1. Data controller
Asociación para la Investigación y Desarrollo del Acero Inoxidable (Cedinox), with Tax Identification Number (N.I.F) G-58118399, and registered address at calle Santiago de Compostela, 100, 28035, Madrid, Spain, recorded in the Commercial Register of Madrid under Volume 1.609, Folio 78, Section 3ª, Sheet M-17.336 e Inscrition 1ª, is the owner of the domain acerinox.es (the "Website").
To contact Cedinox please use the General Contact Form provided for this purpose on the Website.
Cedinox has a Data Protection Officer, who can be reached by e-mail via the following address: email@example.com.
2. Data collected
By simply browsing the website and using cookies, Cedinox collects data from data subjects, such as the type of browser used, their operating system and IP address, in order to improve their browsing experience and manage the website. However, please consult the Cookies Policy in order to obtain more information on the cookies used on the Website.
Additionally, in order to send queries, Cedinox will require personal data from the user, such as name, surname and e-mail address through the different contact forms available on this website. These forms will additionally indicate which personal data are compulsory, and that failure to provide this compulsory data may make it impossible for Cedinox to fulfil the request made by the data subject.
3. Purpose of the processing
Personal data of the data subjects will be processed for the following purposes:
- Provide the information that the data subject has requested through the various forms made available to the user on the Website.
- Provide the information that the data subject has requested though the corresponding email address provided through the Website.
- Perform the correct management and investigation, where appropriate, of the complaints made via the Complaints Channel on the Website.
Cedinox will only process the personal data provided for the aforementioned purposes. In the event that the information is used for a different and incompatible purpose, Cedinox will request prior consent from the data subject.
4. Legal grounds for the processing
The legal basis for the processing of personal data is the consent granted by the data subject through the sending of the corresponding form or email.
However, the processing of data carried out for the purpose of managing and investigating the complaints submitted through the Website's Complaints Channel is lawfully based on Cedinox's legitimate interest.
With regard to the cookies included in the Website, the legal basis that enables Cedinox to process the personal data of the data subject is detailed in the Cookies Policy.
5. Recipients of assignments and transfers
Cedinox is the main recipient of the data collected from the data subjects. However, in order to carry out the purpose for which the user's personal data have been collected, it is sometimes necessary to communicate this personal data to Cedinox, which are listed on this Website.
Given the international nature of Cedinox, international transfers of personal data may be carried out, although appropriate measures are guaranteed in the processing of the data at all times.
With the exception of these cases, no international transfers or further communication of data are foreseen, unless required by law.
6. Data storage
Cedinox will only store data subjects' personal data to the extent that they are necessary for the purpose for which they were collected and according to the legal basis that legalises the processing.
In particular, Cedinox shall maintain the personal data collected via the inquiries made by the data subjects for the time necessary to respond thereto, provided that the data subject has not withdrawn their consent or excercised their rights to deletion, erasure or limitation of the processing.
In the event that the data subject exercises any of the aforementioned rights, Cedinox may keep the personal data, without making use of the data, insofar as this data may be necessary for the exercise of its right of defense against potential claims or in the event that legal, judicial or contractual responsibilities could arise that should be taken care of and for which their recovery could be necessary.
In the particular case of the data contained in the Complaints Channel, this personal data shall be kept for the time necessary to carry out the reception and investigation of the alleged act. In any case, 3 months after receipt of the complaint, the personal data shall be deleted from the system.
7. Rights of the data subjects
The data subject can exercise their right to access their personal data and the information relating thereto, as well as request the rectification of inaccurate data or, where appropriate, request the deletion thereof when the data are no longer necessary for the purposes for which they collected, or request the portability of their data, where appropriate. The data subject may also request the limitation of the processing of their personal data.
In the event that the personal data have been collected in order to respond to the inquires raised, the data subject may, in addition to the aforementioned rights, withdraw their consent at any time, without affecting the legality of the processing made before the withdrawal of consent.
The data subject may exercise the aforementioned rights, under the terms and conditions provided for in current legislation, by writing to the registered office of Cedinox, at calle Santiago de Compostela, 100, 28035, Madrid, Spain or through the email firstname.lastname@example.org, indicating the right they wish to exercise and attaching a scanned copy of their ID or equivalent document valid in law to prove their identity.
In the event that the data subject does not obtain a satisfactory response in the exercise of their rights, they can contact the Data Protection Officer through the email address email@example.com or file a claim to the competent data protection authority.
8. Security measures
Cedinox has adopted the appropriate technical and organisational measures to guarantee an adequate level of security for the personal data it processes and has implemented other means and additional measures within its capacity to prevent the loss, alteration, processing or unauthorised access to personal data.