and individual messages through the social network channels, informing you of activities, products and/or services of the Data Controller, or third parties that may be related to our activity, as well as any other treatment that the regulations of the social networks may allow.

7. COOKIES

In general, if you browse the internet you can accept or reject cookies from the configuration options of your browser. This website may use cookies and other similar technologies such as local shared objects, flash cookies or pixels, which are small files that some platforms, such as web pages, can install on the user’s equipment (computer, tablet, smartphone, etc.).
Its functions can be very varied: store browsing preferences, collect statistical information, enable certain technical functionalities, store information about browsing habits of the user or their equipment, etc.
Cookies are useful for several reasons. From a technical point of view, they allow web pages to work in a more agile and adapted to the user’s preferences, such as storing your language or the currency of your country, etc.. In addition, they help those responsible for the treatment of websites to improve their services and make more efficient advertising displayed on them, thanks to the statistical information or habits collected through them.
For the installation and use of certain cookies is necessary to obtain the informed consent of users. Cookies that require the user’s consent are, among others, analytical, advertising and affiliation cookies, with the exception of those of a technical nature and those necessary for the operation of the website or the provision of services expressly requested by the user.
The user has the ability to configure your browser to be alerted of the receipt of cookies and to prevent their installation on your computer. Please refer to your browser instructions for more information. For more information about cookies, please consult our Cookies Policy.

8. OBLIGATORY OR OPTIONAL NATURE OF THE INFORMATION PROVIDED BY THE INTERESTED PARTY

The Interested Party, by checking the corresponding boxes and entering data in the fields marked as mandatory in the various forms, expressly and freely and unequivocally accept that their data are necessary to meet their request by the Data Controller, being voluntary the inclusion of information in the remaining fields.
If all the mandatory data are not provided, the corresponding treatments of the same cannot be carried out and therefore the requests, contracts, or applications made by the Interested Party cannot be met.

The Interested Party guarantees that the personal data provided are truthful and is responsible for communicating any changes to them.

9. SECURITY MEASURES

Smartfix, Tecnología e Innovación, S.L. is committed to protect your personal information: Using physical, organizational and technological measures, controls and procedures, reasonably reliable and effective, aimed at preserving the integrity and security of your data and ensure your privacy.
In addition, all staff with access to personal data have been trained and are aware of their obligations in relation to the processing of your personal data.

In the case of the contracts we sign with suppliers, we include clauses requiring them to maintain the duty of secrecy regarding the personal data to which they have had access by virtue of the assignment, as well as to implement the necessary technical and organizational security measures to guarantee the confidentiality, integrity, availability and permanent resilience of the systems and services for the processing of personal data.
All these security measures are reviewed periodically to ensure their adequacy and effectiveness.
However, absolute security cannot be guaranteed and no security system is impenetrable. Therefore, in the event that any information under our control and subject to processing is compromised as a result of a security breach, we will take appropriate steps to investigate the incident, notify the Supervisory Authority and, where appropriate, those Stakeholders who may have been affected to take appropriate action.