Introduction

This Privacy Policy has been developed taking into account the provisions of Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the movement of such data, hereinafter referred to as the RGPD.

The purpose of this Privacy Policy is to inform the holders of the personal data on which information is being collected of the specific aspects relating to the processing of their data, inter alia, the purposes of the processing, the contact details for exercising the rights to which they are entitled, the time limits for storing the information and the security measures, among other things.

Responsible for processing

In terms of data protection Tidyant Cloud, S.L. must be considered Responsible for the Treatment, in relation to the files/treatments it manages.

The identifying data of the owner of this website are indicated below:

Responsible for processing: Tidyant Cloud, S.L.

Postal address: Parque Empresarial Merelle Parcelas 12-14, 15680 Ordes A Coruña

E-mail: [email protected]

Telephone: (+34) 902 050 423

Data processing

The personal data requested, if any, consist only of those strictly necessary to identify and address the request made by the owner of them, hereinafter the interested party. This information will be treated fairly, lawfully and transparently in relation to the interested party. On the other hand, personal data will be collected for specific explicit and legitimate purposes, and will not be further processed in a manner incompatible with those purposes.

The data collected from each data subject will be adequate, relevant and not excessive in relation to the corresponding purposes for each case, and will be updated whenever necessary.

The holder of the data will be informed, with previous character to the collection of his data, of the general ends regulated in this policy in order that he can give the express, precise and unequivocal consent for the treatment of his data, according to the following aspects.

Purposes of the treatment.

The explicit purposes for which each processing is carried out are set out in the information clauses incorporated in each of the data collection channels (web forms, paper forms, voiceovers or posters and informative notes).

Nevertheless, the personal data of the interested party will be treated with the exclusive purpose of providing an effective response and attending to the requests made by the user, specified together with the option, service, form or data collection system used by the holder.

Legitimation

As a general rule, Tidyant Cloud, S.L. processes the information prior to obtaining the consent of the interested party, as it is usual for the interested party to request the reservation in the restaurant.

However, in the event that the consent of the interested party is not required, the legitimate basis of the processing in which Tidyant Cloud, S.L. is protected is the existence of a contractual or commercial relationship that legitimates the processing.

Addressees

As a general rule, Tidyant Cloud, S.L. does not transfer or communicate the data to third parties, except those required by law, however, if necessary, such transfers or communications of data are informed to the interested party through the informed consent clauses contained in the various ways of collecting personal data.

Origin

As a general rule, personal data are always collected directly from the data subject, however, in certain exceptions, data may be collected through third parties, entities or services other than the data subject. In this sense, this will be transferred to the data subject through the informed consent clauses contained in the different ways of collecting information and within a reasonable period of time, once the data have been obtained, and at the latest within one month.

Storage periods

The information collected from the interested party will be kept as long as it is necessary to fulfill the purpose for which the personal data were collected, so that, once the purpose has been fulfilled, the data will be cancelled. This cancellation will lead to the blocking of the data and will only be kept at the disposal of the Public Administrations, Judges and Courts, to attend to the possible responsibilities arising from the processing, during the period of prescription of these, once the aforementioned period has elapsed, the information will be destroyed.

For information purposes, the legal periods for the conservation of information in relation to different matters are set out below:

 

DOCUMENT

TIME

SPANISH LEGAL REF.

Documentation of a labour-related or social security nature

4 years

Article 21 of Royal Legislative Decree 5/2000, of 4 August, approving the consolidated text of the Law on Violations and Sanctions in the Social Order.
Accounting and tax documentation for commercial purposes

6 years

Art. 30 Commercial Code in the Social Order
Accounting and tax documentation for tax purposes

4 years

Articles 66 to 70 General Tax Law
Building access control

1 month

AEPD Instruction 1/1996
Video Surveillance

1 month

Instruction 1/2006 of the AEPDLey Orgánica 4/1997

Navigation data.

In relation to the navigation data that may be processed through the website, in the event that data subject to the regulations is collected, it is recommended to consult the Cookies Policy published on our website.

Rights of interested parties.

The data protection regulations grant a series of rights to the interested parties or holders of the data, users of the website or users of the profiles of the social networks of Tidyant Cloud, S.L.

These rights that assist the interested persons are the following:

  • Right of access: the right to obtain information on whether your own data are being processed, the purpose of the processing being carried out, the categories of data concerned, the recipients or categories of recipients, the storage period and the origin of the data.
  • Right of rectification: right to obtain rectification of inaccurate or incomplete personal data.
  • Right of deletion: the right to obtain the deletion of data in the following cases:
    • When the data are no longer necessary for the purpose for which they were collected
    • When the owner of the same withdraws the consent
    • Where the data subject objects to the processing
    • Where they are to be deleted in pursuance of a legal obligation
    • Where the data have been obtained by virtue of an information society service on the basis of Article 8(1) of the European Data Protection Regulation.
  • Right to object: the right to object to a particular processing operation based on the consent of the data subject.
  • Right of limitation: the right to obtain the limitation of the processing of the data in any of the following cases:
    • Where the data subject contests the accuracy of the personal data, for a period allowing the company to verify the accuracy of the data.
    • When the processing is unlawful and the data subject objects to the deletion of the data.
    • When the company no longer needs the data for the purposes for which they were collected, but the data subject needs them for the formulation, exercise or defense of claims.
    • Where the data subject has objected to the processing while verifying whether the legitimate motives of the company prevail over those of the data subject.Cuando el interesado impugne la exactitud de los datos personales, durante un plazo que permita a la empresa verificar la exactitud de los mismos.

Interested parties may exercise the aforementioned rights by writing to Tidyant Cloud, S.L. at the following address: [email protected] indicating in the subject line the right they wish to exercise.

In this sense, Tidyant Cloud, S.L. will deal with your request as soon as possible and taking into account the deadlines set out in the legislation on data protection.

On the other hand, it is advisable to bear in mind that the interested party or owner of the data may at any time submit a complaint to the competent control authority.

Security

The security measures adopted by Tidyant Cloud, S.L. are those required, in accordance with the provisions of Article 32 of the RGPD. In this sense, Tidyant Cloud, S.L., taking into account the state of the art, the costs of application and the nature, scope, context and purposes of the treatment, as well as the risks of varying probability and severity for the rights and freedoms of natural persons, has established the appropriate technical and organizational measures to ensure the level of security appropriate to the existing risk.

In any case, Tidyant Cloud, S.L. has implemented sufficient mechanisms to:

  1. Ensure the continued confidentiality, integrity, availability and resilience of treatment systems and services.
  2. Restore availability and access to personal data quickly in the event of a physical or technical incident.
  3. Verify, evaluate and evaluate, on a regular basis, the effectiveness of the technical and organizational measures implemented to ensure the security of processing.
  4. Pseudonymize and encrypt personal data, where appropriate.Garantizar la confidencialidad, integridad, disponibilidad y resiliencia permanentes de los sistemas y servicios de tratamiento.