Privacy Policy

1. Protection of personal data. In compliance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (GDPR), as well as in compliance with the provisions of Organic Law 3/2018 of 5 December on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD), information is provided on the following aspects related to the processing of personal data and other applicable regulations. 2. Identification of the Data Controller. KIT ESG, S.L., with N.I.F. B-75.979.096 and registered office at C/Concejal Muñoz Cerván, 3, Carretera de Cádiz, 29004, Málaga, email address e.villanueva@kitesg.com Registered in the Mercantile Registry of Málaga, Sheet MA-188.267 (hereinafter, KIT ESG).3. Purpose of the processing and legal basis.The different purposes for which the data of the Clients may be processed are described below:

Purpose

Legitimizing basis

Retention period

Creación de una cuenta, inicio de sesión y gestión de su perfil y función

Creating an account, logging in, and managing your profile and role

Registered Customer information will be kept indefinitely unless the Customer requests to be removed from the Registered Customer list.

To provide and maintain our Service, including monitoring the use of our Service

The execution of the contractual relationship between the parties, under the terms provided for in Article 6.1.b) of the GDPR.

Registered Customer information will be kept indefinitely unless the Customer requests to be removed from the Registered Customer list.

Contact form

The execution of the contractual relationship between the parties, under the terms provided for in Article 6.1.b) of the GDPR.

The information collected through the contact form enabled on the website will be kept for the time necessary to respond to the request for consultation or information that the Client has requested.

Commercial communications

The legitimate interest of the joint controllers to carry out promotional activities through the sending of commercial communications related to products and services directed to their clients, as recognized in article 21.2 of the LSSI.

Information on recipients of commercial communications will be kept indefinitely unless the Customer requests to unsubscribe from receiving further communications.

Análisis de perfiles

The legitimate interest of the joint controllers in improving internal processes that result in the optimization of sales strategies for services and products aimed at Customers, all within the framework of the provisions of Article 6.1.f) GDPR.

The data will be kept for the period necessary to achieve the purposes indicated in this Privacy Policy.

Transfer of data to the tax administration or other public bodies within the framework of compliance with obligations arising from accounting, tax, consumer regulations, etc.

Compliance with legal obligations arising from accounting, tax, consumer regulations, etc. in the terms provided for in article 6.1.c) of the GDPR.

Not applicable

Sending questionnaires

The data will be kept for the period necessary to achieve the purposes indicated in this Privacy Policy.

4. Data retention period
4.1. Data will be retained for as long as necessary while the contractual relationship between the parties remains in force. Once this relationship has ended, the data of registered Clients will be duly blocked and retained for the statutory limitation period applicable to legal actions. Once this period has expired, the information will be deleted and erased.

5. Nature of the data processed
5.1. The information collected is limited to identification data (first name and surname, postal address, telephone number, and email address) and data related to the registration process.

6. Data recipients
6.1. In order to carry out all the purposes described above, KIT ESG works with third-party service providers who may have access to personal data as a result of the performance of the contracted services.

6.2. These third parties have been carefully selected in accordance with specific selection criteria and are required to comply with their data protection obligations and, in particular, to implement the appropriate technical and organisational measures to ensure that the processing complies with the GDPR and the LOPDGDD.

6.3. To provide services strictly necessary for the development of our activity, KIT ESG shares data with service providers such as hosting providers or website administrators, with whom we have entered into the corresponding data processing agreements in accordance with the applicable data protection regulations.

7. Exercise of rights
7.1. The data subject has the right to access their personal data, as well as to request the rectification of inaccurate data or, where appropriate, request its deletion when, among other reasons, the data is no longer necessary for the purposes for which it was collected.

7.2. The data subject may request the restriction of the processing of their data, in which case we will only retain it for the exercise or defence of legal claims, where legally applicable.

7.3. In certain circumstances and for reasons related to their particular situation, the data subject may object to the processing of their data. In such cases, the Company will stop processing the data, except where there are legitimate grounds for doing so or for the exercise or defence of possible legal claims.

7.4. Finally, we inform you of your right to data portability under the GDPR, so that your data may be transferred to the data controller indicated by the data subject.

7.5. To exercise these rights, you may send an email to e.villa or send a letter to the following address: C/ Concejal Muñoz Cerván, 3, Carretera de Cádiz, 29004, Málaga.

8. Reporting incidents
8.1. In cases where you consider that your data protection rights have been infringed during the processing of your data, especially when you have not obtained satisfaction in the exercise of your rights, you may lodge a complaint with the competent Data Protection Supervisory Authority (Spanish Data Protection Agency – www.aepd.es).