Confidentiality, professional secrecy and security are essential values for Esteyco S.A., who undertakes to assure user’s privacy. Therefore, following the principles of appropriateness, fairness and transparency of the General Data Protection (EU, 2016/679, “GDPR”), we are providing you with the following information to explain how we process the personal data that you provide when you deal with us.
Entity responsible for data processing.

ENTITY: ESTEYCO S.A.
CIF A28344083
REGISTERED OFFICE: Avda. Burgos 12B-Bajo, 28036 Madrid
Email: rgpd@esteyco.com
Telephone: 913597878

Why do we process your personal data?
At ESTEYCO we process the information you provide in order to maintain our commercial/professional relationship, manage the sending of any information that you request from us or answer any queries you may have, manage the contractual relationship between us, process your application and provide you with offers regarding our services and/or products and any events, projects and activities that may interest you and for which you have given your express consent.

How long will we keep your personal data for?
Your data will be kept until the purposes described above have been met, and subsequently to comply with our responsibilities and any legal requirements.

What is the legal justification for processing your data?
The legal basis for processing your data may be to pursue a potential or existing contractual relationship, legitimate interest, legal qualification and/or your own consent. The data that we seek is adequate, appropriate and strictly necessary and in no case are you under any obligation to provide it to us, although not doing so may affect the completion of the service or make it impossible to provide.

Who will we pass your data on to?
Esteyco will assign your data only to the Esteyco Foundation in order to manage the sending of information. Under any other circumstances we will only forward your data to third parties with your express consent or in order to comply with a legal obligation.
However, your data may be processed by providers of Esteyco who, as part of their service, may potentially have access to your data or require it to be processed in order for them fully to provide their service The corresponding Data Controller contract has been entered into with any such companies, obliging them to implement the necessary security measures to assure the confidentiality, integrity, availability and permanent robustness of data-processing systems and services, in order to avoid any loss, erasure or destruction of data or any undue or unauthorised access to it.

What are your rights when you provide us with your data?
Your data-protection rights are as follows:
– Right of access: to obtain information about whether your data is being processed, the purpose of any processing, the source of the data any assignments made or planned.
– Right of correction: to request that any of your data that is inaccurate or incomplete be corrected.
– Right of erasure: to request the removal or erasure of personal data when it is no longer needed, when consent is withdrawn, when it has been processed improperly, etc. In this case, it must be possible to block such data and subsequently erase any copies, links or reproductions of it. All the above is provided that no legal obligation or action necessary to defend claims is hindered.
– Right of objection: to request that certain processing of personal data not be carried out.
– Right to request the limitation of processing: to request that your personal data not be applied to the processing operations that would otherwise correspond.
– Right to the portability of data: to request that your data be forwarded to another entity or to yourself, in a structured, commonly used, mechanically legible format. Such a request may only be made for data that requires your consent or a contractual agreement in order to be processed, provided that the processing is done by automated means.

You may exercise these rights by writing to Esteyco at its office or to the email address provided for this purpose, rgpd@esteyco.com, including in both cases a photocopy of your identity card (DNI/NIE) or other equivalent identification document.

Models, forms and more information on your rights are available on the website of the national control authority, the Spanish Data Protection Agency (“AEPD”), at www.agpd.es.

You have the option and the right to withdraw your consent given at any time for any specific purpose, without doing so affecting the licit character of any processing based on your consent prior to its withdrawal.

Pursuant to section 22 of the Information Society Services and Electronic Commerce Act 2002 (34/2002) you may withdraw consent previously given for the sending of commercial messages by email or equivalent media by sending an email to rgdp@esteyco.com.

Security and updating of your personal data
With a view to safeguarding the security of your personal data, we inform you that Esteyco has taken all the necessary technical and organisational steps to assure the protection of any personal data provided. This is to prevent unauthorised tampering, loss, processing or access, as required by law, although there is no such thing as absolute security. In order for us to keep your personal data updated, it is important for you to inform us whenever any changes occur.

Confidentiality
Esteyco informs you that your data will be processed with the maximum diligence and confidentiality by all personnel involved in any of the stages of processing. As explained above, we will not assign or disclose your data to any third party other than the Esteyco Foundation unless it is with your express consent or in order to comply with a legal requirement.

Changes to the Privacy Policy
Esteyco may make changes to this Privacy Policy in order to adapt it to legislative changes in respect of personal data that may be made in the future and affect the policy. Whenever we update our Privacy Policy, we will take the appropriate steps to inform you, depending on the significance of the changes made. We will make sure that we obtain your consent for any major change to the Privacy Policy whenever required to do so by the applicable data-protection legislation. We advise you to check this page regularly in order to obtain the latest information on our privacy practices.