Data Protection, Privacy and Information Security Policy

Commitment to Data Protection, Privacy and Information Security 

CIN VALENTINE, S.A.U. complies with all applicable EC and national legal regulations in data protection, privacy and information security.

With regard to the personal data protection and information security system, CIN VALENTINE, S.A.U. seeks to guarantee conformity with the regulations and the demonstration or evidence of institutional responsibility in terms of data protection and information security, applying all the technical and organizational measures necessary for compliance with the current legal data protection arrangements.

To this end, CIN VALENTINE, S.A.U. is also assumes committed to the secrecy and confidentiality of the personal data for which it is the data controller, in accordance with this data protection and privacy policy. CIN VALENTINE, S.A.U. therefore guarantees compliance with all applicable rules on confidentiality and secrecy, and also requires it of all its employees or suppliers, as well as the adoption of behaviours and the application of the necessary measures to the same degree of conformity, to ensuring that persons authorized to process personal data have assumed a confidentiality commitment or are subject to legal confidentiality obligations.

Definitions

 «Personal data»

"Personal data", information relating to an identified or identifiable natural person ("data owner"); a natural person shall be deemed to be identifiable if they can be directly or indirectly identified, in particular by reference to an identifier. The following are examples of personal identifiers:  a name, an identification number, location data, electronic identifiers or one or more specific elements of the physical, physiological, genetic, mental, economic, cultural or social identity of said natural person

 

 «Processing of personal data»

“Processing”, any operation or set of operations performed on personal data or personal data sets, by automated or non-automated means, such as the collection, recording, organization, structuring, storage, adaptation or modification, extraction, querying, use, disclosure by transmission, dissemination or any other means by which it data is made available, matching or interconnection, limitation, removal or destruction.

  

«Cookies»

"Cookies" are small text files containing information that is considered relevant, loaded by the devices used for access (computers, mobile phones or portable mobile devices) through the Internet browser (browser), when an online site is visited by the Customer or user.

 

Data Controller

CIN VALENTINE, S.A.U., with headquarters at C/ Riera Seca, nº1 ? Polígono Industrial Can Milans, Montcada i Reixac, 08110, Barcelona, registered in the Companies Register of Barcelona, Volume 44576, Folio 12, Sheet B-160105, Entry 62, share capital of 10,000,000 euros, in this document referred to as CIN VALENTINE, S.A.U., is the entity responsible for the website www.cin.com/deco/valentine and for the IT applications, hereinafter referred to as channels or applications, through which Users, Service Recipients or Customers have remote access to the services and products of CIN VALENTINE, S.A.U that are presented, marketed or provided, at any time, through them.

The use of the channels or applications by any user, service recipient or customer may involve personal data processing operations, whose protection, privacy and security are guaranteed by CIN VALENTINE, S.A.U, as the data controller, in accordance with the provisions of this Data Protection and Privacy Policy.

 

Contact information of the Data Protection Officer

To contact the CIN VALENTINE, S.A.U., Data Protection Officer, please send an email to dpo_privacy.es@cin.com, describing the subject of the request and providing an email address, a contact address or a postal address.

 

Personal Data Collection and Processing

CIN VALENTINE, S.A.U. processes the personal data strictly necessary for the availability of the information and operation of its channels, in accordance with the actions made by Users, Service Recipients or Customers.

CIN VALENTINE, S.A.U. therefore collects this personal data: - directly from the Users or the Recipients who supply the data for the purposes of registering requests or obtaining information;

- directly from Customers for the purposes of subscribing to said channels or through the use of the services provided by CIN VALENTINE, S.A.U., such as access, queries, instructions, transactions and other records related to their use.

In particular, the use or activation of certain functionalities of the channels may involve the processing of several direct or indirect personal identifiers, such as name, residential address, contacts, device addresses or geographical location, provided that there is express consent from the User, Service Recipient or the Customer.

The personal data collected by CIN VALENTINE, S.A.U. are processed electronically, in certain cases using automated systems, including the processing of files or the definition of profiles and as part of the management of pre-contractual, contractual or post-contractual relationships with Users, Service Recipients or Customers, in accordance with current national and EC regulations.

 

Categories of Personal Data Processed

The categories or types of personal data subject to processing may include, among others that are necessary and are lawfully collected, the following: full name, DNI / NIF number, marital status, sex, date of birth, nationality, address(es ), town(s), postal code(s), country, country code, telephone numbers, email addresses, name of the company where the person works, etc.

In all cases, Users, Service Recipients or Customers will always be informed of the need to collect this data for access to the functionalities of the channels in question.

 

Legal Principles

All data processing operations comply with the fundamental legal principles governing data protection and privacy, in particular in terms of circulation, legality, fairness, transparency, purpose, minimization, storage, accuracy, integrity and confidentiality, and CIN is available to demonstrate its responsibility to the data subject or to any other third party with a legitimate interest in this matter.

Legal Grounds

All data processing operations carried out by CIN VALENTINE, S.A.U. have a legal basis, in particular, the consent of the owner, the need to fulfil a contract or pre-contractual procedures with the data owner, as well as the need to comply with a legal obligation or the legitimate interests pursued by CIN VALENTINE, S.A.U. or by third parties.

 

Purpose of the Processing

All personal data processed in the context of the CIN VALENTINE, S.A.U. channels are intended exclusively to make information available to Users, for the management of the personal information of the Service Recipients considered necessary for the management of the relationship or communication, as well as the provision of the services contracted by the Customers and, in general, for the management of pre-contractual, contractual or post-contractual relationships with Users or Customers.

The personal data collected may even be processed for statistical purposes, for information dissemination or promotional campaigns and for commercial or marketing campaigns, in particular to disseminate information about new functionalities or new products and services, through direct communication, by correspondence, by email, messages or telephone calls or any other communication service.

Provided that prior information and the collection of express authorization for these last purposes is granted, Users or Customers may, at any time, exercise their right to oppose the use of their personal data for other purposes that extrapolate the management of the contractual relationships, in particular for marketing purposes, for the sending of information or for inclusion in lists or services for information purposes - for which a written request must be sent to the data protection officer of CIN VALENTINE, SAU, in accordance with the following procedures.

 

Data Retention Period

Personal data will be kept only for the period necessary for the purposes for which it was collected or for subsequent processing in accordance with all applicable legal regulations regarding archiving.

Use of Cookies

CIN VALENTINE, S.A.U. uses cookies on its websites in accordance with the Cookies Policy which can be viewed at www.cin.com/deco/valentine.

 

Communication of Data to Other Entities

The availability of information or the provision of services by CIN VALENTINE, S.A.U. to its Users, Service Recipients or Customers through the channels may involve the use of third party sub-contractors, including entities based outside the European Union, for the provision of certain services, which may involve access, by these entities, to the personal data of Users, Service Recipients or Customers.

In these circumstances and whenever necessary, CIN VALENTINE, S.A.U. will only resort to sub-contractors that provide sufficient guarantees of appropriate technical and organizational measures so that the processing meets the requirements of the applicable regulations, with such guarantees being formalized in a contract between CIN VALENTINE, S.A.U. and each of the third parties.

 

Data Recipients

Except in the context of compliance with legal obligations, in no case will there be communication of the personal data of Users, Service Recipients or Customers to third parties that are not subcontractors or legitimate recipients, so no other communication for purposes other than those mentioned shall take place.

 

 

International Data Transfers

Personal data shall only be transferred to a third country or an international organization in the context of compliance with legal obligations or where compliance with applicable EC and national legal regulations on the matter is guaranteed.

 

Security Measures

Taking into account the most advanced techniques, application costs and the nature, scope, context and purposes of the processing, as well as risks, of variable probability and severity, for Users, Service Recipients or Customers, CIN VALENTINE , S.A.U. and all of its sub-contractors apply the appropriate technical and organizational measures to guarantee a level of security appropriate to the risk.

To this end, various security measures are adopted to protect personal data from dissemination, loss, misuse, alteration, processing or unauthorized access, as well as against any other form of unlawful processing.

It is the sole responsibility of the Users, Service Recipients or Customers to keep the access codes secret and not to share them with third parties and, in the particular case of the computer applications used to access the channels, to maintain and safeguard the access devices under secure conditions and follow the security practices recommended by manufacturers and / or operators, in particular regarding the installation and updating of the necessary security applications, such as, anti-virus applications.

When it is necessary to sub-contract to third parties that may have access to the personal data of Users, Service Recipients or Customers, the subcontractors of CIN VALENTINE, S.A.U. will be required to adopt organizational security measures and protocols and the technical measures necessary to protect the confidentiality and security of personal data, as well as to prevent unauthorized access, loss or destruction of personal information.

 

How Data Subjects can Exercise their Rights

CIN VALENTINE, S.A.U. Users, Service Recipients and Customers may, as data subjects, exercise their rights to data protection and privacy at any time, in particular the rights of access, rectification, deletion, portability, limitation or opposition to processing, under the terms and subject to the limitations provided in the applicable regulations.

Any request to exercise data protection and privacy rights must be sent in writing by the data owner to the data protection officer, in accordance with the procedure and contact information described below.

 

Complaints or Suggestions and Incident Reporting

CIN VALENTINE, S.A.U. Users, Service Recipients and Customers have the right to file a complaint, either by registering it in the Complaints Book or by lodging a complaint with the regulatory authorities, as well as by sending suggestions by email to the data protection officer.

 

Reporting Incidents

CIN VALENTINE, S.A.U. has implemented an incident management system for data protection, privacy and information security.

Should any User, Service Recipient or Customer wish to report any violation of personal data, which causes, accidentally or illegally, the unauthorized destruction, loss, alteration, disclosure or access to personal data transmitted, stored or subject to any other type of processing, the data subject can contact the data protection officer.

 

Changes to the Privacy Policy

In order to guarantee that this Data Protection and Privacy Policy is current and constantly developed and improved, CIN VALENTINE, S.A.U. may, at any time, make any changes to it which are considered appropriate or necessary and its publication in the different channels is guaranteed to ensure that it is transparent and informative for Users, Service Recipients and Customers.

 

Express Consent and Acceptance

The terms of the Data Protection and Privacy Policy supplement the terms and provisions, regarding personal data, provided in the General Conditions of Use of the channels of CIN VALENTINE, S.A.U.

Where data subjects make their personal data available freely, specifically and with informed consent, this shall imply awareness and acceptance of this Policy and shall be valid as express authorization for its processing, in accordance with the defined rules.

 

Data Protection Officer

For the exercise of any type of data protection, privacy or information security rights or any matter related to data protection, privacy and information security issues, the Users, Service Recipients and Customers of CIN VALENTINE, S.A.U. may contact the Data Protection Officer by email at  dpo_privacy.es@cin.com, describing the purpose of the request and providing an email address, telephone number or postal address for a reply.