Privacy Policy
This Privacy Policy governs the use of the Internet portal service https://www.nkripta.com/, the controller of which for identification purposes is:
- Controller: Cibersare Koope Elk Txikia
- Tax ID (CIF): F44856680
- Address: Avenida Altos Hornos, 33 office i9, Barakaldo, 48910, Bizkaia.
- Phone: (+34) 944 580 462
- Email: info@nkripta.com
The Controller guarantees compliance with current regulations on the protection of personal data, reflected in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons (GDPR) and in Ley Orgánica 3/2018, of 5 December, on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD). Below we provide general information about the uses of your personal information, which are subsequently detailed.
Principles applied to the processing of data
In processing your personal data, the Controller will apply the following principles, which are aligned with the requirements of the GDPR:
- Lawfulness, fairness and transparency: The Controller will always request consent for the processing of personal data, which may be for one or more specific purposes about which the Controller will inform the User beforehand with complete transparency.
- Data minimisation: The Controller will request only the data strictly necessary for the purpose(s) for which it is requested.
- Storage limitation: The Controller will keep the personal data collected only for the time strictly necessary for the purpose(s) of the processing.
- Integrity and confidentiality: The personal data collected will be processed in such a way that their security, confidentiality and integrity are guaranteed. The Controller takes the necessary precautions to prevent unauthorised access or misuse of users’ data by third parties.
Origin of the data — Where do we get your data from? The personal data collected come directly from the information provided by users through the Controller’s website.
- We collect this information through the following means:
-
Contact form: We request personal contact data in order to respond to the requirements of the Controller’s users. The personal data collected through this form will be processed solely to handle your query or request. They will not be transferred to third parties, except as required by law.
-
Newsletter form: By subscribing, you authorise the Controller to send you commercial communications about the products and services related to the activity of the website managed by the Controller.
-
Your personal data are treated with the utmost confidentiality, the Controller having adopted the technical and organisational measures necessary to ensure the confidentiality and security of personal data, preventing their alteration, loss, processing or unauthorised access.
In order to receive information and, where applicable, to book or use the products and services offered by the Controller through its website, you must provide us with certain personal data necessary to personalise our services and adjust them to your interests and needs. We remind you that it is the user’s duty to inform us of any change in their data registered on our sites in order to keep them up to date in the corresponding files.
Purposes of processing, legal basis and retention periods
| Purpose | Legal basis | Retention |
|---|---|---|
| Provision of the services requested | Contractual relationship | 5 years from the end of the relationship. |
| Sending information about activities by email or post | Contractual relationship and consent | Until consent is revoked. |
| Information requests | Consent | Until consent is revoked. |
| Supplier management | Contractual relationship and legal obligation. | 5 years |
| Compliance with legal and contractual obligations | Contractual relationship and legal obligation. | 10 years |
Who may access your data?
In order to fulfil the purposes above, the following persons and entities may access your personal data. Their access will be limited to the data necessary to carry out the Controller’s duties. Confidentiality agreements or specific arrangements have been signed with all recipients, regulating access to the information, security measures and the use that may be made of the data. The following may have access to the data:
- Personnel duly authorised by the Controller.
- Public authorities within the scope of their competences.
Legitimacy of processing
The legal basis for the processing of your data will be:
-
The consent of the data subject for the processing of their data, in accordance with Article 6.1(a) of the General Data Protection Regulation. The user is deemed to accept this privacy policy by ticking the “I have read and accept the privacy policy” box on the data collection forms, or by sending a message to the contact e-mail addresses listed on the website.
-
The performance of a contract to which the data subject is party or in order to take steps at the data subject’s request prior to entering into a contract, in accordance with Article 6.1(b) of the General Data Protection Regulation.
You may revoke your consent in accordance with Article 13.2(c) of GDPR 679/2016. It is an instruction given by the data subject to the Controller notifying them of the withdrawal of the consent previously granted.
Recipients — Who do we share your data with?
Personal data will not be disclosed except in compliance with legally established obligations or to support services linked to this processing. Cookies policy
In order for this website to work correctly it needs to use cookies, which is information stored in your web browser. You can find all information about the cookie collection and processing policy on the Privacy Policy page.
Your rights when you provide us with your data
As a result of the processing of your personal data by the Controller, current legislation grants you a series of rights. Below we offer a summary explanation of each right to facilitate the exercise thereof:
-
Right of access: You shall have the right to know the personal data we process about you and the purposes for which we process them. Regulated in Article 15 of GDPR 679/2016.
-
Right of rectification: Your data will always be yours, and as such, you may ask us to rectify them at any time if those held in our records are incorrect. Regulated in Article 16 of GDPR 679/2016.
-
Right to erasure: This consists of requesting the data controller to erase any information about the data subject. Erasure entails blocking all data and keeping them at the disposal of the public authorities for the period provided so that the right to bring legal action becomes time-barred. Regulated in Article 17 of GDPR 679/2016.
-
Right to object: You may object to the processing of your data in connection with any of the purposes for which we process your data, in accordance with the applicable privacy policies. Regulated in Article 21 of GDPR 679/2016.
-
Right to restriction of processing: Regulated in Article 18 of GDPR 679/2016. You may request the restriction of processing in the following cases:
- If you consider that the data we hold about you are not correct or accurate;
- If you consider that we are not processing your data lawfully but prefer that we restrict the processing rather than erase the data;
- If the data we hold are no longer necessary for the purpose for which we collected them, but you need us to keep them to bring legal claims;
- If, having exercised the right to object to a processing operation, the response from our side is pending.
-
Right to data portability: You shall have the right, whenever this is technically possible and reasonable, to request that the personal data you have provided directly be transmitted to another data controller. If possible, we will provide your data directly to that other controller; if not, we will provide them to you in a standard format. Regulated in Article 20 of GDPR 679/2016.
You may exercise the rights to which you are entitled by contacting the Controller through any of the following means:
-
By e-mail to the corresponding Data Controller, as indicated in the heading of this document.
-
By post to the corresponding Data Controller, as indicated in the heading of this document.
If you do not wish to exercise a specific right but need to make a query or suggestion regarding the processing of your personal data, you may also contact the corresponding Data Controller.
Data Protection Officer
We have appointed Inforpyme Servicios Informáticos S.L. as our Data Protection Officer, whose contact e-mail is dpd@consulpyme.com. As described in Article 38 of the General Data Protection Regulation, data subjects may contact the Data Protection Officer regarding any matters relating to the processing of their personal data and the exercise of their rights under this Regulation.
Complaint to the Supervisory Authority
In the event that you consider that your rights have been disregarded by our entity, you may file a complaint with the Spanish Data Protection Agency (Agencia Española de Protección de Datos), through any of the following means:
- Online office: www.agpd.es
- Postal address: C/ Jorge Juan, 6, 28001, Madrid
- Phone: 901 100 099 / 912 663 517
Filing a complaint with the Spanish Data Protection Agency does not entail any cost and you do not need the assistance of a lawyer or court representative.
Minors’ consent — What if you are a minor?
If any of our services are aimed specifically at minors under fourteen years of age, we will request the consent of parents or guardians for the collection of personal data or, where appropriate, for the automated processing of data in accordance with Article 7 of the LOPDGDD.
Accuracy, truthfulness and security of the data
The User is solely responsible for the accuracy and correctness of the data provided, releasing us from any liability in this regard. Users guarantee and are responsible, in any case, for the accuracy, validity and authenticity of the personal data provided, and undertake to keep them duly updated. The user agrees to provide complete and correct information on the registration or subscription forms. We will not be responsible for the accuracy of information that is not of our own creation and for which a different source is indicated, and therefore we assume no liability for any hypothetical damages that may arise from the use of such information.
We also reserve the right to update, modify or delete the information contained on the website and may even limit or deny access to such information. We will not be liable for any damages that the User may suffer as a result of errors, defects or omissions in the information provided by the controller whenever it comes from external sources.
Data will be treated confidentially and subject to appropriate technical and organisational security measures to prevent their alteration, loss, processing or unauthorised access.