APEN CENTRE INFORMÀTIC, SL., informs website users about its policy regarding the processing and protection of personal data of users and customers.

And it guarantees at all times the full and complete compliance with the obligations set out by the regulations on data protection and information society services: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR), Organic Law 3/2018 of 5 December on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD) and Law 34/2002 of 11 July on Information Society Services and Electronic Commerce (LSSICE).

DATA CONTROLLER

APEN CENTRE INFORMÀTIC, SL.
CIF: B60188877
Address: C/ RIBERA DEL CONGOST, 48 – 08520 – LES FRANQUESES DEL VALLES – BARCELONA
Registration details: Barcelona Commercial Registry, Volume 24581, Folio 0197, Page 70711, Registration 1st, Date December 16, 1992.
Telephone: 938606220
Email: info@apen.cat

PURPOSES OF DATA PROCESSING

The data provided by the User is used for various purposes, which are listed below:

Purpose of treatment	Legal basis for processing
Manage inquiries submitted through the inquiry form	Legitimate interest of the Company to respond to information requests through the website. Express consent given at the time of data collection through web forms.
Sending newsletters, commercial communications and promotions.	Consent given expressly at the time of data collection through web forms.
Manage website incidents and maintenance.	Legitimate interest of the Society.

DATA RETENTION PERIOD

Purpose of treatment	Legal basis for processing
Manage inquiries submitted through the inquiry form	We will process your data for as long as necessary to fulfill your request or petition.
Sending newsletters, commercial communications and promotions.	We will process your data until you unsubscribe.
Manage website incidents and maintenance.	We will process your data for the time necessary to comply with the applicable legal limitation periods.

The personal data provided will be kept until the interested party requests its deletion, exercising their rights over the data, and in any case in compliance with legal limitation periods that are applicable to them.

LEGITIMATION

The legal basis for processing personal data is the explicit consent of the data subject or, where applicable, the performance of a contract and/or service. The right to withdraw consent may be exercised at any time without affecting the lawfulness of processing based on consent before its withdrawal.

DATA RECIPIENTS

To fulfill the purposes indicated in this Privacy Policy, it is necessary for us to give access to your personal data to third parties who provide us with support in the services we offer you (Data Processors).

Data processors for the execution of a contract or provision of a service to the Controller, therefore following their instructions at all times and ensuring the same levels of security.

USER RIGHTS

The user has the right to:

• Request access to your personal data that is being processed and receive this information in writing through the requested means.
• Request the rectification of inaccurate personal data or, where appropriate, request its deletion when, among other reasons, the data is no longer necessary for the purpose for which it was collected.
• Request the limitation of the processing of your data.
• To object to the processing of your personal data where appropriate, in which case your data will no longer be processed except for legitimate reasons.
• Right to data portability. The data subject has the right to receive personal data provided in a structured, commonly used and machine-readable format, and to transmit those data to another controller, provided the following requirements are met:

1. The treatment is based on consent or a contract.

2. The treatment is carried out by automated means.

• Right to withdraw consent given.
• Right to file a complaint with the Spanish Data Protection Agency.

The user may exercise the rights indicated above at the postal or electronic address of the Controller, proving their identity with a scanned copy of their ID card or equivalent document, specifying the right they wish to exercise.

DATA SOURCE

Personal data must be provided by the data subject on a completely voluntary basis. Failure to provide certain data or to answer questions posed to the data subject during the registration process or through electronic forms may prevent access to certain services for which this personal data is essential. In such cases, the Data Controller must inform the data subject whether providing the personal data is mandatory or necessary for the service to function.

The Data Controller ensures the confidentiality of your personal data and guarantees its security, adopting the necessary measures to prevent its alteration, loss, unauthorized processing or access.

INFORMATION PROVIDED BY THE INTERESTED PARTY

Children under 14 years of age cannot transfer their personal data without the prior consent of their father/mother and/or legal guardians.

By entering their data in the contact forms or those presented in download forms, the interested party expressly and freely and unequivocally accepts that their data is necessary for the Controller to attend to their request, the inclusion of data in the remaining fields being voluntary.

The interested party guarantees that the personal data provided to the provider is truthful and is responsible for communicating any changes to it.

All data requested through the website is necessary to provide optimal service to the interested party. If all the data is not provided, we cannot guarantee that the information and services provided will be fully tailored to your needs.

SECURITY MEASURES

That in accordance with the provisions of the current regulations on the protection of personal data, the Controller is complying with all the provisions of the GDPR and LOPDGDD regulations for the processing of personal data under its responsibility, and expressly with the principles described in Article 5 of the GDPR and in Article 4 of the LOPDGDD, by which they are processed lawfully, fairly and transparently in relation to the interested party and adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.

The controller guarantees that it has implemented appropriate technical and organizational policies to apply the security measures established by the GDPR and the LOPDGDD to protect the rights and freedoms of the interested party and has communicated to them the appropriate information so that they can exercise them.

SECURITY GAPS

The Data Controller will report any security breach affecting the database used by this website, or affecting any of our third-party services, to each and every person, data of whom may have been affected, and authorities, within 72 hours of detecting the breach.

APPLICABLE LAW AND JURISDICTION

For the resolution of all disputes or issues related to this website or the activities carried out on it, Spanish legislation will apply, to which the parties expressly submit, and the Courts and Tribunals of Barcelona will be competent to resolve all conflicts arising from or related to its use.