Privacy Policy

1.- PRIVACY POLICY OBJECTIVE

The present "Privacy and Data Protection Policy" aims to publicize the conditions that govern the collection and process the persons of which personal data comply with the current regulations and laws that regulate the protection of personal data according to the European Union and the Spanish Member State and, specifically, those expressed in the “Treatment Activities” section of this policy of this policy Privacy.

For all of which, in this policy of privacy and data protection, website users https://www.mykonesceramica.com/ of all details of their interest regarding how these processes are carried out, with what purposes, with what purposes, with what purposes , that other entities could have access to their data and what are the rights of users.

2.- Definitions

«Personal data»: all information about a natural person identified or identifiable (“the user of the website”); Any person whose identity can be determined, directly or indirectly, in particular through an identifier, such as a name, an identification number, location data, an online identifier or one or several elements of identity, will be considered identifiable. Physiological, genetic, psychic, economic, cultural or social of that person.

«Treatment»: any operation or set of operations on personal data or sets of personal data, either by automated procedures or not, such as the collection, registration, organization, structuring, conservation, adaptation or modification, extraction, consultation, use, use, use, Communication by transmission, dissemination or any other form of access, comparison or interconnection, limitation, suppression or destruction.

«Treatment limitation»: the marking of personal data preserved in order to limit their treatment in the future.

«Preparation of profiles»: all forms of automated treatment of personal data consisting of using personal data to evaluate certain personal aspects of a natural person, in particular to analyze or predict aspects related to professional performance, economic situation, health, personal preferences, interests, interests , reliability, behavior, location or movements of said natural person.

«Pseudonymization»: The processing of personal data in such a way that they can no longer be attributed to an interested party without using additional information, provided that such additional information appears separately and is subject to technical and organizational measures aimed at ensuring that personal data is not attribute to a natural person identified or identifiable.

«File»: Any structured set of personal data, accessible according to certain criteria, whether centralized, decentralized or distributed functionally or geographically.

Responsible for the treatment or "responsible": the natural or legal person, public authority, service or other organism that, alone or together with others, determines the ends and means of treatment; If the right of the Union or of the Member States determines the aims and means of the treatment, the person responsible for the treatment or the specific criteria for their appointment may establish them the right of the Union or of the Member States.

«In charge of the treatment» or «in charge»: the natural or legal person, public authority, service or other organism that deals personal data on behalf of the treatment.

«Recipient»: The natural or legal person, public authority, service or other organism to which personal data is communicated or not of a third party. However, public authorities that may receive personal data will not be considered recipients within the framework of a specific investigation in accordance with the right of the Union or of the Member States; The processing of such data by these public authorities will be in accordance with the rules in the field of data protection applicable to the purposes of treatment.

«Third»: natural or legal person, public authority, service or organism other than the interested party, the person in charge of the treatment, the person in charge of the treatment and of the people authorized to deal with personal data under the direct authority of the person in charge or of the person in charge.

«Consent of the interested party»: Any manifestation of free, specific, informed and unequivocal will for which the interested party accepts, either through a declaration or a clear affirmative action, the processing of personal data that concerns him.

«Violation of the security of personal data»: any violation of the security that causes the accidental or illegal destruction or alteration of personal data transmitted, preserved or treated in another way, or the communication or access not authorized to said data;

«Genetic data»: Personal data related to the genetic characteristics inherited or acquired from a natural person that provide unique information about the physiology or health of that person, obtained in particular from the analysis of a biological sample of such a person.

«Biometric data»: Personal data obtained from a specific technical treatment, related to the physical, physiological or behavioral characteristics of a natural person that allow or confirm the unique identification of said person, such as facial images or dactyloscopic data.

«Data related to health»: Personal data related to the physical or mental health of a natural person, including the provision of health care services, that reveal information about their state of health.

«Main establishment»: a) Regarding a person responsible for the treatment with establishments in more than one Member State, the place of its central administration in the Union, unless decisions about the purposes and means of the treatment are taken in another establishment of the person in charge in the Union and this last establishment has the power to apply such decisions, in which case the establishment that such decisions has been adopted will be considered main establishment; b) Regarding an person in charge of treatment with establishments in more than one Member State, the place of its central administration in the Union or, if it lacked, the establishment of the person in charge in the Union in which the Main treatment activities in the context of the activities of an establishment of the person in charge to the extent that the person in charge is subject to specific obligations in accordance with the present regulations.

«Representative»: natural or legal person established in the Union that, having been designated in writing by the person responsible or the person in charge of the treatment in accordance with article 27 of the GDPR, represents the person in charge or the person in charge of their respective obligations in virtue of this regulation.

«Company»: natural or legal person dedicated to an economic activity, regardless of their legal form, including societies or associations that regularly perform economic activity.

«Control Authority»: The independent public authority established by a Member State in accordance with the provisions of article 51 of the GDPR. In the case of Spain is the Spanish Agency for Data Protection.

«Cross -border treatment»: a) the processing of personal data carried out in the context of the activities of establishments in more than one member state of a person in charge or an person in charge of the treatment in the Union, if the person in charge or the person in charge is established in more than a Member State, or b) the processing of personal data carried out in the context of the activities of a single establishment of a person in charge or an person in charge of the Union, but that substantially affects or is probable that it substantially affects interested in more than one more than one Member state.

«Service of the Information Society»: Any service of the Information Society, that is, all service normally provided in exchange for remuneration, at a distance, electronically and at the individual request of a service recipient.

3.- Identity of the person in charge of the treatment

The person responsible for the processing of data is that natural or legal person, of a public or private nature, or administrative body, which only or together with others determines the aims and means of the processing of personal data; In the event that the purposes and means of the treatment are determined by the right of the European Union or the Spanish Member State.

In the aspects expressed in this data protection policy, the identity and contact data of the person in charge of the treatment is:

MIKONOS MOSAIC S.L. - CIF B12915211

Pol. Ind. El Colomer, C/ Melilla, 1. 12200, Wave (Castellón), Spain

E-mail: mykonos@mykonosceramica.com

Telephone: 964914091

4.- Applicable laws and regulations

This Data Privacy and Protection Policy is developed based on the following regulations and data protection laws:

Regulation (EU) 2016/679 of the European Parliament and the Council, of April 27, 2016, regarding the protection of natural persons in regard to the processing of personal data and the free movement of these data. Hereinafter RGPD.
Organic Law 3/2018, of December 5 on the Protection of Personal Data and guarantee of digital rights. From now on LOPD/GDD.
Law 34/2002, of July 11, on the services of the Information Society and Electronic Commerce. Hereinafter LSSICE.

5.- Principles applicable to the processing of personal data

The personal data collected and treated through this website will be treated in accordance with the following principles:

Principle of legality, loyalty and transparency: All personal data processing made through this website will be lawful and loyal, being totally clear for the user when they are being collected, using, consulting or treating the personal data that concerns it. The information related to the treatments carried out will be transmitted prior, easily accessible and easy to understand, in a simple and clear language.
Principle of limitation of the purpose: All data will be collected for determined, explicit and legitimate purposes, and will not be treated incompatible with the purposes for which they were collected.
Data minimization principle: The data collected will be adequate, relevant and limited to what is necessary in relation to the purposes for which they are treated.
Principle of accuracy: the data will be exact and, if necessary, updated, adopting all reasonable measures so that the personal data that are inaccurate with respect to the purposes for which they are treated are suppressed or rectified without delay.
Principle of limitation of the conservation period: the data will be maintained so that the identification of the interested parties is allowed for no more time than necessary for the purposes of the process of personal data.
Principle of integrity and confidentiality: the data will be treated so that adequate security of personal data is guaranteed, including protection against unauthorized or illicit treatment and against their accidental loss or damage, by applying appropriate technical and organizational measures .
Principle of proactive responsibility: The entity that owns the website will be responsible for compliance with the principles set forth in this section and will be able to demonstrate it.

6.- Data processing activities carried out

Next, data processing activities are detailed by the website specifying each of the following sections:

Activity: Name of data processing activity
Purposes: each of the uses and treatments that are made with the data collected
Legal Base: The legal basis that legitimizes data processing
Treated data: Typology of treated data
Origin: where the data is obtained
Conservation: Period during which data is conserved
Recipients: people or entities that are facilitated by the data
International transfers: cross -border shipments of the data outside the European Union

6.1.- Main treatment activities

These are data treatments whose purposes are necessary and essential for the provision of services.

6.2.- Main treatment activities

These are personal data treatments whose purposes are not essential for the provision of the service and that are only carried out if the user has marked if in the consent for the realization of these activities.

Website
Legal Bases
(Art. 6.1.a RGPD) Consent of the interested party.

Purposes
User registration in the customer area for access to product catalogs;

Respond to consultations received through the contact form

Data and collective categories
Web contacts (identifying data)

Data origin
The interested party or his legal representative

Category of recipients
They are not planned

International transfer
They are not planned

Conservation period
They will be kept while the interested parties maintain their professional position or as long as they do not request their suppression, except when there are legal responsibilities that imply their conservation for broader deadlines.

Security measures
Safety in data availability
- Periodic copies of data on supports
different locations of the original data

Safety in data integrity

- Systems to avoid and detect malicious software (antimalware)
- Registration and access control
- Files or locals
- Safe remote connections
- Cilled communications
- Incident management procedures

Safety in data confidentiality

- Formalization of a self -confidentiality duty with all the parties involved in data life cycles
- Scheduled lock in the equipment
- Data transmission with safety measures
- Team off at the end of the day
- Clean table policy
- Robust, unipersonal user and passwords with periodic change management

OTHER MEASURES

- Periodic audits and technical and organizational risk analysis and analysis
- Hiring an external support service, advice and data protection management
- Appointment of a data protection manager in the organization
- Availability of an IT and compliance department
- Application for guarantees and evidence of regulatory compliance with data protection to service providers hired by the organization

Commercial communications
Legal Bases
(Art. 6.1.a RGPD) Consent of the interested party

Purposes
Marketing, advertising and commercial prospecting

Data and collective categories
Customers (identifying data).

Potential
(Identifying data)

Data origin
The interested party or his legal representative

Category of recipients
They are not planned

International transfer
They are not planned

Conservation period
As long as your suppression is not requested by the interested party

Security measures
Safety in data availability

- Periodic copies of data on supports and different locations of the original data

Safety in data integrity

- Systems to avoid and detect malicious software (antimalware)
- Registration and access control
- Files or locals
- Safe remote connections
- Cilled communications
- Incident management procedures

Safety in data confidentiality

OTHER MEASURES

7.- necessary and updated information

All fields that appear indicated with an asterisk (*) In the website forms will be forced completion, so that the omission of any of them could lead to the impossibility of facilitating the requested services or information.

You must provide true information, so that the information provided is always updated and does not contain errors, you must communicate to the person responsible for the treatment as soon as possible, the modifications and rectifications of your personal data that are produced through an email to the address: mykonos@mykonesceramica.com.

Also, by “click” in the “I accept” (or equivalent) Privacy.

8.- Personal data of minors

In compliance with the provisions of article 8 of the RGPD and article 7 of the LOPD/GDD, only the over 14 years of age may grant their consent for the processing of their personal data lithically by Mykonos.

Therefore, children under 14 years of age will not be able to use the services available through the website without the prior authorization of their parents, tutors or legal representatives, who will be the only ones responsible for all the acts carried out through the website by the minors in charge, including the completion of the telematic forms with the personal data of said minors and the marking, where appropriate, of the boxes that accompany them.

9.- Technical and organizational security measures

The person in charge of the treatment adopts the necessary organizational and technical measures to guarantee the safety and privacy of their data, avoid their alteration, loss, treatment or unauthorized access, depending on the state of technology, the nature of the stored data and the risks to which they are exposed.

Among others, the following measures stand out:

- Ensure confidentiality, integrity, availability and permanent resilience of treatment systems and services.

- Restore availability and access to personal data quickly, in case of physical or technical incident.

- Verify, evaluate and assess, on a regular basis, the effectiveness of the technical and organizational measures implemented to guarantee the security of the treatment.

- Pseudonymize and encrypt personal data, in case it is sensitive data.

On the other hand, the person in charge of the treatment has made the decision is managed the information systems according to the following principles:

- Regulatory compliance principle: All information systems will adjust to the regulatory and sectorial legal application regulations that affect information security, especially those related to the protection of personal data, systems security, data, data , communications and electronic services.

- Risk management principle: risks will be minimized to acceptable levels and seek balance between security controls and the nature of information. The security objectives must be established, be reviewed and consistent with the information security aspects.

- Principle of awareness and training: Training, awareness and awareness campaigns for all users with access to information, in the field of information security will be articulated.

- Principle of proportionality: The implementation of controls that mitigate the safety risks of assets will be carried out seeking balance between security measures, nature and information and risk.

- Principle of Responsibility: All members of the person responsible for the treatment will be responsible for their conduct regarding information security, complying with established standards and controls.

- Principle of continuous improvement: The degree of efficacy of the security controls implemented in the organization will be reviewed recurrently to increase the ability to adapt to the constant evolution of the risk and the technological environment.

10.- Rights of the interested parties

The current data protection regulations protect the user in a series of rights in relation to the use that are given to their data.

Each and every such rights are unipersonal and non -transferable, that is, they can only be carried out by the owner of the data, after verifying their identity.

Next, what are the rights of website users are detailed:

- Right of access: it is the right of the website user to obtain confirmation of whether or not the person in charge of the treatment is dealing with your personal data and, if so, obtain information about your specific data of a personal nature and the treatment that the Responsible for the treatment has done or carry out, as well as, among another, of the information available on the origin of said data and the recipients of the communications made or provided therein.

- Right of rectification: it is the right that the website user has to modify their personal data that turns out to be inaccurate or, taking into account the purposes of the treatment, incomplete.

- Right of suppression: it is usually known as “right to oblivion”, and it is the right that the website user has, provided that current legislation does not establish otherwise, to obtain the suppression of their personal data when they are no longer necessary for the aims for which they were collected or treated; The user has withdrawn his consent to treatment and he does not have another legal basis; The user opposes the treatment and there is no legitimate reason to continue with it; Personal data have been illicitly treated; Personal data has been obtained as a result of a direct offer of services of the Information Society to a child under 14 years. In addition to suppressing the data, the person in charge of the treatment, taking into account the available technology and the cost of its application, will adopt reasonable measures to inform other possible responsible people who are dealing with the personal data of the request of the interested party of suppression of any link to those personal data.

- Right to data limitation: it is the right of the website user to limit the processing of your personal data. The website user has the right to obtain the limitation of treatment when it challenges the accuracy of their personal data; the treatment is illicit; The person in charge of the treatment no longer needs personal data, but the user needs it to make claims; And when the website user has opposed the treatment.

- Right to data portability: in those cases that the treatment is carried out by automated means, the website user will have the right to receive from the person responsible for the treatment of their personal data in a structured format, of common use and mechanical reading, and to transmit them To another person responsible. Provided that it is technically possible, the person in charge of the treatment will directly transmit the data to that other person responsible.

- Right of opposition: it is the right of the user that the treatment of their personal data is not carried out or their treatment is ceased by the person in charge of the treatment.

- Right not to be the object of automated decisions and/or profile development: the right of the website user not to be the object of an individualized decision based solely on the automated treatment of their personal data, including the elaboration of profiles, existing except that except that Current legislation establishes otherwise.

- Right to revoke the consent: it is the right of the user of the website to withdraw, at any time, the consent given for the processing of your data.

The website user can exercise any of the rights mentioned by addressing the person in charge of the treatment and prior identification of the user using the following contact information:

Responsible: Mikonos Mosaic S.L.

Address: Pol. Ind. El Colomer, C/ Melilla, 1. 12200, Wave (Castellón), Spain

Telephone: 964914091

E-mail: mykonos@mykonesceramica.com

Website: https://www.mykonesceramica.com/

11.- Claims before the Control Authority

The user is informed of his right to submit a claim to the Spanish Agency for Data Protection if he considers that an infraction of the legislation on data protection regarding the processing of their personal data has been committed.

Control information of the control authority:

Spanish data protection agency

E-mail: info@aepd.es

Telephone: 91263517

Website: https://www.aepd.es

Address: C/. Jorge Juan, 68001, Madrid (Madrid), Spain

12.- Acceptance and changes in the privacy policy

It is necessary that the website user has read and is in accordance with the data protection conditions contained in this privacy policy, as well as accepting the processing of their personal data so that the person responsible for the treatment can proceed to it in the form, deadlines and purposes indicated.

The person in charge of the treatment reserves the right to modify this Privacy Policy, according to its own criteria, or motivated by a legislative, jurisprudential or doctrinal change of the Spanish Agency for Data Protection. The changes or updates made in this privacy policy that affect the purposes, conservation terms, transfer of data to third parties, international data transfers, as well as any right of the website user, will explicitly communicate to the user.