PRIVACY AND DATA PROTECTION POLICY
Respecting the provisions in the current legislation, https://www.aeorum.com (hereinafter, the Web Site) agrees to adopt the technical and organizational measures needed, according to the security level appropriate for the risk of the collected data.
- The (EU) Regulation 2016/679 from the European Parliament and Council, from 27th Abril, 2016, related to the protection of natural persons in terms of personal data treatment and data free circulation of this data (General Regulation of Data Protection, GPDR in Spanish).
- The Organic Law 15/1999, from 13th December, for Personal Data Protection (Organic Law for Data Protection, LOPD in Spanish).
- The Royal Decree 1720/2007, from 21st December, for which it is adopted the Regulation of development of the Organic Law 15/1999, from 13th December, of Personal Data Protection (RDLOPD in Spanish).
- The Law 34/2002, from 11th July, of Services of the Information Society and Electronic Commerce (LSSI-CE in Spanish).
Identity of the person in charge of personal data treatment
The person in charge of the treatment of personal data collected in https://www.aeorum.comis AEORUM ESPAÑA, S.L. (hereinafter, Person in charge of the treatment). Its contact information is the following:
Address: calle Refino, 26. 2-A. 29013, Málaga.
Contact email: firstname.lastname@example.org
Personal data recording
Personal data collected by https://www.aeorum.comthrough the forms in their sites, will be introduce in an automated file under the responsibility of the person in charge of the treatment and, properly declared and registered in the General Record of the Data Protection Agency that can be consulted in the web site of the Spanish Data Protection Agency (http://www.agpd.es),with the aim of ease, speed and accomplish the established compromises between https://www.aeorum.com and the User or the maintaining of the relationship that is established in the forms that he/she complete, or to address a request or query of it.
Principles applicable to the treatment of personal data
The treatment of the User personal data will be submitted to the following principles collected in Article 5 of the Spanish RGPD:
Principles of propriety, lawfulness and transparency: it will be required at all time the consent of the User after completely transparent information of the purposes for which personal data is collected.
Purpose limitation principle: personal data will be collected with specific, explicit and legitimate purposes.
Principle of data minimization: collected personal data will only be the data that is strictly needed in relation with the purposes for which they are treated.
Accuracy principle: personal data should be exact and always updated
Principle of limitation of the conservation period: personal data will only be kept in a way that allows the identification of the User during the time needed for the purposes of its treatment.
Integrity and Confidentiality Principle: personal data will be treated in a way that is guaranteed its security and confidentiality
Proactive Responsibility Principle: the person in charge of the treatment will be responsible of guaranteeing that the previous principals are accomplished.
Personal data categories
Data categories that are treated in https://www.aeorum.com are only identification data. At any case, special categories of data are treated in Article 9 of RGPD.
Legal base for the treatment of personal data
The legal base for the treatment of personal data is the consent. https://www.aeorum.com agrees to gather the express and verifiable agreement of the User for the treatment of its personal data for one or several specific purposes.
The User will have the right to retire its consent at any time. Retire the consent will be as easy as give it. As a general rule, the consent retirement will not condition the use of the Web Site.
In the occasions in which the User should or can facilitate its data through forms to carry out queries, request information or for reasons related to the content of the Web Site, it will be informed in case of mandatory filling out of any of them due to the indispensability of them for the correct development of the operation performed.
Purposes of the treatment to which personal data is intended
Personal data is collected and managed by https://www.aeorum.com with the aim of facilitate, speed and accomplish the compromises established between the Web Site and the User or the maintaining of the relation that is established in the forms the User fill out or to address a request or query.
Likewise, data can be used with a commercial purpose of operative and statistic personalization, and of activities of the social object of https://www.aeorum.com, as well as for the extraction, storage of data and studies of marketing to adequate the Content offer to the User, as well as improve the quality, functioning and navigation in the Web Site.
At the moment in which personal data is obtained, the User will be informed about the specific purpose or purposes of the treatment to which personal data will be destined; in other words, about the use or uses that will be given to the collected information.
Retention periods of personal data
Personal data will only be retained during the minimum time needed for the purposes of its treatment and, at any case, only during the next period: two years, or until the User asks for its suspension.
At the moment in which personal data is obtained, the User will be informed about the term during which personal data will be conserved or, when that is not possible, the criteria used to determine that term.
Personal data receiver
Personal data of the User will be shared with the following receivers or receiver categories:
Complete name or social denomination and complete address of the person(s) or company(ies) with which will be shared the personal data collected from users
In case the person in charge of the treatment has the intention of transferring personal data to a third country or international organization, in the moment that personal data is obtained, the User will be informed about the third country or international organization to which it is intended to send the information, as well as the existence or lack of an adequate decision of the Commission.
Personal data of minors
Respecting what is established in the Articles 8 from the General Regulation of Personal Data (RGPD in Spanish) and 13 from the Royal Decree of the Organic Law of Data Protection (RDLOPD in Spanish), only people older than 14 years old can give its consent for the treatment of their personal data lawfully by https://www.aeorum.com. f it is a minor of 14 years old, it will be necessary the consent of his/her parents or tutors for the treatment and this will only be considered licit as far as they have authorized it.
Secret and security of personal data
https://www.aeorum.com agrees to adopt the technical and organizational measures needed, according to the level of security appropriate to the risk of the data collected, in a way that personal data security is guaranteed and it is avoided the destruction, loss or accidental or licit alteration of the transmitted personal data, conserved or treated in a different way, or the non-authorized communication or access to that data.
The Web Site counts with an SSL (Secure Socket Layer) certificate that guarantees that personal data is transmitted in a safe and confidential manner, since data transmission between the server and the User, and in feedback, that is totally encrypted.
However, due to the fact that https://www.aeorum.com cannot guarantee the inexpugnability of Internet neither the total absence of hackers or others that access fraudulently to personal data, the person in charge of the treatment agrees to communicate to the User, without improper delay, when it occurs a security violation of personal data that it is probable that imply a high risk for the rights and freedoms of natural persons. Following what is established in Article 4 of the General Regulation of Data Protection (RGPD in Spanish), it is understood as security violation of personal data, all security violation that causes the destruction, loss or accidental or illicit alteration of the transmitted, conserved or in other way treated personal data, or the non-authorized communication or access to this data.
Personal data will be treated as confidential by the person in charge of the treatment, who agrees to inform and guarantee by a legal and contractual obligation that said confidentiality is respected by its employees, partners and all people that can access to the information.
Rights derived from the treatment of personal data
The User has over https://www.aeorum.com and could, therefore, exercises against the person in charge of the treatment of the following rights recognised in the General Regulation of Data Protection:
Access right: It is the right of the User to obtain confirmation if https://www.aeorum.com is treating or not its personal data and, if yes, obtain information about its specific personal data and the treatment that https://www.aeorum.com has carried out or carries out, as well as, among others, of the available information about the origin of that data and the receivers of the communications made or planned with them.
Rectification right: It is the right of the User to modify its personal data that is inexact or, taking into account the purposes of the treatment, that are incomplete.
Suppression right (“right to be forgotten”): It is the User’s right, provided that the current legislation does not establish the contrary, to obtain the elimination of its personal data when they are no longer needed for the purposes for which they were initially collected or treated; when the User has retired its consent to the treatment and this does not count with other legal base; when the User objects to the treatment and there is no other rightful purpose to continue with it; when personal data has been illicit treated; when personal data should be removed for the accomplishment of a legal obligation; or when personal data has been obtained as a product of a direct offer of services from the information society to a minor of 14 years old. In addition to eliminate the data, the person in charge of the treatment, having in mind the technology available and the cost of its application, it should adopt reasonable measures to inform the people in charge of treating the personal data of the form of the applicant interested in the elimination of any link to his/her personal data.
Right to treatment limitation: It is the User’s right to limit the treatment of its personal data. The User has the right to obtain the treatment limitation when it contests the exactitude of its personal data. The User has the right to obtain the treatment limitation when contests the exactitude of its personal data; when the treatment is illicit: when the person in charge of the treatment no longer needs the personal data, but the User needs it to do some reclamation; and when the User has opposed to the treatment.
Right to the portability of data: In case the treatment is carried out by automated means, the User will have the right to receive from the person in charge of the treatment of its personal data in a structured, commonly used and mechanically readable format and to transmit it to other person in charge. Whenever it is technically possible, the person in charge of the treatment will directly transmit the data to that other person in charge.
Opposition right: The User has the right to not to be carried out the treatment of its personal data or to end the treatment of it by https://www.aeorum.com.
Right to not to be object of a decision only based in the automated treatment, included the elaboration of profiles:It is the User’s right to not to be object of an individualized decision based only in the automated treatment of its personal data, included the elaboration of profiles existing unless the current legislation sets otherwise.
Therefore, the User will be able to exercise its rights through written communication aimed to the person in charge of the treatment with the reference “RGPD-EMPRESA, S.L.”, specifying:
User name, surname and copy of the ID card. In the cases the representation is admitted, it will be also needed the identification, through the same mean, of the person that represents the User, as well as que accreditive document of the representation. Copy of the ID card can be substituted by any other legally valid mean that credits the identity.
Query with the specific reason for the request or information to which it is wanted to have access.
Address for notification purposes.
Date and sign of the applicant.
Every document that accredits the addressed request.
This request and any other attached document can be sent to the next address and/or by email:
Address: calle Refino, 26. 2-A. 29013, Málaga.
Contact email: email@example.com
Claims before the control authority
In case the User considers that exists a problem or infraction of the current regulation in the way its personal data is being treated, it will have the right to an effective judicial review and to present a claim before a control authority, in particular, in the State in which it has its regular residence, work location or location of the alleged infringement. In the case of Spain, the control authority is the Spanish Agency of Data Protection (http://www.agpd.es).
Cookies are automatic procedures of information collection regarding the preferences determined by the User during its visit to the Web Site with the aim of recognising it as User and personalize its experience and the use of the Web Site. Moreover, they can also help to identify and solve mistakes.
The information collected through the cookies can include the date and visit hours in which someone visited the Web Site, web sites visited at the same time you have been in the Web Site and places visited right before and after it. However, no cookie allows itself to connect with the telephone number of the User or any other personal contact mean. No cookie can extract information from the User hard drive or steal personal information. The only way that user private information takes part of the cookie file is that the User personally gives that information to the server.
First Party Cookies
They are cookies that are sent to the computer or User device and managed exclusively by https://www.aeorum.com for the better functioning of the Web Site. The information collected is used for the improvement of the Web Site quality and its content and experience as User. These cookies allow to recognise the User as a recurrent visitor of the Web Site and its content and experience as User. These cookies allow to recognise the User as a recurrent visitor of the Web Site and adapt the content to offer it contents that fit its preferences.
The entity(ies) in charge of the supply of cookies will be able to give this information to third parties, provided that it is required by law or it is a third party who processes this information for that entities.
Social Network cookies
https://www.aeorum.com incorporates plugins of social media that allow to enter to these through the Web Site. For this reason, the cookies of social media can be collected in the User browser. The owners of these social networks have their own data protection and cookie policies, being themselves, at each case, responsible of their own files and their own privacy practices. The User should refer to these in order to inform itself about that cookies and, in the case, the treatment of its personal data
Disable, reject and eliminate cookies