In compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereinafter RGPD), TELECOMUNICACIONES MERCADO DIRECTO S.L. (from now on Diesl.com) hereby declares this Policy regarding the treatment and protection of personal data.
Data of the data controller
TELECOMUNICACIONES MERCADO DIRECTO S.L.
Registered office: C/ Casanova, 5 08011 Barcelona (Spain)
Contact details of the Data Protection Officer: email@example.com
Scope of application
This Policy shall apply:
Those people who visit the Diesl.com websites (hereinafter, any reference to this will also be understood to include its online shop diesl.es, subdomains and versions in other languages). Those who voluntarily communicate with Diesl.com via email, chat or fill in any of the data collection forms published on the Diesl.com website.
Those who request information about Diesl.com’s products and services or who request to participate in any of Diesl.com’s commercial actions.
Those who formalize a contractual relationship with Diesl.com by contracting its products and services.
Those who use any other service on the website that involves the communication of data to Diesl.com or access to data by Diesl.com for the provision of its services.
Any others who, directly or indirectly, have given their express consent for their data to be processed by Diesl.com for any of the purposes set out in this Policy.
The use of Diesl.com products and services requires the express acceptance of this Policy.
Diesl.com warns that, except for the existence of a legally constituted representation, no user and/or customer can use the identity of another person and communicate their personal data, so the data you provide to Diesl.com must be personal data, corresponding to their own identity, adequate, relevant, current, accurate and true. In this sense, the user and/or customer will be solely responsible for any direct or indirect damage caused to third parties or Diesl.com by the use of another person’s data or their own data when they are false, erroneous, not current, inadequate or irrelevant. Likewise, the user and/or client who communicates the personal data of a third party will be responsible for having obtained the corresponding authorization from the interested party, as well as for its consequences in the opposite case.
In the same way, the user and/or customer who communicates personal data to Diesl.com declares that he or she is of legal age, in accordance with Spanish law, abstaining in the opposite case from providing data to Diesl.com. Any information provided on a minor will require the consent or prior authorization of their parents, guardians or legal representatives, who will be held responsible for the information provided by the minor in their care.
This Policy will be of subsidiary application with respect to those other conditions regarding the protection of personal data that are established on a special basis and are communicated, without limitation, through the registration forms, contracts and/or conditions of the particular services, being therefore this Policy complementary to those mentioned in that not expressly provided in them.
Purposes of the collection and processing of personal data
Diesl.com, in its capacity as data controller, informs users of the existence of various processing operations and files in which the personal data communicated to Diesl.com are collected and stored.
The purposes of such collection and processing of personal data are as follows:
the “cookies” that Diesl.com uses in the navigation through its web pages, they are stored in the terminal equipment of the user (computer or mobile device) and collect information when visiting said web pages, with the purpose of improving the usability of the same, to know the habits or navigation needs of the users to be able to adapt to them, as well as to obtain information for statistical purposes. In the case of those users who are already customers of Diesl.com, the information collected with cookies will also be used to identify them when accessing the various tools that Diesl.com makes available to them for the management of services. In any case, users can configure their browser to disable or block the reception of all or some of the cookies. The fact that you do not wish to receive these cookies does not prevent you from accessing the information on the Diesl.com websites, although the use of certain services may be limited. If, once consent has been granted for the reception of cookies, the user wishes to withdraw them, those stored on the user’s computer must be eliminated through the options of the different browsers.
All information about the cookies used by Diesl.com is published in its Cookies Policy, available for consultation at https://www.diesl.com/politica-de-cookies/.
In the case of sending an email to Diesl.com or a communication of personal data by any other means, such as a contact form, the purpose of the collection and processing of such data by Diesl.com is to respond to queries and requests for information that arise about Diesl.com products and services.
In the case of sending an email to Diesl.com regarding your job offers, such data will be processed to participate in the recruitment procedures.
In the case of Diesl.com forms that interested parties fill in to participate in any of the commercial actions of Diesl.com, the purpose will be to enable such participation, as well as the sending of commercial and advertising communications about Diesl.com services, unless the interested party expressly expresses his opposition at the same time as the collection of their data. Notwithstanding the above, the interested party may modify his decision at any time, as many times as he wishes, through the means provided by Diesl.com for this purpose.
When contracting the services offered by Diesl.com, only those personal data will be collected that are necessary to establish the contractual relationship and enable the provision of services and remuneration of the same by customers, being such data collected and processed for the following purposes:
- The main purpose will be to maintain the contractual relationship established with the customer, in accordance with the nature and characteristics of the services contracted, contacting Diesl.com with the customer through the e-mail address, telephone or other means indicated by the latter.
- To send documentation and information related to the contracted services, as well as to send commercial and advertising communications about them or other similar ones by Diesl.com, by post, e-mail, telephone, SMS or other means indicated by the client, unless the client expressly expresses its opposition at the same time as the contract is signed. Regardless of whether or not the customer has chosen to receive commercial information from Diesl.com, the customer may modify his decision at any time, as many times as he wishes, through the specific section available for this purpose in his Customer Area.
- For the maintenance of historical records of business relations during the legally established periods.
- In those cases in which Diesl.com must access and/or process personal data in respect of which the customer has the status of data controller or data processor, Diesl.com will process such data as data processor in accordance with the provisions of Article 28 of the RGPD and as indicated in the section entitled “Diesl.com as data processor”, included in this Policy.
- In compliance with the provisions of Law 25/2007, of October 18, 2007, on the conservation of data relating to electronic communications and public communications networks, Diesl.com informs the user that it will proceed to retain and conserve certain traffic data generated during the development of communications, as well as, where appropriate, to communicate such data to the competent bodies provided that the legal circumstances provided for in that Law concur.
- For all other purposes expressly included in the Specific Conditions applicable to the product or service contracted by the customer and expressly accepted by the customer.
Period of storage of personal data
Diesl.com will keep personal data for the time strictly necessary for the fulfillment of the purposes described above. Diesl.com may keep such data duly blocked during the period in which responsibilities may arise from its relationship with the customer.
In the case of data subject to retention for the purposes of Law 25/2007, of 18 October, on the conservation of data relating to electronic communications and public communications networks, the period of retention of such data shall be that detailed in said regulations.
Recipients of personal data
The recipients of the personal data collected by Diesl.com will be the following:
The employees of Diesl.com themselves in the performance of their duties.
The suppliers of Diesl.com that intervene in the provision of the services, in the event that this is necessary for the provision of them.
The companies belonging to the Group of Companies of which Diesl.com is a member, within the meaning of article 42 of the Commercial Code, whose activity is the marketing of services of an identical or similar nature offered by Diesl.com, such as Internet presence services, managed hosting, cloud computing or advanced technological infrastructure solutions.
The judicial or administrative bodies, as well as the State Security Forces and Bodies, in the event that Diesl.com is required under current legislation to provide information related to its customers and services.
Any others who due to the nature of the service must access the data provided with it, as detailed in the Specific Conditions applicable to the product or service contracted by the customer and expressly accepted by the customer.
Users’ rights and exercise of those rights
Users may exercise the following rights recognized by the RGPD at any time:
Right of access.
Users have the right to obtain from Diesl.com information about whether personal data concerning them are being processed, to access them and to obtain information about the processing carried out.
Right to obtain a copy of your personal data.
Right of rectification.
Users have the right to have Diesl.com rectify their personal data in the event that they are inaccurate or incomplete.
Right of withdrawal.
Users have the right to have their data deleted when they are no longer necessary for the purpose for which they were provided or when the other legally established circumstances are met.
Right to limitation of processing.
Users have the right to request a limitation in the processing of their personal data, so that they are not subject to the processing operations that must correspond in each case, in those cases provided for in Article 18 of the RGPD.
Right to portability.
Users have the right to receive the personal data concerning them in a structured format, provided that such data is solely the responsibility of the user and has been provided by him/her.
Users may exercise these rights in the following ways:
If they are Diesl.com customers, users can check their personal data at any time through the “My data” section of the “Customer Area” tool, which is accessed authenticated from http://www.diesl.com/. You can also send a message through the “Contact” section of this tool, indicating the right you wish to exercise.
Whether they are customers of Diesl.com or not, users may exercise their rights by sending an e-mail to firstname.lastname@example.org by sending a request accompanied by your ID card. or valid legal document proving your identity, addressed to Diesl.com, C/ Casanova 5, 08011, Barcelona, Spain, for the attention of the Commercial Information Department, specifying the right you wish to exercise.
In cases of manifestly unfounded or excessive applications for its repetitive nature, Diesl.com reserves the right to charge a fee for administrative costs arising or the right to refuse to act on them, as provided in Article 12.5 RGPD.
Users and/or customers may contact the relevant local supervisory authority if they consider that the processing of their personal data has not been carried out in accordance with current legislation.
The data protection supervisory authority in Spain is the Spanish Data Protection Agency, whose contact details are available on its website, specifically at http://www.agpd.es/portalwebAGPD/CanalDelCiudadano/contacteciudadano/index-ides-idphp.php.
International data transfers
In those products and services of Diesl.com in which it is required to make international transfers to enable the provision of them, this circumstance will be included in the Specific Conditions that apply to the product or service contracted by the customer and accepted expressly by the customer prior to them.
Diesl.com as treatment manager
In accordance with article 28 RGPD and concordant, Diesl.com will treat the personal data in respect of which the customer is responsible or responsible for the processing, when this is necessary for the proper provision of the services contracted. In this case, Diesl.com will act as the person in charge of the treatment, in accordance with the terms indicated below:
Diesl.com will only process the data in accordance with the instructions of the customer responsible for or in charge of the processing, not using them for any purpose other than that stated in this Data Protection Policy and/or in the applicable contractual conditions.
Once the services that motivate the treatment of personal data have been rendered, they will be destroyed, as will any support or document that contains any personal data or any type of information that may have been generated during, for and/or by the provision of the services that are the object of the corresponding Conditions. Notwithstanding the foregoing, Diesl.com may keep duly blocked the aforementioned data during the period in which responsibilities may arise from its relationship with the customer.
In the event that Diesl.com uses the data for another purpose or communicates or uses them in breach of this Data Protection Policy and/or the corresponding Terms of Service, it will also be considered as the data controller.
Diesl.com undertakes, in accordance with article 28 of the RGPD, to maintain due professional secrecy with respect to the personal data to which it must have access and/or process in order to comply in each case with the purpose of the applicable Conditions of Service, both during and after the termination of the same, and undertakes to use such information only for the purpose envisaged in each case and to require the same level of commitment from any person who, within its organisation, participates in any phase of the processing of personal data under the responsibility of the customer.
In accordance with the provisions of the RGPD, the following rules shall apply in relation to the form and modalities of access to data for the provision of services:
- In the event that Diesl.com must have access to the treatment resources located at the customer’s premises, the customer will be responsible for establishing and implementing the security policy and measures, as well as communicating them to Diesl.com, which undertakes to respect them and to demand compliance with them from the people in its organisation who participate in the provision of the services.
When Diesl.com remotely accesses the data processing resources the customer is responsible for, he must establish and implement the policy and security measures in their remote processing systems, being Diesl.com responsible for establishing and implementing the policy and security measures in their own local systems.
When the service is provided by Diesl.com in its own premises, Diesl.com will include in its Register of Activities the circumstances relating to the processing of data in the terms required by the RGPD, including the security measures corresponding to such processing.
- The access and/or processing of data by Diesl.com, without prejudice to the specific legal or regulatory provisions in force that may be applicable in each case or those adopted by Diesl.com on its own initiative, will be subject to the necessary security measures for:
Ensure the continued confidentiality, integrity, availability and resilience of treatment systems and services.
Restore availability and access to personal data quickly in the event of a physical or technical incident.
Verify, evaluate and evaluate, on a regular basis, the effectiveness of the technical and organizational measures implemented to guarantee the security of the treatment.
Pseudonymize and encrypt personal data, if applicable.
The client authorizes Diesl.com, as the person in charge of the treatment, to subcontract with third parties, in the name and on behalf of the client, the storage services, custody of the backup copies of data and security, and those that were necessary to enable the provision of the contracted services, respecting in all cases the obligations imposed by the RGPD and its implementing regulations. At any time, the customer may contact Diesl.com to find out the identity of the subcontracted entities for the provision of the services indicated, which will act in accordance with the terms set out in this document and after formalising a data processing contract with Diesl.com in accordance with art. 28.4 of the RGPD.
The customer authorizes Diesl.com to perform the following actions, provided they are necessary for the execution of the provision of services. This authorisation is limited to the action(s) necessary for the provision of each service and with a maximum duration linked to the validity of the applicable contractual conditions:
To carry out the processing of personal data on portable devices only by users or user profiles assigned to the provision of services.To carry out the processing outside the premises of the customer or Diesl.com, only by users or user profiles assigned to the provision of services.
The entry and exit of media and documents containing personal data, including those included and/or attached to an e-mail, outside the premises under the control of the customer responsible for processing.
The execution of data recovery procedures that Diesl.com is obliged to perform.
com is not responsible for any breach of the obligations arising from the RGPD or the corresponding regulations on data protection by the user and / or customer in their activity and is related to the implementation of the contract or business relations that join Diesl.com. Each party is liable for its own breach of contractual obligations and rules.