PRIVACY POLICY AND PROTECTION OF PERSONAL DATA
Tei Nogal S.L. is a company committed to legal treatment, loyal and transparent personal information provided by users. We are committed to complying with the principles of confidentiality, and data integrity.
To fulfill the duty of information, and for a better understanding we have prepared an index so that the information is as accessible as possible:

Identification and contact details of the Data Controller.

How we process your data.
Security measures taken.
Necessary and updated information.
General information: Description of the information contained in the privacy policy.
Detailed information on the treatments carried out by the company.
Exercise of your rights.
Privacy policy update.
1. IDENTIFICATION AND CONTACT DATA OF THE RESPONSIBLE FOR THE TREATMENT.
Identity Tei Nogal S.L.
Old Bridge Way Address 7 – 28500 – Arganda del Rey (Madrid)
C.I.F. B79767455
Phone 918716350
Email teinogal@teinogal.com
Visit web www.teinogal.com // www.metalizadosaltovacio.es

2. HOW WE PROCESS YOUR DATA. SECURITY MEASURES TAKEN
All the personal information that the interested party provides us, will be treated lawfully, loyal and transparent.
We commit ourselves to scrupulously comply with the principles of quality and minimization of data, so that the data is adequate, relevant and not excessive. The data will be processed exclusively in relation to the purposes for which it was collected..
Data processing will take place, respecting our commitment to integrity and confidentiality thereof.
We do not process data of special protection, or especially sensitive, as established in the EU General Data Protection Regulation 2016/679 and in the Organic Law 3/2018 of 5 December Personal Data Protection and Digital Rights Guarantee.
We promise to adopt, update and maintain the organizational and technical measures that are necessary to guarantee the security and confidentiality of personal data, preventing any alteration, lost, treatment, unauthorized processing or access.
This obligation will be developed in accordance with the state of technology, the nature of the data and the risks to which they are exposed, whether they come from human action or from the physical or natural environment.

3. UPDATED AND NECESSARY INFORMATION
In the forms found on the web, all fields that appear marked with an asterisk (*), will be mandatory, such that the omission of any of the data required, implies the impossibility of being able to provide the requested services.
It is the obligation of the owner of the data, provide certain information, truthful and updated.
So that the information provided is always updated and does not contain errors, the interested party must communicate, as soon as possible, the modifications and rectifications of your personal data that are produced through an email to the address teinogal@teinogal.com
If the website contains a customer or user area, it is essential that you remember the reference numbers, passwords and access codes that the user creates, or are provided.
The user will be solely responsible in case of use, authorized or not, from your personal account, and in this sense it undertakes to make diligent use of said information, not to make it available to third parties, and to report their loss or theft.
Likewise, You can update your personal data through your private area on the Web.
Data processing of minors
Minors may not use the services available through the Website..
Links to other websites
Our website may provide links to other web pages.
We have no control over collection, the use and disclosure of your personal data by third-party organizations, how are social media platforms like Facebook, Twitter, Google, or any other provider of social media platforms.
We are not responsible for the privacy policies of the web pages to which you. access from our links.
We encourage you to contact these third parties to ask questions about their privacy practices., policies and security measures before disclosing any personal data.
We encourage you to review the privacy statements and policies of linked websites to understand how those websites collect, use and store information.

COOKIES
We collect information through the use of cookies. Cookies are small text files that are automatically saved on your computer or mobile device when you visit almost any website. They are stored through the Internet browser. Cookies contain basic information about your Internet use. Your browser forwards these cookies to the website each time you visit it again, so that it can recognize your computer or mobile device, as well as customize and improve the browsing experience.
You can find more detailed information about what cookies and similar technologies we use in our Cookies Policy, and in our Cookie consent tool.
The help section of the toolbar of most browsers will tell you how to prevent your browser from accepting new cookies, how to have your browser notify you of the receipt of a new cookie or how to disable non-essential cookie types.

4. GENERAL INFORMATION: DESCRIPTION OF THE INFORMATION CONTAINED IN THE PRIVACY POLICY.
In this privacy policy you will find a table identifying each of the different treatments carried out by Tei Nogal S.L. as appropriate.

In these informative tables you will be informed about:

• The purposes of processing your personal data, clearly describing the purposes of the treatment.
• The data retention periods, or their conservation criteria.
• If automated decisions are made, profiles and applied logic.
• The legal bases of “legitimation” that allow the processing of your data by our company for each of the indicated purposes.
• The forecast and possible communication of your data to third parties, “transfer recipients” or categories of stakeholders, indicating the reason or cause of said communication.
• The forecast of making international data transfers to third countries, indicating that guarantees legitimize the possible transfer of data to countries that are not in the European Economic Area.

5. DETAILED INFORMATION ON THE TREATMENTS CARRIED OUT BY TEI NOGAL S.L.
5.1. Treatment of data of interested in information of our products and services.

The interested party can contact us:
• Completing the contact forms contained in the web pages www.teinogal.com, www.metalizadosaltovacio.es
• Calling our contact phone.
• Receiving the visit of our commercial department
• Visiting our facilities
Data provided by the interested party: This is basic identifying data.
In the contact forms contained on the website, all fields that appear marked with an asterisk (*) will be mandatory, such that the omission of any of the data required, implies the impossibility of being able to provide the requested services.
Purpose of the treatment: The purpose of the treatment will be to attend to your information request, and send you commercial information about our services.
We can contact you. by electronic means, through telephone calls to the contact telephone number provided, or by sending postal mail of advertising campaigns of services and news of the company.
Data retention period: Personal data will be kept for a period of five years from the last confirmation of interest..
Profiling: No profiling will be carried out, nor will automated decisions be made that may affect the rights and freedoms of the interested parties.
Base Legal / Legitimation: The explicit consent of the interested party who voluntarily contributes their data to the company.
Addressees: Your data will not be disclosed to third parties, unless there is a legal obligation that requires them.
International Data Transfers: In the data processing processes carried out by our entity, it may be necessary to contract external services that could imply that your data is stored and / or processed by organizations that are established or operate from outside the European Union, which would imply that we make international transfers of your data.
Before proceeding to hire a data processor, we make sure that the due guarantees established by the European Data Protection Commission are offered. If the organization operates from the United States, we check that it is covered by the Privacy Shield, or to any basis that legitimizes the international transfer of data.

5.2. Data processing of our clients

Data provided by the interested party: This is basic and essential identification data necessary to manage our commercial and contractual relationship..
Purpose of the treatment: The purposes of the treatment of customer data are commercial management, administrative, accountant, prosecutor thereof.
Our clients, sometimes, provide us with contact information for employees, and even from suppliers, who are in charge of specific departments.
These data are strictly for professional reasons necessary to manage the relationship with the client, It is the client’s obligation to have previously obtained the consent of the owner to provide us with their data.
Customer data will be used to answer your queries, and send you information about our services electronically.
Data retention period: Personal data will be kept for the periods required by tax regulations, and applicable regulations to prove compliance with our professional responsibilities.
Profiling: No profiling will be carried out, nor will automated decisions be made that may affect the rights and freedoms of the interested parties.
Base Legal / Legitimation: Execution of a contract and provision of services.
Addressees: In compliance with the principle of transparency in the duty of information, We inform you that your personal data may be transferred to
➢ Insurance Companies with which, we have contracted civil liability insurance, in which you are a beneficiary.
➢ Bank entities to collect invoices and remittances.
➢ Any other entity, or professional that is necessary and essential for the execution of the contract or provision of services.
➢ Companies in charge of the treatment such as consulting, consultants, the companies responsible for the maintenance of computer programs, of the hosting of the servers or the web, backup management, email providers, etc.
Except the cases indicated above, the data will not be disclosed to any third party, except by legal obligation, legal requirement, or with the prior consent of the data owner.
Customer can request, anytime, to be informed of the identity of the processors, and the personal data that is about you, whose legitimacy of the treatment is the execution of the contract of order.
International Data Transfers: In the data processing processes carried out by our entity, it may be necessary to contract external services that could imply that your data is stored and / or processed by organizations that are established or operate from outside the European Union, which would imply that we make international transfers of your data.
Before proceeding to hire a data processor, we make sure that the due guarantees established by the European Data Protection Commission are offered. If the organization operates from the United States, we check that it is covered by the Privacy Shield, or to any basis that legitimizes the international transfer of data.

5.4.- Data processing of our suppliers

Data provided by the interested party: This is basic and essential identification data necessary to manage our commercial and contractual relationship..
Purpose of the treatment: The purposes of the processing of supplier data are commercial management, administrative, accountant, prosecutor thereof.
In order to manage the commercial and contractual relationship, our suppliers provide us with contact information for employees, who are in charge of specific departments. These data are strictly for professional reasons necessary to manage the relationship with the supplier. It is the provider’s obligation to have previously obtained the consent of the data owner to provide us with the same.
Data retention period: They will be kept for the periods required by tax regulations.
Profiling: No profiling will be carried out, nor will automated decisions be made that may affect the rights and freedoms of the interested parties.
Base Legal / Legitimation: Execution of a contract and provision of services.
Addressees: In compliance with the principle of transparency in the duty of information, We inform you that your personal data may be transferred to
➢ Bank entities for payment of invoices.
➢ Any other entity, or professional that is necessary and essential for the execution of the contract or provision of services agreed with the provider.
➢ Companies in charge of the treatment such as consulting, consultants, the companies responsible for the maintenance of computer programs, of the hosting of the servers or the web, backup management, email providers, etc.
Except the cases indicated above, the data will not be disclosed to any third party, except by legal obligation, legal requirement, or with the prior consent of the data owner.
International Data Transfers: In the data processing processes carried out by our entity, We need to contract external services that could imply that your data is stored and / or processed by organizations that are established or operate from outside the European Union., which would imply that we make international transfers of your data.
Before proceeding to hire a data processor, we make sure that the due guarantees established by the European Data Protection Commission are offered. If the organization operates from the United States, we check that it is covered by the Privacy Shield, or to any basis that legitimizes the international transfer of data.

6. EXERCISE OF YOUR RIGHTS
Anyone has the right to obtain confirmation on whether we are treating personal data that concerns them, or not.
Interested persons have the following rights:
Right of access: The interested party has the right to access their personal data, and obtain a copy of the personal data subject to treatment.
Right of Rectification: The interested party has the right to rectify their data, when they are inaccurate.
Right of Suppression: The interested party has the right to obtain, deletion of personal data concerning you, when any of the following circumstances occurs:
• When personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed.
• When the interested party withdraws the consent on which the treatment is based and it is not based on another legal basis.
• When the interested party opposes the treatment and other legitimate reasons for the treatment do not prevail.
• When personal data has been unlawfully processed.
• When personal data must be deleted in order to comply with a legal obligation established in Union or Member State law that applies to the controller.
• When personal data has been obtained in relation to the offer of information society services aimed at minors.
Opposition Right: The interested party has the right to object, anytime, for reasons related to your particular situation, to which personal data concerning you are processed.
Those interested may totally or partially oppose, for legitimate reasons to the treatment of your data. The company will stop processing the data, except for compelling reasons, or the exercise or defense of possible claims.
Right to Portability: The interested party has the right to receive the personal data that concerns him, that you have provided to a controller, in a structured format, commonly used and machine readable, and to transmit them to another person responsible for the treatment without being prevented by the person in charge who had provided them.
Right to Limitation: The interested party has the right to obtain from the data controller the limitation of data processing, provided that the request is based on the assumptions contemplated in the standard. In that case, we will only keep them for the exercise or defense of claims.
Right not to be subject to individualized decisions: The interested party has the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects on it or significantly affects it in a similar way.
Right to withdraw consent: The interested party has the right to withdraw consent at any time. The withdrawal of consent will not affect the lawfulness of the treatment based on the consent prior to its withdrawal.
Right to file a claim with a supervisory authority: The interested party has the right to file a claim with a supervisory authority, in particular, in the Member State where you have your habitual residence, Workplace, or place of the alleged infringement.

The Control Authority in Spain is:
Spanish Agency for Data Protection.
Jorge Juan Street, 6 – 28001 – Madrid
91 266 35 17
info@agpd.es
You have the right to effective judicial protection when you consider that your rights have been violated as a result of the processing of your personal data.
How can you exercise your rights in relation to your data?
For the exercise of your access rights, rectification, suppression, limitation or opposition, portability and withdrawal of your consent, you can do it like this:
• By writing, accompanied by a document proving his identity addressed to Tei Nogal S.L., Old Bridge Road 7 – 28500 – Arganda del Rey (Madrid).
• By email addressed to the Head of Security of the company: teinogal@teinogal.com