TOLSA is aware of how important it is for you the correct use and processing of your personal data. The aim of the present Privacy Policy is to inform about which information is going to be gathered and for what treatment purpose, as well as to transmit our efforts to guarantee an appropriate protection, under the proper safeguards and in pursuance of the legislation in force.

The personal data provided via the following website located at the URL (hereinafter, the “Website”) are going to be treated and processed as described in the following sections:

Who is actually the responsible controller of the processing? 

In accordance to the Law No. 34/2002 of July 11, on Information Society Services and Electronic Commerce (hereinafter, LSSICE) and in accordance to the General Data Protection Regulation (EU) 2016/679 (hereinafter, GRPD) and the Organic Law 3/2018 on the Protection of Personal Data and the guarantee of digital rights (hereinafter, LOPDGgdd), we hereby inform you that the personal data facilitated in completing and sending the published web form will be included in the database that forms the records of processing activities of the listed company TOLSA, S.A. with V.A.T. A-28077709 and social domicile at Calle Núñez de Balboa, nº 51 (1º) – 28001 Madrid.

Which kind of user data will be required and treated? 

TOLSA will process the following categories of personal data of the User:

  • Identifying data: name and surnames.
  • Personal or professional contact data: postal address, e-mail address, phone number.
  • Other data: every additional information provided by the data subjects to fostering trade relations and mutual interests.
  • Pet information and customer experience, which will be processed anonymously and limited to purely statistical purposes.

Under which purpose and legal basis do we process your data? 

  • Management of the contact requests and information provided via the e-mail address or web form. Legitimacy: Data subjects consent given to the processing and interests pursued (Art. 6.1 a) and f) GDPR).
  • Management of the contractual relationship established among the User and TOLSA and perform the binding agreement between the Parties. Legitimacy: Performance of a contract (Art. 6.1 b) GDPR).
  • To comply TOLSA with mandatory obligations stated by law. Legitimacy: Legal compliance (Art. 6.1 c) GDPR).
  • Management the existent commercial relationship between the User, as professional contact and representative of a legal entity, and TOLSA, including the sending of commercial information, relevant news, events, expos and fairs and further information concerning similar services to the signed up. Legitimacy: Legitimate interests pursued (Art. 6.1 f) GDPR).
  • Management of the Newsletter, corporate magazine and other information bulletins for subscribers of these. Legitimacy: Data subjects consent given to the processing and interests pursued (Art. 6.1 a) GDPR).

To whom do we disclose personal data?

TOLSA will only transfer personal data to:

  • Those thirds, public bodies and institutions of the General State Administration, as well as autonomous and local administrations, including judicial courts and tribunals, being legally compelled to disclose the information required.
  • Partner companies of TOLSA in order to properly manage and perform the contractual relationship with you.
  • To service suppliers and providers contractually tied to TOLSA, in order to treat the data as Processors for the sole purpose of the processing described, in accordance to the instructions given by TOLSA and with the necessary guarantees and safeguards.

How much time will be the data retained and treated?

The personal data provided to comply with the obligations arising out of the commercial relationship between the User and TOLSA shall be retained for the same term of the binding agreement; and after the end of the commercial and contractual relationship, the data will still be maintained for the time limit stated for prosecution that might arise from the relations with the User.

Nevertheless, if you as data subject have facilitated the information in order to commercial prospecting purposes based on legitimate mutual interests pursued, the data shall be necessary stored till the moment you decide to revoke the consent given in accordance to the following paragraph “How can I exercise my data subject’s rights?”

Which security measures are implemented to protect your personal data?

The data processing will be adapted to technical and organisational measures required to prevent and avoid loss of information, misuse, alteration and unauthorized use of the received data, bearing in mind the state of the technology, the nature of the information and the results of the risk analysis performed.

How can I exercise my data subject’s rights?

To revoke all consents given, as well as exercise the rights to access, rectification, erasure, restriction of processing, portability, object and not to be subject to a decision based on automated processing, including profiling, you may always communicate in writing to the following address: Calle Núñez de Balboa, nº 51 (1º) – 28001 Madrid or via mail at [email protected].

The request shall be submitted including: name and surnames of the data subject; copy of the identity card, passport or any other valid identification document of the person concerned and, where applicable, his legal authorised representative, providing power of attorney; address for notification purposes and specification of the subject of the request.

If the person concerned considers that his rights have gone unheeded in accordance to the legislation in force, the data subject may submit the related complaint to the Spanish Data Protection Agency, as supervisory authority.