Privacy

Privacy Policy

Declaration of Principles

Through my websites no personal data is collected from users without their knowledge.
The data is only used for the function for which it was requested.
In general, I do not communicate personal data to third parties, except those derived by legal obligations.

Abbreviations

Owner: Owner, manager and person responsible for the personal data of the websites .
websites: 5h2o.es
use : Person who browses, accesses, purchases or registers on the websites objects of this Privacy Policy.

Identity of the person responsible for the treatment of personal data

Data Protection Officer (DPO)

Due to the characteristics of the data collected by this website, the figure of Data Protection Officer is not necessary.
Registration of Personal Data

The personal data collected by the owner, through the forms extended on its pages, will be entered into an automated file under the responsibility of the ownero, in order to facilitate, expedite and fulfill the commitments established between the owner and the user or the maintenance of the relationship established in the forms that it fills out, or to attend to a request or consultation of the same.

Principles applicable to the processing of personal data

The treatment of the personal data of the user will be subject to the following principles set forth in article 5 of the RGPD and in article 4 and following of the Organic Law 3/2018, of December 5, on Protection of Personal Data and guarantee of digital rights:

  • Principle of legality, loyalty and transparency: the consent of the user will be required at all times after completely transparent information on the purposes for which the personal data is collected.
  • Principle of limitation of purpose: personal data will be collected for specific, explicit and legitimate purposes.
  • Principle of accuracy: personal data must be exact and always updated.
  • Principle of limitation of the conservation period: personal data will only be kept for the time necessary for the purposes of its treatment.
  • Principle of integrity and confidentiality: personal data will be treated in a way that guarantees its security and confidentiality.
  • Proactive liability principle: the Holder will be responsible for ensuring that the above principles are met.

Categories of personal data

The data that is processed in the websites are only identifying category data. In no case, special categories of personal data are treated within the meaning of article 9 of the RGPD.

Legal basis for the treatment of personal data

The legal basis for the treatment of personal data is consent. The owner undertakes to obtain the express and verifiable consent of the user for the treatment of his personal data for one or more specific purposes.

The user will have the right to withdraw their consent at any time. It will be as easy to withdraw consent as it is to give it. As a general rule, the withdrawal of consent will not condition the use of websites.

On the occasions when the user must or can provide their data through forms to make inquiries, request information or for reasons related to the content of the websites, You will be informed which are mandatory because they are essential for the proper development of the requested operation.

websites may collect non-identifying data, which may include IP, geolocation, registration of how the services are used, trends and browsing habits and the owner can use to elaborate anonymous statistical data and analyze trends, browsing patterns, demographic information and optimally manage websites .

Purpose of the personal data collected

They are intended for tax and legal obligations derived from the issuance of invoices to clients and commercial communication between the owner and future clients.

Retention periods of personal data

Personal data will only be retained for the minimum time necessary for the purposes of its treatment or until the user requests its deletion and the minimum terms have been met when there are legal requirements that impose them. For example, in Spain, billing data for tax purposes must be kept for a period of 5 years.

When the personal data is obtained, the user will be informed about the period during which the personal data will be kept or, when this is not possible, the criteria used to determine this period.

Recipients of personal data

The personal data of the user will not be shared with third parties, except for the billing data (invoices), requested by the tax agencies.

In the event that the owner intends to transfer personal data to a third country or international organization, at the time the personal data is obtained, the user will be informed about the third country or international organization to which it is intended to transfer the data, as well as the existence or absence of an adequacy decision by the Commission.

Personal data of minors

Respecting the provisions of articles 8 of the RGPD and 7 of the Organic Law 3/2018, of December 5, on the Protection of Personal Data and guarantee of digital rights, only those over 14 years of age may grant their consent for the treatment of your personal data lawfully by the owner If it is a child under 14 years of age, the consent of the parents or guardians will be necessary for the treatment, and this will only be considered lawful to the extent that they have authorized it.

Secret and security of personal data

The owner undertakes to adopt the necessary technical and organizational measures, according to the level of security appropriate to the risk of the data collected, so as to guarantee the security of personal data and avoid the accidental or unlawful destruction, loss or alteration of personal data transmitted, preserved or otherwise processed, or unauthorized communication or access to such data.

The websites are hosted by SiteGround España SL, they have an SSL (Secure Socket Layer) certificate, which ensures that personal data is transmitted in a secure and confidential way, as the data is transmitted between the server and the user, and in feedback, fully encrypted or encrypted. Here you can check the Privacy policy of SiteGround.

However, because the owner cannot guarantee the impregnability of the internet or the total absence of hackers or others who fraudulently access personal data, the owner will undertakes to communicate to the user without undue delay when a violation of the security of personal data occurs that is likely to entail a high risk for the rights and freedoms of natural persons. In accordance with the provisions of article 4 of the RGPD, a violation of the security of personal data is understood to be any violation of security caused by the accidental or unlawful destruction, loss or alteration of personal data transmitted, preserved or otherwise processed, or unauthorized communication or access to such data.

Personal data will be treated as confidential by the owner, who agrees to inform of and guarantee by means of a legal or contractual obligation that such confidentiality is respected by its employees, associates, and any person to whom which makes the information accessible.

Rights derived from the processing of personal data

The user may exercise in front of the owner the following rights recognized in the RGPD and in the Organic Law 3/2018, of December 5, on the Protection of Personal Data and guarantee of digital rights:

  • Right of access: It is the right of the user to receive a copy of the personal data that is available together with the purpose for which they were collected, the identity of the recipients of the data, the expected storage periods or the criteria used to determine it, the existence of the right to request the rectification or deletion of personal data as well as the limitation or opposition to its treatment, the right to file a claim with the Spanish Agency for Data Protection and if the data has not been obtained from the interested party, any information available on its origin. The right to obtain a copy of the data cannot negatively affect the rights and freedoms of other interested parties.

    Model form for the exercise of the right of access

  • Right of rectification: In the right of rectification, the data of the user that were inaccurate or incomplete will be modified, taking into account the purposes of the treatment. The user must indicate in the request to which data it refers and the correction that must be made, providing, when necessary, the supporting documentation of the inaccuracy or incomplete nature of the data under treatment. If the data has been communicated by the Holder to other responsible parties, he must notify them of their rectification unless it is impossible or requires a disproportionate effort, providing the user with information about said recipients, if requested.

    Model form for the exercise of the right of rectification.

  • Right of deletion (“the right to be forgotten”): In the right of deletion, the data of the interested parties will be deleted when they express their refusal to treatment and there is no legal basis that prevents it, they are not necessary in relation to the purposes for those that were collected, withdraw the consent given and there is no other legal basis that legitimizes the treatment or it is illegal. If the deletion derives from the exercise of the right of opposition of the interested party to the treatment of their data for marketing purposes, the identification data of the interested party may be kept in order to prevent future treatments. If the data has been communicated by the controller to other managers, you must notify them of their deletion unless it is impossible or requires a disproportionate effort, providing the interested party with information about said recipients, if requested.

    Model form for the exercise of the right of withdrawal.

  • Right of opposition: In the right of opposition, when the interested parties express their refusal to process their personal data before the controller, the latter will stop processing them as long as there is no legal obligation to prevent it. When the treatment is based on a mission in the public interest or in the legitimate interest of the controller, upon request to exercise the right of opposition, the controller will stop processing the data unless compelling reasons prevailing over the interests, rights and liberties of the interested party or are necessary for the formulation, exercise or defense of claims. If the interested party opposes the treatment for direct marketing purposes, personal data will no longer be processed for these purposes.

    Model form for the exercise of the right of opposition.

  • Right to data portability: In the right of portability, if the treatment is carried out by automated means and is based on consent or is carried out within the framework of a contract, interested parties may request to receive a copy of their personal data in a structured format, commonly used and machine readable. Likewise, they have the right to request that they be transmitted directly to a new person in charge, whose identity must be communicated, when technically possible. Right to data portability: In the right of portability, if the treatment is carried out by automated means and is based on consent or is carried out within the framework of a contract, interested parties may request to receive a copy of their personal data in a structured format, commonly used and machine readable. Likewise, they have the right to request that they be transmitted directly to a new person in charge, whose identity must be communicated, when technically possible.

    Standard form for the exercise of data portability.

  • Right to the limitation of the treatment: In the right of limitation of the treatment, the interested parties can request the suspension of the treatment of their data to contest its accuracy while the person in charge carries out the necessary verifications or in the event that the treatment is carried out based on the legitimate interest of the person in charge or in fulfillment of a public interest mission, while verifying if these reasons prevail over the interests, rights and freedoms of the interested party. The interested party can also request the conservation of the data if they consider that the treatment is illegal and, instead of deletion, request the limitation of the treatment, or if the person responsible for the purposes for which they were collected no longer need them, the interested party You need them for the formulation, exercise or defense of claims. The circumstance that the processing of the data of the interested party is limited must be clearly stated in the responsible systems. If the data has been communicated by the controller to other managers, you must notify them of the limitation of their treatment unless it is impossible or requires a disproportionate effort, providing the interested party with information about said recipients, if requested.

    Standard form for exercising the limitation of treatment.

  • Right not to be the subject of a decision based solely on automated processing, including profiling: It is the right of the user not to be the subject of an individualized decision based solely on the automated processing of their data personal, including profiling, existing unless current legislation establishes otherwise.

Thus, the user may exercise their rights by means of a written communication addressed to the Owner with the reference “RGPD-5h2o.es”, specifying:

  • Name, surname of the user and copy of the DNI. In cases where representation is admitted, identification by the same means of the person representing the user, as well as the document accrediting the representation, will also be necessary. The photocopy of the DNI may be replaced, by any other valid means in law that proves the identity.
  • Request with the specific reasons for the request or information to be accessed.
  • Address for notification purposes.
  • Applicant’s date and signature.
  • Any document that accredits the request you make.

This request and any other attached document may be sent to the address and / or email contact of the owner.

If the request of the user or interested party is not followed up, the owner will inform him, without delay and no later than one month after receiving it, of the reasons for their failure to act and the possibility of filing a claim with the Spanish Agency for Data Protection and exercising legal actions.

Links to third party websites

The websites may include embedded content, hyperlinks or links that allow access to third party web pages other than the websites of the owner, and which therefore they are not operated, maintained or managed by the owner. The owners of these websites will have their own data protection policies, being themselves, in each case, responsible for their own files and their own privacy practices.
You can consult the Privacy Policies of the social networks where the websites through the owner have presence and activity:

Claims before the supervisory authority

On the event that the user considers that there is a problem or infringement of the regulations in force in the way in which their personal data is being processed, they will have the right to effective judicial protection and to file a claim before a supervisory authority, in particular in the State where he has his habitual residence, place of work or place of the alleged infringement. In the case of Spain, the supervisory authority is the Spanish Agency for Data Protection