In accordance with current legislation, Pulltap’s undertakes to adopt all the technical and organisational measures necessary to ensure a level of security appropriate to the risks involved with the data collected.
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, otherwise known as the General Data Protection Regulation (GDPR).
- Spanish Data Protection Act 15/1999 of 13 December, (LOPD, by its Spanish initials).
- Royal Decree 1720/2007 of December 21 by which the implementing provisions of the LOPD are approved (RDLOPD, by its Spanish initials).
- Law 34/2002 of 11 July on Information Society Services and E-Commerce (LSSI-CE, by its Spanish initials).
Identidad del responsable del tratamiento de los datos personales
The controller of the personal data collected is: PULLTAP’S, S.L., holder of tax identification number B60716669 and recorded in the Companies Register of Barcelona, Volume 27774, Page B 123415, Entry 1.
Address: Francesc Eiximenis nº 10 , 08205-SABADELL (BARCELONA)
Contact email address: firstname.lastname@example.org
Data Protection Officer (DPO)
The Data Protection Officer (DPO) is responsible for overseeing compliance with the data protection laws to which Pulltap’s is subject. Users can contact the DPO designated by the data controller by using the following contact details:
Contact email address: email@example.com
Personal data collection
The personal data collected by Pulltap’s via the forms provided on the pages of its website will be entered into a database under the responsibility of the data controller for the purpose of facilitating, streamlining and fulfilling the commitments established between Pulltap’s and its users, managing the relationship established by means of the forms completed and submitted by users, or dealing with any requests or queries made by users.
Principles relating to processing of personal data
The processing of users’ personal data is subject to the following principles contained in Article 5 of the GDPR:
- Principle of lawfulness, fairness and transparency – Users will at all times be provided with fully transparent information stating the purpose for which their personal data is collected prior to the request for their consent.
- Principle of purpose limitation – Personal data will be collected for specific, explicit and lawful purposes.
- Principle of data minimisation – Only the personal data strictly necessary for the purposes for which it is processed will be collected.
- Principle of accuracy – Personal data must be accurate and kept up to date at all times.
- Principle of storage limitation – Personal data will only be stored in such a way as to allow users to be identified for no longer than is necessary for the purposes for which it is processed.
- Principle of integrity and confidentiality – Personal data will be processed in such a way as to guarantee its security and confidentiality.
- Principle of proactive accountability – The data controller will be responsible for ensuring the compliance with the previously stated principles.
Categorías de datos personales
Las categorías de datos que se tratan en Pulltap’s son únicamente datos identificativos. En ningún caso, se tratan categorías especiales de datos personales en el sentido del artículo 9 del RGPD.
Legal basis for processing of personal data
The legal basis for the processing of personal data is the users’ consent. Pulltap’s undertakes to obtain users’ explicit and verifiable consent for the processing of their personal data for one or more specific purposes.
Users have the right to withdraw their consent at any time. Consent will be as easy to withdraw as it is to give. As a general rule, withdrawal of consent will not affect use of the website.
Whenever users are obligated or able to provide their personal data via forms in order to submit queries, request information or for reasons related to the website content, they will be informed of the compulsory nature of certain forms because they are essential for the correct execution of the operation to be performed.
Personal data storage period
Personal data will only be stored for as long as is necessary to fulfil the purposes for which it is processed, or, in any case, until the user requests its erasure.
Personal data recipients
Users’ personal data will not be shared with third parties.
In any case, at the time when their personal data is collected, users will be informed of the recipients or categories of recipients of the personal data.
Children’s personal data
In accordance with Articles 8 of the GDPR and 13 of the RDLOPD, only children aged 14 and above are legally permitted to provide their consent for the processing of their data by Pulltap’s. If the child is under the age of 14, the consent of their parents or guardians will be required in order to process their personal data, and this processing will only be considered lawful to the extent to which it has been authorised.
Personal data integrity and security
Pulltap’s undertakes to adopt all the technical and organisational measured necessary to ensure a level of security appropriate to the risks involved with the data collected in order to guarantee the security of the personal data and to prevent the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, the personal data transmitted, stored or otherwise processed.
The website has been issued with a Secure Sockets Layer (SSL) certificate, which ensures that personal data is transferred securely and confidentially when data is transferred between the server and users, and that it is fully encrypted between users and the server.
Nonetheless, because Pulltap’s is unable to guarantee the impregnability of the Internet or the total absence of hackers or other individuals who fraudulently access personal data, the data controller undertakes to notify users without undue delay should a personal data breach occur that is likely to entail a high risk to the rights and freedoms of individuals. In accordance with Article 4 of the GDPR, ‘personal data breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
Personal data will be treated as confidential by the data controller, who undertakes to notify the user and guarantee by means of a legal or contractual obligation that this confidentiality will be observed by their employees and associates, and by any individual to whom access to this information is granted.
Individual rights regarding processing of personal data
Pulltap’s, through its data controller, is obliged to guarantee the exercise of the following rights provided for by the GDPR:
- Right of access. This refers to the right users have of obtaining, among others, confirmation of whether or not their personal data is being processed by Pulltap’s, information on the specific personal data and the processing that may be or has been performed, and the available information on the source of the data and the recipients of any disclosure made or to be made.
- Right to rectification. This refers to the right users have of modifying their personal data that may be inaccurate or incomplete, depending on the purposes for its processing.
- Right to erasure, also known as the ‘right to be forgotten’. This refers to the right users have, provided there are no overriding legal grounds to the contrary, to have their data erased where it is no longer necessary for the purpose for which it was collected or processed; where users have withdrawn their consent to processing and there are no longer any legal grounds for this action; where users object to processing and there are no other legal grounds to allow it to continue; where their personal data has been unlawfully processed; where their personal data must be erased in order to comply with a legal obligation; and where personal data has been collected in relation to the offer of information society services to a child under the age of 14. In addition to erasing the data, and taking into account the available technology and the cost of its application, the data controller must take all reasonable steps to inform other controllers who are processing the personal data of the user’s request to erase any links to their data.
- Right to restriction of processing. This refers to the right users have of restricting the processing of their personal data. Users have the right to restrict the processing of their personal data where they contest the accuracy of the data; where the processing is unlawful; where the data controller no longer needs the personal data, but the user requires it for the purpose of a legal claim; and where the user has objected to its processing.
- Right to data portability. Where processing of personal data is carried out by automated means, users have the right to obtain their personal data from a data controller in a structured, commonly used and machine-readable format, and to transmit these data to another data controller of their choosing. Where such transmission is technically feasible, the data controller is obliged to transmit these data directly to another data controller.
- Right to object. This refers to the right users have to object to the processing of their personal data and to request that Pulltap’s ceases to process them.
- Right to not be subject to a decision based solely on automated processing, including profiling: This refers to the right users have of not being subject to a decision.
Users may exercise their rights by means of a written notification addressed to the data controller with the reference ‘GDPR – www.pulltaps.com’, specifying:
- Their name, surname and a photocopy of their national identification document. Where representation is permitted, the identification of the person acting on the user’s behalf is required by the same means, in addition to a document accrediting such representation. The national identification document may be replaced by any other legally valid means of accrediting identity.
- Request with the specific reasons for the action required or information to be accessed.
- Address for notification purposes.
- Date and signature.
- Any documentation supporting the request.
This request and all additional documentation should be sent to the following postal address and/or email address:
Postal address: Pulltap’s, S.L., C/ Francesc Eiximenis, 10, 08205 Sabadell (Barcelona), Spain
Contact email address: firstname.lastname@example.org
Links to third-party websites
The website may include hyperlinks, or links, that allow access to third-party websites that are external to the Pulltap’s website and, therefore, not operated by Pulltap’s. The owners of those websites will have their own data protection policies, and they will be the controllers, in each case, of their own databases and privacy practices.
Lodging complaints with the supervisory authority
Should users believe that the way their personal data is being processed poses a problem or infringes current legislation, they have the right to effective legal protection and, in particular, to submit a complaint to a supervisory authority in the country where they habitually reside or work, or the place where the alleged infraction took place. In the case of Spain, the supervisory authority is the Agencia Española de Protección de Datos (Spanish Data Protection Agency), whose website is http:/www.aepd.es.
II. COOKIES POLICY
The information collected by cookies can include the date and time of visits to the website, the web pages viewed, the time spent on the website, and websites visited before and afterwards. However, no cookie can allow the website to contact users via a telephone number or any other means of personal contact. No cookie can extract information from users’ hard drive or steal personal information. The only way in which users’ private information can form part of a cookie file is when a user personally submits this information to the server.
These are cookies used and managed by external entities that provide Pulltap’s with the services it requests for the purpose of improving the website and the user experience when navigating the website. The main purposes of the use of third-party cookies are to obtain visitor statistics and to analyse information regarding browsing habits, which means how users interact with the website.
The information collected refers to such aspects as number of pages visited, language preference, users’ IP address location, the number of users accessing the website, the frequency and repetition of visits, the time spent during each visit, the browser used, and the operator or type of device used to visit the website. This information is used to improve the website and detect new needs in order to offer users the optimal content and/or service. In all cases, this information is collected anonymously, and trend reports are compiled for the website without identifying individual users.
You can find more information on cookies and privacy, and consult the description of the types of cookies used, their main characteristics, expiry, etc., at the following link(s):
The entity or entities entrusted with installing cookies can transfer this information to third parties whenever obligated by law or when a third party processes this information for those entities.
Social media cookies
Pulltap’s incorporates social media plugins that allow these platforms to be accessed from the website. For this reason, social media cookies may be stored on users’ browsers. The owners of those social media platforms will have their own data protection and cookies policies, and they will be the respective controllers of their own databases and privacy practices. Users should consult these for information on such cookies and, where applicable, the processing of their personal data. These privacy and/or cookies policies can be consulted for information purposes only at:
Facebook and Instagram: https://www.facebook.com/policies/cookies/
Deshabilitar, rechazar y eliminar cookies
El Usuario puede deshabilitar, rechazar y eliminar las cookies —total o parcialmente— instaladas en su dispositivo mediante la configuración de su navegador (entre los que se encuentran, por ejemplo, Chrome, Firefox, Safari, Edge, u Opera). En este sentido, los procedimientos para rechazar y eliminar las cookies pueden diferir de un navegador de Internet a otro. En consecuencia, el Usuario debe acudir a las instrucciones facilitadas por el propio navegador de Internet que esté utilizando. En el supuesto de que rechace el uso de cookies —total o parcialmente— podrá seguir usando el Sitio Web, si bien podrá tener limitada la utilización de algunas de las prestaciones del mismo.
III. ACEPTACIÓN Y CAMBIOS EN ESTA POLÍTICA DE PRIVACIDAD
Users are required to read and agree with the conditions regarding the protection of personal data contained in these Privacy and Cookies Policies, and accept the processing of their personal data in order to allow the data controller to proceed with the processing by the means, and for the period and purposes indicated. The use of this website implies acceptance of the Privacy and Cookie Policies.
Pulltap’s reserves the right to modify its Privacy and Cookies Policies according to its own needs or in accordance with changes to the law, legal precedent or the practices of the Spanish Data Protection Agency. Users will be explicitly notified of any changes or updates made to these Privacy and Cookies Policies.
These Privacy and Cookies Policies were updated on 1 June 2018 in order to adapt to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, otherwise known as the General Data Protection Regulation (GDPR).