Privacy Policy

1. Identification.

1.1 GESTIÓN DE ARQUITECTURA Y URBANISMO APROA ÁREA, S.L. (hereinafter, “ÁREA”), with registered office at Avenida Eduardo Dato, 22a, Local H, 41018-Seville, and Tax ID No. B-91353490, registered in Seville’s Company Register, volume 3,893, page 110 and sheet SE- 56,573, is the owner of the website and social media accounts found at the Internet address (hereinafter, “this Website”).

1.2. ÁREA is the owner of the following social media accounts:

Facebook.
Twitter.
LinkedIn.

1.3. Any person who accesses this Website (hereinafter, the User), declares that he or she has the minimum legal age (16 years) to give consent to information society services under the General Data Protection Regulation or the applicable national legislation.

1.4. By accessing this Website, the User expressly agrees to be bound by the terms of the Legal Notice, this Privacy Policy and the Cookies Policy, as well as any other terms explicitly applicable for the use of certain services. If the User does not agree with any of the terms laid down herein, the User may not access this Website.

2. Data controller’s role in processing the personal data.

2.1. ÁREA’s role as the data controller is outlined below.

Data provided through the “Contact” section”
Who is the data controller?	ÁREA (further information in point 1.1).
For what purpose is your personal data processed?	We process the information you provide, or to which you grant access, to manage the contents of your communication.
How long will we retain your data?	Your personal data will be retained while your communication is managed, for the duration of the contractual relationship or as required by law.
What are the legitimate grounds for processing your data?	The legitimate ground for processing your data is your freely given consent.
To which recipients will we communicate your data?	No data will be disclosed to third parties unless otherwise required by law or without your prior consent.
What rights do you have as the data subject?	You have the right to request, at any time, access to your personal data, its rectification or erasure, restrict processing, object to processing, data portability, withdrawal of consent at any time, or file a claim with a supervisory authority (further information in point 6).
What data are you required to provide?	You are required to provide the data marked with an asterisk (*). You will not be able to contact ÁREA if you do not provide this data.

Contact through social media
Who is the data controller?	ÁREA (further information in point 1.1).
For what purpose is your personal data processed?	We will process the information provided, or authorised to be accessed, to manage contacts on social media.
How long will we retain your data?	The data provided shall be retained while we manage your communication, for the duration of the business relationship or as long as required by law.
What are the legitimate grounds for processing your data?	The legitimate ground for processing your data is your freely given consent.
To which recipients will we communicate your data?	No data will be disclosed to third parties unless otherwise required by law or without your prior consent.
What rights do you have as the data subject?	You have the right to contact the data controller and request access to the User’s personal data. You also have, at any time, the right to rectification or erasure, restrict processing, object to processing, data portability, withdrawal of consent, or file a claim with a supervisory authority (further information in point 6).
What data are you required to provide?	You are not required to provide any information to contact ÁREA through its social media accounts.

3. Processor’s role in processing the personal data.

3.1. When a User enters a service contract with ÁREA as the data processor, the User consents to the processing of the personal data necessary to provide the service requested.

3.2. To deliver the services under this contract, the data controller shall provide ÁREA with the personal data needed to deliver the services requested.

3.3. This agreement will remain in force for the duration of the contractual relationship. After the termination of the contractual relationship, ÁREA shall return the personal data to the data controller or transfer the data to the new data processor designated by the data controller, and delete any copy it may have. However, you may block the data to meet possible administrative or legal liabilities.

3.4. The data processor and its staff undertake to:

Process the personal data provided by the User or collected otherwise for the purpose specified in this agreement only. It may not, under any circumstances, use the data for its own purposes.
Process the data according to the data controller’s instructions.
Keep a written record of all data-processing activities carried out on behalf of the data controller, which shall contain:
- The name and contact details of the data processor(s) and the data controller for whom the processor is working.
- The data-processing activities carried out on behalf of each data controller. A general description of the appropriate technical and organisational security measures implemented.
- Not disclose the data to third parties, unless with the express consent of the data controller where required by law. Where the data processor intends to subcontract, he or she must notify the data controller and request prior consent.
Keep secret the personal data to which it has had access under this agreement, even after the termination of the contract.
Ensure that the persons authorised to process personal data shall commit themselves in writing to respect confidentiality and comply with the relevant security measures about which they shall be duly informed.
Make readily available to the data controller the documents certifying compliance with the obligation outlined above.
Provide the necessary training in personal data protection to persons authorised to process personal data.
Ensure that the data subject may contacts the processing agency to exercise its right to access, rectification, erasure and objection, restrict processing and data portability when the data subject contact the processing agency. The agency shall notify the data controller immediately by email and, in any case, no later than the working day following that on which the request is received. The processing agency shall also provide, where appropriate, any relevant information to decide on the request.
Notification of data security breaches: ÁREA will notify the data controller by email, without undue delay, about any personal data security breaches of which it may be aware, as well as any relevant information to document and notify the incident. It shall include at least the following information:
- Description of the personal data security breach, including, where possible, the categories and the approximate number of data subjects concerned, as well as the categories and the approximate number of personal data records affected.
- Details of the contact person for further information.
- Description of the possible consequences of the personal data security breach.
- Description of the measures taken or proposed to remedy the personal data security breach, including, where appropriate, the steps taken to mitigate the possible adverse effects. Where this information cannot be provided simultaneously, the information shall be provided gradually without undue delay.
At the request of the data controller, ÁREA shall notify the personal data security breaches to the data subjects as soon as possible, in particular, where the breach is likely to result in a high risk to the rights and freedoms of natural persons. The notification should be in clear, plain language, and should include information that the data controller requires in each case, which must as a minimum be:
- Nature of the data breach.
- Contact details of the data controller or data processor to obtain further information.
- Description of the possible consequences of the personal data security breach.
- Description of the measures taken or proposed by the data controller to remedy the personal data security breach, including, where appropriate, the steps taken to mitigate the possible adverse effects.
Make readily available to the data controller all the information necessary to demonstrate compliance with their obligations and enable the performance of audits or inspections by the data controller or an authorised auditor.
Implement the technical and organisational security measures necessary to ensure permanent confidentiality, integrity, availability and resilience of processing systems and services.
Return the personal data to the data controller and, where applicable, the medium used, once the service has been completed.
Ensure that the return shall also result in the complete erasure of the existing data from ÁREA’s computer system. However, ÁREA may keep a copy, with the data duly blocked, with the sole purpose of addressing any kind of liabilities that may arise from the services provided.

3.5. The data controller is responsible for:

Providing the data processor with the data necessary to provide the service.
Ensuring, before and throughout the processing, that ÁREA complies with the General Data Protection Regulation.
Monitoring the processing of the data.

4. Social Media

4.1. By accessing ÁREA’s social media accounts, the User agrees to the processing of its personal data according to ÁREA’s privacy policies.

5. Warranty.

5.1. The User warrants that the information provided is true, accurate, complete and up-to-date, and shall be liable for any damage, direct or indirect, that may arise from the failure to comply with this obligation.

5.2. Where the data provided belongs to a third party, the User warrants that the third party has been properly informed and given its consent to provide the personal data to ÁREA.

6. Derechos.

6.1. Right to access: The User shall have the right to request confirmation from ÁREA as to whether or not his or her personal data is being processed and, where appropriate, the right to access personal data.

6.2. Right to rectification: The User shall have the right to rectification of inaccurate personal data by ÁREA without undue delay. Taking into account the purposes of the processing, the User shall have the right to complete any incomplete personal data, including via an additional statement.

6.3. Right to erasure: The User shall have the right to request that ÁREA delete all personal data. ÁREA shall be obliged to delete such data without undue delay.

6.4. Right to restrict processing: The User shall have the right to restrict data processing by ÁREA.

6.5. Right to data portability: The User shall have the right to receive the personal data provided to ÁREA in a structured, widely used, machine-readable format, and to transfer them to another data processor without being hindered by the data controller to whom the User had provided the information.

6.6. Right to object: The User shall have the right to object, at any time, to the processing of personal data on grounds for its particular situation. ÁREA shall discontinue the processing of personal data unless it can provide compelling legitimate grounds for processing data that take precedence over the User´s interests, rights and freedoms, or for the formulation, exercise or defence against claims.

6.7. Automated individual decisions, including profiling: The User shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal or similarly significant effects concerning them.

6.8. Right to withdraw consent: The User shall have the right to withdraw their consent at any time. The withdrawal of consent shall not affect the legality of the processing based on the consent prior to its withdrawal. Withdrawing consent must be as easy as giving consent.

6.9. The User may exercise their rights by writing to ÁREA, Avenida Eduardo Dato, 22a, Local H, 41018 Seville, or by email to info@ÁREA.es.

6.10. For further information about these rights, click here.