Privacy policy
Introduction
This Privacy Policy has been drawn up taking into account the current provisions of the Organic Law on the Protection of Personal Data, as well as Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and their free movement, hereinafter the RGPD.
The purpose of this Privacy Policy is to inform the holders of the personal data collected about the specific aspects relating to their processing, in particular the purposes of the processing, the contact details for exercising their rights, the data retention periods and the security measures implemented.
Data Controller
In terms of data protection, ITER ADVISORS, S.L. is considered the Data Controller for the files and processes identified in this policy, particularly in the section on data processing.
Data controller information :
Data controller: ITER ADVISORS, S.L.
Postal address: Rambla de Catalunya, 14, 6th floor, 08007 Barcelona
E-mail address: contact@iteradvisors.com
Data processing
The personal data requested will only be that which is strictly necessary to identify and respond to the request of the holder, hereinafter the interested party. This information will be processed fairly, lawfully and transparently. Furthermore, the data collected will be used for specific, explicit and legitimate purposes, and will not be further processed in a manner incompatible with these purposes.
The data collected will be adequate, relevant and limited to the purposes for which they are collected, and updated if necessary.
The data subject will be informed, prior to the collection of his/her data, of the general principles governed by this policy in order to give explicit, precise and unequivocal consent for their processing.
Purposes of Processing
The specific purposes of each processing operation are set out in the information clauses included in the various means of data collection (online forms, paper forms, advertisements or information notes).
However, personal data will be used exclusively to provide an effective response to the user's requests, defined according to the service or collection system used.
Legitimization
As a general rule, ITER ADVISORS, S.L. obtains the explicit and unequivocal consent of the data subject prior to any processing of his/her personal data, by means of information clauses incorporated into the various collection systems.
If consent is not required, processing is based on a legal or regulatory basis authorizing or requiring the processing of the data subject's data.
Recipients
In principle, ITER ADVISORS, S.L. does not pass on data to third parties, unless required to do so by law. Should it be necessary to transmit data to third parties, the interested party will be informed through the consent clauses included in the personal data collection systems.
Data origin
Personal data is generally collected directly from the data subject. In some cases, however, personal data may be obtained from third parties or external services. The data subject will be informed of this within a reasonable period of time, and at the latest within one month of collection.
Shelf life
Information will be kept for as long as necessary to achieve the purpose for which it was collected. Once the purpose has been achieved, the data will be deleted.
After deletion, data will be blocked and only accessible to public authorities, judges and courts in the event of legal liability during the limitation period. Once this period has expired, the data will be permanently destroyed.
For information, the legal data retention periods are as follows:
| DOCUMENT | DURATION | REF. LEGAL |
|---|---|---|
| Social and social security documentation | 4 years | Article 21 of Royal Legislative Decree 5/2000, of August 4, approving the consolidated text of the Law on Offences and Sanctions in the Social Order. |
| Accounting and tax documentation for commercial purposes | 6 years | Article 30 of the French Commercial Code |
| Accounting and tax documentation for tax purposes | 4 years | Articles 66 to 70 of the General Tax Law |
| Building access control | 1 month | AEPD Instruction 1/1996 |
| Video surveillance | 1 month | AEPD Instruction 1/2006, Organic Law 4/1997 |
Navigation Data
Navigation data collected via the website will be processed in accordance with applicable regulations. For further information, please consult the Cookies Policy published on the site.
Interested parties' rights
Data protection regulations confer several rights on data subjects:
- Right of access: obtain information on the processing of your data, its purposes, recipients, retention period and origin.
- Right of rectification: correct inaccurate or incomplete data.
- Right of deletion: obtain the deletion of data in certain cases:
- When the data is no longer required.
- When the interested party withdraws his consent.
- When the person concerned objects to the treatment.
- When data must be deleted to comply with a legal obligation.
- Where the data has been collected as part of a digital service in accordance with Article 8, paragraph 1 of the RGPD.
- Right of opposition: to oppose processing based on consent.
- Right to restrict processing in certain cases:
- When the accuracy of data is disputed.
- When the processing is unlawful but the data subject objects to their deletion.
- When the company no longer needs the data, but the data subject needs it for a claim.
- Where the data subject has objected to the processing, pending verification of the legitimacy of the processing.
- Right to portability: obtain your data in a structured format that can be transferred to another controller when processing is based on consent and carried out by automated means.
- Right of recourse: lodge a complaint with the competent supervisory authority.
Interested parties may exercise their rights by sending a written request to ITER ADVISORS, S.L., Calle Balmes 76, 08006 Barcelona, specifying in the subject line the right they wish to exercise. ITER ADVISORS, S.L. will deal with your request within the time limits laid down by current legislation.
Security
The security measures adopted by ITER ADVISORS, S.L. comply with Article 32 of the RGPD. These measures take into account technological advances, implementation costs, as well as the nature, scope and purposes of the data processing, in order to guarantee an appropriate level of security.
ITER ADVISORS, S.L. has put in place mechanisms to :
- Ensure the confidentiality, integrity and availability of processing systems and services.
- Rapidly restore access to data in the event of a physical or technical incident.
- Regularly check, evaluate and improve the effectiveness of safety measures.
- Pseudonymize and encrypt personal data when necessary.