Who is the data controller?

RDE business group

Headquarters: Calle Fuencarral, 123, 2º 28010 Madrid (Spain)

Tax ID Number: B87512331

Why are we processing your personal data?

RDE business group processes the necessary data that were provided when filling out the pertinent forms on the webpage or after sending queries or emails, as well as data that RDE business group accesses when you browse, so as to maintain the relationship with the User.

Express consent to processing. Provided you have granted your express consent, we will process your personal data to:

Subscribe you to the newsletter bulletin: sending related news of interest, including the possibility of promotional activities.

What is the legitimacy for processing your data?

The legal basis for processing your data is based on obtaining your consent, pursuant to article 6.1.a of the (EU) Regulation 679/2016, by checking the box provided for the purpose on the data collection forms.

Who will receive your data?

We will not share your personal information with anybody, except to comply with a legal obligation or if we have your express authorisation to do so. We will not use your personal data for any purpose other than the one set forth in this privacy policy and on the consent forms. Therefore, all data will be transferred under the protection framework stipulated by the Spanish Data Protection Agency, or when the User provides his or her express consent to countries with guaranteed security and confidentiality.

Will data be internationally transferred?

The RDE business group has no plans to internationally transfer data. If necessary, data will only be transferred to entities subscribing to the USA-European Union Privacy Shield agreement (more information: https://www.privacyshield.gov/welcome), or to entities proven to comply with the degree of protection and guarantees pursuant to parameters and requirements set forth in applicable data protection regulations, such as the European Regulation, or when there is legal authorisation to internationally transfer the data.

How long will we store your data?

We will process your data, provided it is necessary to do so for the purpose for which they were collected, during the time set forth by legal obligations.

What about minors accessing the page?

In general, the WEBSITE will not process personal data, with its reliable knowledge, belonging to those under thirteen (13) years of age.

In the event that the WEBSITE carries out a control activity and discovers the involuntary collection of information on children under 13 years of age, it shall conduct all necessary measures that, as a service provider and data controller, it is obliged to undertake, and thus delete the information as quickly as possible, barring cases which, due to applicable legislation, it is necessary to conserve said information.

Pursuant to the European Data Protection Regulation, those over 13 years of age are authorised to grant their consent, barring cases when the law requires the assistance of legal parents or guardians.

Will you send me sales promotions and news?

The WEBSITE does not send SPAM, so it does not send commercial emails electronically if not previously requested or authorised by the User. Consequently, each one of the forms on the WEBSITE provides the User with the possibility of granting his or her express consent to receive said information, regardless of the commercial information requested on a case-by-case basis.

What security measures do we apply?

Our WEBSITE guarantees a suitable degree of protection, taking the technical and organisational measures necessary to guarantee the security legally required to prevent the personal data collected here from being lost, deteriorating, or being taken or accessed by unauthorised parties, thus keeping your data confidential. To this end, we apply security measures designed to protect your data, such as HTTPS. We periodically test our systems to detect possible vulnerabilities and attacks. Notwithstanding, we cannot guarantee total security for the information you send to us if a leak occurs in any of our physical, technical or management security measures.

What rights can I exercise?

Once you, as User of the WEBSITE have provided your personal data, applicable legislation allows you, as the interested party, to:

Request access to the interested party’s personal data and ascertain if we are processing your personal data and access your personal data.
Request that the data be rectified if incorrect.
Request deletion of your data to the extent that they are no longer necessary for the purpose stated, or if we no longer hold the legitimacy necessary to continue processing them.
Request that processing be limited, in certain cases, so we may temporarily cease processing or keep them beyond the time period established.
Oppose processing of information you provided to us, unless there are legitimate overriding reasons for processing to prevail.
Withdraw consent for each specific purpose, this not affecting the legality of processing based on express consent.
Request that your data be transferred, which shall be provided to you in a structured format of common use or for machine reading.
File a claim with the Spanish Data Protection Agency or responsible controlling authority, if you believe we have not assisted you correctly.

How can I exercise my rights?

We have forms for you to exercise your rights, which you may request by email or post. If you prefer, you may use the forms prepared by the Spanish Data Protection Agency or responsible authority.

These forms must be electronically signed or accompanied by a photocopy of your valid National ID Document.

In the event of representation, you must attach a copy of the valid National ID Document of the representative, along with the request.

Forms may be provided in person, or by sending an email to info@callaocitylights.es

What is the time period to resolve exercise of rights?

We will inform you of actions arising as a result of your request within one month. This period may be prolonged to two months when especially complex requests are made, and we will notify you of said extension within the first month.

In the event that we do not agree to your request, you will be informed, stating the grounds for refusal, within one month after receiving said request.

Can changes be made to the privacy policy?

The WEBSITE reserves the right to modify this policy to adapt to future legislative or case law changes, as well as to industry practises. In these cases, the Supplier shall announce the changes on this page sufficiently before they are implemented.