Data Protection Policy
1. BASIC INFORMATION ON THE PROTECTION OF PERSONAL DATA
| Controller: | KLEMARK ESPECTÁCULOS TEATRALES S.A. |
| Main purpose: | Management of users and handling of requests |
| Legal base: | Legitimate interest, Consent of the data subject. |
| Recipients: | Data will be transferred to third parties due to legal obligations or with prior consent. |
| Rights: | To access, rectify and delete data, as well as other rights, as explained in the Data Protection Policy – Additional Information. |
| Additional information: | Check the Personal Data Protection Policy on the website (Additional Information). |
2. PERSONAL DATA PROTECTION (ADDITIONAL INFORMATION)
Version updated in accordance with the GDPR. 01/09/2022
DATA CONTROLLER
Identity: KLEMARK ESPECTÁCULOS TEATRALES S.A.
Tax ID: A-87755617
Postal Address: AV/ LANDABARRI 3, 4ª PLANTA 48940 – LEIOA – BIZKAIA
Data Protection Officer (DPO) contact: rgpd-klemark@klemark.com
PURPOSE:
The data collected through the website are incorporated into files owned by the company for the following purposes:
- Manage the request submitted through the website, either through a contact form or any other type of online form, or through a request by email.
- Send newsletters and alerts through any channel, including electronic means (such as email, web notifications, SMS) and by post on news, articles, activities, events or competitions, which may contain commercial information on products, services, offers and promotions related to the activities developed by the company.
- In the case of expressing your refusal to receive future commercial mailings, your data (name, surname and e-mail address) will be included in the exclusion file in order to avoid sending unwanted information.
- Management of recruitment and staff selection processes to be placed in certain positions, and maintenance of job bank.
- ETHICAL CHANNEL https://www.klemark.com/integridad-conducta/ To deal with the communications received through the different means or channels that the company makes available to the user, such as the e-mail address provided on the company’s website, telephone channel (24/7), as well as the web platform managed by the contracted data processor, guaranteeing both the absolute confidentiality of the caller and the non-adoption of any reprisals for reporting in good faith.
- Processing of social network users’ data through corporate profiles.
- Own and third party cookies based on preferences.
The answers to the questions about personal data that appear in the forms marked with an asterisk (*) are mandatory.
LEGAL BASIS
- Legitimate interest in the processing of your data based on the response to your request or request for information or offer.
- Data subject’s consent: sending of commercial communications, communication of data to subsidiaries, publication of data associated with the diffusion of activities (events, competitions)
You have the right to withdraw the consent given at any time, without affecting the lawfulness of the processing based on the consent given prior to said withdrawal. - Public interest (Ethical Channel): Within the framework of the communications channel (ethical channel) it is based on the existence of a public interest, in the terms established in article 6.1.e) of the General Data Protection Regulation, to detect and prevent complaints and the consequent prevention of damages and risks of liability of CLECE and defined in article 24 of Organic Law 3/2018.
STORAGE OF DATA
The periods of storage of your data are determined in accordance with current legislation, regulations and applicable standards, or in any case:
- Users who send requests and/or queries: the time necessary to manage them.
- Advertising and promotional communications: When the user requests cancellation, except for the data processed in the commercial activities Exclusion Register.
- The storage period of the professional data of their CV, which may be sent through the means enabled for their submission on the website, will be 5 years; after this period, these data will be deleted.
- Once the established period has ended or in the event that you are discarded in the corresponding selection process, your data will be stored for future calls, provided that we have your consent, in which case you are responsible for keeping and sending your data updated.
- Ethical Channel: The data will be stored in the system only for the time necessary to investigate the reported facts. In any case, three months after the data have been entered, they must be deleted from the system. However, they may be dealt with outside the system to investigate the facts for as long as necessary to bring them to a conclusion. Once the investigation of the communication has been completed and the appropriate actions have been taken, if necessary, the data of those complaints that have been processed will be duly blocked in order to comply with the corresponding legal obligations in each case. In the event that it is decided not to act on the complaint lodged, the information may be retained in an anonymised form in the system.
RECIPIENTS
- The data may be transferred in those cases where this is legally required to public entities with competence in the matter.
- The professional data of your CV may be communicated to the subsidiaries only for employment purposes, provided that we have your consent.
- The management of the website implies the hiring of service providers who will be able to access your data in order to carry out the data processing. Access will be carried out with all the necessary security measures to safeguard and protect your information as regulated by contract. Such provision will not constitute a transfer of data at any time.
EXERCISE OF RIGHTS
Data subjects have the right to obtain confirmation as to whether the company is processing their personal data.
You have the right to request:
- Access to your personal data.
- The rectification of inaccurate data.
- Deletion when, among other reasons, the data are no longer necessary for the purposes for which they were collected.
- The limitation of the processing of your data, in which case we will only keep them for the exercise or defence of claims.
- The opposition to the processing of your data, under certain circumstances and for reasons related to your particular situation. The company will stop processing the data, except for compelling legitimate reasons or the exercise or defence of possible claims.
- Data portability.
- You have the right to withdraw the consent given at any time, without affecting the lawfulness of the processing based on the consent given prior to said withdrawal.
The rights under Regulation (EU) 2016/679 may be exercised directly or through a legal or voluntary representative.
You may request to exercise your rights by computer means through the contact email of the Data Protection Officer or by sending/delivering your request to the aforementioned address.
If you wish to obtain information about your rights, please visit https://www.aepd.es/reglamento/derechos/index.html
In the event of an unsatisfactory exercise of your rights, you may file a complaint with the Spanish Data Protection Agency.
SECURITY MEASURES
The company has implemented the measures and technical means at its disposal to prevent misuse, alteration, loss, unauthorized access or theft of personal data provided.
HTTPS (Hyper Text Transfer Protocol Secure) appears in the URL address of this site because it is protected by an SSL certificate guaranteeing the secure sending of data collected in forms, subscriptions, etc. …. The details of the certificate, e.g. the issuing entity and the corporate name of the website owner, can be viewed by clicking on the padlock symbol in the browser bar.
INTERNATIONAL DATA TRANSFER
The providers which lend their services (storage, platforms, software) will be able to access your data in order to carry out the data processing. As a rule, their servers must be located in the European Economic Area and if this is not the case, we always ensure that these providers are located in countries with an adequate level of protection that offer guarantees of compliance with European regulations on data protection and, in particular, the GDPR.
SOCIAL NETWORKS
Our company has presence in different media or social networks, such as: Facebook, Twitter, YouTube, Instagram, LinkedIn. The possible processing of data of users of social networks that the controller will carry out will be, at most, the one that the corresponding social network allows to corporate profiles.
The company reminds you that you must know the privacy policies of such media or social networks in which you are registered in order to avoid sharing unwanted information.
You may use the privacy settings and account management on social networks to manage privacy, identity, advertising and other preferences.
COOKIES
Our website features a technology called “cookies”. For more detailed information, consult the Cookies Policy.
By viewing/accessing through the website to third party content, such as YouTube, Vimeo, RRSS, you may be accepting cookies from these websites that are not within our control.