This Privacy Policy is a statement where I inform you about how I treat your personal data at Control Energia.

At Control Energia you will have control over your personal information and I will never take unlawful or unfair advantage of your personal data.

This Privacy Policy has been prepared in accordance with the principles and rules approved by Regulation (EU) 2016/679 of 27 April, known as the General Data Protection Regulation or “GDPR”.

1-. IDENTITY OF THE CONTROLLER

Name of the owner/person responsible: Roberto De Dios García, who will hereinafter be referred to as “Control Energia,” or the “owner.”

NIF/CIF: B37519964

Address: Control Energía S. XXI SLAvenida Mirat 1. Mezzanine. Office 2 Salamanca (37002), Salamanca, Spain

Email: info@controlenergia.es

2-. PURPOSES OF THE TREATMENT

At Control Energia I process the personal data obtained as a result of the use of this website for the following purposes:

User contact management and customer service.

Management of the contractual relationship with the client.

Management of legal billing and tax obligations.

Analysis of user behavior on the website in order to improve the usability of the service or our advertising campaigns, using cookies.

3-. LEGITIMATION OR LEGAL BASIS

This section attempts to answer this question: What current regulations authorize us to process your personal data?

3.1. Legitimate interests of the controller (6.1 letter f of the GDPR)

I will use this legal basis to process the personal data you use to contact me through the features offered by this website (particularly by email), to the extent that doing so does not cause undue risk or harm to your rights and interests.

Extract from the judgment of the balance of legitimate interest: This processing is necessary to achieve the objectives of the Controller, specifically, to be able to communicate electronically with its clients, prospects and other contacts. Likewise, users are interested in being able to contact me by these means and it is within their reasonable expectations that said processing of contact data will be carried out. In addition, art. 19 of the LOPDGDD presumes that the processing of contact data, including those of individual entrepreneurs and liberal professionals, is covered by legitimate interest (art. 6.1 letter f of the RGPD). As regards the personal data of the user who publishes a comment on our blog, said user has a reasonable expectation that his comment will be published with the identifying data that he provides to Control Energia.

3.2. Consent of the interested party (6.1 letter a of the GDPR)

I will request your express, prior, free, informed and unequivocal consent for the use of analytical and advertising cookies. You can consult our Cookies Policy.

Likewise, I will expressly request your consent before sending you commercial communications by electronic means (e.g. via newsletter or email bulletins).

3.3. Execution of a contract or pre-contractual relationship (6.1 letter b of the GDPR).

When you place an order on our website to purchase any of my services, I collect a series of personal data that are strictly necessary to execute the contractual relationship with you.

3.4. Compliance with a legal obligation (6.1 letter c of the GDPR)

I will use the data provided by the user when placing an order or contracting a Control Energia service to comply with my legal billing and tax obligations.

4-. DATA CATEGORIES:

I collect the minimum amount of personal data possible in order to provide the service or purchase the corresponding product that you have requested from Control Energia.

These data are those collected in the data collection forms contained in this website (course request or contact form) and those collected through cookies and similar technologies.

None of the data processed by the Controller on this website is of a special category.

When collecting personal data through this website, I will inform you about which data are mandatory in order to provide the corresponding services (normally by marking them with an asterisk or by indicating that they are “mandatory”).

In order to ensure that the information contained in our processing system is always up-to-date and error-free, I ask that you inform me as soon as possible of any changes or corrections to your personal data.

5-. RECIPIENT CATEGORIES

I will not transfer the data collected through the functionalities provided on this website to any other company or organization.

Only when a rule of European Union Law or Spanish Law requires me to do so, I may communicate your data to the appropriate Public Administrations, to the competent authorities, as well as, where appropriate, to judges and courts.

When your personal data is to be processed on behalf of Control Energia, I will only choose suppliers (data processors) that offer sufficient guarantees to apply appropriate technical and organisational measures and that guarantee the rights of the interested parties. You can write to me at any time (contact details in Section 1 of this Policy) so that I can inform you about the data processors who, when using the functionalities of this website, could have access to your personal data on behalf of Control Energia.

6-. INTERNATIONAL DATA TRANSFERS

That is to say: in which cases could your personal data be transferred to a third country outside the European Economic Area?

In principle, Control Energia does not contemplate this possibility except for the following exception:

6.1. Some cookies used by this website (as specified in the Cookies Policy) may transfer certain data, such as your IP or certain navigation parameters or settings of your device or terminal, to Google or Facebook, companies based in the United States of America.

Note: Given the annulment by a court ruling of the CJEU of July 16, 2020 of the so-called Privacy Shield, consisting of an adequacy decision of the European Commission of July 12, 2016 that legitimized transfers to the United States, the Controller is studying the impact of said ruling on its organization. In any case, for the use of said cookies, the Controller requests the prior informed consent of the user.

7-. DATA CONSERVATION

I will retain your personal data for as long as necessary to fulfill the purposes for which it was collected, as well as during the limitation periods for legal actions that may arise from your relationship with Control Energia.

I will also retain your data as long as you do not withdraw your consent (in the event that this is the legitimacy of the processing), or as long as you do not request the deletion of said data, or the limitation or opposition to the processing by Control Energia.

8-. RIGHTS

8.1. Rights of the interested party or owner of personal data:

8.1.1. Right of access: You have the right to obtain confirmation from Control Energia as to whether or not personal data concerning you are being processed. Control Energia will, where appropriate, provide you with a copy of the personal data that is being processed.

8.1.2. Right of rectification: You have the right to obtain without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

8.1.3. Right to erasure: You have the right to obtain the deletion of personal data concerning you without undue delay. When the circumstances set out in Article 17.1 of the GDPR occur, Control Energia will be obliged to delete your data without delay.

8.1.4. Right to data portability: You have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format and to transmit it to another data controller without hindrance, when the processing is based on your consent and is also carried out by automated means.

8.1.5. Right to restriction of processing: Where the processing of your personal data has been restricted pursuant to a request from you, such data may, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest. You have the right to obtain the restriction of the processing of your personal data where one of the circumstances provided for in Article 18.1 of the GDPR applies.

8.1.6. Right to object: You have the right to object at any time, for reasons relating to your particular situation, to the processing of personal data concerning you based on the legitimate interests of Control Energia or third parties.

I remind you that when the legal basis for data processing is your consent, you will have the right to withdraw said consent at any time and in any case, and in the same way as you gave it to Control Energia.

You also have the right to lodge a complaint with the relevant supervisory authority, usually the Spanish Data Protection Agency, if you consider that I have not correctly fulfilled the exercise of your rights. For more information, you can visit the website of the same at this link.

Finally, you also have the right not to be subject to a decision by Control Energia based solely on automated processing, including profiling, which produces legal effects or significantly affects you in a similar way.

8.2. How you can exercise your data protection rights

You may exercise the aforementioned rights at any time by sending an email to the address listed in section 1 (Data Controller) or by sending a letter and attaching a copy of your official identification document (DNI, NIE, etc.) to the address of the Controller (also listed in section 1 of this Privacy Policy).

You have more information about your rights, and even forms or models for exercising them on this website of the Spanish Data Protection Agency https://www.aepd.es/es/derechos-y-deberes/conoce-tus-derechos

9-. SECURITY MEASURES

User privacy, professional secrecy and the security of personal data are key principles and firm commitments in Control Energia's actions and interactions with personal data.

Taking into account the state of the art, the costs of implementation, and the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons, the Controller shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk. Such technical and organisational measures shall be aimed at reducing and minimising the risks of loss, misuse, alteration, unauthorised access to, or disclosure of, such personal information concerning you.

In other words, I will take the necessary measures to protect the confidentiality, integrity and availability of your data and that they apply exclusively to the purposes stated in this Policy.

To provide you with more security, this website has an SSL (Secure Socket Layer) certificate installed, which ensures that information communication travels encrypted from client to server.

10-. MODIFICATION OF THIS POLICY

In order to effectively implement the principle of proactive and ongoing compliance with data protection regulations, as well as in compliance with our duty of transparency to data subjects, we may modify this Privacy Policy from time to time.

I will make every effort to notify you of any significant changes to this Privacy Statement that may impact your rights or interests as the data subject.

11-. MORE INFORMATION

To clarify any doubt, question or concern that has arisen or remains unresolved after reading this Privacy Policy, you may contact us at the postal and electronic addresses listed in Section 1.

Last updated: [month and year]