PRIVACY POLICY

In accordance with the provisions of the current regulations on personal data protection, we provide you with the following information:

1. INFORMATION TO THE INTERESTED PARTY AND/OR USER

Calzados FAL, S.A. provides you with this privacy policy to inform you, in detail, about how the personal data that you, as a data subject and/or user, provide or have provided, by any means (website, email, telephone, in person, online or paper forms, etc.), are or will be processed.

Calzados FAL, S.A. has adopted all the technical and organisational measures necessary to guarantee the confidentiality, integrity, availability and resilience of the personal data in its custody.

Responsibility of the data subject and/or user
By providing your details, you, as the data subject and/or user (hereinafter the data subject), guarantee that you are over 18 years of age and that the details provided to Calzados FAL, S.A. are true, accurate, complete and up to date. To this effect, the interested party confirms that they are responsible for the veracity of the data provided and that they will keep this information suitably updated, so that it corresponds to their real situation, taking responsibility for any false or inaccurate data they may provide, as well as for any damages, direct or indirect, which may arise as a result.

2. DATA CONTROLLER

Identity: Calzados FAL, S.A.
TAX IDENTIFICATION NUMBER: A26004978
Registered office: Avenida de Logroño, 21 – 26580 Arnedo (La Rioja)
Postal address: Apartado de correos nº. 42 – 26580 Arnedo (La Rioja)
Telephone: 941 380 800
E-mail: fal@fal.es

3. PURPOSES, STORAGE PERIODS AND LEGITIMACY OF PROCESSING OPERATIONS

Calzados FAL, S.A., as the party responsible for the processing of the personal data of the data subject, as well as any data which may be supplied in the future, hereby informs you that this data will be processed in accordance with the provisions of current legislation on the protection of personal data, and therefore provides you with the following information about each of the processing operations carried out by Calzados FAL, S.A.

CONTACT/ENQUIRIES

Purpose of processing: to respond to and follow up queries, requests for information, suggestions and complaints, as well as to maintain contact with those people who have shown interest in the company, its products or services.
Data retention criteria: data will be retained for the time necessary to process and respond to the query.
Legitimation for data processing: RGPD: 6.1.f) the legal basis for data processing is based on the Legitimate Interest of the Data Controller to attend and respond to communications or requests received.

PROFORMA INVOICES/BUDGETS

Purpose of processing: the preparation and delivery of pro forma invoices and/or estimates requested by the interested parties, as well as being able to monitor them by telephone, telematically or in person.
Data retention criteria: data shall be retained for as long as there is a mutual interest in doing so, or the data subject requests its deletion.
Legitimation for the processing of the data: the processing is necessary for the application at the request of the data subject of pre-contractual measures (RGPD: 6.1.b), as well as the processing necessary for the satisfaction of the legitimate interest of the Data Controller to prepare and follow up the budgets requested by the data subjects (RGPD: 6.1.f).

USER REGISTRATION

Purpose of processing: user management and to manage and enable the use of the different services offered on the website and/or through the App. of the Data Controller.
Data retention criteria: the data will be kept in the system indefinitely as long as the data subject does not request their deletion.
Legitimation for data processing: RGPD: 6.1.a) the legal basis for data processing is the consent provided by the Data Subject at the time of providing their data.

CUSTOMERS

Purpose of processing: customer management, the maintenance of contractual and/or commercial relations with them, managing the contracting of products and/or services, as well as for the administrative (invoicing, collections, etc.), accounting and tax management of the company and for the fulfilment of the legal obligations that all this implies.
Also in order to establish contact with persons providing services in a legal entity (company, organisation, etc.), as well as with individual entrepreneurs and liberal professionals, in order to establish or maintain business to business (“business to business”, B2B) relations with them.
Data retention criteria: the data will be retained for as long as the contractual and/or commercial relations between both parties are maintained and their deletion is not requested and, in the event of doing so, for the time provided for in the regulations in force (tax, commercial, etc.) with regard to the prescription of responsibilities.
Legitimation for data processing: RGPD: 6.1.b) the legal basis for the processing of data is the execution and maintenance of contractual and/or commercial relations between both parties, as well as compliance with the legal obligations (tax, commercial, etc.) that all this implies.
The processing of contact data of a professional nature for business relations is legitimised by the Legitimate Interest of the Data Controller to be able to contact, establish and/or maintain business relations with the legal entity in which the Data Subject provides its services, as well as with individual entrepreneurs and liberal professionals (RGPD: 6.1.f and LOPDGDD: 19).

NEWSLETTER SUBSCRIPTION

Purpose of processing: to manage the sending of newsletters/newsletters about the Data Controller, its products and services.
Data retention criteria: the data will be kept in the system indefinitely as long as the data subject does not request their deletion.
Legitimation for data processing: RGPD: 6.1.a) the legal basis for data processing is the consent provided by the Data Subject at the time of subscribing to the newsletter/newsletter.

SENDING COMMERCIAL COMMUNICATIONS

Purpose of processing: to send commercial information by any means, postal or electronic, about products and/or services related to the manufacture and marketing of footwear and other information from the Data Controller that may be of interest to the Data Subject (events, activities, etc.).
Data retention criteria: the data will be kept in the system indefinitely as long as the Data Subject does not request its deletion and, in the event of doing so, for as long as it is necessary with regard to the prescription of responsibilities.
Legitimation for data processing: the sending of commercial information to customers is based on the legitimate interest of the Data Controller to send them commercial communications about products or services similar to those contracted and thus achieve their loyalty (Art. 6.1.f of the GDPR). The processing may also be legitimised by the consent provided by the Data Subject (Art. 6.1.a of the GDPR).
However, in either case, the Data Subject has the right to object to this processing and to withdraw consent, and may do so by any of the means described in this document. The exercise of these rights shall in no case affect the maintenance of commercial relations and the processing of data carried out prior to the exercise of these rights shall not lose their lawfulness.

COMPETITIONS / PRIZE DRAWS / PROMOTIONS

Purpose of processing: to manage and organise the participation of Data Subjects in prize draws, competitions or promotions carried out by the Data Controller and the sending of any communication related to the organisation thereof and, in the event of winning a prize, the publication of the name and/or image in the media that the Data Controller deems appropriate, as well as on its websites, social networks and promotional material in general with the aim of publicising the activities of the Data Controller.
Data retention criteria: data shall be retained for as long as necessary for the purpose of the processing and, when no longer necessary for that purpose, for the period of time provided for by applicable legislation regarding the prescription of liabilities.
Legitimation for data processing: GDPR: 6.1.a) the legal basis for data processing is based on the informed consent that is requested at the time of collecting the data for participation.
GDPR: 6.1.f) The publication of the data, concerning the result of the competition/sweepstakes, is based on the Legitimate Interest of the Data Controller in accordance with the promotional and distribution and exploitation interests of the event.

CURRICULUM SUBMISSION

Purpose of processing: filing and registration of documentation and CVs provided voluntarily by data subjects for future selection processes of candidates for a job in the company.
Data retention criteria: data will be retained for a maximum period of one year or until the data subject exercises their right to erasure.
In this regard, after the aforementioned period, and if you wish to continue participating in the selection processes of the Data Controller, please send us your CV again.
Legitimation for data processing: RGPD: 6.1.a) the legal basis for the processing of data is the consent provided by the Data Subject at the time of providing their data to participate in selection processes. By submitting or sending us his/her curriculum vitae, the Data Subject authorises the processing of his/her data by means of a clear affirmative action.
Joint Data Controller: Calzados FAL, S.A.

SUPPLIERS

Purpose of processing: management of suppliers, maintenance of contractual and/or commercial relations with them, as well as administrative (invoicing, collections, etc.), accounting and tax management of the company and for compliance with the legal obligations that all this implies.
Also in order to establish contact with persons providing services in a legal entity (company, organisation, etc.), as well as with individual entrepreneurs and liberal professionals, in order to establish or maintain business to business (“business to business”, B2B) relations with them.
Data retention criteria: the data will be retained for as long as the contractual and/or commercial relations between both parties are maintained and their deletion is not requested and, in the event of doing so, for the period of time provided for in the regulations in force (tax, commercial, etc.) with regard to the prescription of responsibilities.
Legitimation for data processing: RGPD: 6.1.b) the legal basis for the processing of data is the execution and maintenance of contractual and/or commercial relations between both parties, as well as compliance with the legal obligations (tax, commercial, etc.) that all this implies.
The processing of contact data of a professional nature for business relations is legitimised by the Legitimate Interest of the Data Controller to be able to contact, establish and/or maintain business relations with the legal entity in which the Data Subject provides its services, as well as with individual entrepreneurs and liberal professionals (RGPD: 6.1.f and LOPDGDD: 19).

REGISTRATION OF ACCESS TO FACILITIES

Purpose of processing: control and management of persons accessing the facilities, in order to comply with occupational risk prevention and food safety and hygiene regulations.
Data retention criteria: data will be retained for the time necessary to comply with the purpose for which they were collected and to determine any possible liabilities that may arise from this purpose and from the processing of the data. The provisions of occupational risk prevention and food safety regulations (BRC, IFS, etc.) shall apply.
Legitimation for data processing: RGPD: 6.1.f) the legal basis for the processing of the data is the Legitimate Interest of the Data Controller in ensuring compliance with occupational risk prevention and food safety and hygiene regulations, as well as compliance with any applicable legal obligations.
Joint Data Controller: Calzados FAL, S.A.

VIDEO SURVEILLANCE

Purpose of processing: temporary storage of images captured by video surveillance cameras in order to preserve the security of persons, goods, installations and merchandise.
Data retention criteria: they will be kept for a maximum period of 30 DAYS, except when they have to be kept to accredit the commission of acts that threaten the integrity of persons, goods or installations, or when they are provided to the courts and the State Security Forces and Corps.
Legitimation for data processing: RGPD: 6.1.e) the processing is necessary for the performance of a task carried out in the public interest, ensuring the security of persons, goods and facilities.
Communication of data: data will not be communicated to third parties, except to the Security Forces and Corps, Courts and Tribunals, or by a legal obligation.

4. DATA COMMUNICATION

Con carácter general no se comunicarán los datos personales a terceros, salvo en los casos en que exista una obligación legal o que sea necesaria para la prestación de los servicios o para el mantenimiento y desarrollo de las relaciones, tales como, a título enunciativo, pero no limitativo:

  • Public Administrations, Judges and Courts, for the fulfilment of legal obligations, as well as for the attention of possible responsibilities derived from the applicable regulations.
  • Financial/banking institutions, for the management of collections and payments.
  • Payment Service Providers, for the management of collections and payments (Mastercard, VISA, PayPal, etc.).
  • Transport companies, for the delivery and/or collection of products.
  • Service providers contracted by the Controller, who shall have the status of Data Processor.

Although it is not a transfer of data, in order to carry out some of the treatments indicated or to provide you with a service, it may be that third party companies, acting as Data Processors (our suppliers), access your information in order to carry out the aforementioned treatment or service. These data processors access your data following our instructions and without being able to use it for any other purpose and maintaining the strictest confidentiality.

International transfers
Calzados FAL, S.A. does not intend to make international transfers of your data to countries outside the European Economic Area (EEA). In those cases in which it is necessary, they will only be made to recipients that are located in a country, a territory or one or more specific sectors of that country or international organisation that has been declared to have an adequate level of protection by the European Commission; or that are under the Privacy Shield agreement; or that are covered by any of the appropriate guarantees provided for in article 46.2 of Regulation (EU) 2016/679.

5. Rights of data subjects

Any person has the right to obtain confirmation as to whether or not the Data Controller is processing personal data concerning them, as well as to withdraw, at any time, any consent they may have given for a specific purpose, without this affecting the lawfulness of the processing based on consent prior to its withdrawal.

Data protection regulations allow you to exercise your rights of access, rectification, erasure and portability of data and to object to and restrict the processing of your data, as well as not to be subject to decisions based solely on automated processing of your data, where applicable.

These rights are characterised by the following:

  • It is free of charge, except in the case of manifestly unfounded or excessive requests (e.g. repetitive nature), in which case the Controller may charge a fee proportionate to the administrative costs incurred or refuse to act.
  • You can exercise your rights directly or through your legal representative or volunteer.
  • We must respond to your request within one month, although, taking into account the complexity and number of requests, the deadline can be extended by a further two months.
  • We are obliged to inform you about the means of exercising these rights, which must be accessible and without being able to refuse you the exercise of the right on the sole ground that you have chosen another means. If the request is submitted electronically, the information will be provided electronically where possible, unless you ask us to do otherwise.
  • If the Controller does not comply with the request, it will inform you, at the latest within one month, of the reasons for its failure to act and of the possibility to complain to a Supervisory Authority.

How to exercise these rights?
Interested parties may exercise their rights by sending a written communication to the postal or e-mail address of the Data Controller, indicating in the reference “EXERCISE OF DPA RIGHTS”, including: the specific request, address for notification purposes, date and signature.
If you so request, we will provide you with the forms to exercise these rights, indicating which right you wish to exercise.

Likewise, and especially if you consider that you have not obtained full satisfaction in the exercise of your rights, we inform you that you may file a complaint with the National Supervisory Authority by contacting the Spanish Data Protection Agency, C/ Jorge Juan, 6 – 28001 Madrid.

6. SOCIAL NETWORKS

Calzados FAL, S.A. uses social networks and this is another way of reaching you. The information collected through the messages and communications you post may contain personal information that is available online and accessible to the public. These social networks have their own privacy policies, which explain how they use and share your information, so we recommend that you consult them before using them to confirm that you agree with the way in which your information is collected, processed and shared.

The processing of the data of people who become followers and/or make any link or connection action through the social networks of the official pages of the Data Controller shall be governed by this privacy policy and by the privacy policies of the social networks themselves.

The Data Controller will process your data for the purposes of correctly managing your presence on the relevant social network, sending personal and individual messages through the social network channels, informing you of activities, products and/or services of the Data Controller, or of third parties that may be related to our activity, as well as any other processing that the regulations of the social networks may allow.

7. Cookies

In general, if you browse the internet you can accept or reject cookies from the configuration options of your browser.

This website may use cookies and other similar technologies such as local shared objects, flash cookies or pixels, which are small files that some platforms, such as websites, can install on the user’s equipment (computer, tablet, smartphone, etc.).

Their functions can be very varied: storing browsing preferences, collecting statistical information, enabling certain technical functionalities, storing information on the browsing habits of the user or their equipment, etc.

Cookies are useful for several reasons. From a technical point of view, they allow web pages to work more quickly and adapted to the user’s preferences, such as storing their language or the currency of their country, etc. In addition, they help the website Controllers to improve their services and to make the advertising displayed on them more efficient, thanks to the statistical or habit information they collect through them.

For the installation and use of certain cookies it is necessary to obtain the informed consent of the users. The cookies that require the user’s consent are, among others, analytical, advertising and affiliation cookies, with the exception of those of a technical nature and those necessary for the operation of the website or the provision of services expressly requested by the user.

The user has the possibility of configuring their browser to be alerted of the reception of cookies and to prevent their installation on their equipment. Please consult your browser’s instructions for further information. For more information about cookies, please consult our Cookies Policy.

8. MANDATORY OR OPTIONAL NATURE OF THE INFORMATION PROVIDED BY THE DATA SUBJECT

The Interested Party, by ticking the corresponding boxes and entering data in the fields marked as obligatory in the various forms, expressly and freely and unequivocally accepts that their data are necessary to deal with their request by the Data Controller, with the inclusion of information in the remaining fields being voluntary.

In the event that all the obligatory data is not provided, the corresponding processing of the same cannot be carried out and therefore the requests, contracts or applications made by the Interested Party cannot be attended to.

The Interested Party guarantees that the personal data provided are truthful and is responsible for communicating any changes to them.

9. SECURITY MEASURES

Calzados FAL, S.A. undertakes to protect your personal information: Using reasonably reliable and effective physical, organisational and technological measures, controls and procedures aimed at preserving the integrity and security of your data and guaranteeing your privacy.

In addition, all staff with access to personal data have been trained and are aware of their obligations in relation to the processing of your personal data.

In the case of the contracts we sign with suppliers, we include clauses requiring them to maintain the duty of secrecy with respect to the personal data to which they have had access by virtue of the assignment, as well as to implement the necessary technical and organisational security measures to guarantee the permanent confidentiality, integrity, availability and resilience of the systems and services for the processing of personal data.

All these security measures are regularly reviewed to ensure their adequacy and effectiveness.

However, absolute security cannot be guaranteed and no security system is impenetrable so, in the event that any information under our control and under our control is compromised as a result of a security breach, we will take appropriate steps to investigate the incident, notify the Supervisory Authority and, where appropriate, those Stakeholders who may have been affected to take appropriate action.