Privacy Policy

Privacy policy

  1. Object

The purpose of this Privacy Policy is to inform people (hereinafter, users or interested parties) who visit our website (hereinafter, website, website or the website) about the way in which we collect, process and protect the personal data that you decide to provide us with by any means (forms, e-mails, telephone, contracts, etc.) and, after reading it, freely decide whether you wish us to process it. Additionally, it will serve to expand on the information that we have previously provided to the interested parties in the informative clauses provided in the processes for collecting their personal data.

Furthermore, this policy aims to comply with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter RGPD) and with Organic Law 3/2018 of 5 December on the Protection of Personal Data and guarantee of digital rights (hereinafter LOPDGDD).

  1. Who is the controller of your personal data?

 

Identity – Entity: VALRESA COATINGS, S.A.
CIF/NIF: A46030169
Postal address: Avda. dels Gremis, s/n. 46190, Riba-roja del Túria (Valencia) España.
Telephone: (+34) 961669560
E-mail: valresa@valresa.com
Company object: Manufacture and marketing of paints and varnishes
Website: https://nitorlack.com/
Registration data: Registro Mercantil de VALENCIA Tomo 3226, Libro 540, Folio 88, Sección 8, Hoja V 7601
  1. What personal data will we process and how do we collect it?

For the development of our business activity, it is essential to process personal data whose collection can be done by digital means (e.g. email, web forms or questionnaires), by filling in paper documents (e.g. contracts or forms) or through face-to-face or telephone conversations and in any of these cases the data will be processed in a fair, lawful and transparent manner.

The categories of data that our entity will process about data subjects are:

  • Identifying data: name and surname, ID card or equivalent document and signature.
  • Contact details: telephone, email, postal address.
  • Commercial data: estimates, purchase conditions, management and history of services and/or purchases, results of contacts (telephone, email, messaging and other communication channels).
  • Access data: access codes to “my account” for online customers.
  • Accounting data: control of income and expenses, invoicing data.
  • Bank details: bank accounts and bank cards.
  • Transaction of goods and services: transfers and direct debits, amounts and concepts.
  • Browsing data: analysis of time spent on our website, pages visited, demographic data (e.g. age, gender, language).

We will not collect special category data (e.g. health data, ethnic origin, political opinions or religious beliefs), but if it is necessary to process them, we will inform you and ask for your prior express consent.

Consequently, the data requested will be adequate, relevant, limited to those strictly essential and necessary, processed only by personnel and/or collaborators authorised by our entity, who will have signed a confidentiality commitment and undertake to comply with the necessary security standards that guarantee the confidentiality, integrity and availability of the data processed and other legal requirements established in the RGPD. Therefore, they will be treated within the law.

The data to be processed are provided by the interested party or their legal representative, although it may be the case that we delegate some functions to certain collaborators and they are responsible for collecting your data, but they will always be processed with your prior express consent.

In the event that a data subject does not provide the data we request or provides incomplete or incorrect data, it will not be possible to fulfil and maintain the relationship with the data subject.

The categories of data that we may process about an individual will depend on the relationship that the individual has with our organisation, as shown below:

Customers:

Data of an identifying, contact, commercial, accounting, banking, transaction of goods and services, financial, access data will be processed and may be collected only if you provide them to us.

Information seekers:

Whether the information requested is by telephone or in writing (e.g. email or web forms), we will request and process your identification, contact and business data.

Suppliers:

Identification, contact, commercial, commercial, accounting, banking, transaction of goods and services and financial data will be processed. These data may be processed during all stages of the business relationship.

Social network users:

We are present in different social networks and may process identification, contact, commercial and other data that the user enables to be displayed or shared with other users of the social network, including curricular data (e.g. LinkedIn). For more information, please see our Social Media Policy.

Claimants:

We will process identification data, contact data and personal information about yourself or third parties that you want to let us know in relation to the complaint that you send us.

Web users:

When visiting our website and only if expressly authorized by the user, analytical data (e.g. time of visit or pages viewed) including demographic data (e.g. gender, age, country or language) may be collected. For more information visit our Cookie Policy.

More information for those interested:

The information legally established in the corresponding informative clauses included in the different means of data collection will be made available to the interested parties, so that they can freely and expressly decide whether they want the personal data requested to be processed by our entity.

All categories and types of personal data processed will be duly identified in the corresponding processing activities owned by our entity.

  1. What will your data be processed for?

In general, the purpose of the processing of personal data carried out by our entity is to comply with and maintain the relationship with different groups of people, such as customers or suppliers. Also with other people who contact us proactively through our web forms, by telephone or in person, by email or post, as would be the case of job applicants or information seekers, users of our website/blog or social networks and interested parties in general.

Depending on this relationship, your data will be processed for different purposes, which, by way of example but not limitation, are detailed below:

Customers:

Your personal data will be processed to identify, fulfill and maintain the pre-contractual and contractual relationship  including sending commercial communications by different means, answer queries,  performing quality control and business statistics, for the provision of our services and / or sale and delivery of goods, for accounting and billing management, transaction  of goods and services, collection management, incident management, claims and exercise of rights, as well as for other purposes to which we are obliged to comply with this relationship, the laws to which we are subject and to comply with our legitimate interests.

Information requesters:

We will process your personal data to deal with your requests for general information, to identify you, to send you information about goods and/or services of interest to you, including in our reply (verbal, written or digital) commercial information related to the request.

Suppliers and partners:

Your personal data will be processed for the purpose of maintaining the business relationship, whether for the request of quotations, for the purchase of goods or contracting of services, to identify you, for accounting management, to carry out transactions of goods and services, as well as for other purposes necessary to comply with this relationship, with our legal obligations and legitimate interests.

Social network users:

We will treat your personal data to maintain the relationship as users of the same social network, to identify you, to contact you, to share news and other personal data that you allow to share with the rest of the components of the social network. For more information, please see our Social Networking Policy.

Complainants:

Personal data will be processed in order to identify you, to deal with your complaint and to contact you about the status of your complaint, and to comply with our legal obligations and legitimate interests.

Web users:

Data may also be processed for different purposes (e.g. analysis of visits) by accepting the installation of cookies when visiting our website. For more information visit our Cookie Policy.

More information for those interested:

The information legally established in the corresponding informative clauses included in the different means of data collection (e.g. forms, locutions, contracts, etc.) and in others that we will make available to you (e.g. badges, invoices, legal notices, etc.) will be made available to the interested parties, so that you can freely and expressly decide whether you want the personal data requested to be processed by our entity.

In the event that you do not provide the information we request or that incomplete or erroneous information is provided, it will not be possible to deal with your request for information or to contact you.

The data will not be processed further or for purposes other than those accepted by the data subjects.

The purposes for which personal data are processed will be duly identified in the corresponding processing activities owned by our company.

 

  1. Why do we process your data (legitimation)?

The processing of your personal data by our company is carried out on one or more of the following legitimate bases:

  1. When you give us your express, free, informed and unequivocal consent, after being informed at the time of collecting your data and more broadly with this privacy policy, that after reading it and if you agree, you can voluntarily authorise us to process your data for one or more purposes, by ticking the boxes provided for this purpose on our web forms.
  2. For the performance of a contract to which you are a party or for which you have requested us to take pre-contractual measures.
  3. Where the processing is necessary for compliance with a legal obligation applicable to us.
  4. When the processing is necessary for the fulfilment of legitimate interests pursued by us or by a third party, provided that such interests are not overridden by the interests or fundamental rights and freedoms of the data subject. In this regard, we inform that our entity has carried out an analysis weighing our legitimate interests with the rights and freedoms of the data subject, always respecting his or her fundamental rights.

In the event that the user is under 14 years of age, it will be necessary to have the consent of the parents, guardians or legal representative, to process their data. The user is solely responsible for the veracity of the data he/she sends us.

  1. Data preservation:

The personal data provided will be retained for as long as we maintain the relationship with you and for as long as necessary to fulfil the purpose for which your data was collected.

At the end of this relationship, we will keep them blocked in cases where it is necessary to retain them until the statute of limitations expires for the sole purpose of claims or legal action, as well as to comply with our legal obligations, for example:

Interested parties Sectoral scope Legal basis Conservation period
·        Customers-                 Suppliers Accounting Art. 30.1 R.D. Código de Comercio ·        6 years from the last seat
·      Customers – Suppliers Prosecutor Art. 66 Ley General Tributaria 58/2003 (General Tax Law 58/2003) ·                       In case of losses during the financial year: 10 years

–         Invoices: 5 years

  1. Profiling

We do not profile or make automated decisions using your personal data, but if we do, we will inform you and ask for your prior permission to do so.

You also have the right to object to such processing at any time by writing to us at valresa@valresa.com.

 

  1. Transferof data.

As a general rule, our entity does not transfer personal data to third parties without prior consent, although it will be necessary to do so in the following cases:

If you are a customer or supplier, your personal data may be transferred to third parties by legal obligation (e.g. Tax Agency), or in those cases and entities necessary to provide you with our services (e.g. transport companies for the delivery of your orders).

Likewise, your personal data as a client or supplier may be processed by certain suppliers to whom we delegate some of our obligations (e.g. accountants) and all of them have committed themselves by means of a data processor contract to comply with the same security measures implemented by our entity, as well as to submit to the duty of secrecy and confidentiality of the personal data processed, among other obligations regarding personal data protection.

If you are an information requester or user of our website, your data will not be passed on to third parties, unless we are legally obliged to do so.

In general terms, we may disclose your personal data to the Judges, Courts, the Public Prosecutor’s Office and/or to the competent Public Administrations in the event of possible claims when we are obliged to do so.

 

  1. International data transfer.

In the case of transfers to third parties located in countries outside the European Economic Area, we will inform you and ask for your prior express consent.

 

  1. Security measures

Our company has implemented all the necessary technical and organisational measures to protect the personal data processed, preventing their loss, theft or unauthorised use.

These measures have been created on the basis of the type of data processed and the purposes for which it is processed. These are regularly verified in our internal controls of compliance with personal data protection regulations and by means of external audits.

 

  1. Your Rights

You, as the owner of your personal data and acting on your own behalf or through your legal representative (e.g. persons under 14 years of age) can contact us at any time and ask us to exercise your rights regarding the protection of personal data.

We explain what these rights are:

Right of Access:

You have the right to know and to ask us at any time to know the following information:

  • Whether or not we are processing your personal data.
  • The purposes of the processing, as well as the categories of personal data to be processed.
  • The origin of your data, if not provided by you.
  • The recipients or categories of recipients to whom my personal data have been or will be disclosed, including, where applicable, recipients in third parties or international organisations.
  • Information on appropriate safeguards concerning the transfer of my data to a third country or to an international organisation, where applicable.
  • The expected retention period or, if this is not possible, the criteria for determining this period.
  • If there are automated decisions, including profiling, meaningful information on the logic applied, as well as the significance and intended consequences of such processing.
  • A copy of your personal data which are subject to processing.

Right of rectification:

Ask us to rectify your personal data if it is inaccurate, and to complete it if it is incomplete.

Right of Opposition:

You can object to the processing of your data if it is incorrect or no longer necessary.

In the event that you act in the capacity of a respondent or person concerned by a complaint under Law 2/2023, you may not exercise your right of objection, as it is presumed (upon proof to the contrary) that there are grounds that legitimise the processing of your personal data, in accordance with the provisions of article 31.4 of the Law.

Right of Suppression:

Ask us to delete your data, for any of these reasons:

  • Your data are no longer necessary for the purposes for which they were collected or processed.
  • You have not consented to the processing of your data.
  • Where he has exercised his right to object.
  • When the data have been processed unlawfully.
  • When the data must be deleted in order to comply with a legal obligation.

 

Right to restriction of processing:

You may ask us to exercise this right in one or more of the following situations:

  • Where you contest the accuracy of your data, for a period of time that allows the data controller to verify the accuracy of the data.
  • Where the processing is unlawful and you object to the erasure of your data and request instead the restriction of their use.
  • Where the data are no longer required for the purposes of processing, but the data subject needs them for the purpose of making, exercising or defending claims.
  • Where you have objected to the processing pursuant to Article 21(1), while it is being verified whether the legitimate grounds of the controller outweigh those of the data subject.

 

Right of Portability:

This refers to the right to obtain data relating to you, in a structured, commonly used and machine-readable format, and to transmit it to another controller for further processing.

The right not to be subject to automated decisions:

The right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects on him or her or similarly significantly affects him or her.

To exercise any of your rights, you should write to our entity either by post to the following address: Avda. dels Gremis, s/n. 46190, Riba-roja del Túria (Valencia) Spain. or by e-mail: valresa@valresa.com, stating the rights you wish to exercise, accompanied by a copy of your ID card or equivalent document to know about whom we must provide the requested information and your contact details to send you our reply. If you are acting on behalf of another person, you must provide proof of representation.

If you have any suggestions or queries about the processing of your personal data, you can contact our data protection consultants, indicating our company name or trade name, at:

BUSINESS ADAPTER, S.L.

Ronda Guglielmo Marconi, 11, 26, (Parque Tecnológico) 46980 Paterna (Valencia).

Contact form for interested parties

We inform you that you have the right to make a complaint to the Spanish Data Protection Agency at: C/ Jorge Juan, 6, 28001 Madrid or at www.aepd.es.

  1. Commitment to Personal Data Protection

Scope of application

Our commitment to the protection of personal data shall be binding on all departments and employees of our company, as well as third parties acting on our behalf.

Objeto

We have established protocols for the processing of your personal data, in accordance with the provisions of European and Spanish data protection regulations.

Principles

We will treat your data lawfully, fairly, transparently, with data minimisation, accuracy, retention period limitation, completeness, confidentiality and active accountability.

Special category of data

Our entity prohibits the processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, the processing of genetic or biometric data, data relating to health or data relating to sexual orientation, except in the legally authorised exceptions and with the prior consent of the data subject.

Rights of data subjects

Our entity will attend to and respond as quickly and diligently as possible to your requests to exercise your rights.

Registration of Activities, Impact Assessment and Security Measures

We will keep a record of processing activities and analyse the purposes of processing, categories of data subjects and data, recipients, international transfers, retention periods, etc., in order to assess the risks of processing and implement the necessary security measures to ensure the confidentiality, integrity and availability of personal data.

Likewise, for each processing activity, the need to draw up an Impact Assessment and determine whether there is an obligation to appoint a Data Protection Officer has been analysed, establishing, if necessary, that the person appointed to this post has sufficient knowledge and experience in accordance with the provisions of the regulations in force.

Control

We have external help to advise us on this matter, monitoring all the publications  made by the competent control bodies and other European and Spanish entities related to data protection regulations, in order to comply with these regulations at all times.

  1. Updating this Policy

We reserve the right to modify this policy without prior notice. We therefore recommend that you consult it each time you visit our website.

Text updated on 19 December 2023

Shopping Cart
Scroll to Top