We inform you that in order to access certain contents or services it will be necessary to provide personal data. Users shall guarantee the truthfulness, accuracy and authenticity of the data. OTC ENGINEERING SOCIEDAD LIMITADA shall preserve the confidentiality and security of your personal data and shall apply automated processing appropriate to its nature or purpose, under the terms indicated in the Data Protection Policy section.

It is important, given the European regulations on Data Protection, Regulation (EU) 2016/679 of the European Parliament and of the Council, that you read the Basic Information. You should also be aware that the act of providing your data does not attribute, confirm, annul, legitimize or perfect any contractual relationship with our company.

BASIC INFORMATION

DATA CONTROLLER:
OTC ENGINEERING SOCIEDAD LIMITADA
B55169874
CALLE COMPOSITOR CASANOVAS, 2 - BIS
17800 OLOT
info@otcengineering.com – 972271643

PRINCIPLES RELATING TO PROCESSING

Your personal data will be processed:

• In a lawful, fair and transparent manner in relation to the data subject.

• Collected for specified, explicit and legitimate purposes and shall not be further processed in a manner incompatible with those purposes; processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered incompatible with the initial purposes.

• Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.

• Accurate and, where necessary, kept up to date; all reasonable measures shall be taken to ensure that personal data that are inaccurate are erased or rectified without delay.

• Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as they will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes.

• Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, by using appropriate technical or organizational measures.

LANGUAGE

The applicable language of this Privacy Policy is Spanish. Therefore, in the event of any contradiction between any of the versions provided in other languages, the Spanish version shall prevail. As regards the interpretation of contracts, specific attention shall be paid to Articles 1281 et seq. of the Spanish Civil Code.

PURPOSES

• To manage services and sales to clients within the scope of our corporate purpose.

• To attend to your requests, invoice such services, manage withdrawals and refunds within the legal time limits established in Law 34/2002, of July 11, on Information Society Services and Electronic Commerce, and Royal Legislative Decree 1/2007, of November 16, approving the revised text of the General Law for the Defense of Consumers and Users and other complementary laws.

• To send you advertising and promotions related to our corporate purpose according to your areas of interest, by any means, whether postal or electronic; or through fixed or mobile telephony. As well as to invite you to events organized by the company, both in person and online.

REGULATORY COMPLIANCE

We reserve the right to store and retain information provided by you, including services used, account information and personal data, in order to comply with applicable laws, where evidence is required in arbitration or court proceedings, keeping such data blocked and pseudonymized to ensure their security, secrecy and confidentiality.

LAWFULNESS

We will not process data without explicit consent for each of the purposes, except when:

• Processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract.

• Processing is necessary for compliance with a legal obligation applicable to the data controller.

• Processing is necessary to protect the vital interests of the data subject or of another natural person.

• Processing is necessary for the purposes of legitimate interests pursued by the data controller or by a third party, provided that such interests are not overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

For this purpose, we shall seek the existence of appropriate safeguards, which may include encryption or pseudonymization of the data, so that the user’s identity is protected.

DATA PROTECTION OFFICER

For any request related to your fundamental rights described in Article 8(1) of the Charter of Fundamental Rights of the European Union and Article 16(1) of the Treaty on the Functioning of the European Union, as well as Article 12 of the Universal Declaration of Human Rights, Article 17 of the International Covenant on Civil and Political Rights, Article 11 of the American Convention on Human Rights, and Articles 14 to 29 of the Spanish Constitution, you may contact:

info@otcengineering.com – legal@censorconsulting.es

LEGAL BASIS

Consent, contractual relationship and legitimate interest.

LEGAL FRAMEWORK

Regulation (EU) 2016/679 of the European Parliament and of the Council, of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data; Organic Law 3/2018, of December 5, on the Protection of Personal Data and guarantee of digital rights; Law 34/2002, of July 11, on Information Society Services and Electronic Commerce; and Royal Legislative Decree 1/2007, of November 16.

RECIPIENTS

We transfer data to third parties such as operators that manage the website and maintain our IT application that allows us to carry out the ordinary management of our services, which are essential for the management of our activity.

RETENTION PERIOD

The data provided shall be retained for a period of 5 years from the last contracting, unless you have previously requested blocking or deletion, or as established by tax legislation. Tax data shall be kept for 5 years by legal prescription.

DATA QUALITY

All data requested through the website are mandatory, as they are necessary for the provision of an optimal service to the user. If all data are not provided, the provider does not guarantee the provision of the requested services.

The user shall be solely responsible for the truthfulness and updating of the data provided through the website forms.

PROFILING

We do not process personal data in an automated manner for profiling on the website, except for statistics that do not compromise any fundamental rights of the data subjects.

ADDITIONAL INFORMATION

You may at any time request additional information about your personal data (“second layer”) at the same address provided for exercising your rights.

MINORS

Our services are not directed at minors or incapacitated persons. We understand that they have the authorization and consent of their parents, guardians or legal representatives. Any use by them shall be under their responsibility due to negligence or lack of supervision.

DIGITAL WILL

Persons related to the deceased for family or factual reasons, as well as their heirs, may contact the data controller in order to access such contents and provide instructions regarding their use, destination or deletion, provided that they are direct relatives and vital interests are affected, for which it will be necessary to complete a form and submit the request in writing with proof of identity.

Such persons may not access the contents of the deceased, nor request their modification or deletion, where the deceased person has expressly prohibited it or where a law so establishes.

INTERNATIONAL DATA TRANSFERS

In some cases, in order to provide a better service, we may carry out international data transfers, which shall be governed by Regulation (EU) 2016/679 and supported by the following legal bases:

• Your explicit consent, with all legal guarantees to protect your privacy, ensuring maximum security, secrecy and confidentiality of data.

• Through contractual clauses defined in Article 46.2.c) of Regulation (EU) 2016/679, subject to the prior opinion of the European Data Protection Board under Article 64.

• Binding corporate rules in accordance with Article 47 of Regulation (EU) 2016/679.

• Transfers to countries or international organizations without an adequacy decision or appropriate safeguards shall require prior authorization from the Spanish Data Protection Agency.

RIGHTS

You may exercise your rights of access, rectification, cancellation and/or opposition, as well as the right to restriction of processing and portability, by contacting info@otcengineering.com or by postal mail addressed to the Data Controller.

You must provide:

• Copy of ID

• Sufficient identification and representation

• Explanation and subject of the request

• Postal or email address for communications

SUPPLEMENTARY INFORMATION

You have the right to obtain confirmation as to whether our company is processing your personal data, and to access, rectify or request deletion of such data when they are no longer necessary, at any time, in a simple and free manner.

You may also unsubscribe from promotional communications in compliance with Law 34/2002, by providing:

• Company name and representative details

• Postal and email address for communications

• Clear request (no justification required)

DATA SUBJECT RIGHTS

• Right of access

• Right of rectification or erasure

• Right of cancellation

• Right of opposition

• Right to restriction of processing

• Right to data portability

• Right not to be subject to automated individual decision-making, including profiling

• Right to withdraw consent at any time

Withdrawal of consent shall not affect the lawfulness of processing prior to such withdrawal.

You may always contact the supervisory authority, in this case the Spanish Data Protection Agency, if you believe your requests have not been addressed: www.aepd.es

SECURITY MEASURES

Data will be processed confidentially. The Data Controller has adopted all necessary technical and organizational measures and security levels required to ensure the security of data processing and prevent alteration, loss, theft, unauthorized access or processing, in accordance with the state of the art and the nature of the data.

CODE OF CONDUCT

The Company undertakes that its services shall:

• Not promote discrimination or illegal conduct.

• Not induce error, anxiety or harmful practices.

• Not infringe legal or regulatory provisions.

• Ensure that personal data requests are adequate, relevant and not excessive.

Users have the right to:

• Receive objective, prior, accurate and complete information on service conditions.

• Receive services under the conditions offered or agreed.

• Obtain contractual documentation and invoices.

• File complaints and obtain official complaint forms.

• Request arbitration or administrative assistance where applicable.