Privacy Policy
Boa EuroServices S.A. is the CONTROLLER of the processing of the USER’s personal data and informs you that said data will be processed in accordance with the provisions of Regulation (EU) 2016/679 of 27 April (GDPR), and Organic Law 3/2018 of 5 December (LOPDGDD).
For more information on privacy safeguards, you may contact the CONTROLLER through Boa EuroServices S.A., Calle Principe de Vergara, 109, 7° Derecha (Madrid). E-mail: rgpd@boa-euroservices.com Contact details of the Data Protection Officer: RS SERVICIOS JURÍDICOS S.L., – dpo@rsprivacidad.es
Transparency is one of the values with which we identify ourselves; therefore, we attach great importance to the privacy of your data.
By ticking the corresponding boxes and entering data in the fields marked with an asterisk (*) in the contact form or those presented in download forms, USERS expressly, freely and unequivocally accept that their data are necessary in order for the provider to deal with their request, with the inclusion of data in the remaining fields being voluntary. The USER guarantees that the personal data provided to the CONTROLLER are truthful and is responsible for communicating any modification thereof.
The CONTROLLER informs that all the data requested through the website are mandatory, since they are necessary in order to provide the USER with an optimal service. In the event that not all the data are provided, it is not guaranteed that the information and services provided will fully meet their needs.
2. LEGAL BASIS
- The legal basis for the processing of user data is the consent of the data subject, requested for the specific case: we may process the data that we request from you because you have given us your consent to do so by expressly manifesting it through ticking the box “I have read and accept the privacy policy” in the forms on our website, or by any mechanism that we may make available to you and that clearly indicates your consent (Art. 6.1.a GDPR).
- In turn, the processing for the management of the provision of services, payment, invoicing and corresponding shipments is legitimised by the performance of the contract (Art. 6.1.b GDPR).
- The processing of data for the purpose of sending electronic newsletters on services, events and news related to our professional activity is based on the legitimate interest in carrying out such processing in accordance with the applicable regulations (Art. 6.1.f GDPR).
- Additionally, the legal basis for processing your data in relation to the sending of CVs and registration in job offers that we may publish is the consent of the user who sends his or her data, which may be withdrawn at any time, although this would mean that your application could not be taken into account in our staff selection processes. However, the withdrawal of your consent will not affect the lawfulness of processing carried out previously (Art. 6.1.a GDPR).
3. International transfers of data:
International data transfers involve a flow of personal data from Spanish territory to recipients located in countries outside the European Economic Area (the countries of the European Union plus Liechtenstein, Iceland and Norway).
Since we cannot know in advance the destination country of the transfer, it will be carried out in accordance with one of the following provisions:
– Art. 45 GDPR: you are informed that the data may be processed by processors located in countries that ensure an adequate level of data protection under an adequacy decision adopted by the EU Commission, so that no risks exist in the processing.
In the absence of an adequacy decision pursuant to Article 45(3), or of appropriate safeguards pursuant to Article 46, including binding corporate rules, a transfer or set of transfers of personal data to a third country or an international organisation shall only take place if one of the following conditions is met:
– Art. 49.1(c) GDPR: the transfer is necessary for the conclusion or performance of a contract in the interest of the data subject; in accordance with Article 44 GDPR, authorisation of an international transfer of data to a country that has not been declared a country with an adequate level of protection may only be granted if sufficient safeguards are obtained. It may thus be granted if the Controller provides a written contract concluded between the data exporter and the data importer, which includes the necessary guarantees as regards the protection of the privacy of the data subjects and their fundamental rights and freedoms, and ensures that they can exercise their respective rights.
– Risks of processing: I declare that I have been informed of the transfer of data made to the provider of the services described (as per the attached contract) and, where applicable, of the risks of the processing due to the absence of appropriate safeguards for the protection of personal data in the destination country.
4. Disclosure of data:
The contracting of our services and their performance will necessarily entail the communication of your data to the parties involved, intermediary agents and, in the case of money remittances abroad, to the paying correspondents in the destination country and/or to the intermediary financial entities for the international transfer of funds, so that a necessary international transfer of data will take place, which the data subject expressly accepts by signing this document, as it is essential for the provision of the service.
Additionally, we inform you that certain data, within the framework of the applicable regulations or of the contractual relationship that you have with us, may be communicated to:
- Public administrations with competence in the sectors of activity, when so established by the applicable regulations.
- Law Enforcement Agencies, in accordance with the law.
- Banks and financial entities for the collection of the services provided.
- Other professionals in the legal field, when such communication is legally required or necessary for the execution of the contracted services.
- Lastly, we inform you that we use social connectors, i.e. third-party plugins (applications) that allow this website to be connected to social networks or similar services (Twitter, Facebook or others) in order to access our profiles on said social networks. The use of such connectors is voluntary. If you choose to use them, you will be authorising the communication of personal data (IP address, browsing data) to the said social networks and the company that owns this website will not be responsible for the subsequent processing that they may carry out with your data. We recommend that you visit the terms and conditions of use of these platforms before interacting in social networks with the corporate pages, in order to obtain detailed information.
5. Data retention
Dissociated data: Dissociated data will be kept without a deletion deadline.
Contact data processed for commercial purposes: They will be kept until the user withdraws his/her consent.
Customer data: The retention period for personal data will vary depending on the service that the Customer contracts. In any case, it will be the minimum necessary and may be maintained for up to:
- 4 years plus the current year (Arts. 66 et seq. of the General Tax Law)
- 5 years: Art. 1964 Civil Code (personal actions without special time limit)
- 6 years: Art. 30 Commercial Code (accounting books, invoices…)
- 10 years: money laundering (Art. 25 of Law 10/2010 of 28 April)
Personal data from the contact form: They will be kept until your request has been satisfactorily concluded or until you withdraw your consent.
6. Commitments of the USER
The USER guarantees that he/she is of legal age and that the information provided is accurate and truthful.
The USER undertakes to inform Boa EuroServices S.A. of any changes that may occur in the information provided by sending an e-mail to elopez@boa-euroservices.com, identifying himself/herself as USER of the WEBSITE and specifying the information to be modified.
Likewise, the USER undertakes to keep passwords and identification codes secret and to inform Boa EuroServices S.A. as soon as possible in case of loss, theft or unauthorized access. Until such communication takes place, Boa EuroServices S.A. will be exempt from any liability that may arise from the improper use of such passwords and identification codes by unauthorized third parties.
7. Third-party data provided by the USER
In the event that the USER provides personal data of third parties for any purpose, he/she guarantees that he/she has previously informed the affected parties and obtained their consent for the communication of their data to Boa EuroServices S.A..
The USER guarantees that the affected persons are of legal age and that the information provided is accurate and truthful.
Boa EuroServices S.A. will verify the consent of said affected parties by means of a first e-mail with non-commercial content in which verification of the consent given on their behalf by the USER will be requested.
In the event that liabilities arise from failure to comply with these conditions by the USER, he/she will be responsible for the consequences of said non-compliance.
8. Exercise of rights
The USER may withdraw his/her consent and exercise his/her rights of access, rectification, erasure, objection, restriction and portability by sending an e-mail to us or to our Data Protection Officer at the address Calle Principe de Vergara, 109, 7° Derecha (Madrid). E-mail: rgpd@boa-euroservices.com, identifying himself/herself as USER of the WEBSITE and specifying his/her request.
The USER may also exercise his/her rights of access, rectification, erasure, objection, restriction and portability by ordinary mail to the above address, identifying himself/herself as USER of the WEBSITE, providing a photocopy of his/her ID card or equivalent document and specifying his/her request.
Likewise, if you consider that your right to the protection of personal data has been infringed, you may lodge a complaint with the Spanish Data Protection Agency (www.agpd.es).
SECURITY MEASURES
In accordance with the provisions of the regulations in force on the protection of personal data, the CONTROLLER is complying with all provisions of the GDPR and the LOPDGDD for the processing of personal data under its responsibility and, manifestly, with the principles described in Article 5 of the GDPR, whereby they are processed lawfully, fairly and transparently in relation to the data subject and are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
The CONTROLLER guarantees that it has implemented appropriate technical and organisational policies to apply the security measures established by the GDPR and the LOPDGDD in order to protect the rights and freedoms of USERS, and has provided them with the appropriate information so that they can exercise them.
It should be noted that this Privacy Policy may vary due to legislative requirements, so users are advised to consult it periodically.
For more information on privacy safeguards, you may contact Boa EuroServices S.A. at the address Calle Principe de Vergara, 109, 7° Derecha (Madrid). E-mail: rgpd@boa-euroservices.com
PREVENTION OF MONEY LAUNDERING
Furthermore, we inform you that Boa EuroServices S.A., in its capacity as an obliged entity, is subject to compliance with the provisions of Law 10/2010 of 28 April on the prevention of money laundering and the financing of terrorism (hereinafter, LPB).
By virtue of the above-mentioned regulations (which are mandatory for obliged entities) and in accordance with the current regulations on the protection of personal data, in Article 14 of Regulation (EU) 2016/679 of 27 April 2016 (GDPR), we inform you that, in compliance with the obligations established in Article 4 of the LPB, relating to the identification of the beneficial owner, Boa EuroServices S.A. has recorded your personal data linked to your relationship with the company.
The aforementioned data will be incorporated into files owned by Boa EuroServices S.A., with A86445244, for the sole purpose of processing them in order to comply with the obligations arising from the LPB, and will be retained for the period established by the regulations in force.
Likewise, we inform you that, in accordance with the provisions of Article 32 of the LPB, the consent of the data subject is not required for such processing.
