Privacy policy
Information to comply with the European data protection regulation.
Purpose
At GESI we process information provided by interested parties in order to:
- Manage and monitor our customer portfolio.
- Maintain the customer relationship for invoicing and payment collection.
- Manage the sending of information requested from us.
- Provide interested parties with offers of products and services tailored to them, as well as upcoming events or relevant news.
Non-acceptance of this purpose means we will be unable to inform you of our updates and events.
GESI commits to fulfilling its obligation regarding the confidentiality of personal data and its obligation to protect it, and to adopting the necessary technical and organisational measures to maintain the required level of security with regard to the personal data processed. It is also equipped with the necessary mechanisms at its disposal to prevent, insofar as possible, unauthorised access, unlawful theft and modification and data loss, always taking into account the state of technology and in compliance with applicable legislation. GESI accepts no responsibility for unlawful theft, modification or loss of data.
The User is solely responsible for the accuracy and correctness of data provided to GESI, which accepts no responsibility for any lack of accuracy or correctness of such data.
Data retention
Data for managing the customer relationship and invoicing and payment collection of services will be retained for as long as the contract remains in force. Once that relationship ends, data may be retained for the time required by applicable legislation and until any potential liabilities arising from the contract expire.
Data for sending commercial communications about our products or services will be retained indefinitely until you express your wish to have them deleted.
We will not retain your personal data for any purpose longer than necessary and will only retain the personal data necessary in relation to that purpose. We must also retain certain information in accordance with the law or for as long as is reasonably necessary to comply with regulatory requirements, resolve disputes, prevent fraud and abuse or enforce our terms and conditions.
Legal basis
The legal basis for processing your data is the performance of the corresponding service provision.
Prospective marketing of products and services to customers is based on the satisfaction of our legitimate business interest in being able to offer our customers the purchase of other products or services and thereby secure their loyalty. This legitimate interest is recognised by applicable legal regulations (General Data Protection Regulation), which explicitly permits the processing of personal data on that legal basis for direct marketing purposes.
The basis for sending commercial communications to non-customer users is the consent that has been requested, and may be withdrawn at any time. Withdrawal of that consent will in no way affect the performance of the contract, but data processing carried out for that purpose prior to withdrawal will not lose its lawfulness by the fact that consent has been withdrawn.
However, we remind you that you have the right to object to this processing of your data, and you may do so by any of the means described in this Policy.
Recipients
Your data will be communicated to the following entities:
- To the financial entities through which payment collection and processing is managed.
- To the competent public authorities, in the cases provided for by law and for the purposes defined therein.
International data transfers
None are carried out.
Automated decision-making
We will not create a commercial profile based on the information provided. No automated decisions will be made on the basis of such a profile.
Source of data
We inform you that we collect data only from you, without obtaining it from other sources.
Rights
Any person has the right to obtain confirmation as to whether GESI is processing personal data concerning them, and to the following information: the purposes of processing; the categories of data being processed; the recipients or categories of recipients to whom the data has been or will be communicated; where possible, the expected period for which personal data will be retained, or, if not possible, the criteria used to determine this period.
Data subjects have the right to access their personal data, and to request the rectification of inaccurate data or, where appropriate, to request its deletion when, among other reasons, the data is no longer necessary for the purposes for which it was collected.
Data subjects may request the deletion of personal data concerning them when one of the following circumstances applies: the data is not necessary in relation to the purposes for which it was collected or processed; you withdraw consent and the processing is not based on another legal ground; you object to the processing and there are no other legitimate reasons for the processing; the data has been unlawfully processed.
In certain circumstances, data subjects may request the restriction of processing of their data, in which case we will retain it only for the exercise or defence of claims.
In certain circumstances and for reasons related to their particular situation, data subjects may object to the processing of their data. GESI will cease processing the data, except for compelling legitimate reasons, or the exercise or defence of possible claims.
Data subjects have the right to data portability, which means that the personal data of the data subject is transmitted directly from one controller to another without needing to be transmitted to the data subject first, provided this is technically possible.
Data subjects have the right to withdraw consent given at any time.
Exercise of rights: The exercise of rights must be carried out in writing, to the email address rgpd@gesi.es or in writing to: GESI SL, Avenida República Argentina, 24 Planta 2, 41011 - Sevilla.
Right to lodge a complaint with the supervisory authority: If your rights have not been respected, you may lodge a complaint by writing to the Agencia Española de Protección de Datos, located at calle Jorge Juan, 6, 28001 - Madrid, or by using the electronic office: https://sedeagpd.gob.es. In both cases, you must attach the relevant documentation.
You can also find information on the website of the Agencia Española de Protección de Datos: https://www.aepd.es.