Privacy policy - Personal data treatment

En este punto le acercamos la identificación de la sociedad que trata sus datos desde el presente dominio, donde se ubica el sitio web y donde se recogen y tratan datos mediante el uso de cookies, formularios (contacto, compra y similares).

At this point you can find the identification of the company that treats your data from the current domain, where the website is located and where data is collected and processed through the use of cookies, forms (contact, purchase and similar).

If you would like further information on data protection or wish to exercise any of your rights, you can do so by contacting our Data Protection Officer at the following e-mail address: dpo@360padelgroup.com.

In the point below, you can find a table with the description of the purposes of the data treatment that can be given on the website, associated with the registered files, responsibility of PN:

[i We ask the users / holders of data that before accepting the privacy policy (click on the acceptance box) perform an approach to the basic information with a general character, and in a specific way to this table where the purpose of the use of the data that you provide us and the file or files where they can be integrated.]

The new regulatory framework establishes the need to bring the data owner closer, in this case through the channel that is used by PN, the web user, the information concerning the storage period of data processing that may occur. That is, how long will the data be responsible for the data (PN)?

We would like to inform you about this issue, and for this purpose we present the following table:

[i The maintenance of the term of the data is established on the basis (1) of a PN criterion, associated with the purpose of using said data and the company's interest, (2) criteria established by a legal basis that obliges its maintenance to PN (another law that requires its maintenance) and (3) other associated statistical or historical reports that may be of interest to the company (group) at a strategic level. PN, once they have fulfilled the purpose of their own use, may, according to those expressed in points 1,2 and 3, be canceled (be out of production environment) or be deleted].

* Note: access to data by third parties necessary for the provision of service or request is not considered data transfer. Establish that said third parties, especially collaborators, use the data only to provide said benefit, and the use of data for any other purpose must be done in accordance with their right to information and authorization of express consent (on their part).

At this momento, in PN they do not do data transfers to third parties set in a different country out of the European Union.

In order to meet some of the fundamental aspects of this regulatory framework (applicable in May 2018), such as the rights attributed to natural persons (data holders), we present the different rights and attach a downloadable "ad hoc" model for this purpose.

1. Access

Download Model

[i Note: The right of access is the one that has a data owner, as it may be the case, consisting in being able to know the information that the company has about you.]

2. Rectification

Download Model

[i Note: The right of rectification is the one that has a data owner, as it may be the case, consistent rectify that information / data that the company has of a data owner, such as you, and it is not updated or adequate to the reality of the data owner or is erroneous.]

3. Deletion

Download Model

[i Note: The right of suppression is the one that has a data holder, as it may be the case, consisting of suppressing that information / data that the company, and that you do not want to continue using it (information / data).]

4. Data Portability

Download Model

[i Note: This right will apply on May 25, 2018. It is designed so that PN can provide in a standard format, for example Excel, the migration / sending of data to another third party authorized by you. In order to comply with this right, you must: (a) prove that you own the data (b) identify the third party that is the recipient of the data (c) authentically authorize portability (sending data)]

5. Treatment Opposition

Download Model

[i Note: The right of opposition is that which has a data holder, as it may be the case, consisting of opposing the use of that information / data that the company has of you, and you do not want to continue using it. the same (information / data) for specific purposes, for example, not receiving commercial information.]

6. Right to withdraw consent or consents granted

[i Note: The right is that which has a data owner, as it may be the case, consisting of opposing the use of those purposes for which he gave his consent or that were treated as having a basis of legitimacy. If you, as data owner, do not want to continue using it (information / data) for specific purposes, for example, not receiving commercial information.]

Download Model

[i Note: This right will be applied as of May 25, 2018]

7. Right of Provenance

[i Note: The right to know where and how your data were obtained.]

Download Model

[i Note: This right will be applied as of May 25, 2018]

In general, the data, through this website, are obtained from the interested party. For this reason, in the case that you communicate data from third parties, you must have the authorization, consent and / or legal capacity for this purpose (communication).

We wanted to develop this epigraph, thinking of the web user, with a double objective:

1. Given that the different forms may have a specific purpose associated with it, and for which (purpose) we consider that we are legitimized in the treatment since the use and transmission of data is done by the user, you, freely.
2. To be an epigraph that is updated in time according to the modification and / or incorporation of new forms or functionalities.

In general, on the website we can find the following forms for data collection, according to what is established in this table:

As an expression of responsibility for data protection and in accordance with the new regulatory change (General Data Protection Regulation), PN undertakes to comply with the Spanish legislation for the protection of personal data. These sections are integrated into a guide and / or internal code valid for PN, and are based on principles recognized by the Spanish State and the Spanish Agency for Data Protection.

Data protection is one of the foundations of a business or trust relationship and the image of PN. Through this block, we want to bring closer the framework of the necessary conditions for the collection and subsequent processing of data. This block wants to inform the user of the criteria, values and efforts made by PN to establish an adequate level of protection of data processing of a personal nature required by the European directive on data protection and by different national regulations for the correct treatment of same.

These epigraphs associated with an internal code are limited to the company PN, that is, for PN and as well as for all companies (in charge of treatment) and their employees.

A dependent company according to this guide is considered to be any company to which PN may demand general or specific compliance with this data protection and processing guide for collaborating with it or for carrying out any action involving data processing (as well as formalizing the relationship between the person in charge of treatment through an "ad hoc" contract for the activity or service that will be provided or performed by PN).

The data protection and processing code contains the principles of security, confidentiality and consent (information) derived from the European Directive and the European Commission for Data Protection and regulatory development of the Spanish State according to the resources, means and capacities of PN.

PN is responsible for complying with the data protection and treatment code and the legal obligations included in the legal framework of the Spanish State. If you, as a user / data subject, have reason to assume that there are legal obligations that contradict what is stated in the privacy policy and epigraphs, you may inform the Data Protection Delegate of the Group (see contact information in the "Basic Information" section)

1. Honesty and legitimacy

During the collection and processing of personal data, through the websites owned by PN, PN will supervise that the personal rights of data holders are covered.

Personal data must be collected, according to the principles of consent (express and unequivocal when there is no basis for legitimacy) and information, and treated honestly and legitimately.

2. Use for specific purposes

Personal data can only be processed in relation to the purpose for which they were originally collected. For this reason, informative clauses have been established in forms or similar (unmixed / express acceptance boxes). Subsequent modification of the specific purpose / s will be possible only under certain conditions and requires an objective justification or sufficient accreditation.

3. Transparency

The data owner must be informed about the use of their data. As a general rule, personal data, through this website, are always collected directly from the interested parties. Whenever data of a personal nature is collected, the data owner must be in a position to personally recognize the following aspects, or be informed about them:

• The identity of the person responsible for collecting the data
• The purpose of data processing
• Possible third parties or categories of third parties to which the data are transferred where appropriate

For this reason, it is recommended to read the privacy policy. Especially the block "Basic Information" where the previous points are contained, and accept the same through a functionality so arranged in some of the forms.

[i Note: This information is included in section (1) of the General Information block. We advise users / holders of data that, before accepting the privacy policy, perform an approach to said information, and specifically to the point associated with the purpose of using the data.]

4. Avoid and reduce the collection and processing of data

PN, according to this block and new regulatory framework, before proceeding to the collection and subsequent processing of personal data will study the set of data necessary, and to what extent are relevant to meet the intended purpose.

To achieve this end, risk analysis and impact evaluation reports (IEI) will be carried out, whenever possible to achieve the intended purpose, and the costs are reasonable in relation to the purpose. Personal data will not be collected and processed for preventive purposes for possible future uses, unless required or permitted by current legislation at the time.

5. Deletion

PN will erase the personal data, associated with the data collected and processed in this website, which are not necessary after the expiration of the prescribed storage periods or as permitted by law, according to the data and the registered file. If, in an individual case, there are indications of a need for protection or historical interest in these data, the storage period of these data will be extended until the legal need for protection has been clarified, or until PN has assessed the relevance historical data for inclusion in the file.

6. Accuracy and current data

PN will keep the personal data as you have communicated and according to your resources and the subsequent communications that you can make in this regard, and will be updated whenever necessary or known.

[i Note: For this purpose, forms associated to this situation have been established, data update / modification, and a Data Protection Delegate has been designated, as well as a responsible / alternative contact.]

7. Confidentiality and data security

The personal data of PN are subject to an obligation of confidentiality. That is, they will be treated confidentially by their human resources (employees) and will be protected by appropriate organizational and technical measures against access by unauthorized persons, illegal treatment or illegal transfer to third parties, as well as against casual loss, modification or destruction.

[i Note: To comply with the principle of confidentiality, commitments have been established in this regard for employees and contracts of treatment / confidentiality managers for third parties (service providers).]

It is legal to collect, process and use personal data only if one of the requirements of legality described in what will be established below is met. One of the legality requirements must also be met if you wish to change the purpose of the collection, processing and use of personal data in relation to the original objective.

1. Data processing for a contractual relationship

The personal data of the interested party, the cuestomer and / or the website user can be treated for the preparation, realization or cancellation of a contract or request. This also includes the attention of the contractual user / customer, as long as it is related to the object of the contract.

Before the formalization of a contract - that is, in the pre-eminently informative phase of the contract - the processing of personal data to prepare offers, to prepare requests for products or services or to fulfill other wishes of the client is permitted. interested in order to reach the conclusion of the business relationship. It is allowed to contact potential clients or users, according to circumstances, during the pre-information phase, using the data that they have communicated or be able to offer similar products or services or that may be of interest due to the profile of potential client / user. . If applicable, the restrictions mentioned by the interested party (data holder) should be taken into account.

2. Data processing for a contractual relationship

If the interested party goes to a PN company requesting information (for example, request to send informative material about a product, act or service), the processing of their data is allowed to fulfill this desire.

The advertising and loyalty measures of customers / users require compliance with other legal requirements. The processing of personal data for advertising or market research and opinion purposes is permitted if this treatment is compatible with the purpose for which it was collected or express consent has been obtained.

The affected / data subjects (users) will be informed about the use of their data (see block of "Basic Information", purpose of use). If data is collected exclusively for advertising measures, the communication thereof, by the affected party, will always be voluntary.

If the interested party rejects the use of their data for advertising purposes, their data should not be used for this purpose and will be blocked accordingly (use of "robinson list").

3. Consent with data processing

It is possible to carry out the data processing if the interested parties have given their consent. Before requesting their consent, the interested party will be informed in accordance with section 4.3 of this block on the protection and data processing guidelines. For reasons of plausibility, the declaration of consent must always be collected in writing or electronically (acceptance of conditions in the form). Under certain conditions, such as telephone counseling, verbal consent may be granted. The consent granted will be documented.

4. Data processing due to legal permission

The processing of personal data is also legal if there are legal provisions that require, presuppose or authorize this treatment. The type and extent of data processing must be necessary for the treatment authorized by legislation, and must be carried out in accordance with these provisions.

5. Data processing due to a legitimate interest

Personal data may also be processed if necessary to safeguard a legitimate PN interest. In general, legitimate interests can be of a legal nature (for example, to execute outstanding debts) or economic (for example, to avoid contract disturbances).

The processing of personal data by reason of a legitimate interest is not permitted if there are in some particular cases indications that the protection of the legitimate interests of the interested party predominates over the interest of the responsible body in the processing of the data. The legitimacy of these interests will be examined before each data processing.

In this regard, you should understand that PN has made an effort to establish a criterion and a basis that allows it to have legitimacy about the purpose of using the data, based on the profile of the owner. This criterion is based on the fact that the company can develop its activity in order to remain in time, maintain or expand its workforce and obtain a legitimate benefit.

6. Processing of data subject to special protection

Personal data subject to special protection (health, sexual orientation, political ideas and the like) can only be treated if it is mandatory by law, or if the interested party has given their express consent. In general, PN does not collect or treat this type of data.

For the rest, the processing of these data may also be allowed if this is necessary so that the responsible body can exercise their rights, claim them or defend them against the interested party. If there is an intention to process data subject to special protection, the PN Data Protection Delegate will be informed in advance.

7. User and Internet data

Whenever personal data are collected, processed or used on the website or on integrated platforms, the interested parties will be informed about this aspect in notices about data protection and, where appropriate, about cookies. The notices about the protection and processing of data about cookies must be integrated so that they are available continuously, and that the interested party can easily recognize them and access them immediately.

If the possibility of accessing personal data in a restricted area (subject to registration) of web pages or Apps is offered, the identification and authentication of the interested party will be configured in such a way that an adequate level of protection of this access is achieved.

In case of data transfer to a recipient or to a third party located in a third state, the recipient must guarantee a level of data protection appropriate to the terms of this guide and regulatory framework for data protection of the Spanish State.

There is a case of data processing on request if a contractor is assigned the processing of personal data, without transferring responsibility for the corresponding process / commercial relationship. In these cases, a data processing agreement must be taken on request, both with the external contractor and between PN. The company (PN) that grants the order retains full responsibility for the correct implementation of the data processing. The contractor is authorized to process personal data only within the framework of the contractor's instructions.

When granting the order, the following prescriptions must be observed; the department that grants the order must ensure compliance:

1. Select the contractor (in charge of treatment) according to their suitability to guarantee the necessary technical and administrative protection measures.
2. The order must be formally granted. The instructions for the data processing and the responsibility of the contractor and the contractor must be documented in the order.
3. The standard contracts made available by Delegate of Data Protection for the different departments with capacity for this purpose will be taken into account.
4. Before the beginning of the data processing, the contractor must verify the fulfillment of the obligations by the contractor. The contractor must document compliance with data security requirements, especially by submitting an appropriate certificate. Depending on the risk of data processing, it may be necessary to repeat the control periodically during the term of the contract.
5. If the processing of the data is entrusted to a company located abroad, the applicable national requirements for the transfer of personal data to companies abroad must be complied with. In particular, only the processing of personal data of the European Union Space to a third state can be entrusted if the contractor can document a level of data protection comparable to the Spanish State regulations on data protection.

They are established as suitable instruments to give scope to what has been previously referenced:

1. An agreement of the clauses of the standard contract established by the Spanish Data Protection Agency for the processing of data by order in third states with the contractor and, where appropriate, with the subcontractors.
2. The participation of the contractor in a certification system recognized by the Spanish Agency for Data Protection to create a reasonable level of data protection.
3. The recognition by state control bodies responsible for binding rules of the contractor's company to create an adequate level of data protection.

All interested parties, data holders, you as user, can enforce the rights specified below. The responsible body must immediately process the claim of rights, and the interested parties should not be discriminated against in any way for asserting their rights.

1. The interested party may demand information about the personal data stored about him, about his origin and about the intended use.
2. If personal data are transferred to third parties, the identity of the recipient or the categories of recipients will also be reported.
3. If the personal data are incorrect, or incomplete, the interested party may demand its correction or addition.
4. The interested party may object to the processing of their personal data for the purpose of publicity, or within the framework of market and opinion studies. In this case, the data will be blocked to prevent its being used for this purpose.
5. The interested parties have the right to demand that their data to be deleted if the legal basis for the processing of the data has lapsed or has expired. The same applies in the case that the reason for the data processing has been prescribed, either for the time elapsed or for other reasons. The periods of mandatory conservation of certain documents and the legitimate rights that oppose the deletion or allow cancellation will be taken into account.
6. The interested parties have a basic right of opposition against the processing of their personal data, which will be taken into account whenever it is found that their interest in the protection of their personal data predominates because of their personal situation on the interest in the treatment of the data. This right does not apply if there is a legal regulation that prescribes the treatment of the data.

Personal data are subject to the principle of confidentiality. It is established for the employees that the collection, processing and use of data cannot occur:

(A) Without knowledge (this is directly related to the right to information)

(B) Without authorization (this concept has a direct interest in obtaining express and / or unambiguous consent).

It is considered illegal any data processing performed by an employee or third party without constituting its role in accordance with their work and without being authorized to do so. PN establishes supervisory procedures so that employees only have access to personal data when necessary and within the framework of the need for their tasks or functions. Derived from the above, PN performs an allocation and precise division of roles and privileges, as well as the implementation and updating within the framework of authorization concepts.

Employees or third parties (in charge of processing) can not use personal data for particular or economic uses, deliver them to unauthorized third parties or allow third parties access in another way. Department managers will inform their employees and will present a specific commitment, at the beginning of an employment relationship, about the obligation to observe the confidentiality of the data. This obligation will persist after the employment relationship ends.

Compliance with the data protection guidelines of this guide and current data protection laws is controlled through periodic audits and other controls. The realization will be promoted by the Delegate in Data Protection (DPD), Coordinators and Responsible (by department) of the company with control rights and / or external auditors in charge.

The results of the controls (situation controls, impact evaluation studies, audits and the like) of the data protection will be monitored by DPD. The same will transfer and inform the PN Surveillance Committee about relevant results in the framework of the corresponding information obligations.

The results of the data protection controls will be made available to the competent authorities on data protection if they request it. The competent authorities on data protection can also carry out their own controls to comply with this rule in accordance with the authorizations contemplated in the legislation.

All PN employees have the capacity and channels to communicate their superiors, their coordinator or the Data Protection Delegate (DPD) about incidents or breaches of the recommendations, guidelines or guidelines of this guide for the protection and treatment of data. The coordinator (responsible for a department) must inform the DPD, in general, and specifically, if the following cases occur:

• Receipt or illegal delivery of personal data to, or by, third parties
• Unauthorized access of third parties to personal data
• Loss of personal data. In this scenario, the communication will be carried out with the greatest speed to Responsible or DPD (management of incidents against information security), in order to be able to comply with the legal obligations of information of this type of incidents.

The Delegate for Data Protection (DPD) is an internal figure, who enjoys autonomy, who watches over the observance of national data protection requirements. It is responsible for the guidelines related to the data protection and treatment, and monitors compliance.

The Delegate for Data Protection is appointed by the PN Surveillance Committee (Administrator). The departments (their coordinators) and Centers (responsible) of PN are obliged to what the DPD establishes at all times. The specific exceptions to this rule should be agreed with the DPD. The coordinator and responsible persons must inform the DPD diligently about the risks of protection and data processing in specific areas of their activity (department or center) as a valid interlocutor.

Any interested party may contact the DPD at any time, to communicate suggestions, process inquiries, request information or submit complaints regarding the protection of personal data and the security of this data.

Those responsible for the Departments or Work Centers must take into consideration the decisions of the DPD in relation to incidents or breaches of the data protection regulations. Consultations of authorities will always be communicated to the DPD. The DPD and its collaborators are available according to the information provided in point 1.2 of BASIC INFORMATION (see 1.2 Delegate on Data Protection.