Assadé is fully committed to complying with Spanish and European personal data protection regulations and ensuring full compliance with the obligations set forth, as well as implementing the security measures detailed in the General Data Protection Regulation (GDPR) (EU) 2016/679, of 27th April, and Law 3/2018, of 5th December, on Data Protection and Digital Rights (LOPD and GDD, hereinafter LOPD).
Pursuant to these regulations, you are hereby informed that use of our website may require that certain personal data be collected through contact forms, or by sending emails, that will be processed by Assadé, the Data Controller, whose information is as follows:
- Company Name: Assadé Idiomas, S.L.
- Trade Name: Assadé
- Tax ID Number: B66645698
- Registered Office: C/ Rafael Casanova i Comes nº1, Local 42 – 08950, Esplugues de Llobregat, Barcelona, España
- Telephone: 699 548 096
- Email: [email protected]
Collection and processing of personal data
Personal data is any information concerning a person: name, email address, postal address, telephone number, tax ID number, etc. Additionally, when the User visits our website, certain information is automatically stored for technical reasons, such as the IP address assigned by the User’s internet service provider.
Assadé, as the Data Controller, must suitably inform Users of this website about the collection of personal data that may be carried out, either by sending an email or by filling in the forms included on the site.
Only the data necessary to perform the hired service, or to be able to respond appropriately to the request for information made by the User, will be obtained. The data collected are identification data and they correspond to a reasonable minimum required to carry out the activity requested. Specifically, no specially protected data is collected at any time. Under no circumstances will Assadé use the data obtained for purposes different to the purpose agreed with the User.
Contact form/email address
Purpose: To respond to the User’s request for information made through our contact form/s.
Legitimation: The legal basis that legitimises this form of processing is the User’s consent, which may be withdrawn at any time.
Data transfer: Ionos, will process data through its servers; it will do so as the Data Processor.
Purpose: To send commercial correspondence of interest to the User. As established by LSSICE, Assadé agrees not to forward commercial correspondence without identifying it as such. For this purpose, information sent to customers in order to maintain an existing contractual relationship shall not be considered business correspondence.
Legitimation: The legal basis that legitimises this form of processing is the User’s consent, which may be withdrawn at any time.
Data transfer: Mailchimp will process data through its servers; it will do so as the Data Processor.
Registration/customer registration forms
- To manage your user registration on our website.
- To manage the purchases made.
- To provide information on the processing and status of purchases.
- To maintain a historic record of the purchases made on our website.
- To manage comments and contents.
- To send correspondence via email and/or communicate by telephone in order to inform the User of possible incidents, errors, issues and/or the status of orders.
Legitimation: The legal basis that legitimises this form of processing is execution of a contract.
Data transfer: Assadé will not transfer or communicate your data to any third parties unless legally obliged to do so or when provision of a service involves the need for a contractual relationship with a Data Processor. Thus, the User accepts that some of the personal data gathered will be provided to said Data Processors (payment platforms, management companies, intermediaries, etc.) when necessary to effectively develop a service hired or product acquired. The User also accepts that any of the services may be fully or partially subcontracted to other people or companies, which will be considered Data Processors, with which the corresponding confidentiality agreement has been signed, or who adhere to their privacy policies, as established on their respective websites. The User may oppose this transfer of their data to Data Processors by sending a written request using any of the aforementioned means.
Furthermore, in some cases when necessary, customers’ data may be transferred to certain bodies in compliance with a legal obligation: Spanish Tax Administration Agency, banking entities, Labour Inspectorate, etc.
Minimum age restriction
Only people over the age of 14 may provide personal data on this website. As required by the Organic Law on Data Protection and Guarantee of Data Rights, in the case of minors under 14 years of age, the consent of their parents or guardians will be a compulsory condition for us to process their personal data.
On the other hand, only people over 18 years old can hire our services. In the case of minors under 18 years of age, the consent of their parents or legal guardians will be a mandatory condition for us to provide the services offered, unless the minor is emancipated.
Registration of users – Passwords
When the User registers using the corresponding form, the information we gather includes the following:
- Name and surname/s
- Email address and/or telephone number
- Postal addresses
- IP address
Additionally, the User must accept the terms and conditions. Passwords may be chosen by the User. They do not expire. In order to recover their password, the User must use the specific form provided for this purpose and enter their email address.
Once registered, the User will have access to a private panel on which they may view certain contents, a record of purchases made, etc. They may also manage account options, such as their password or data.
The User may receive the following notifications:
- When registering on the platform (account validation email).
- When making purchases. These include purchase confirmation, incidents, delivery sent, etc.
- The User will receive our store newsletter if they have subscribed to it. The User may unsubscribe from our newsletter using their user panel or the corresponding links included at the end of the newsletter.
- To recover their password (specified in the previous section).
At Assadé we will block a user account if the User commits suspicious or fraudulent actions. User accounts are not deleted due to lack of use. To delete an account, the User must make a request in this regard using their user panel or by contacting us.
Assadé hereby informs Users that the necessary technical, organisational and security measures available to us have been taken to prevent the loss, misuse, alteration, unauthorised access or theft of data, and thus guarantee the confidentiality, integrity, and quality of the information contained therein, in accordance with data protection regulations in force. The personal data collected using forms are processed only by the staff of Assadé or designated processors.
The Assadé website also has SSL encryption, which allows Users to safely send their data using the website’s contact forms.
Veracity of data
The User states that all data they provide are true and correct, and they agree to keep them up to date. The User will be responsible for the truthfulness of their data and will be solely liable for any conflicts or disputes that may result from their falsification. It is essential that, for us to keep personal data up to date, the User informs Assadé whenever there has been any modification to their data.
How a User can exercise their rights
The LOPD and the GDPR grant interested parties the option of exercising several rights related to processing of their data. To do so, the User must contact us, providing a copy of documentation proving their identity (ID card or passport), by email sent to [email protected], or by written communication sent to the address provided in our Legal Notice. This request should also include the following information: the User’s name and surname, request, address, and supporting data.
The User must exercise these rights himself/herself. However, they may also be exercised by a person authorised as the User’s legal representative, when documentation attesting to such representation is provided.
The User may exercise the following rights:
- The right to access personal data, which is the right to obtain information on whether their data is being processed, the purpose of any processing that is being developed, as well as the information available on the origin of such data and the communications made or planned thereof.
- The right to rectification, where personal data are incorrect or inaccurate. The User may also request that data found to be inadequate or excessive be deleted.
- The right to request limitation in relation to processing of their data, in which case said data will only be retained by Assadé to exercise or defend claims.
- The right to oppose: the User has the right to request that their data not be processed or that processing be ceased in cases where their consent is not necessary for processing. Users may oppose commercial prospecting files or decisions related to the person concerned that are based solely on automatic processing of their data, unless further processing is required for legitimate reasons or to exercise or defend potential claims.
- The right to data portability: if the User would like their data to be processed by another company, Assadé will provide the User with a portable copy of their data in an exportable format.
If the User grants consent for a specific purpose, they have the right to withdraw this consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
If the User believes there is an issue with how Assadé processes their data, they can contact our data protection officer or the appropriate data protection authority. The Spanish Data Protection Agency (AEPD) is the control authority in Spain.
Requested information of Users’ personal data collected by contact form or by email will only be used strictly during the time necessary to fulfil the request for information, or until consent is withdrawn. The data of Users who subscribe to our newsletter will be kept indefinitely until the consent granted is withdrawn.
Customers’ personal data will be processed until the end of the contractual relationship. The particular data retention period shall be the minimum necessary, and it may be maintained for:
- Four years: Law on Social Infringements and Sanctions, related to obligations in matters of affiliation, contributions, payment of wages; Arts. 66 et seq. General Tax Act (accounting).
- Five years: Art. 1964 of the Civil Code (personal actions without special deadline).
- Six years: Art. 30 of the Commercial Code, related to accounting records and invoices.
- Ten years: Art. 25 of the Law on the Prevention of Money Laundering and Financing of Terrorism.
- No term: disaggregated and anonymised data.
The data of Users who have subscribed to our newsletter will be kept indefinitely until the consent granted is withdrawn.
In the case of candidates’ data processing (CVs), Assadé may store CVs for up to two years and refer to them in future job vacancies, unless the candidate states otherwise.
International data transfer
Assadé uses the communications delivery services of Mailchimp, which is located in the United States. Standard contractual clauses approved by the European Commission have been signed with this entity, in order to ensure the appropriate level of protection in the processing of your personal data, in accordance with the criteria established by the RGPD.
The User specifically and unequivocally grants their consent for the processing of their data and the international transfer of their data to associated companies and/or service providers.
An applicant who sends electronic communications to Assadé applying for a job authorises us to analyse the following: the documents sent (for example, their CV), all content that is directly accessible via internet search engines (for example, Google), profiles that they have on professional social networks (for example, LinkedIn), data obtained from access testing, and the information they disclose in the job interview. Using all of this information, we will evaluate their candidacy and may be able to offer them a job when a position becomes available. If the candidate is not selected, Assadé may store their CV for a maximum of two years so they may be considered in future vacancies, unless the candidate states otherwise. The legal basis for such processing shall be the consent of the person concerned, which may be withdrawn any time.
The information supplied by the User shall, in any case, be regarded as confidential and may not be used for purposes other than those described herein. Assadé is obliged to refrain from disclosing information about the User’s claims, the reasons for the information requested, or the duration of its relationship with the User.
Term of validity
This privacy and data protection policy has been drafted by EXPERTOSLOPD®, a data protection company, on June 9th, 2021. It may vary depending on changes in regulations and jurisprudence. It is the responsibility of the data holder to read the updated document in order to understand their rights and obligations in this regard at any time.