Data Protection Policy
1. BASIC INFORMATION ON THE PROTECTION OF PERSONAL DATA
|Controller:||KLEMARK ESPECTÁCULOS TEATRALES S.A.|
|Main purpose:||Management of users and handling of requests|
|Legal base: ||Data subject’s consent|
|Recipients:||Data will be transferred to third parties due to legal obligations or with prior consent.|
|Rights: ||To access, rectify and delete data, as well as other rights, as explained in the Data Protection Policy – Additional Information.|
|Additional information:||Check the Personal Data Protection Policy on the website (Additional Information).|
2. PERSONAL DATA PROTECTION (ADDITIONAL INFORMATION)
Version updated in accordance with the GDPR. 01/09/2018
Identity: KLEMARK ESPECTÁCULOS TEATRALES S.A.
Address: Avda Landabarri 4, 3º, 48940- Leioa (Biscay)
Data Protection Officer (DPO) contact: firstname.lastname@example.org
The data collected through the website are incorporated into files owned by the company for the following purposes:
- Manage the request submitted through the website, either through a contact form or any other type of online form, or through a request by email.
- Send newsletters and alerts through any channel, including electronic means (such as email, web notifications, SMS) and by post on news, articles, activities, events or competitions, which may contain commercial information on products, services, offers and promotions related to the activities developed by the company.
In the case of expressing your refusal to receive future commercial mailings, your data (name, surname and e-mail address) will be included in the exclusion file in order to avoid sending unwanted information.
- Management of recruitment and staff selection processes to be placed in certain positions, and maintenance of job bank.
- Ethical Channel: Communications received at the e-mail address provided on the company’s website will be responded, and both the absolute confidentiality of the communicator and the non-adoption of any retaliation for reporting in good faith will be guaranteed.
- Processing of social network users’ data through corporate profiles.
- Own and third party cookies based on preferences.
The answers to the questions about personal data that appear in the forms marked with an asterisk (*) are mandatory.
- Legitimate interest in the processing of your data based on the response to your request or request for information or offer.
- Data subject’s consent: sending of commercial communications, communication of data to subsidiaries, publication of data associated with the diffusion of activities (events, competitions)…
You have the right to withdraw the consent given at any time, without affecting the lawfulness of the processing based on the consent given prior to said withdrawal.
STORAGE OF DATA
The periods of storage of your data are determined in accordance with current legislation, regulations and applicable standards, or in any case:
- Users who send requests and/or queries: the time necessary to manage them.
- Advertising and promotional communications: When the user requests cancellation, except for the data processed in the commercial activities Exclusion Register.
- The storage period of the professional data of their curriculum, that may be sent through the means enabled for their submission in the website, will be 5 years; after this period, these data will be deleted. Once the established period has ended or in the event that you are discarded in the corresponding selection process, your data will be stored for future calls, provided that we have your consent, in which case you are responsible for keeping and sending your data updated.
- Ethical Channel: The data will be stored in the system only for the time necessary to investigate the reported facts. In any case, three months after the data have been entered, they must be deleted from the system.
The data may be transferred in those cases where this is legally required to public entities with competence in the matter.
The professional data of your curriculum may be communicated to the subsidiaries only for employment purposes, provided that we have your consent.
The management of the website implies the hiring of service providers who will be able to access your data in order to carry out the data processing. Access will be carried out with all the necessary security measures to safeguard and protect your information as regulated by contract. Such provision will not constitute a transfer of data at any time.
EXERCISE OF RIGHTS
Data subjects have the right to obtain confirmation as to whether the company is processing their personal data.
You have the right to request:
- Access to your personal data.
- The rectification of inaccurate data.
- Deletion when, among other reasons, the data are no longer necessary for the purposes for which they were collected.
- The limitation of the processing of your data, in which case we will only keep them for the exercise or defence of claims.
- The opposition to the processing of your data, under certain circumstances and for reasons related to your particular situation. The company will stop processing the data, except for compelling legitimate reasons or the exercise or defence of possible claims.
- Data portability. You have the right to withdraw the consent given at any time, without affecting the lawfulness of the processing based on the consent given prior to said withdrawal.
The rights under Regulation (EU) 2016/679 may be exercised directly or through a legal or voluntary representative.
You may request to exercise your rights by computer means through the contact email of the Data Protection Officer or by sending/delivering your request to the aforementioned address.
If you wish to obtain information about your rights, please visit https://www.aepd.es/reglamento/derechos/index.html
In the event of an unsatisfactory exercise of your rights, you may file a complaint with the Spanish Data Protection Agency.
The company has implemented the measures and technical means at its disposal to prevent misuse, alteration, loss, unauthorized access or theft of personal data provided.
HTTPS (Hyper Text Transfer Protocol Secure) appears in the URL address of this website because it is protected by an SSL certificate guaranteeing the safe sending of data collected in forms, subscriptions… The details of the certificate, such as the issuing entity and the corporate name of the website owner, may be accessed by clicking on the padlock symbol in the browser bar.
INTERNATIONAL DATA TRANSFER
The website hosting providers are service providers who will be able to access your data in order to carry out the data processing. As a rule, their servers must be located in the European Economic Area and if this is not the case, we always ensure that these providers are located in countries with an adequate level of protection that offer guarantees of compliance with European regulations on data protection and, in particular, the GDPR. With regard to transfers to the US, we will always work with providers that comply with the EU – US Privacy Shield.
Our company has presence in different media or social networks, such as: Facebook, Twitter, YouTube, Instagram, LinkedIn. The possible processing of data of users of social networks that the controller will carry out will be, at most, the one that the corresponding social network allows to corporate profiles.
The company reminds you that you must know the privacy policies of such media or social networks in which you are registered in order to avoid sharing unwanted information.
You may use the privacy settings and account management on social networks to manage privacy, identity, advertising and other preferences.
By viewing/accessing through the website to third party content, such as YouTube, Vimeo, RRSS, you may be accepting cookies from these websites that are not within our control.