
Privacy Policy
ZERTIOR, S.L. is a company dedicated to the management of communications, events, and sports activities.
In compliance with these principles, our data protection policy is developed and communicated in accordance with the applicable regulations, particularly the EU Regulation 2016/679 of the European Parliament and Council, on the protection of natural persons with regard to the processing of personal data and the free movement of such data, and repealing Directive 95/46/EC (hereinafter, GDPR), as well as Organic Law 3/2018, of December 5, on the Protection of Personal Data and Guarantee of Digital Rights.
The company has also adopted the necessary technical and organizational measures to ensure the confidentiality, security, and proper handling of personal data, preventing its alteration, loss, unauthorized processing, or access, in accordance with the applicable regulations. Effective measures have been taken, always ensuring an appropriate level of security based on the nature of the data being processed. This task is carried out continuously, taking into account legislative or societal developments.
This policy may vary over time due to potential legislative changes or other management-related reasons. Any such change will be immediately reflected on the website, and the appropriate notifications will be made, where applicable.
The company processes personal data both of individuals acting in a professional capacity and of private individuals. Both categories have been taken into consideration in establishing this privacy policy.
The company may act as either DATA CONTROLLER or DATA PROCESSOR. This privacy policy addresses both roles.
WHO IS THE DATA CONTROLLER?
ZERTIOR, S.L.,
Registered address: Plaza de La Lealtad, 3 – 5th floor, 28014 Madrid, Spain.
Contact information: same as above, Phone: +34 9175025169, Email: info@zertior.com
DATA PROTECTION OFFICER
Juan Ignacio Arano – Email: juan.arano@zertior.com
PURPOSE AND RETENTION OF DATA
We process the information provided by our clients and other interested parties for the following purposes:
CONTRACTUAL PURPOSES, relating to partners, suppliers, collaborators, and employees, for managing the rights and obligations arising from the contractual relationship.
PURPOSES BASED ON DATA SUBJECT’S CONSENT: For communication regarding the company’s activities and initiatives.
REGULATORY PURPOSES: To comply with legal and/or regulatory obligations.
LEGITIMATE INTEREST PURPOSES, under Article 19 of Organic Law 3/2018 and Article 6.1(f) of Regulation (EU) 2016/679.
Data is processed as a DATA CONTROLLER when collected and processed directly by us.
Data is processed as a DATA PROCESSOR when the company processes data on behalf of a third-party entity that is the Data Controller.
DATA RETENTION
Personal data will be retained:
- For the time necessary to fulfill the purpose for which it was collected, or as required by the contractual relationship, including any time needed to comply with applicable legal obligations or actions arising therefrom.
- Until the data subject requests its deletion.
Whichever of the two events occurs first, the data will be blocked and made available solely to Courts and Tribunals, the Public Prosecutor, or the relevant public authorities (particularly data protection authorities), for handling any liabilities arising from the processing, during the statute of limitations. After this period, the data will be permanently deleted.
No profiling is carried out.
LAWFUL BASIS FOR PROCESSING
As DATA CONTROLLER, the legal basis for processing your data includes:
- The contractual relationship and execution of the contract with us.
- Where you have expressly given consent, this constitutes the legal basis.
- Legal obligation based on regulatory purposes.
- Legitimate interest under Article 19 of Organic Law 3/2018.
As DATA PROCESSOR, the entity that has engaged us as a service provider, acting as DATA CONTROLLER, is responsible for determining the lawful basis and processing method.
DATA RECIPIENTS
Data is shared with our partners providing services as subcontractors, legal collaborators, and other data processors. In such cases, the required data processing agreement is signed in compliance with the GDPR.
INTERNATIONAL DATA TRANSFERS
Regarding any transfer of personal data to countries outside the EEA, the company will implement appropriate specific measures to ensure an adequate level of data protection.
USER RIGHTS
Everyone has the right to obtain confirmation about whether we are processing personal data concerning them.
Data subjects have the right to:
- Access their personal data.
- Request the correction of inaccurate data.
- Request deletion of their data when, among other reasons, it is no longer necessary for the purposes for which it was collected.
- In certain cases, under Article 18 of the GDPR, request restriction of processing, in which case we will only retain data for exercising or defending legal claims.
- Object to processing for marketing purposes, including profiling. The company will stop processing data unless there are compelling legitimate grounds or for exercising or defending legal claims.
- Exercise the right to data portability, receiving the personal data concerning them in a structured, commonly used, machine-readable format, and transmitting it to another controller.
EXERCISING YOUR GDPR RIGHTS
Requests can be submitted in writing to the contact addresses indicated above.
USER RESPONSIBILITIES
The User guarantees the truthfulness of the personal data provided through the forms and undertakes to inform of any changes to such data. The User also guarantees that the provided information reflects their real situation, is up to date and accurate, and commits to keeping it current at all times. The User is solely responsible for any inaccuracy or falsehood and any damages this may cause ZERTIOR, S.L., as the owner of the website.
COMPLAINTS TO THE SPANISH DATA PROTECTION AGENCY
If the User considers that their request has not been properly addressed by the company, they may contact the Spanish Data Protection Agency (AEPD) for protection. Further information is available at www.agpd.es.
CATEGORIES OF DATA
What types of data do we process?
- Identifying data
- Data related to your role or professional activity
- Family and financial data
- Special categories of data under Articles 9 and 10 of the GDPR may also be processed. In such cases, the company complies with the relevant requirements and collects explicit consent.
The data collected is strictly necessary to fulfill the specified purposes and is processed confidentially in accordance with the company’s privacy and security policies.
DATA ORIGIN
As DATA CONTROLLER, the personal data we process originates from the information you provide when requesting services or resources, accessing our website, or establishing any type of relationship with us, directly or indirectly.
As DATA PROCESSORS, the data originates from the DATA CONTROLLER who has contracted our services.