Privacy Policy

INFORMATION IN COMPLIANCE WITH PERSONAL DATA PROTECTION REGULATIONS

In Europe and Spain, there are data protection regulations designed to protect your personal information, which our entity is obliged to comply with.

Therefore, it is very important for us that you fully understand what we are going to do with the personal data we ask for.

Thus, we will be transparent and give you control over your data, using simple language and clear options that will allow you to decide what we will do with your personal information.

If, after reading this information, you have any doubts, please do not hesitate to ask us.

Thank you very much for your cooperation.

WHO ARE WE?

  • Our name: Panadero AB SL
  • Our CIF / NIF: B02612604
  • Our main activity: Manufacturing of wood stoves
  • Our address: C/ Avenida 5 13/15, CP 02007, Albacete (Albacete)
  • Our contact phone number: 967592400
  • Our contact email address: contabilidad@panadero.com
  • Our website: www.panadero.com
  • For your trust and security, we inform you that we are an entity registered in the following Commercial/Public Registry:

We are at your disposal; do not hesitate to contact us.

What will we use your data for?

In general, your personal data will be used to relate to you and to provide our services to you.

Likewise, they can also be used for other activities, such as sending you advertising or promoting our activities.

Why do we need to use your data?

Your personal data is necessary to relate to you and to provide our services to you. In this sense, we will make a series of boxes available to you that will allow you to decide clearly and easily about the use of your personal information.

Who will know the information we ask for?

In general, only the staff of our entity who is duly authorized can have knowledge of the information we ask for.

Similarly, those entities that need to access your information so that we can provide our services may also know your personal information. For example, our bank will know your data if the payment for our services is made by card or bank transfer.

Likewise, those public or private entities to which we are obliged to provide your personal data due to compliance with some law will know your information. For example, the Tax Law requires providing the Tax Agency with certain information on economic operations that exceed a certain amount.

In case we need to disclose your personal information to other entities apart from the aforementioned cases, we will previously request your permission through clear options that will allow you to decide in this regard.

How will we protect your data?

We will protect your data with effective security measures based on the risks involved in the use of your information.

To do this, our entity has approved a Data Protection Policy and carries out annual controls and audits to ensure that your personal data is secure at all times.

Will we send your data to other countries?

In the world, there are countries that are safe for your data and others that are not so safe. For example, the European Union is a safe environment for your data. Our policy is not to send your personal information to any country that is not safe from the perspective of data protection.

In the case that, in order to provide the service, it is essential to send your data to a country that is not as safe as Spain, we will always request your permission in advance and apply effective security measures that reduce the risks of sending your personal information to another country.

How long will we keep your data?

We will keep your data during our relationship and as long as the laws require us to do so. Once the applicable legal deadlines have expired, we will proceed to delete them in a safe and environmentally friendly manner.

What are your data protection rights?

At any time, you can contact us to find out what information we have about you, rectify it if it is incorrect, and delete it once our relationship is over, if this is legally possible.

You also have the right to request the transfer of your information to another entity. This right is called “portability” and can be useful in certain situations.

To request any of these rights, you must make a written request to our address, along with a photocopy of your ID, so we can identify you.

In our offices, we have specific forms to request these rights, and we offer our help for their completion.

To know more about your data protection rights, you can consult the website of the Spanish Data Protection Agency (www.agpd.es).

Can you withdraw your consent if you change your mind later?

You can withdraw your consent if you change your mind about the use of your data at any time.

For example, if you were once interested in receiving advertising about our products or services but no longer wish to receive it, you can let us know through the opposition form available in our offices.

Where can you file a complaint if you believe your rights have been neglected?

If you believe your rights have been neglected by our entity, you can file a complaint with the Spanish Data Protection Agency through any of the following means:

  • Electronic headquarters: www.agpd.es

  • Postal address:

    Agencia Española de Protección de Datos

    C/ Jorge Juan, 6

    28001-Madrid

  • By phone:

    Tel. 901 100 099

    Tel. 91 266 35 17

Filing a complaint with the Spanish Data Protection Agency does not entail any cost and does not require the assistance of a lawyer or solicitor.

Will we create profiles about you?

Our policy is not to create profiles about the users of our services.

However, there may be situations where, for the purposes of providing the service, commercial purposes, or other types, we need to create information profiles about you. An example could be using your purchase or service history to offer you products or services tailored to your tastes or needs.

In such cases, we will apply effective security measures to protect your information at all times from unauthorized persons who intend to use it for their own benefit.

Will we use your data for other purposes?

Our policy is not to use your data for purposes other than those we have explained to you. However, if we need to use your data for different activities, we will always request your permission in advance through clear options that will allow you to decide in this regard.


OUR COMMITMENT TO THE PROTECTION OF PERSONAL DATA: “INFORMED PEOPLE AND PROTECTED DATA”

The Management/Governing Body of Panadero AB SL (hereinafter, the data controller) assumes the utmost responsibility and commitment to establishing, implementing, and maintaining this Data Protection Policy, ensuring the continuous improvement of the data controller with the aim of achieving excellence in compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016, concerning the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119/1, 04-05-2016), and the Spanish regulations on personal data protection (Organic Law, specific sectoral legislation, and its implementing regulations).

Panadero AB SL’s Data Protection Policy is based on the principle of proactive responsibility, according to which the data controller is responsible for complying with the regulatory and legal framework governing this Policy and is able to demonstrate it to the competent supervisory authorities.

In this regard, the data controller will adhere to the following principles, which should guide and serve as a reference framework for all its personnel in the processing of personal data:

  1. Data protection by design: The data controller will apply, both at the time of determining the means of processing and at the time of processing itself, appropriate technical and organizational measures, such as pseudonymization, designed to effectively implement data protection principles, such as data minimization, and integrate the necessary safeguards into the processing.

  2. Data protection by default: The data controller will apply appropriate technical and organizational measures to ensure that, by default, only personal data that is necessary for each specific purpose of the processing is processed.

  3. Data protection throughout the information lifecycle: Measures ensuring the protection of personal data will be applicable throughout the entire lifecycle of the information.

  4. Lawfulness, fairness, and transparency: Personal data will be processed lawfully, fairly, and transparently in relation to the data subject.

  5. Purpose limitation: Personal data will be collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.

  6. Data minimization: Personal data will be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.

  7. Accuracy: Personal data will be accurate and, where necessary, kept up to date; all reasonable measures will be taken to ensure that inaccurate personal data, with regard to the purposes for which they are processed, are erased or rectified without delay.

  8. Storage limitation: Personal data will be kept in a form that permits the identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed.

  9. Integrity and confidentiality: Personal data will be processed in a manner that ensures appropriate security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures.

  10. Information and training: One of the keys to ensuring the protection of personal data is the training and information provided to personnel involved in processing them. Throughout the information lifecycle, all personnel with access to data will be appropriately trained and informed about their obligations regarding compliance with data protection regulations.

Panadero AB SL’s Data Protection Policy is communicated to all personnel of the data controller and made available to all interested parties.

As a result, this Data Protection Policy involves all personnel of the data controller, who must be familiar with it and adopt it as their own, being responsible for applying it and verifying the data protection rules applicable to their activities, as well as identifying and contributing to improvement opportunities they consider appropriate to achieve excellence in compliance.

This Policy will be reviewed by the Management/Governing Body of Panadero AB SL as often as necessary to adapt to the current provisions regarding personal data protection.