1. Who is the Data Controller of your data?
GRUPO EMPRESARIAL CRITERIA S.L., with registered office at Calle Mercaderes 10 (corner of Ruavieja) and tax identification number B-26249698, is responsible for the processing of data relating to the different processes with respect to the management of users, clients, potential clients, collaborators and/or suppliers. The company is registered in the Companies Register of LA RIOJA - VOLUME 397 - FOLIO 150 - SHEET LO-5072.
A efectos de este documento el teléfono de contacto es 618-888 487 y el correo electrónico de contacto es informacion@eldiav.com.
Likewise, we inform you that in the processing of data relating to the management of Users, Customers and Suppliers, there are no Joint Data Controllers.
2. What kind of data do we have about you and how did we obtain it?
The categories of personal data that the Criteria Group processes about its customers and suppliers are:
- Identification data
- Postal or e-mail addresses
- Commercial information
- Economic and transaction data
- Image
We do not process any specially protected data. We have obtained all of the above-mentioned data either directly from you by submitting a commercial offer, contractual proposal, etc. or from your company by providing us with the identification data and other information necessary to carry out the purpose of the contractual relationship between the parties. It shall be your or your company's obligation to provide us with updated data in the event of changes. With regard to the data of job applicants, we have obtained your data by submitting a CV or by obtaining your application through the services of a job portal. In the latter case, you have consented to this transfer of your data to our company by entering your CV data on the job portal.
3. How long will we keep your data?
Personal data relating to individuals linked to potential customers, customers and suppliers that the Criteria Group collects through the various contact and/or information collection forms shall be retained until the interested party requests their deletion. The data provided by our customers and suppliers shall be kept for as long as the business relationship between the parties is maintained, respecting in all cases the minimum legal retention periods depending on the subject matter.
In any case Grupo Criteria keep your personal data for as long as is reasonably necessary taking into account our needs to respond to issues raised or resolve problems, to make improvements, to activate new services and to comply with requirements under applicable law. This means that we may retain your personal data for a reasonable period of time even after you have stopped using our products or you have stopped using this website. After this period, your personal data will be deleted from all of the systems of Grupo Criteria.
4. For what purpose and on what basis do we process your data?
In Grupo Criteria processes the data provided by interested parties for the purpose of managing various activities arising from specific procedures carried out in the areas of sales, after-sales service, supplier management, candidate management, service quality, etc. These data may also be used for commercial and/or advertising purposes. In this way, we will use your data to carry out some of the following actions based on the respective basis of legitimacy:
| PURPOSE OF TREATMENT | BASIS OF LEGITIMACY |
| Management of operations with members: registration/modification of members, fulfilment of obligations (monitoring of requirements, payment of fees, elections...). | Consent of the person concerned |
| Accounting, tax, administrative and customer billing management | (Pre-)contract performance; Regulatory obligation |
| Management of requests for information coming through the web forms or social networks. | Consent of the person concerned |
| Operations in the segmentation of potential customers, implementation of recruitment campaigns, exclusion of advertising. | Consent of the person concerned |
| Management of advertising and marketing operations for customer retention | Legitimate interest |
| Tax, accounting and administrative management with suppliers | (Pre-)contract performance; Regulatory obligation |
| Management of data subjects' data protection rights | Regulatory obligation |
| Management of operations carried out by members of the Board of Directors | Consent of the person concerned |
With regard to the aforementioned basis of legitimacy, you are obliged to provide personal data, in the event that you do not provide your personal data, we will not be able to execute your contract, fulfil your legal obligations or those of the public authorities.
Based on the information provided and in order to offer you products and services according to your interests and/or to improve your user experience, we inform you that we will elaborate a ‘commercial profile’. However, we inform you that no automated decisions will be made on the basis of this profile.
5. To whom will your data be disclosed?
The Criteria Group will never share your personal data with any third party company that intends to use it for direct marketing purposes, unless you have expressly authorised us to do so.
Please note that we may disclose your personal data to government agencies and competent authorities in cases where the Criteria Group is legally required to do so by such authorities or where, acting in good faith, we believe that such action is reasonably necessary to comply with legal process; to respond to any legal claim or demand; or to protect the rights of the Criteria Group or its customers and the general public.
We inform you that your data or data of third parties communicated by you (spouses, children, etc.) will not be transferred or communicated to third parties unless required by law, being the company the only responsible for their treatment and custody.
The Criteria Group may provide your personal data to third parties (e.g. Internet service providers who help us to administer our website or carry out contracted services, IT support and maintenance companies, logistics companies, tax and accounting consultancies, etc.). In any case, these third parties must at all times maintain the same levels of security as the Criteria Group in relation to your personal data and, where necessary, will be bound by legal commitments to keep your personal data private and secure, and to only use the information in accordance with specific instructions from Grupo Criteria.
We inform you that our entity does not carry out international transfers of data relating to the management of Users, Customers and/or Suppliers.
6. What are your rights as a data subject or interested party?
Any person has the right to obtain confirmation as to whether or not the Criteria Group is processing personal data concerning him or her.
In particular, data subjects may request the right of access to their personal data, as well as to receive them in a common, machine-readable format if the processing is carried out by electronic means (right of portability).
Likewise, interested parties may request the right to rectify inaccurate data or, where appropriate, request its deletion when, among other reasons, the data is no longer necessary for the purposes for which it was collected.
In addition, in certain circumstances, data subjects may request the limitation of the processing of their data, or in certain circumstances and for reasons related to their particular situation, data subjects may exercise their right to object to the processing of their data. The Criteria Group will cease to process the data, except for compelling legitimate reasons, or for the exercise or defence of possible claims, or in those exceptions established in the applicable regulations.
We also inform you that you have the right to withdraw your given consents at any time, without affecting the lawfulness of the processing based on the consent prior to its withdrawal.
The User is also informed that he/she may exercise the aforementioned rights at any time by writing to us using the contact details that appear in Section 1, ‘Data Controller’ of this Data Protection and Privacy Policy. Grupo Criteria,enclosing a copy of your ID card. You can also send us an e-mail to the following address mailto:informacion@eldiav.com.
You also have the right to lodge a complaint with the Spanish Data Protection Agency, especially when you have not obtained satisfaction in the exercise of your rights.
Agencia Española de Protección de Datos
C/ Jorge Juan, 6
28001 – Madrid
Phone. 901100099 / 912663517
7. Data protection of the users of the website.
In accordance with the current Regulation (EU) 2016/679, Criteria Group informs that the personal data of the Users of the website will be processed for the processing activity indicated in each data collection form on our website by Grupo Criteria. Such processing of your data will be covered by your consent. By clicking the ‘SEND’ button, the User consents to the processing of his/her data by the Criteria Group.
We also inform you that, unless required by law or with your express consent, the Criteria Group will not disclose your data to third parties.
Likewise, the User is informed that at any time he/she may exercise the rights of access, rectification or deletion of data as well as other rights recognised in this document and regulated in the Regulation (EU) 2016/679, by notifying the 618-888 487 o el correo electrónico de contacto es informacion@eldiav.com.
Furthermore, in accordance with the provisions of Law 34/2002 of 11 July 2002 on Information Society Services and Electronic Commerce, the Criteria Group undertakes not to send advertising by e-mail without first obtaining the express authorisation of the recipient. Users may oppose the sending of advertising by ticking the corresponding box.
8. Other information of interest about our privacy policy
8.1 Security measures
The Criteria Group adopts the security levels required by current European and Spanish data protection legislation, taking into account the state of the art, the costs of application and the nature, scope, context and purposes of the processing described, as well as the risks of varying likelihood and severity for your rights and freedoms as an individual.
8.2 Changes to our Data Protection and Privacy Policy
From time to time, the Criteria Group may make changes and corrections to this section of the Data Protection Policy for Customers, Suppliers and Users. Please check this section regularly for any changes that may have been made and how they may affect you.
8.3 Why is it necessary to accept this Data Protection and Privacy Policy?
This section of the Data Protection Policy for Customers, Suppliers and Users provides you, in an easily accessible way, with all the information you need to know about the type of data that the Criteria Group holds on its potential customers, customers and/or suppliers, the purposes pursued, the rights that data protection regulations recognise you as an affected person and how to exercise these rights. Therefore, by deliberately sending your personal data through our means of contact and/or by entering into a business relationship with our company, we consider that you acknowledge and agree to the processing of your personal data as described in this policy. This personal information will only be used for the purposes for which you have provided it to us or certain national or regional regulations allow us to do so.
In any case, we must warn you that a refusal on your part to provide us with certain requested data could hinder the development of the contractual relationship between the parties with possible serious consequences when providing the various services contemplated within the commercial contract concluded with the contracting party.
If you have any questions regarding this section of the Data Protection Policy for Prospective Clients, Clients and Suppliers of Grupo Criteria, please contact the company using the address provided in the first section ‘Data Controller’ and we will be happy to assist you and answer any further questions you may have.
9. Applicable legislation These Terms and Conditions shall be governed at all times by the provisions of Spanish and European legislation on the protection of personal data and privacy.