Privacy policy - Cerro Electronic Design

This Privacy Policy applies when you use the services of Cerro Electronic Design (hereinafter Cerro), our website and when you contact us using the means we make available to you (telephone, chat, email and social networks), and through it, in accordance with our commitment to transparency, we inform you about the data we collect and what we use them for. Cerro processes data lawfully, fairly and transparently. It only processes data that is adequate, relevant and limited to what is necessary in relation to the specified, explicit and legitimate purposes for which it is obtained, and does not process it for purposes that are incompatible with those purposes. This Policy is permanently accessible through the link provided on the website, called “Data Protection”, and may be updated at any time, either as a result of a regulatory change or due to a change in the configuration of the services or the type of business carried out. Modifications that imply changes in the provision of the contracted service, or require the consent of the interested parties, shall be communicated with fifteen calendar days’ notice so that the interested parties may express their opposition to the processing of their data according to the change described, or so that the clients may adopt the measures they deem appropriate in relation to the communicated modification. If after the period provided the user accesses the services again or does not communicate their opposition, the new conditions will be understood to have been accepted.

Who is responsible for the processing?

Cerro Electronic Design SL – CIF B87081196
Postal address: Avda. Cerro del Águila No9, piso 1, local 1. 28703 San Sebastián de los Reyes. Madrid, España.
Telephone: 911 377 684
E-mail: info@cerroelectronic.com
Data Protection Delegate: info@cerroelectronic.com

For what purpose and on what grounds do we process the data?

To access and/or browse the www.cerroelectronic.com website it is not necessary to provide any data. The obligatory nature of the answers to the questions posed, or of the data requested through the website, is indicated by the addition of an asterisk (*) after the question or form field.

If the required data is not provided, it will not be possible to provide the requested service or functionality.

Cerro does not process data of minors in any case, since only persons of legal age with full capacity to act in legal transactions are allowed to register as users and contract services through the website www.cerroelectronic.com.

At Cerro we process the information registered in accordance with the following purposes:

Clients: the data provided when registering as a user, those collected through any of the means or contact channels identified on the website (including chats or telephone calls), and those collected through the Cerro services, are used for the purpose of managing the account and services contracted by users, both at a technical level and at an accounting, tax and administrative level, and/or to notify them of incidents or any information of interest about their services. To this end, and in compliance with tax and data protection regulations, the invoicing data provided by users is checked by consulting the data quality service of the tax administration, and any data that proves to be inaccurate is rectified. The legitimate basis for the processing is the provision of the service or execution of the contract.
Promotions: Cerro uses the contact details provided by users to send them, by electronic means or otherwise, information about the improvements it is implementing in the services they have contracted, and to keep them informed about new developments that it considers may be of interest to them (offers and promotions), i.e. direct marketing purposes. Cerro is absolutely contrary to the practice of spamming: it is the user who decides – and authorises – whether or not to receive this type of communication, either by registering as a user on Cerro.com and, therefore, accepting this Policy, or by requesting information of this type by any of the means of contact provided on the website. The legitimate basis for the processing is consent.
Traffic and location data: Cerro keeps the data generated within the framework of the provision of electronic communications services at the disposal of the competent authorities, in accordance with Law 25/2007, of 18 October. This data is not used for commercial promotion purposes. The legitimate basis for the processing is compliance with a legal obligation.
Candidates: the data provided by those interested in working at Cerro are used in the employee selection processes that we carry out. The legitimate basis for processing is consent.
Abuse: the data provided when reporting a complaint is used for the purpose of analysing the case, providing the corresponding response and accrediting compliance with the obligations associated with its management, as well as for the defence of potential claims. The legitimate basis for the processing is consent.
Contact: the data received by any of the means and/or channels of contact indicated on the website are used for the purpose of managing the requests or incidents communicated by the interested parties. Calls may be recorded in order to improve the quality of services and for security reasons to accredit the instructions received or the information provided. The legitimate basis for the processing is Cerro’s legitimate interest in attending to and managing the requests received.
Security: audit records of Cerro’s information systems and networks are kept to maintain the security of the networks, technical infrastructure and services, and to detect or prevent misuse or fraudulent use of the services. The legitimate basis for the processing is the legitimate interest of Cerro.
Exercise of rights by data subjects: the data provided is used for the purpose of attending to and responding to data subjects who exercise their rights in accordance with data protection regulations. The legitimate basis for the processing is compliance with a legal obligation and the data will be kept for the time necessary to fulfil the purpose for which they were collected and to determine any possible liabilities that may arise from that purpose and the processing of the data.
Data protection notifications: the data provided are used for the purpose of handling security incidents and notifications in accordance with data protection regulations. The legitimate basis for the processing is compliance with a legal obligation and the data will be kept for the time necessary to fulfil the purpose for which it was collected and to determine any liabilities that may arise from that purpose and the processing of the data.

Cerro uses anonymous cookies and they do not provide references that allow the deduction of visitors’ personal data. For our policy on the installation and management of data storage and retrieval devices on terminal equipment, please consult our Cookies Policy.

Cerro will only process the personal data provided by users in accordance with the purposes described in this Policy and in the General Contracting Conditions of the services contracted by users.

Users are informed of the processing of their data in the terms indicated above by accepting this Privacy Policy when registering as a user of Cerro, or when contracting the specific service that requires such processing in accordance with the General Contracting Conditions of the corresponding service.

Users must refrain from providing personal data of other interested parties, unless they have the relevant authorisation, according to which said interested parties will have been previously and duly informed of the content of this Privacy Policy and, specifically, that they consent to their data being provided to Cerro to be processed in accordance with the corresponding purposes.

How long do we keep the data?

The data provided and collected will be processed solely and exclusively for the time necessary and for the purposes for which they have been collected at any given time, as well as to determine any possible liabilities that may arise from the purposes of the processing. Cerro has established different retention periods depending on the type of data and the applicable purpose of their processing. The applicable periods, unless a different period is specified in the General Contracting Conditions of the corresponding service, will be:

Customers and Affiliates: the data will be kept for as long as the contractual relationship is maintained, plus an additional maximum period of 6 years after the end of the contract, in application of civil, commercial and tax legislation, unless they must be kept blocked for the formulation, exercise or defence of claims.
Promotions: the data will be processed for the duration of the contractual relationship as long as the data subject does not request opposition or revoke consent.
Traffic and location data: the data will be kept for a period of 12 months in accordance with the Electronic Communications Data Retention Act.
Candidates: data will be retained for 12 months from the last expression of interest or consent, unless the data subject requests its deletion.
Abuse: the data will be kept for 12 months, unless it must be kept blocked for the formulation, exercise or defence of claims.
Contact: the data will be kept for 12 months, unless it must be kept blocked for the formulation, exercise or defence of claims.
Security: the data will be kept for 5 years, unless it must be kept blocked for the formulation, exercise or defence of claims.

To which recipients will the data be communicated?

Cerro does not communicate personal data to third parties, unless a regulation with the status of law stipulates otherwise or if it is necessary for the provision of the contracted service. Cerro may communicate personal data to the competent authorities: tax and customs authorities, judicial authorities, State security forces and bodies, and any other addressee that, according to the applicable regulations in force, may be applicable.

In relation to the communications necessary for the provision of the contracted service, those data that are essential to manage the user’s request and provide the contracted services will be communicated, indicating in the corresponding General Contracting Conditions the terms in which said data are communicated and the identity or category of recipients. In any case, depending on the payment method selected, it will be necessary to communicate the relevant data to the financial and banking entities in order to proceed with the collection of the services.

In the event that a user leaves a comment or interacts socially with the website www.cerroelectronic.com or in the social networks in which it is present, you should be aware that your data will be published in the environment in which you act, that is, you will be expressly authorising the communication of your data -associated with the action you perform- to other users accessing the website or social network.

The data that we process is only stored in our facilities, or in the facilities of our service providers, all of which are located within Spanish territory.

What are your rights in relation to your data?

You have the right to obtain confirmation as to whether or not we are processing personal data concerning you, to access your personal data, and to request the rectification of inaccurate data or the completion of incomplete data.

You also have the right to request the deletion of your data when, among other reasons, the data are no longer necessary for the purposes for which they were collected. Cerro will delete the data without delay unless it is necessary to retain it in compliance with a legal obligation, or for the formulation, exercise or defence of claims.

In certain circumstances, you may request the limitation of the processing of your data, in which case we will block them and they may only be processed for the formulation, exercise or defence of claims.

You have the right, in certain circumstances, to receive the personal data you have provided to us in a structured, commonly used and machine-readable format.

In certain circumstances and for reasons based on your particular situation, you may object to the processing of your data and Cerro will cease to process your data, except for compelling legitimate reasons, or for the formulation, exercise or defence of claims.

You can object to receiving commercial communications about our products and services at any time by sending an e-mail to the address info@cerroelectronic.com.

All these rights can be exercised at any time by sending a request by post to Cerro Electronic Design S.L., at the following address: Avda. Cerro del Águila Nº9, piso 1, local 1, 28703 San Sebastián de los Reyes, Madrid; or by sending an e-mail to info@cerroelectronic.com. In any case, the request must be accompanied by a copy of the official document accrediting the identity of the owner of the data.

In the event that we have requested your consent to process the data, you may revoke it at any time by notifying Cerro in the terms described in the previous paragraph. This revocation will in no case be retroactive.

If you consider that you have not obtained satisfaction in the exercise of your rights, you may file a complaint with the Spanish Data Protection Agency, the competent supervisory authority for data protection, whose contact details are: calle Jorge Juan, 6 – 28001 Madrid.

The users of the website and of Cerro’s services are responsible for the truthfulness, currency and accuracy of the data they provide to Cerro, the data provided by themselves being considered truthful, current and accurate. Users can modify their data, and their preferences regarding the treatment of the data provided, by sending an e-mail to the address info@cerroelectronic.com. Cerro will take the necessary measures to delete and rectify without delay those data that prove to be inaccurate with respect to the purposes for which they are processed as soon as it becomes aware of their inaccuracy.