1. Who is responsible for processing your personal data?
Responsible for processing: CENTRAL BAR, S.A. c/ Gaspar Fàbregas 81, 3rd Floor – 08950- Esplugues de Llobregat
2. For what purposes will we continue processing your personal data?
We process the personal data of our contacts, clients and suppliers for the purpose of managing the commercial relationship with our organization and, in particular, for contractual issues, sending information about our organization and the sector, organizing activities, campaigns and events, and sending informative and commercial messages (also via email)
3. How long will we keep your personal data for?
Your personal data will be kept for a period of six (6) years, in compliance with the accounting regulations in force and, where relevant, for ten years (10), in line with the regulations on preventing money laundering.
In all eventualities, CENTRAL BAR, S.A. will keep your personal data while they are needed to fulfill the contractual relationship. Furthermore, they will be kept for the time needed to comply with the pertinent legal obligations in each case, depending on the type of data.
4. What is the legal basis for processing your personal data?
The legal basis for processing the data is the mutual interest and the user’s consent.
5. Who will be the recipients of your personal data?
The data will only be transfered to organizations that form part of the same group or are linked to CENTRAL BAR, S.A. in the area of managing their products and/or services for the aforementioned purposes, and to the competent Public Administrations, where enforced by current regulations.
The employees of CENTRAL BAR, S.A., who have authorized right of access in accordance with the internal security structure of CENTRAL BAR, S.A., can access your data for the reasons outlined in this Data Protection Policy. All CENTRAL BAR, S.A. employees have been trained and informed about their responsibilities in this regard, and they have signed the pertinent confidentiality agreement. However, third party organizations whose intervention is required and/or needed to adequately manage the service provision can also access their data.
CENTRAL BAR, S.A. has signed contracts or contractual agreements and security measures with third parties to guarantee an acceptable level of data security and protection.
6. What are your rights with regards to their personal data?
You may exercise your rights of access, rectification, deletion, portability, and limitation and opposition to the processing of your data at any time
. You can withdraw your consent to send commercial messages and exercise the aforementioned rights by sending an email to firstname.lastname@example.org, providing documentary accreditation of your identity, or you can use the option to stop receiving messages from us, which you will find on our emails.
If you do not receive a satisfactory response from us and you would like to make a claim or obtain more information about any of these rights, you can contact the Spanish Data Protection Agency (www.agpd.es).
7. What type of personal information is stored?
Basic identification and related data is stored for the purposes of sending suggestions and commercial information, and creating invoices, such as name and surname, delivery address, National Identity Number (NIF)/Tax Number (CIF), and bank account number, if the client wants to pay by direct debit.
8. What is the data storage/ availability/ backups policy and its location?
No information is eliminated unless its deletion has been requested by the user and there is a relevant reason for doing so (see point 3). This option is always available, although it can be blocked by informative mailings of a marketing/commercial nature, if the user has exercised their rights of deletion, or limitation or opposition to the processing of the data.
Security copies of the servers containing the data are made, and duly monitored and kept.
9. What is the Privacy and Security Policy of the information and its access?
Access to the database is protected by the user and the password.
Regarding authorized remote access, this is carried out following the VPN protocol.
10. What is the Policy in response to security incidents and the analysis of their impact?
CENTRAL BAR, S.A. has adopted appropriate technical and organizational protection measures and they have been applied to the data affected by the potential security breach of the personal data. There is no access to the client/user data for those not authorized to do so.
CENTRAL BAR, S.A. has carried out and upkeeps a risk analysis of the vulnerability of the personal data and its impact, where applicable, on client/user security and privacy.
11. What is the Deletion Policy for service termination?
CENTRAL BAR, S.A. deactivates their databases for sending information, in addition to the client/user accounts of those who wish to terminate the service and have exercised their right of deletion. In this case, the client/user data will be blocked and kept for the regulated time period, and solely to comply with the legal obligations that justify the prior relationship between the parties.
12. Who is Responsible for Security regarding data protection?
CENTRAL BAR, S.A. is not under any legal obligation to designate a Data Protection Delegate (DPD), according to current legislation.
Should CENTRAL BAR, S.A. identify a security breach that affects one or more users, they will be notified of it as quickly as possible. If the risk and breach is serious, the competent authority will also be notified.