Privacy Policy
Privacy Policy
1. Purpose
The purpose of this Privacy Policy is to inform people (hereinafter, users or interested parties) who visit our website (hereinafter, web page, website or web), how we collect, process and protect the personal data you choose to provide us by any means (forms, emails, telephone, contracts, etc.) and after reading it, freely decide whether you want us to treat them. Additionally, it will serve to expand the information that we have previously provided to the interested parties, in the informative clauses provided in the processes of collecting their personal data. Likewise, this policy aims to comply with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and the free movement of such data (hereinafter RGPD) and the Organic Law 3/2018 of 5 December on the Protection of Personal Data and guarantee of digital rights (hereinafter LOPDGDD).
2. Identification of the Data Controller
o Entity: BUSINESS ADAPTER, S.L
o VAT Number: B98175078 o Address:
Ronda Guglielmo Marconi, 11, 26. 4680 Paterna (Valencia) Spain
o Website: https://businessadapter.es/ o Email: info@businessadapter.es o Data Protection Officer: fmoya@businessadapter.es o Phone: 96 131 88 04 o Activity: Legal Consultant o Registration Data: Registered in the Mercantile Registry of Valencia, Volume 9096, Book 6380, Folio 108, Section 8, Page V135972 1st Inscription of June 22, 2009.
3. How can you contact the Data Protection Officer?
Our entity has designated a Delegate of Protection of Data before the General Registry of the Spanish Agency of Protection of Data, to which the interested ones will be able to direct their complaints or doubts on how our entity is treating their personal data. You can contact him in writing, indicating the name of our entity or trade name, followed by your complaint or query to: BUSINESS ADAPTER, S.L. Ronda Guglielmo Marconi, 11, 26, (Parque Tecnológico) 46980 Paterna (Valencia). Form of attention to the interested party or to the E-mail: info@businessadapter.es
4. What personal data will we process and how do we collect it?
For the development of our business activity, it is essential to process personal data whose collection can be done by digital means (e.g. email, web forms or questionnaires), by filling out paper documents (e.g. contracts or forms) or through face-to-face or telephone conversations and in any of these cases the data will be treated in a fair, lawful and transparent manner. The categories of data that our entity will treat about the interested parties are:
- Identification data: name and surname, ID card or equivalent document and signature.
- Contact information: telephone, email, postal address.
- Identification keys: identifiers for remote access to our servers.
- Commercial data: contract number, type of service, quotations, purchase conditions, purchase management and history, results of contacts (telephone, email, messaging and other communication channels).
- Accounting data: control of income and expenses, invoicing data.
- Bank details: bank accounts and bank cards.
- Transaction of goods and services: transfers and direct debits, amounts and concepts.
- Financial data: financial solvency reports, payment terms, collection management.
- Navigation data: analysis of time spent on our website, pages visited, demographic data (e.g. age, gender).
Our company will not collect special category data (e.g. health data, ethnic origin, political opinions or religious beliefs), but in case it is necessary to process them, we will inform you and ask for your prior and express consent. Consequently, the requested data will be adequate, relevant, limited to the strictly necessary and indispensable, processed only by the personnel and/or collaborators authorized by our entity, who will have signed a confidentiality commitment and undertake to comply with the necessary security standards that guarantee the confidentiality, integrity and availability of the processed data and other legal requirements established in the RGPD. Therefore, they will be treated within the law. The data to be processed are provided by the data subject himself or by his legal representative, although it may be the case that we delegate some functions to certain collaborators and these are responsible for collecting your data, but they will always be treated with your prior express consent. In the event that a data subject does not provide the data we request or provides incomplete or incorrect data, it will not be possible to fulfill and maintain the relationship with them. The categories of data that we can treat about a person, will depend on the relationship you have with our company, as shown below:
4.1. Clientes :
Data of identification, contact, commercial, accounting, banking, transaction of goods and services, financial, handwritten or digital signature and may be collected only if you provide them to us at the time of contracting our services, although they may also be collected by an authorized collaborator to whom we have delegated any of our functions.
4.2. Solicitantes de información:
Whether the information requested is by telephone or in writing (e.g. email or web forms) we will request and process your identification, contact and commercial data.
4.3. Proveedores y colaboradores :
Identification, contact, commercial, commercial, accounting, banking, transaction of goods and services and financial data will be processed. These data may be processed during all stages of the business relationship.
4.4. Solicitantes de empleo:
For this category of interested parties, curricular, identification, contact and other data related to their professional or personal characteristics will be processed when they send us their application by any means (e.g. in person or by e-mail), they may also be collected during recruitment interviews (in person or by videoconference), or they may even send us their job application through a collaborator to whom we have delegated certain functions.
4.5. Social network users:
We are present in different social networks and we may process identification, contact, commercial and other data that the user enables to be displayed or shared with other users of the social network, including curricular data (e.g. LinkedIn). For more information see our Social Networking Policy.
4.6. Suscriptores :
An e-mail address is required to send our newsletters.
4.7. Reclamantes :
We will process identification data, contact data and personal information about yourself or third parties that you want to let us know related to the claim that you send us.
4.8. Visitantes :
Identification and contact data will be processed, being collected when they are provided by the interested party when accessing our facilities or when your contact person in our entity, provides them to us to allow access to these.
4.9. Denunciantes :
Through the internal whistleblowing channels that we manage for our customers, you can make complaints anonymously, but you can also voluntarily provide us with identification and contact details, as well as other personal information about yourself or third parties related to the complaint, as provided for in Law 2/2023 of February 20, on the protection of persons who report regulatory violations and the fight against corruption. More information in the terms of each Internal Whistleblower Channel.
4.10. Usuarios web :
When visiting our website and only if expressly authorized by the user, analytical data (e.g. time of visit or pages viewed) including demographic data (e.g. gender, age, country or language) may be collected. For more information visit our Cookie Policy.
4.11. Solicitantes de ejercicio de derechos :
Identification and contact data provided by the interested party when contacting our company will be processed.
4.12. Más información para los interesados :
The information legally established in the corresponding informative clauses included in the different means of data collection will be made available to the interested parties, so that you can freely and expressly decide if you want the personal data requested to be processed by our company. All categories and types of personal data processed will be duly identified in the corresponding processing activities owned by our company.
5. What will your data be used for?
In general, the purpose of the processing of personal data carried out by our entity is the fulfillment and maintenance of the relationship with different groups of people, such as, for example, customers or suppliers. Also with other people who contact us proactively through our web forms, by telephone or in person, by email or post, as would be the case of job applicants or applicants for information, users of our website/blog or social networks and interested parties in general. Depending on this relationship the treatment of your data obeys to different purposes and that with enunciative and not limiting character, we detail below:
5.1. Clientes :
Your personal data will be processed to identify you, fulfill and maintain the pre-contractual and contractual relationship including sending commercial communications and phone calls by different means, answer queries, perform quality control and business statistics, sending documents and goods by mail or courier, to manage the contracting and provision of our services, for accounting and billing management, transaction of goods and services, collection management, management of incidents, claims and exercise of rights, as well as for other purposes to which we are obliged to comply with this relationship, the laws to which we are subject and to comply with our legitimate interests.
5.2. Solicitantes de información:
We will treat your personal data to answer your requests for information, to identify you, to send or deliver information about our goods and services of your interest, including in our reply (verbal, written or digital) the commercial information related to the request. We will also make follow-up contacts, by different means to know the decisions taken with respect to the commercial proposals that we have sent you.
5.3. Solicitantes de empleo:
Your data will be used to include you in our selection processes and job vacancies, to identify you, as well as to contact you and inform you about vacancies, coordination of interviews and other matters related to your application.
5.4. Proveedores y colaboradores :
Your personal data will be processed for the purpose of maintaining the business relationship either for the request of budgets, for the purchase of goods or services, to identify you, for accounting management, transaction of goods and services, as well as for other purposes necessary to comply with this relationship, with our legal obligations and legitimate interests.
5.5. Usuarios de redes sociales:
We will treat your personal data to maintain the relationship as users of the same social network, to identify you, to contact you, to share news and other personal data that you allow to share with the rest of the components of the social network. For more information see our Social Networking Policy.
5.6. Suscriptores :
Your data will be used to send you our bulletins/newsletters or advertising by e-mail, to identify you and to process your unsubscription from these mailings if requested.
5.7. Reclamantes :
Personal data will be processed to identify you, handle your complaint and contact you about the status of your complaint, as well as to fulfill our legal obligations and legitimate interests.
5.8. Visitantes :
Data from visits to our facilities will be processed to identify you, to comply with our obligations in terms of prevention of occupational hazards and for security and access control to our facilities.
5.9. Denunciantes :
If our client hires us to receive complaints and manage its internal complaints channel, the personal data you choose to provide in your complaint will be processed to register and manage your complaint, as well as to identify and contact you (except if the complaint is anonymous) to acknowledge receipt of your complaint and to keep you informed about the status of our investigations within the time limits and terms established by Law 2/2023 of 20 February. Similarly, we may process your data on the basis of our legitimate interests and insofar as necessary to comply with other legal obligations to which we are subject. In the event that our client only wishes to use our software to have an internal complaints channel under the terms established in Law 2/2023 of 20 February, this will be managed entirely by the client, including the receipt of complaints. In any of the above cases, Business Adapter® will act as the client’s data processor, contractually committing to comply with the same security measures implemented by our client, as well as to submit to the duty of secrecy and confidentiality of the personal data processed, among other obligations regarding the protection of personal data. We will provide you with more information on the Complaints Channel in which you wish to make a complaint.
5.10. Usuarios web :
Data may also be processed for different purposes (e.g. analysis of visits) by accepting the installation of cookies when visiting our website. For more information visit our Cookies Policy.
5.11. Solicitantes de ejercicio de derechos :
Personal data will be processed to identify you, manage your request and contact you to inform you about the actions carried out to meet the exercise of your rights.
Some of our customers (data controllers) have delegated to us the functions of attention to these rights so we act as data processors and therefore, we will process personal data of data subjects who maintain a relationship with our customers and who wish to exercise their rights before them. The purpose of such treatment, will be the receipt of requests for exercise of rights, processing with our customers and to contact the interested party and address their rights.
5.12. Más información para los interesados :
The information legally established in the corresponding informative clauses included in the different means of data collection (e.g. forms, locutions, contracts, etc.) and in others that we will make available to you (e.g. badges, invoices, legal notices, etc.) will be made available to the interested parties, so that you freely and expressly decide if you want the personal data requested to be processed by our entity. If you do not provide the data requested by us or if incomplete or erroneous data is provided, it will not be possible to process your request for information, purchase or sale of goods or the contracting of our services. The data will not be processed further or for purposes other than those accepted by the interested parties. The purposes that motivate the processing of personal data will be duly identified in the corresponding processing activities owned by our company.
6. Why do we process your data (legitimacy)?
The processing of your personal data by our company is carried out with one or more of the following legitimate bases:
- When you give us your express, free, informed and unequivocal consent, after being informed at the time of collecting your data and more broadly with this privacy policy, that after reading this and being in agreement, you can voluntarily authorize us to process your data for one or more purposes, by checking the boxes provided for this purpose in our web forms, by your written consent by signing the informative clauses that we provide at all times when requesting your personal data.
- For the performance of a contract to which you are a party or for which you have requested us to take pre-contractual measures.
- When the processing is necessary for compliance with a legal obligation applicable to our entity.
- When the processing is necessary for the satisfaction of legitimate interests pursued by our company or by a third party, provided that such interests do not override the interests or fundamental rights and freedoms of the data subject. In this regard, we inform that our entity has conducted an analysis weighing our legitimate interests with the rights and freedoms of the data subject, always respecting their fundamental rights.
In the event that the user is under 14 years of age, it will be necessary to have the consent of parents, guardians or legal representative, to treat their data. The user is solely responsible for the accuracy of the data he/she sends us.
7. Data Retention of data
The personal data provided will be kept as long as we maintain the relationship with you and for the time necessary to fulfill the purpose for which your data has been collected. Once this relationship has ended, we will keep them blocked in those cases where it is necessary to keep them until the prescription of responsibilities for the sole purpose of claims or legal actions, as well as to comply with our legal obligations, for example:
Interested parties | Sector scope | Legal basis | Conservation period |
| Accounting | Art. 30.1 R.D. Code of Commerce |
|
| Prosecutor | Art. 66 General Tax Law 58/2003 |
|
| Laboral | Art. 21 of Royal Legislative Decree 5/2000 – Social Order |
|
| Laboral | Guide to labor relations |
|
| Prevention of occupational hazards | Art. 4.3 of the Royal Decree 5/2000 – Social Order |
|
| Video surveillance | Art. 22.3 LOPDGDD – personal data protection |
|
| Internal Whistleblower Channel Reports |
|
|
| Use of cookies | Guide on the use of cookies – AEPD |
|
8. Elaboration of profiles
We do not elaborate profiles nor will automated decisions be made using your personal data, but in the case of doing so, you will be informed and asked for prior authorization to do so. Similarly, you have the right to object to this type of processing at any time by writing to us at info@businessadapter.es.
9. Transfer of data
As a general rule, our company does not transfer personal data to third parties, although it may be the case where this is necessary. For example: If you are a customer or supplier, your personal data may be transferred to third parties by legal obligation (eg. Tax Agency), or in those cases and entities necessary to provide our services or pay invoices (eg. Banks), or in the case of sending documentation, your data may be transferred to the Post Office or transport companies collaborating with our company. Also, your personal data as a customer or supplier may be processed by certain suppliers to whom we delegate some of our obligations (e.g. accountants) and all of them have committed through a contract of processor to comply with the same security measures implemented by our company, as well as to submit to the duty of secrecy and confidentiality of personal data processed, among other obligations regarding the protection of personal data. If you are a job applicant, your data will not be transferred to third parties, unless we are legally obliged to do so. If you are an information seeker or user of our website, your data will not be disclosed to third parties, unless we are legally obliged to do so. In general terms, we may transfer your personal data to the Judges, Courts, the Public Prosecutor’s Office and/or to the competent Public Administrations in the event of possible claims when we are obliged to do so.
10. Transfer international transfer of data
In the case of transfers to third parties located in countries outside the European Economic Area, we will inform you and request your prior express consent.
11. Measures Security Measures
Our company has implemented all the necessary technical and organizational measures to protect the personal data processed, preventing its loss, theft or unauthorized use. These measures have been created according to the type of data processed and the purposes for which it is processed. These are periodically verified in our internal controls of compliance with the personal data protection regulations and by means of external audits.
12. Your Rights
You, as the owner of your personal data and acting on your own behalf or through your legal representative (e.g. persons under 14 years of age) may contact our entity at any time and ask us to exercise your rights regarding the protection of personal data. We explain what these rights are:
12.1. Right of Access:
You have the right to know and ask us at any time to know the following information:
- Whether or not we are processing your personal data.
- The purposes of the processing, as well as the categories of personal data to be processed.
- The origin of your data, in case you did not provide it to us.
- The recipients or categories of recipients to whom my personal data has been or will be disclosed, including, where applicable, recipients in third parties or international organizations.
- Information on appropriate safeguards regarding the transfer of my data to a third country or an international organization, if applicable.
- The expected conservation period, or if not possible, the criteria for determining this period.
- If there are automated decisions, including profiling, meaningful information about the logic applied, as well as the significance and expected consequences of such processing.
- Copy of your personal data that are subject to processing.
12.2. Right of Rectification:
Ask us to rectify your personal data when it is inaccurate, as well as to complete it when it is incomplete.
12.3. Derecho de Oposición:
You may object to the processing of your data when it is incorrect or no longer necessary. In the event that you act in the capacity of a respondent or person concerned by a complaint under Law 2/2023, you may not exercise your right to object, as it is presumed (upon proof to the contrary) that there are grounds that legitimize the processing of your personal data, in accordance with the provisions of Article 31.4 of the Law.
12.4. Right of Suppression:
Ask us to delete your data, for any of these reasons:
- Your data is no longer necessary for the purposes for which it was collected or processed.
- You have not given consent to the processing of your data.
- When you have exercised your right to object.
- When the data have been processed unlawfully.
- When the data must be deleted in order to comply with a legal obligation.
12.5. Derecho a la limitación del tratamiento:
You may ask us to exercise this right in one or more of the following situations:
- When you contest the accuracy of your data, for a period of time that allows the data controller to verify the accuracy of the data.
- When the processing is unlawful and you object to the deletion of your data and request instead the limitation of its use.
- When the data are no longer needed for the purposes of processing, but the data subject needs them for the formulation, exercise or defense of claims.
- When you have objected to the processing pursuant to Article 21(1), while verifying whether the legitimate reasons of the controller outweigh those of the data subject.
12.6. Derecho de Portabilidad:
It refers to the right to obtain the data related to you, in a structured, commonly used and machine-readable format, as well as to transmit it to another data controller for further processing.
12.7. Derecho a no ser objeto de decisiones automatizadas:
The right not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects on him or her or similarly significantly affects him or her.
To exercise any of your rights, you must write to our entity either by mail to the address: Rda. Guglielmo Marconi, 11- 26ª, CP 46980, Paterna (Valencia) or email: info@businessadapter.es, stating the rights you wish to exercise, accompanied by a copy of your ID card or equivalent document to know about whom we must provide the requested information and your contact details to send you our reply. If you are acting on behalf of another person, you must prove your representation. If you wish to send any suggestion or query about the treatment of your personal data, you can contact the data protection delegate, indicating the name of our company or trade name to: BUSINESS ADAPTER, S.L. Ronda Guglielmo Marconi, 11, 26, (Parque Tecnológico) 46980 Paterna (Valencia).
We inform you that you have the right to make a complaint to the Spanish Data Protection Agency at: C/ Jorge Juan, 6, 28001 Madrid or at www.aepd.es.
13. Commitment to Personal Data Protection
13.1. Scope of application
Our commitment to the protection of personal data is total and will be mandatory for all departments, employees of our company and those acting on our behalf.
13.2. Objeto
We have established protocols for the processing of personal data, in accordance with the provisions of Spanish and European data protection regulations.
13.3 Principles
Lawfulness, Loyalty, Transparency, Data minimization, Accuracy, Retention period limitation, Integrity, Confidentiality and Active responsibility.
13.4. Special category of data
The processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, the processing of genetic or biometric data, data concerning health or data concerning sexual orientation is prohibited, except in the legally authorized exceptions and with the prior consent of the data subject.
13.5. Derechos de los interesados
Data subjects shall have the right of access to their personal data, as well as the right to rectify it when it is inaccurate, to delete it when it is no longer necessary or when processing is no longer desired, to limit it to certain processing, to have the possibility of receiving their data easily and in structured and commonly used formats from the data controller, as well as to have their data used for profiling purposes and to object to the processing at any time.
13.6. Registro de Actividades, Evaluación de Impacto y Medidas de Seguridad
Our company will keep a record of processing activities and analyze the purposes of processing, categories of data subjects and data, recipients, international transfers, storage periods, etc., in order to assess the risks of processing and implement the necessary security measures to ensure the confidentiality, integrity and availability of personal data. We have also analyzed the need to prepare an Impact Assessment and appoint a Data Protection Delegate, establishing, if necessary, that the person appointed to this position has sufficient knowledge and experience in accordance with the provisions of current legislation.
13.7. Control
We have contracted the services of an external consulting firm to evaluate our data protection consulting / auditing services, as well as those of the Data Protection Officer, are subject annually to an external audit, in order to get them certified with the International Standard ISO 27001 International Standard for Information Security. We have also implemented the protocols of the National Security Scheme (ENS) of basic category, according to Royal Decree 3/2010. Additionally and internally, we perform audits and controls to verify compliance with European (RGPD) and Spanish (LOPD-GDD) data protection regulations, which involves the issuance of an Audit Report and record of implementation of corrective measures. We also monitor any publication made by the AEPD, the European Commission and other European and Spanish entities related to data protection regulations, in order to comply with all legal developments.
14. Updating this Policy
Our entity reserves the right to modify this Policy without prior notice. Therefore, we recommend that you consult it every time you visit our website. Text updated on December 21, 2023.