Skip to main contentSkip to footer

Privacy Policy

GENERAL DATA PROTECTION REGULATION (EU) 2016/679

Organic Law 3/2018, on Personal Data Protection and Digital Rights Guarantee.

Version control

Drafted by: GESPRODAT S.L.
Function: External consultant
Date: 28/06/2023

Approved by: BESTILE, S.L.
Date: 28/06/2023

Change control

Modified by: GESPRODAT S.L.
Date: 28/06/2023

Applicable Standards, Laws, and Regulations

Name of the standard, Law or Regulation

General Data Protection Regulation EU 2016/679
Organic Law on Data Protection and Digital Rights Guarantee

PRIVACY POLICY OF www.bestile.es

This Privacy Policy has been developed taking into account the provisions of Regulation 2016/679 of the European Parliament and of the Council of April 27, 2016, regarding the protection of natural persons with regard to the processing of personal data and the free movement of such data, hereinafter referred to as the GDPR, as well as Law 3/2018, December 5, on Data Protection and Digital Rights (hereinafter referred to as LOPDGDD), and other applicable regulations.
This Privacy Policy aims to inform natural persons who provide their personal data, and/or the data of the person they represent, regarding whom information is being collected, about the specific aspects related to the processing of their data, the purposes of the processing, contact details to exercise the rights that assist them, retention periods of information, and security measures, among other things.

WHO IS RESPONSIBLE FOR THE TREATMENT?

Regarding data protection, BESTILE S.L. must be considered the Data Controller with respect to the processing of personal data carried out by this entity.
The following contact details are provided for the Data Controller:

  • Identity of the responsible: BESTILE S.L. (B12331377)
  • Physical address: CAMINO AZAGADOR DE LA TORRETA, 5.Castellón, Alcora, 12110, ,
  • Email address: rgpd@bestile.es
  • Phone: 96 436 73 20

WHAT PERSONAL DATA DO WE PROCESS?

All information collected by BESTILE S.L. will be treated fairly, lawfully and transparently. Likewise, the data requested in each treatment will consist only of those strictly necessary to achieve the intended and informed purpose in each case. In this way, your collected data will be adequate, relevant and not excessive in relation to the purposes for which they are processed in each case. Therefore, your personal data will be collected for specific, explicit and legitimate purposes, not being processed further in a manner incompatible with said purposes. In addition, they will be updated whenever necessary. In general terms, within the framework of the various activities carried out in the organization, the following types of data are collected:

  • Identification data
  • Academic, professional, and training data
  • Employment details data

WHERE DO PERSONAL DATA COME FROM?

In general, personal data is always collected directly from the data subject, however, in certain exceptions, data may be collected through third parties, entities or services different from the interested party. In this sense, this detail will be communicated to the interested party through the informative clauses contained in the different information-gathering channels and within a reasonable timeframe or in the first communication made to the interested party.

WITH WHAT PURPOSE AND SPECIFIC CASES DO WE PROCESS PERSONAL DATA?

In general terms, personal data are processed for the following purposes:

Newsletter: Send information through the provided channels regarding news, updates, products, and services related to us or our sector.
Contact: Respond to information requests received about the offered products and services, as well as answer any other type of question sent by users.

WHAT IS THE JUSTIFICATION FOR PROCESSING DATA?

As a general rule, prior to the processing of personal data, BESTILE S.L. informs the legal basis by which it establishes the legitimacy of the treatment in question. However, within the organization, personal data may be processed for:
Compliance with Legal and Regulatory ObligationsBy way of example and without limitation. General Law for the Protection of Consumers and Users, General Tax Law, Corporate Income Tax Law, Accounting Audit Law, Value Added Tax Law, Civil Code, Commercial Code, as well as the existence of a specific law or regulation authorizing or requiring the processing of the interested party's data, which will be stated in the corresponding informative clause.
Performance of a Contract: for the prior management of a contracted service or product, development of the execution of a contract or subsequent management derived from such operations.
Consent: treatments based on the express and unequivocal consent of the data owner exist, through the incorporation of informed consent clauses in the different systems of information collection, providing consent through a declaration or clear affirmative action such as checking a box provided for that purpose or signing the appropriate document or by sending data through indicated contact methods. Additionally, we inform you that we will only use personal information based on this Privacy Policy and, generally, we will request your consent for uses different from those for which you initially granted it.
Legitimate Interest: the processing of data based on the legitimate interest of the controller will be established mainly for sending commercial communications or events about products or services similar to those contracted. According to article 21.2 of the Law on Information Society Services, this treatment will only be valid when, being a client, you have not expressly opposed it at the time of data collection or in any of the communications we make.

FOR HOW LONG DO WE PROCESS PERSONAL DATA?

At www.bestile.es personal data is processed for the time necessary to fulfill the purpose for which it was collected, as long as the service is provided or the labor or contractual relationship exists, there is mutual interest, and/or during the period provided for in the corresponding regulations.
Once the established retention periods have been met, data will be canceled. Such cancellation will result in the blocking of data, keeping it only available to public administrations, judges, and courts, to address possible liabilities arising from processing, during the prescription period of such liabilities; after this period has passed, the information will be destroyed.

WITH WHOM DO WE SHARE PERSONAL DATA?

Generally, BESTILE S.L. does not proceed with the assignment or communication of its data to third parties, except for those required by law. However, if necessary, such data assignments or communications are informed to the interested party through the informative clauses contained in the different data collection channels.

DO YOU PROCESS INTERNATIONAL TRANSFERS?

We also inform you about the transfer of data outside the European Economic Area, based on the existence of adequate guarantees in accordance with GDPR, and these guarantees are available to anyone who expressly requests them from rgpd@bestile.es.

Specifically, the following guarantees are established: The country or countries to which the data is transferred has/have been declared to have an adequate level of protection by the European Commission. There is a legally binding and enforceable instrument between public authorities or bodies. The transfer is made between companies of the group to which the data controller belongs and have approved, by the competent supervisory authority, binding corporate rules in accordance with Article 47 of the GDPR.
A document containing standard contractual clauses adopted by the Commission or a supervisory authority (Art. 93.2 GDPR) has been signed.
The data controller has adhered to a code of conduct approved under Article 40 of the GDPR, along with binding commitments and enforceable mechanisms in the third country to provide adequate guarantees, including those relating to the rights of data subjects. The data controller has been certified according to certification mechanisms approved under Article 42 of the GDPR, along with binding commitments and enforceable mechanisms in the third country to provide adequate guarantees, including those relating to the rights of data subjects. The transfer has been authorized by the Spanish Data Protection Agency in accordance with Article 42 of Law 3/2018, of December 5, on Data Protection and Digital Rights Guarantees.

WHAT RIGHTS CAN YOU EXERCISE?

According to European regulations, the following rights apply to you:
Right of Access, the right to request information from the data controller about whether your personal data is being processed. Right to Rectification, the right that allows the affected person to request modification of inaccurate or incomplete data. Right of Opposition, the right of a person to object to the processing of their personal data or to request its termination. Right to Individual Decisions Automation, the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects on you or significantly affects you in a similar way. Right to Restriction, the right to suspend the processing of the user's personal data in certain cases. Right to Erasure or Forgetfulness, the right to have the personal data of the interested party deleted. Right to Data Portability, the right to request the data controller to provide your personal data in a structured and clear format to another controller. Right to lodge a complaint with the competent supervisory authority if you believe the processing does not comply with current regulations.

HOW TO EXERCISE YOUR RIGHTS?

The applicant may exercise their rights through the following means:
Email to rgpd@bestile.es Providing documentation that accredits the identity of the applicant (copy of the front of the National Identity Document, or equivalent). In any case, you can request the protection of the Spanish Data Protection Agency through its website

In this regard, BESTILE S.L. will attend to your request as soon as possible and taking into account the deadlines provided for in data protection regulations.

WHAT COULD BE THE CONSEQUENCES OF NOT PROVIDING THE INFORMATION?

The data requested in the fields indicated with an asterisk (*) or provided in the documents or media where the information is given, are strictly necessary in relation to the purpose for which they are collected, or for the provision of optimal service to the interested party or by a legal obligation imposed on the data controller itself or a necessary requirement to subscribe a contract, being voluntary the inclusion of data in the remaining fields. In case that not all data are provided, it is not guaranteed that the information and services provided will fully meet your needs. Therefore, in the event that the required data is not provided or is provided incorrectly or incompletely, we will not be able to attend your request, making it completely impossible to provide you with the requested information or carry out the contracting of services. Likewise, the user guarantees that the information transmitted in any of the forms is truthful, accurate and corresponds to their own data of which they are the owner.

WHAT SECURITY MEASURES DO WE HAVE IN PLACE?

The security measures adopted by BESTILE S.L. are those required in accordance with the provisions of Article 32 of the GDPR. In this sense, BESTILE S.L., taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing, as well as the risks of variable probability and severity for the rights and freedoms of natural persons, has established the appropriate technical and organizational measures to ensure a security level adequate to the existing risk.

In any case, BESTILE S.L. has implemented sufficient mechanisms to:
Guarantee the permanent confidentiality, integrity, availability, and resilience of processing systems and services. Restore the rapid availability and access to personal data in case of physical or technical incidents. Regularly verify, evaluate, and assess the effectiveness of technical and organizational measures implemented to ensure treatment security.

CHANGES IN THIS PRIVACY POLICY

Eventually, this Privacy Policy may be revised in order to update changes in current legislation, update procedures for collecting and using personal information, the appearance of new services, or the exclusion of others. These changes will take effect from the date of publication on the website, so it is important to review this Privacy Policy regularly in order to stay informed about changes.