Privacy policy

Personal data processing

Entity in charge of processing personal data ( + information)

MARSU S.L.
• CIF: B50082593
• Dirección: C/ Encina 80, 50171 LA PUEBLA DE ALFINDEN (Zaragoza)
marsu@marsu.es

Purpose for processing personal data ( + information)

• Production of metallic components
• Sending information about our products and services

Legitimation of the treatment of personal data ( + information)

We treat your data to fulfill a legal obligation, to provide the services that are required, to manage the sales of our products or for legitimate purposes such as publicizing our activity

Recipients of personal data communications ( + information)

• Competent public administration (Social Security, Tax Agency, other ...)
• Banks / Financial entities
• Others

Rights of customers and users ( + information)

We grant our customers and users the rights to access, rectification, deletion and portability of their data, and the limitation or opposition to its treatment, which may be exercised in the manner provided by law in the above-mentioned addresses

Additional information

Access additional and detailed information about our Personal Data Protection Policy at http://www.marsu.es

Entity in charge of processing personal data

• MARSU S.L.
• CIF: B50082593
• Dirección: C/ Encina 80, 50171 LA PUEBLA DE ALFINDEN (Zaragoza),
marsu@marsu.es
• Activity: Purchase of products and computer services.
• Legal representative in Spain: MARSU S.L.

Purpose of the processing of personal data

• Production of metallic components
• Sending information about our products and services

Legitimation of the processing of personal data

We treat your data to fulfill a legal obligation, to provide the services that are required of us, to manage the sales of our products or for legitimate purposes such as publicizing our activity.

Obligation or not to provide data and consequences of not doing it: All the questions posed must be answered or all the information requested must be provided, otherwise the operation cannot be carried out or the services requested cannot be provided. No more data is requested than strictly necessary for the purposes for which they are intended.

Deadlines or criteria for data preservation: Those provided by tax legislation regarding the limitation of responsibilities and those provided for by civil or commercial legislation for claiming payments or proving the correct provision of the service or operation performed.

Automated decisions, profiles and applied logic: Not adopted

  • You have the right to withdraw the consent given
  • You have the right to complain before the Control Authority. In Spain, the Spanish Agency for Data Protection ( www.agpd.es)

Recipients of personal data communications

  • Competent public administration (Social Security, Tax Agency, other ...)
  • Banks / Financial entities
  • Others

International transfers of personal data are not made outside authorized cases.

Rights of customers and users

We acknowledge our customer and users their rights of access, rectification, deletion and portability of their data, and the limitation or opposition to their treatment, which may be exercised in the manner provided by law in the aforementioned directions.

Procedure for management of control rights of the personal data of the interested parties.

Procedure for the exercise of the right of access

  1. An interested party of the Entity makes a communication to the aforementioned exercising its right of access to their personal data.
  2. The person receiving such communication will immediately transfer it to the SECURITY OFFICER or to the TREATMENT OFFICER.
  3. After the access request has arrived, the SECURITY OFFICER will examine the request so that the person in charge of the file can decide 1 on it within a maximum period of one month from receiving the request 2.
  1. In the event that you do not have personal data of those affected, you must also communicate it in the same period. The person responsible for the treatment must answer the request addressed to them in any case, regardless of whether or not personal data of the affected party are included in their files.
  2. After the deadline without expressly responding to the request for access, the interested party may file the claim provided for in Article 18 of Organic Law 15/1999, of December 13.

In order to proceed with this examination, the SECURITY OFFICER must take into account what is specified in the ANNEX to the present procedure.

The resolution may be FAVOURABLE or UNFAVOURABLE:

  1. FAVOURABLE RESOLUTION:

    If the request was estimated and the officer party did not accompany the communication with the legally required information, the access will be effective during the ten days following said communication.

    The information that is provided, whatever the medium on which it is provided, will be given in legible and intelligible form, without using keys or codes that require the use of specific mechanical devices

    This information will include:

    • All the basic data of the affected party.
    • The results of any development or computer process.
    • The available information about the origin of the data.
    • The assignees of the data.
    • The specification of the specific uses and purposes for which the data was stored.

    The affected party may choose to receive the information through one or more of the following systems for consulting the file:

    • On-screen display.
    • Written, copy or photocopy sent by mail, certified or not.
    • Telecopia.
    • Email or other electronic communications systems.
    • Any other system that is appropriate to the configuration or material implementation of the file or the nature of the treatment, offered by the person in charge.

    Therefore, the PERSON RESPONSIBLE OF THE FILE will deliver the information according to the system to which the interested party has opted for.

    These systems provided for consultation of the file may be restricted depending on the configuration or material implementation of the file or the nature of the treatment, provided that the one offered to the affected party is free and ensures written communication if so required.

    If such responsible were to offer a certain system to make the right of access effective and the affected one rejects it, the aforementioned shall not answer for the possible risks that could be derived from this choice for the security of the information.

  2. UNFAVOURABLE RESOLUTION:

    The person responsible for the file or treatment may deny, within a maximum period of one month from receiving the request, access to personal data when:

    1. The right has already been exercised in the twelve months prior to the request, unless a legitimate interest is accredited for that purpose
    2. Access may also be refused in cases where it is provided for by a law or a rule of Community law of direct application or when these prevent the data controller from revealing the processing of the data to which the access refers to those affected.
    3. In any case, the person responsible for the file will inform the affected party of their right to seek the protection of the Spanish Data Protection Agency or, as the case may be, of the control authorities of the autonomous communities.
      Protection of rights
      • The interested party who is denied, totally or partially, the exercise of the rights of opposition, access, rectification or suppression, may inform the Data Protection Agency or, where appropriate, the competent body of each Autonomous Community, which must ensure that the refusal is admissible or unfounded.
      • The maximum period in which the express resolution of protection of rights must be dictated will be of six months.
      • A contentious-administrative appeal will be filed against the resolutions of the Data Protection Agency.
    4. In order to communicate said resolution, the communication will be sent in such a way that both the fulfillment of the same and its content are accredited.

What is the right of access?

The right of access is the right of the affected party to obtain information about their own personal data:

  • if it is being used and the purpose of the treatment that, if applicable, is being carried out,
  • the available information on the origin of such data and
  • the communications made or planned for them.

Through its exercise, the affected party may obtain from the controller:

  • information regarding specific data,
  • data included in a certain file,
  • or to all of their data submitted to treatment.

How is the right of access exercised?

The right of access can be exercised through communication addressed to the person responsible for the file. It can be exercised by:

The affected party, proving their identity, in the manner intended. The following are required

  • Name and surname of the interested party.
  • Photocopy of their national identity document, or their passport or other valid document that identifies them and, where appropriate, the person who represents them, or equivalent electronic instruments; as well as the document or electronic instrument accrediting such representation. The use of an electronic signature identifying the affected party will exempt the presentation of the photocopies of the ID card or equivalent document.
  • Petition in which the request is specified.
  • Address for the purposes of notifications, date and signature of the applicant.
  • Documents accrediting the request formulated, if applicable.
    In the event that the request does not meet the requirements specified here the person in charge of the file must request the correction of the same.

In the event that the request does not meet the requirements specified here the person in charge of the file must request the correction of the same.

When the affected party is in a situation of disability or is a minor and that makes it impossible for him / her to exercise this right, it may be exercised by his / her legal representative, in which case it will be necessary to prove that condition.

The right of access may also be exercised through a voluntary representative, expressly designated for the exercise of this right. In that case, the identity of the represented party must be clearly shown, through the provision of a copy of the National Identity Document or equivalent document, and the representation conferred by it.

The right of access will be DENIED when the request is made by a person other than the affected party and it is not proven that they act on behalf of the person.

The right of the interested party to access the documentation of the Entity's history cannot be exercised to the detriment of the right of third parties to the confidentiality of the data contained therein in the therapeutic interest of the interested party, or to the detriment of the right of the professionals participating in its elaboration, who can oppose to the right of access due to the reservation of their subjective annotations.

Health centers and individual exercise doctors will only facilitate the access to the history Entity of deceased applicants to the people linked to them, for family or de facto reasons, unless the deceased had expressly prohibited it and thus it is accredited. In any case, the access of a third party to the history of the Entity due to a risk to their health will be limited to the pertinent data. No information will be provided that affects the privacy of the deceased or the subjective annotations of the professionals, or that harms third parties.

The interested party must be granted simple and free means to exercise the right of access.

The provisions in Organic Law 15/1999, of December 13, and Royal Decree 1720/2007, of December 21, will not be considered in accordance with the provisions in which the person responsible for the treatment establishes a means for the interested party to exercise their rights by having to send certified letters or similar, the use of telecommunications services that imply an additional charge to the affected party or any other means that imply an excessive cost for the interested party.

When the person in charge of the file or treatment has services of any kind for customer service or the exercise of claims related to the service provided or the products offered to them, the possibility may be granted to the affected party to exercise their right of access through said services. In this case, the identity of the interested party shall be considered as accredited by the means established for the identification of the customers of the person responsible for providing their services or contracting their products.

The person in charge of the file or treatment must attend the access request exercised by the affected party even if the aforementioned had not used the procedure specifically established for that purpose, provided that the interested party had used proper means that prove the sending and receiving of the application, and that it contains the elements referred to above.

The person in charge of the file must adopt the appropriate measures to guarantee that the people of their organization who have access to personal data can inform about the procedure to be followed by the affected party in order to exercise his right.

Procedure for the exercise of the opposition law

(Articles 23-26 to 34-36 of Royal Decree 1720/2007, of December 21, which approves the Regulation for the development of Organic Law 15/1999, of December 13 , protection of personal data and articles 6.4 and 30.4 of the Organic Law 15/1999, of December 13, Protection of Personal Data).
  1. An interested party of the Entity makes a communication to the Entity exercising its right of opposition to their personal data, included or not in their history Entity.
  2. The person receiving this communication will immediately transfer it to the SECURITY OFFICER.
  3. After the request for opposition has arrived, the SECURITY OFFICER will examine the request so that the person responsible for the file will resolve it within a maximum period of ten days from the receipt of the request 2.
  1. In the event that they do not have personal data of the affected person, they must also inform them in the same period. The person responsible for the treatment must answer the request addressed to them in any case, regardless of whether or not personal data of the affected party are included in their files.
  2. After the deadline without expressly responding to the request for opposition, the interested party may file the claim provided for in Article 18 of Organic Law 15/1999, of December 13.

In order to proceed with this examination, the SECURITY OFFICER must take into account what is specified in the ANNEX to the present procedure.

Said resolution may be FAVOURABLE or UNFAVOURABLE:

  1. FAVOURABLE Resolution:

    In this case, the treatment of the personal data of the interested party is not carried out or the treatment is stopped. It occurs in the following cases:

    • When their consent for treatment is not necessary, as a consequence of the concurrence of a legitimate and well-founded motive, referring to their specific personal situation, justifying it, provided that a Law does not provide otherwise. When the opposition is made based on this assumption, the request must state the justified and legitimate reasons related to a specific personal situation of the affected party, which justify the exercise of this right.
    • When dealing with files that have as a purpose to carry out advertising and commercial prospecting activities, under the terms provided in article 51 of Royal Decree 1720/2007, of December 21, regardless of the company responsible for their creation.
    • When the treatment is aimed at the adoption of a decision referred to the affected party and based solely on an automated treatment of their personal data.

    In any case, the interested party will be duly notified.

  2. UNFAVORABLE Resolution:

    The person responsible for the file or treatment must reject the request of the interested party within a maximum period of ten days from the receipt of the request, with an irrefutable notification to the interested party.

    In any case, the person in charge of the file will inform the affected party of their right to seek the protection of the Spanish Agency for Data Protection or, as the case may be, of the control authorities of the autonomous communities.

    Protection of rights
    • Actions contrary to the provisions of this Law may be the subject of a claim by the interested parties before the Data Protection Agency, in the manner determined by law.
    • The interested party who is denied, totally or partially, the exercise of the rights of opposition, access, rectification or suppression, may inform the Data Protection Agency or, where appropriate, the competent body of each Autonomous Community, which shall ensure that the refusal is admissible or unfounded.
    • The maximum period in which the express resolution of protection of rights must be dictated will be of six months.
    • A contentious-administrative appeal will be filed against the resolutions of the Data Protection Agency.

    In order to communicate said resolution, the communication will be sent in such a way that both the fulfillment of the same and its content are accredited. The person in charge of processing it will be responsible for proof of compliance with the duty to respond, and shall retain the accreditation of compliance with the aforementioned duty.

Right of opposition to decisions based solely on an automated data processing.

Interested parties have the right not to be subject to a decision with legal effect on them or that affects them in a significant way, based solely on an automated data processing aimed at evaluating certain aspects of their personality, such as their work performance, credit, reliability or behaviour.

However, those affected may be subject to one of these decisions when said decision:

  1. Has been adopted in the framework of carrying out or executing of a contract at the request of the interested party, provided that it is granted the possibility of claiming what it considers pertinent, in order to defend its right or interest. In any case, the person in charge of the file must previously inform the affected party, clearly and precisely, that decisions will be taken with the aforementioned characteristics and cancel the data in case the contract is not finally held.
  2. Is authorized by a norm with the rank of Law that establishes measures that guarantee the legitimate interest of the interested party.

The right of opposition can be exercised through communication addressed to the person responsible for the file. It can be exercised by:

The affected party, proving their identity, in the manner intended. The following is required:

  • Name and surname of the interested party.
  • Photocopy of their national identity document, or their passport or other valid document that identifies them and, where appropriate, the person who represents them, or equivalent electronic instruments; as well as the document or electronic instrument accrediting such representation. The use of an electronic signature identifying the affected party will exempt the presentation of the photocopies of the ID card or equivalent document.
  • Petition in which the request is specified.
  • Address for the purposes of notifications, date and signature of the applicant.
  • Documents accrediting the request formulated, if applicable.

In the event that the request does not meet the requirements specified here the person in charge of the file must request the correction of the same.

When the affected party is in a situation of disability or is a minor and that makes it impossible for him / her to exercise this right, it may be exercised by his / her legal representative, in which case it will be necessary to prove that condition.

The right of opposition may also be exercised through a voluntary representative, expressly designated for the exercise of the right. In that case, the identity of the represented party must be clearly shown, through the provision of a copy of the National Identity Document or equivalent document, and the representation conferred by it.

The right of opposition will be DENIED when the request is made by a person other than the affected party and it is not proven that they are acting on behalf of that person.

The interested party must be granted a simple and free means to exercise the right of opposition.

The provisions in Organic Law 15/1999, of December 13, and Royal Decree 1720/2007, of December 21, will not be considered in accordance with the provisions in which the person responsible for the treatment establishes a means for the interested party to exercise their rights by having to send certified letters or similar, the use of telecommunications services that imply an additional charge to the affected party or any other means that imply an excessive cost for the interested party.

When the person in charge of the file or treatment has services of any kind for customer service or the exercise of claims related to the service rendered or the products offered to them, the possibility may be granted to the affected party to exercise their rights of opposition by means of said services. In this case, the identity of the interested party shall be considered as accredited by the means established for the identification of the customers of the person responsible for providing their services or contracting their products.

The person responsible for the file or treatment must respond to the request of opposition exercised by the affected party even if the aforementioned had not used the procedure specifically established for that purpose, provided that the interested party had used means to prove the sending and receiving of the application, and that it contains the elements referred to above.

The person in charge of the file must adopt the appropriate measures to guarantee that the people of their organization who have access to personal data can inform about the procedure to be followed by the affected party in order to exercise his right of opposition.

Procedure for the exercise of the rights of rectification and suppression.

(Articles 23-26 to 31-33 of the Royal Decree 1720/2007, of December 21, by which the Regulation of development of the Organic Law 15/1999, of December 13, of protection of personal data is approved and article 16 of Organic Law 15/1999, of December 13, on the Protection of Personal Data).
  1. An interested party of the Entity makes a communication to the Entity exercising its right of rectification or its right of suppression to its personal data, included or not in its history Entity.
  2. The person receiving this communication will immediately transfer it to the SECURITY OFFICER.
  3. After the request for rectification or the suppression request has arrived, the SECURITY OFFICER will examine the request so that the person responsible for the file resolves it within a maximum period of ten days from the receipt of the request 2.
  1. In the event that they do not have personal data of the affected person, they must also inform them in the same period. The person responsible for the treatment must answer the request addressed to them in any case, regardless of whether or not personal data of the affected party are included in their files.
  2. After the deadline without expressly responding to the request for rectification or deletion, the interested party may file the claim provided for in article 18 of Organic Law 15/1999, of December 13.

In order to proceed with this examination, the SECURITY OFFICER must take into account what is specified in the ANNEX to the present procedure.

Said resolution may GRANT or DENY the exercise of the right of rectification or suppression:

  1. GRANTING of data RECTIFICATION:

    In this case, the modification of the data that proves to be inaccurate or incomplete will be given, after reliable notification to the interested party.

  2. OTORGAMIENTO de la SUPRESIÓN de los datos:

    In this case, the deletion of the data that proves to be inadequate or excessive will be given, without prejudice to the blocking duty in accordance with Royal Decree 1720/2007, of December 21, after irrefutable notification to the interested party.

    In the cases in which the interested party invokes the exercise of the right of withdrawal to revoke the consent previously rendered, the provisions of Organic Law 15/1999, of December 13 and Royal Decree 1720/2007, of 21 December shall apply. 

  3. DENEGACIÓN de la RECTIFICACIÓN de los datos:

    The right of rectification may be denied in the cases in which it is foreseen by a law or a rule of Community law of direct application or when these prevent the data controller from revealing  the processing of the data to which the access refers to those affected.

    This resolution will be notified to the interested party.

  4. DENEGACIÓN de la SUPRESIÓN de los datos:

    The deletion will not proceed when:

    • Personal data must be kept for the periods provided in the applicable provisions.
    • The personal data must be kept during the periods foreseen in the contractual relations between the person or entity responsible for the treatment and the interested party that justified the processing of the data.
    • It is provided by a law or a rule of community law of direct application or when these prevent the data controller from revealing the processing of the data to which the access refers to those affected.

    In any case, the person in charge of the file will inform the affected party of their right to seek the protection of the Spanish Agency for Data Protection or, as the case may be, of the control authorities of the autonomous communities.

    Protection of rights
    • Actions contrary to the provisions of this Law may be the subject of a claim by the interested parties before the Data Protection Agency, in the manner determined by regulation.
    • The interested party who is denied, totally or partially, the exercise of the rights of opposition, access, rectification or suppression, may inform the Data Protection Agency or, where appropriate, the competent body of each Autonomous Community, which must ensure that the refusal is admissible or unfounded.
    • The maximum period in which the express resolution of protection of rights must be dictated will be of six months.
    • A contentious-administrative appeal will be filed against the resolutions of the Data Protection Agency.

    In order to communicate said resolution, the communication will be sent in such a way that both the fulfillment of the same and its content are accredited. The person responsible for processing will be responsible for proof of compliance with the duty to respond, and must retain the accreditation of compliance with the aforementioned duty. 

Data removal or rectification procedure

How are the rights of rectification and the rights of withdrawal exercised?

  1. IN THE REQUEST FOR RECTIFICATION, the following must be indicated:
    1. The data it refers to.
    2. The correction that must be made.
    3. It must be accompanied by the supporting documentation of the request.
  2. IN THE APPLICATION FOR SUPPRESSION, the interested party must indicate the following:
    1. The data it refers to.
    2. Provide the documentation that justifies it if that be the case.

If the rectified or canceled data had been previously transferred, the person in charge of the file must communicate the rectification or suppression made to the assignee, in the same period, so that the aforementioned, also within ten days counted from receiving said communication, will also proceed to rectify or cancel the data

The rectification or deletion made by the transferee will not require any communication to the interested party, without prejudice to the exercise of the rights by the parties recognized in Organic Law 15/1999, of December 13.

The right of rectification and the right of withdrawal can be exercised through communication addressed to the person responsible for the file. It can be exercised by:

The affected party, proving their identity, in the manner intended. The following is required:

  • Name and surname of the interested party.
  • Photocopy of their national identity document, or their passport or other valid document that identifies them and, where appropriate, the person who represents them, or equivalent electronic instruments; as well as the document or electronic instrument accrediting such representation. The use of an electronic signature identifying the affected party will exempt the presentation of the photocopies of the ID card or equivalent document.
  • Petition in which the request is specified.
  • Address for the purposes of notifications, date and signature of the applicant.
  • Documents accrediting the request formulated, if applicable.

In the event that the request does not meet the requirements specified here the person in charge of the file must request the correction of the aforementioned.

When the affected party is in a situation of disability or is a minor and that makes it impossible for them to exercise these rights personally, they may be exercised by their legal representative, in which case it will be necessary to prove that condition.

The rights may also be exercised through a voluntary representative, expressly designated for the exercise of the right. In that case, the identity of the represented party must be clearly shown, through the provision of a copy of the National Identity Document or equivalent document, and the representation conferred by it.

The rights will be DENIED when the request is made by a person different from the affected one and it is not proven that the same acts in representation of that one.

The interested party must be granted a simple and free means to exercise the rights of rectification and suppression.

The provisions in Organic Law 15/1999, of December 13, and Royal Decree 1720/2007, of December 21, will not be considered in accordance with the provisions in which the person responsible for the treatment establishes a means for the interested party to exercise their rights by having to send certified letters or similar, the use of telecommunications services that imply an additional charge to the affected party or any other means that imply an excessive cost for the interested party.

When the person in charge of the file or treatment has services of any kind of customer service or the exercise of claims related to the service provided or the products offered to him,  the possibility may be granted to the affected party to exercise his rights of rectification and suppression through these services. In this case, the identity of the interested party shall be considered as accredited by the means established for the identification of the clients of the person responsible for providing their services or contracting their products.

The person responsible for the file or treatment must respond to the request for rectification and deletion made by the affected party even if the same had not used the procedure specifically established for that purpose, provided that the interested party has used a means to prove the sending and receiving of the application, and that it contains the elements referred to above.

The person in charge of the file must adopt the appropriate measures to guarantee that the people of their organization who have access to personal data can inform about the procedure to be followed by the affected party in order to exercise their rights.

When the laws applicable to certain specific files establish a special procedure for the rectification or deletion of the data contained therein, the provisions of the aforementioned shall apply.

Right of portability

The interested parties who request so will be given the personal data that they have facilitated to the entity.

The delivery will be made in a structured format, commonly used and mechanical reading.

If requested, they will be transmitted to another controller when technically possible and the treatment is based on consent according to article 6, paragraph 1, letter a), or article 9, paragraph 2, letter a), or in a contract under article 6, paragraph 1, letter b), and b), all of which appear in the European Regulation of Data Protection, and the treatment is carried out by automated means.

The exercise of the right mentioned in paragraph 1 of this article shall be without prejudice to Article 17 of the European Data Protection Regulation on the right of withdrawal of data of the  applicants.

Such right shall not apply to the treatment that is necessary for the fulfillment of a mission carried out in the public interest or in the exercise of public powers conferred on the controller.

This right mentioned in section 1 will not negatively affect the rights and freedoms of others.

The right to portability will refer only to the automated treatments that are submitted, directly or indirectly, to the will or authorization of the affected party (based on the consent or in a contractual relationship).

The right will be extended to the "Current data" understood not only to be related to the present moment, without taking into account those that have been provided by the interested party or obtained by the use of the product or service previously contracted and that are being object of treatment at the time of exercising the right.

Because of its complexity, in the case that an interested party exercises this right, each case will be studied specifically; seeking specialized professional assistance if necessary.

Right of limitation

This right will be granted to the interested parties when any of the following conditions is met:

  1. The interested party challenges the accuracy of personal data, for a period that allows the person in charge to verify their accuracy.
  2. The treatment is unlawful and the interested party opposes the deletion of personal data and requests the limitation of its use instead.
  3. The person in charge no longer needs personal data for the purposes of the treatment, but the interested party needs them for the formulation, exercise or defense of claims.
  4. The interested party has opposed the treatment under Article 21, paragraph 1, while it is verified whether the legitimate reasons of the person in charge prevail over those of the interested party.

Effects of the exercise of the right by the interested parties

When the processing of personal data has been limited, such data may only be processed, with the exception of its conservation, with the consent of the interested party or for the formulation, exercise or defense of claims, or with a view to the protection of the rights of another natural or legal person or by reasons of significant public interest of the Union or of a particular Member State.

Any interested party that has obtained the limitation of the treatment in accordance with the above will be informed by THE ENTITY before said limitation is listed.

Because of its complexity, in the case that an interested party exercises this right, each case will be studied specifically; seeking specialized professional assistance if necessary.