PRIVACY POLICY

1. Introducción.

We have a high level of commitment to the privacy of individuals, so the protection of personal data is important to us.
We process the data in accordance with the provisions of the General Data Protection Regulation (EU) 2016/679, Organic Law 3/2018 on the Protection of Personal Data and Guarantee of Digital Rights and other current regulations in this regard.
This Privacy Policy has been revised in August 2024 to comply with the information and transparency duties of the website itself and the general duties of the controller, to provide any type of interested party and not only the users of the website with the general terms of the controller in the matter. Variations may exist until their next revision.

2. ¿Quién es el responsable de tratamiento de sus datos?

Responsible: ACEL STORE S.L.U.
NIF/CIF: B42881060
Address: POL. IND. SAPRELORCA, AVDA. RIO JUCAR, P. 3, N. 5. 30817 LORCA (MURCIA)
Email: administracion@acelcel.es

3. ¿Cuál es el origen y tipo de datos que tratamos?

The source of the information we process may be any of the following categories:
• Paper, electronic or digital forms.
• Communication and messaging systems: email and messaging applications, telephone, etc.
• Other lawful sources and sources of information.
The different categories of data that we may process depending on the type of data subject (user, customer, supplier, employee, etc.) and the nature of the activity of the controller and the different data processing are:
• Identification data, for example: name and surname, image.
• Identification codes or keys, for example: username, employee code.
• Postal or electronic contact addresses, for example: telephone, email, profile on social networks.
• Data on personal and professional characteristics, for example: age, date of birth, qualifications, professional experience, CV.
• Economic, financial and insurance data; for example: bank details, credit card, etc.
• Economic and non-economic payroll data and other information of a labor nature; for example: job title, payroll document, etc.
• Transaction data, e.g., goods and services supplied and received.
• Special category data, e.g., health, union membership, racial origin.
• Other data and information necessary or implicit in the development of our activities, services and purpose.
MANDATORY OR OPTIONAL NATURE OF THE INFORMATION PROVIDED BY THE INTERESTED PARTY.
The data subject, by ticking the corresponding boxes and entering data in the fields, marked as mandatory (for example, with an asterisk) in the contact form or presented in download forms, expressly, freely and unequivocally, accepts that their data are necessary to respond to their request, by the controller, the inclusion of data in the remaining fields being voluntary.
The interested party guarantees that the personal data provided to the controller is true and undertakes to communicate any modification to them. The data requested through the website, indicated as mandatory, are necessary for the provision of an optimal service to the interested party. In the event that not all data is provided, there is no guarantee that the information and services provided will be completely tailored to your needs.

4. ¿Con qué finalidad tratamos sus datos personales?

In general, the data is processed to successfully carry out the actions implicit in the normal development and management of the activity of the data controller. Although we can specify different processing purposes depending on the possible existing categories of data subjects:
• Customers and potential customers: management and maintenance of commercial, pre-contractual and contractual relationships; internal administration; economic management; advertising and marketing, customer service.
• Employees, creditors and suppliers: management and maintenance of commercial relationships, internal administration and economic management.
• Workers: management, development and maintenance of the employment relationship, human resources management, communications, training activities, prevention of occupational risks, registration of the working day and other purposes derived from legal obligations and development of labour relations.
• Candidates: management of CVs received, management of job offers and personnel selection.
• Web and social media users: user service and management of communications between the parties.
• Visitors: visitor service and access control to the facilities.
• The existing information of any other category of interested parties processed by the controller will be done within the framework of its activity, strict compliance with the applicable rules and under the general criteria of this Privacy Policy.
Other general purposes that the controller can implement are:
• Preparation of a commercial profile, with the aim of improving your experience by personalising offers and communications. No individualised decisions will be made based on this profile and action will be taken from legitimate interest.
• Video surveillance, for the security of property and people, as well as the corresponding labor control based on legitimate interest.
• Telephone switchboard, in order to record communications for security, guarantee and quality of care, based on legitimate interest.
• Analysis of financial risks and control of monetary obligations. In the case of debtors with certain, overdue and payable outstanding payments, the responsible party may communicate this circumstance to credit solvency files, debtor files, and debt management or collection services, among others, based on legitimate interest.
• Communications: development and execution of communications through the available data and means of contact (e-mail, instant messaging, etc.) with categories of internal stakeholders (workers) and external stakeholders (customers, potentials, collaborators, suppliers, etc.). The purposes of such communications may be informational, organizational, commercial, and advertising, as appropriate based on informed consent and the legitimate interest of the controller.
• Other purposes derived from the nature of the person responsible, motivated by the normal development and exercise of their activity, from a valid legitimating basis.

5. ¿Por cuánto tiempo conservaremos sus datos?

In general, personal data will be kept at least as long as there is a relationship with the interested party, as long as their deletion is not requested, as long as responsibilities may arise or as long as there is any legal provision for conservation.
With regard to the data of candidates and job seekers, they will be deleted immediately when they are not of interest to the controller.
The data controller has an inventory of storage periods in its data protection plan that it observes to manage the different applicable retention periods.
The deletion of the data will be carried out in any case ensuring their confidentiality.

6. ¿Cuál es la legitimación para el tratamiento de sus datos?

The controller observes and applies the different existing legal bases that are applicable to each processing purpose. These are:
a) Informed consent of the interested party.
b) Pre-contractual or contractual commitments.
c) Legitimate interest of the controller.
d) Applicable legal obligations.
e) Other legally prescribed legal bases of legitimation.

7. ¿A qué destinatarios se comunicarán sus datos?

The data of the interested parties will not be communicated to any third party by default, except: a) auxiliary services, authorised processors or other third parties implicit in the correct provision of the goods and services; b) competent public authorities and administrations in the exercise of their functions; c) other legitimate interested parties and legally provided third parties.

8. ¿Cuáles son sus derechos cuando nos facilita y/o tratamos sus datos?

As a data subject, you may at any time request us to exercise any of the following rights that assist you in terms of data protection:
• Access to the personal data of the data subject to confirm whether or not data concerning him or her is being processed and to obtain more information about this processing.
• Rectification or deletion of personal data concerning the data subject when, among other reasons, they are inaccurate or are no longer necessary for the purposes for which they were collected.
• Limit the processing of the data subject’s personal data in certain circumstances, in which case they will only be kept for the purposes of exercising or defending claims, for the protection of the rights of another person or for reasons of public interest.
• To receive the personal data concerning you, which you have previously provided to us, and in structured format where possible. (Portability of your data).
• Object to the processing of your data in certain circumstances and for reasons related to your particular situation. The company will stop processing your data, except for compelling legitimate reasons, or the exercise or defence of possible claims.
• Revoke consent, which may lead to the annulment or cancellation of the existing business or contractual relationship, if any. Without prejudice to the processing carried out prior to the withdrawal of consent.
To do so, you just have to contact us through the email or postal address indicated at the beginning.
Optionally, you can also contact our designated data protection officer, or the Data Protection Agency to find out more about your rights or request the protection of these rights by the supervisory authority.

9. Seguridad de los datos.

We adopt the necessary technical and organisational measures in our information system to guarantee an adequate level of confidentiality, integrity, availability and resilience of the data in order to protect the rights and freedoms of the data subjects.
The controller complies with the provisions and principles described in the GDPR to process data lawfully, fairly and transparently in relation to the data subject, and in a manner that is adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
However, to the extent permitted by law, we do not assume any liability for damages caused by alterations that third parties may cause to our information system. Any security breach will be conveniently and immediately communicated to the competent authority and/or State security forces and bodies.

10. Envío de comunicaciones o información.

Our policy regarding sending information through telematic means (e-mail, instant messaging, etc.), is limited to sending only communications that we consider of interest to our users and interested parties, in relation to the functions and activity of the company, or that you have consented to receive.
If you prefer not to receive these messages, we will offer you the possibility of exercising your right to cancel and waive the receipt of these messages, in accordance with the provisions of Title III, article 22 of Law 34/2002 on Services for the Information Society and Electronic Commerce.

11. Redes sociales.

The responsible party may have a presence on social networks through the corresponding profiles, this section and any legal and privacy terms present on the website for the processing of data of users or interested parties who become followers or in any way are linked to said profiles.
The purposes of use of these profiles by the controller are communication, commercial development, marketing and advertising, to process queries made to the controller and user service, to inform about actions, activities and events organised by the controller or in which the controller participates, and to interact through the official profiles.
The legal bases set out in section 6 above are complemented in this case because the user or interested party may have a profile on the same social network as the controller and has decided to join or connect with the controller’s profile, thus showing interest in the information published by the controller. Therefore, when following the profiles of the controller, they provide their consent for the processing of the data available in their profile.
The user can access the privacy policies and terms of the corresponding social network at any time, as well as configure the privacy features that may be carried out in their profile. The publications made by the user will be known by other users, so the user himself is primarily responsible for his privacy.
Users who follow and/or participate in our profiles will abstain:
a) Publishing content or information contrary to the Law, morality, and good faith. Any use or behavior that is illicit, annoying, inappropriate, that may generate negative opinions on the profile or that violates the rights of people is not allowed.
b) Of behaving in a manner contrary to the principles of legality, honesty, responsibility, protection of human dignity, protection of minors, protection of public order, protection of privacy, consumer protection and intellectual and industrial property rights.
The controller reserves the right to remove any content deemed inappropriate without notice. Likewise, the user is released from any responsibility in relation to the security measures corresponding to each platform, and the user must be aware of them together with the legal terms and conditions of use of the platform itself.
The person responsible will be expressly exonerated from any liability that may arise from the use of social networks by minors or people with special abilities. The controller’s social networks do not knowingly collect any personal information from minors, therefore, if the user is a minor, they should not register, or use the controller’s social networks, or provide any personal information. Particularly in Spain, the processing of a minor’s personal data may only be based on the age of 14. On the other hand, if any rule or regulation so requires, or the user has special capacities, the intervention of the holder of his parental authority or guardianship, or his legal representative by means of a valid document accrediting the representation, will be necessary.