Data Subject or Affected Party: Individual clients, employees, professionals, and company representatives
Processing – What processing do we perform with your personal data?
In compliance with Regulation (EU) 2016/679 and the Organic Law on the Protection of Personal Data, we inform you that your personal data may be subject to some of the following processing activities:
TR04 – Advertising campaigns (Legal basis: Law 34/1988, of November 11, General Advertising Law.)
TR08 – Collecting the opinion of data subjects (Legal basis: Regulation (EU) 2016/679 on data protection and LOPD.)
TR03 – Recruitment of own staff (Legal basis: Royal Legislative Decree 3/2015, of October 23, approving the revised text of the Employment Law.)
TG01 – Own accounting and bookkeeping management, as data controller. (Legal basis: Royal Decree 1514/2007, of November 16, regulating the General Accounting Plan.)
TG25 – Data collection for own tax management (Legal basis: Law 58/2003, of December 17, General Tax Law.)
TG12 – Own labor management: data collection (Legal basis: Royal Legislative Decree 1/1994, of June 20, approving the Revised Text of the General Social Security Law.)
TR09 – Security on technical and organizational measures in applied software (Legal basis: Regulation (EU) 2016/679 on data protection and LOPD.)
TE08 – Protection of Personal Data (Legal basis: Regulation (EU) 2016/679 and Organic Law 3/2018.)
TE02 – Occupational risk prevention (Legal basis: Law 31/1995, of November 8, on Occupational Risk Prevention.)
TE07 – Document destruction (Legal basis: Regulation (EU) 2016/679)
TV01 – Sales / Provision of Services (Legal basis: Commercial and Tax Law)
TE03 – Transportation service and/or package shipping (Legal basis: Royal Decree of August 22, 1885, publishing the Commercial Code.)
TR05 – Email communications (Legal basis: Commercial Code and applicable legislation.)
TR01 – Requests for information received (Legal basis: Commercial Code and other commercial provisions.)
TR07 – Incident and/or security breach management (Legal basis: Regulation (EU) 2016/679 on data protection and LOPD.)
TE04 – Management of own legal matters (Legal basis: Applicable commercial and labor legislation.)
TE01 – Maintenance of computer systems (Legal basis: Commercial Code.)
Data Controller – Who are we?
We are the data controller of your personal data. Therefore, we expressly, precisely, and unequivocally inform both data subjects and the competent authorities of the following aspects related to the data controller:
Purposes – What do we use your personal data for?
In this organization, we may process your personal data exclusively for the following purposes:
Ensure that all necessary technical measures are taken for the correct management of personal data with the applied software.
Send commercial and/or advertising information via email.
Manage information requests received from the data subject regarding our products or services.
Exclusively manage internal incidents detected in compliance with GDPR requirements.
Carry out advertising campaigns to promote our services and/or products.
Gather feedback from data subjects.
Recruit staff to fill necessary job vacancies.
Comply with all requirements set forth in the Occupational Risk Prevention Law.
Send packages and correspondence.
Manage any legal issues affecting the company.
Manage, maintain, and repair IT storage systems.
Carry out internal labor management.
Perform own tax and accounting management.
Comply with the principle of data retention limitation.
Comply with the requirements of Regulation (EU) 2016/679 and Organic Law 3/2018.
Administrative management of individual clients.
Carry out the sale or provision of the contracted service.
A commercial or user profile may be created based on the information provided or obtained. It is expressly stated that under no circumstances will profiles be created using minors’ data.
Your personal data will be retained for the duration of the contractual relationship or, where applicable, until you exercise your right to object or withdraw your consent. To do this, you can go to the corresponding section on our website or send an email to the address indicated in the section relating to the data controller.
Legitimacy – Why do we use your data?
We are legally authorized to process your personal data for the following reasons:
Your unequivocal, informed, and express consent, in cases where it is legally required, and where the withdrawal of such consent does not affect the lawfulness of the processing carried out prior to its withdrawal.
A legal obligation of the data controller.
The execution of a service provision and/or product sales contract signed by you.
A legitimate interest of the controller, based on a prior proportionality or balancing test between the controller’s legitimate interest and the rights or freedoms of the data subjects. If this balance is favorable to the controller, the processing may be carried out in accordance with the applicable data protection legislation.
If you have any questions or need clarification, you can contact us via the email provided in the section related to the data controller.
Recipients – Who can we share your personal data with?
Your personal data may be shared with the following entities and organizations:
Tax Agency
State Public Employment Service
General Treasury of Social Security
Spanish Data Protection Agency
Banks and savings banks
Your personal data will not be transferred to any third country or international organization.
Sources – What data do we process and how did we obtain it?
Your personal data will be incorporated into the following files owned by the organization:
FG01 Own accounting management
FG02 Own labor management
FG15 Own tax management. Data collection
FE01 IT maintenance
FE02 Occupational risk prevention
FE03 Transport and shipping
FE04 Own legal matters
FR01 Requests for information received
FR03 Own staff recruitment
FR04 Advertising campaigns
FR05 Emails
FR07 Incident and/or security breach management
FR08 Collecting the opinion of data subjects
FR09 Software and hardware security
FE07 Document destruction
FE08 Personal Data Protection
FP01 Clients
The personal data we process in our organization comes from the following sources:
The data subject
Rights – What rights can you exercise?
We guarantee your right to exercise control over your personal data processing. Specifically, you have the right to:
Obtain confirmation as to whether your data is being processed.
Access your personal data and obtain information about the purposes of the processing, data categories, potential recipients, data retention periods, data origin, and whether profiling or automated decision-making is performed.
Rectify your data. You are responsible for ensuring the data you provide is accurate, and you must notify us of any changes.
Object to the processing of your data on grounds relating to your particular situation, unless there are compelling legitimate grounds.
Request the erasure of your personal data when it is no longer necessary for the stated purposes or if there is no legal basis for processing it.
Request data portability when the processing is automated and based on a contract or your consent.
Request restriction of processing under certain circumstances, where data will only be kept for legal claims.
Object to automated decisions, including profiling.
These rights may be exercised free of charge by submitting a written and signed request, either personally or by a representative, to the data controller at the addresses indicated, or physically at any of our establishments.
You also have the right to file complaints with the Spanish Data Protection Agency (at https://www.agpd.es/) or with the relevant supervisory authority.
Additionally, you may go to the courts to claim compensation.
Finally, you have the right to withdraw your consent just as easily as you gave it. You may do so via our website or by sending an email to the address listed under the controller section.
We also inform you that in every data processing operation, we identify potential threats and impacts and apply security measures to mitigate or eliminate risks, periodically reviewing these measures for effectiveness.
Our control system ensures compliance with data processing principles, and we can demonstrate compliance with purpose limitation, data minimization, retention limitation, and integrity and confidentiality.
You may also periodically receive surveys to gather your feedback about how we process your personal data and to ensure transparency and accuracy.
For any questions or clarifications, contact us at the email address listed in the first section.
Sincerely,
The responsible
Authentic Thai Massages in Tenerife South
