1. Purpose
The purpose of this Privacy Policy is to inform people ( from now on, users or interested parties) who visit our website (from now on, webpage, website or the web), the way we collect, treat and protect the personal data that you decide to provide us by any means (forms, e-mails, telephone, contracts, etc.) and after reading it, decide freely if you want us to treat them. Additionally, it will serve to expand the information that we have previously provided to the interested parties, in the informative clauses provided in the processes of collecting their personal data.
Furthermore, this policy aims to comply with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter RGPD) and with Organic Law 3/2018 of 5 December on the Protection of Personal Data and Guarantee of Digital Rights (hereinafter LOPDGDD).
2. Who is responsible for the processing of your personal data?
| Identity - Entity: |
Trolli Ibérica, S.A.U |
| CIF/NIF: |
A96311832 |
| Postal address: |
C/ Bombers, 22, 46980, Paterna (Valencia) Spain |
| Telephone: |
(+34) 96 134 30 18 |
| E-mail address: |
info@trolliberica.com |
| Corporate purpose: |
Candy Manufacturing |
| Website: |
https://www.trolli.es/ |
| Registration data: |
VALENCIA Mercantile Registry Volume 10567, Book 7848, Sheet 12, Section 8, Page V35525 |
3. How can you contact the Data Protection Officer?
Our entity has designated a Data Protection Delegate before the General Registry of the Spanish Data Protection Agency, to whom interested parties may address their complaints or questions about how our entity is treating their personal data. You may contact the Delegate in writing, indicating the name of our entity or trade name, followed by your complaint or query to:
BUSINESS ADAPTER, S.L.
Ronda Guglielmo Marconi, 11, 26, (Parque Tecnológico) 46980 Paterna (Valencia).
E-mail: info@businessadapter.es (ref. trolli) or through this
Customer service form
4. What personal data will we process and how will we collect it?
For the development of our business activity, it is essential to process personal data whose collection can be done by digital means (e.g. e-mail), by filling out paper documents or through face-to-face or telephone conversations, and in any of these cases the data will be treated in a fair, lawful and transparent manner.
The categories of data that our entity will process about the interested parties are:
-
- Identification data:name and surname, DNI (ID) or equivalent document, image and signature (handwritten or digital).
- Contact information: telephone, email, postal address.
- Commercial data: quotations, purchase conditions, management and history of services and/or purchases, results of contacts (telephone, email, messaging and other communication channels).
- Accounting data: income and expense control, invoicing data.
- Bank details: bank accounts and bank cards.
- Financial data: inquiries about financial solvency or assets.
- Transaction of goods and services: transfers and direct debits, amounts and concepts.
- Curricular data: academic data, professional experience, personal characteristics, etc...
- Navigation data: analysis of time spent on our website, pages visited, demographic data (e.g. age, gender, language)
Our entity will not collect special category data (e.g. health data, ethnic origin, political opinions or religious beliefs), but in case it is necessary to process them, we will inform you and ask for your prior and express consent.
Consequently, the data requested will be adequate, relevant, limited to those strictly necessary and indispensable, processed only by personal and/or collaborators authorized by our entity, who will have signed a confidentiality commitment and undertake to comply with the necessary security standards to ensure the confidentiality, integrity and availability of the data processed and other legal requirements established in the RGPD. Therefore, they will be treated within the law.
The data to be processed are provided by the data subject or his/her legal representative, although it may be the case that we delegate some functions to certain collaborators and they are responsible for collecting your data, but they will always be processed with your prior and express consent.
If a data subject does not provide the data we request or provides incomplete or incorrect data, it will not be possible to fulfill and maintain the relationship with them.
The categories of data that we can process about a person will depend on the relationship that he/she has with our entity, as follows:
4.1 Customer:
Identification, contact, commercial, accounting, banking, transaction of goods and services data will be processed and may be collected only if the customer provides them to us at the time of the purchase of goods, either personally, by telephone, email, etc., although they may also be collected by an authorized collaborator to whom we have delegated some of our functions.
4.2 Applicants for Information:
Whether the information requested is in person, by telephone or in writing (e.g. e-mail), we will request and/or process identification, contact and commercial data.
4.3 Suppliers:
Identification, contact, commercial, accounting, accounting, banking, transaction of goods and services and financial data will be processed. These data may be processed during all stages of the business relationship and only if the supplier provides them to start the business relationship.
4.4 Job applicants:
For this category of interested parties, we will process curricular, identification, contact and other data related to their professional or personal characteristics, which will be provided by the applicant themselves when they send us their application by any means (e.g. in person, email, web forms), they may also be collected in recruitment interviews (in person or online), and the job application may even be sent to us by a collaborator to whom we have delegated certain functions.
4.5 Users of social networks:
We are present in different social networks and may process identification, contact, commercial and other data that the user enables to be displayed or shared with other users of the social network, including curricular data (e.g. LinkedIn). For more information see our Social Networking Policy.
4.6 Claimants:
Identification data, contact data and personal information of the claimant or third parties that the claimant sends us will be processed.
4.7 Whistleblowers:
Through our internal whistleblowing channel, you can make complaints anonymously, but you may also voluntarily provide us with identification and contact details, as well as other personal information about yourself or third parties related to the complaint, in accordance with the provisions of Law 2/2023, of 20 February, on the protection of persons who report regulatory violations and the fight against corruption. More information in the terms of the
Internal Whistleblower Channel.
4.8 Visitors:
Identification, contact and company data will be processed if the visit is for commercial reasons, being these data collected when provided by the visitor himself when requesting access to our facilities or when his interlocutor in our entity, provides them to us to allow access to these facilities.
4.9 Web users:
When visiting our website and only if expressly authorized by the user, analytical data may be collected (e.g. time of visit or pages viewed) including demographic data (e.g. gender, age, country or language). For more information visit our
Cookie Policy.
4.10 Further information for interested parties:
The information legally established in the corresponding informative clauses, included in the different means of data collection, will be made available to the interested parties, so that the person concerned can freely and expressly decide whether they want their personal data to be processed by our entity.
All categories and types of personal data processed will be duly identified in the corresponding processing activities owned by our company.
5. What will your data be used for?
In general, the purpose of the processing of personal data carried out by our entity is the fulfillment and maintenance of the relationship with the different groups of people with whom we have contact.
Depending on this relationship, your data will be processed for different purposes, which are detailed below, by way of example and without limitation:
5.1 Customers:
Your personal data will be processed to identify you, fulfill and maintain the pre-contractual and contractual relationship including sending commercial communications by different means, answer queries, perform quality control and commercial statistics, for the sale and delivery of goods, for accounting and billing management, transaction of goods and services, collection management, incident management, claims and exercise of rights, as well as for other purposes to which we are obliged to comply with this relationship, the laws to which we are subject or to meet our legitimate interests.
5.2 Applicants for information:
We will treat your personal data to respond to requests for information of any kind that you want to move us, to identify you, to send or deliver budgets and information about the goods and / or services of interest, including in our reply (verbal or written) commercial information related to your request. We will also make follow-up contacts, by different means to know the decisions taken with respect to the commercial proposals that we have sent you.
5.3 Job applicants:
Your data will be used to include you in our selection processes and job vacancies, to identify you, as well as to contact you and inform you about vacancies, coordinate interviews and other matters related to your application.
5.4 Suppliers:
Your personal data will be processed for the purpose of maintaining the pre-contractual and contractual relationship, fulfilling the commercial relationship either for the request of quotations, for the purchase of goods or contracting of services, to make inquiries and identify you, for accounting management and transaction of goods and services, as well as for other purposes necessary to fulfill such relationship, our legal obligations and legitimate interests.
5.5 Users of social networks:
We will treat your personal data to maintain the relationship as users of the same social network, to identify you, to contact you, to share news or advertising and to treat other personal data that the user of the social network allows to share with the rest of the components of this. For more information see our Social Networking Policy.
5.6 Claimants:
Personal data will be processed to identify you, manage your claim and contact you about the status of your claim, as well as to comply with our legal obligations and legitimate interests.
5.7 Complainants:
The personal data you choose to provide in your complaint will be processed to register, manage your complaint, as well as to identify and contact you (except if the complaint is anonymous) for the acknowledgement of receipt of your complaint and to keep you informed about the status of our investigations within the time limits and terms set out in Law 2/2023 of 20 February. Similarly, we may process your data on the basis of our legitimate interests and where necessary to comply with other legal obligations to which we are subject. More information on the terms of the
Internal Whistleblowing Channel .
5.8 Visitors:
Data from visits to our facilities will be processed to identify you, to comply with our obligations in terms of occupational risk prevention and for security and access control purposes.
5.9 Web users:
By accepting the installation of cookies when visiting our website, data may be processed for different purposes (e.g. analysis of visits). For more information visit our
Cookies Policy.
5.10 Further information for interested parties:
The information legally established in the corresponding informative clauses included in the different means of data collection (e.g. forms, announcements, contracts, etc.) will be made available to the interested parties, so that they can freely and expressly decide if they want the personal data requested to be processed by our entity, in the same sense, this information will be recalled in the different documents or communications that we share with the interested parties (e.g. badges, invoices, legal notices, etc.).
If the interested party does not provide the information we request or provides incomplete or erroneous information, we may not be able to respond to your request for information or to contact you.
The data will not be processed further or for purposes other than those accepted by the data subjects.
The purposes that motivate the processing of personal data will be duly identified in the corresponding processing activities owned by our company.
6. Why do we process your data (legitimacy)?
The processing of your personal data by our company is carried out on one or more of the following legitimate bases:
-
- a. When you give us your express, free, informed and unequivocal consent, after being informed at the time of collecting your data and more broadly with this privacy policy, that after reading this and being in agreement, you can voluntarily authorize us to process your data for one or more purposes, by checking the boxes provided for this purpose in our web forms or by your consent by signing the information clauses that we provide you at all times when requesting your personal data.
-
- b. For the performance of a contract to which you are a party or for which you have requested pre-contractual measures from us.
-
- c. When the processing is necessary for compliance with a legal obligation applicable to our entity.
-
- d. When the processing is necessary for the satisfaction of legitimate interests pursued by our entity or by a third party, provided that such interests do not override the interests or fundamental rights and freedoms of the data subject. In this regard, we inform that our entity has conducted an analysis weighing our legitimate interests with the rights and freedoms of the data subject, always respecting their fundamental rights.
If the user is under 14 years of age, it will be necessary to have the consent of parents, guardians or legal representative, to treat their data. The user is solely responsible for the accuracy of the data he/she sends us.
7. Data Retention
The personal data provided will be kept for as long as we maintain the relationship with the data subject and for the time necessary to fulfill the purpose for which the data were collected.
Once this relationship has ended, we will keep them blocked in those cases in which it is necessary to keep them until the statute of limitations of responsibilities for the exclusive purpose of claims or legal actions, as well as to comply with our legal obligations, e.g.:
| Stakeholders |
Sectoral scope |
Legal basis |
Conservation period |
| · Customer
· Suppliers |
Accounting |
Art. 30.1 R.D. Código de Comercio |
· 6 years from the last entry |
| · Customer
· Suppliers |
Prosecutor |
Art. 66 Ley General Tributaria 58/2003 |
· General term: 4 years
· In case of losses during the fiscal year: 10 years
· Invoices: 5 years |
| · Working people |
Laboral |
Art. 21 del Real Decreto Legislativo 5/2000 – Orden Social |
· 4 years |
| · Job applicants |
Laboral |
Guía de relaciones laborales de la AEPD |
· 1 year |
| · Working people |
Prevention of occupational hazards |
Art. 4.3 del Real Decreto 5/2000 – Orden Social |
· 5 years
|
| · Visitors |
Access control to the facilities |
Instrucción 1/1996 de la AEPD |
· 1 month |
| · Web users |
Use of cookies |
Guía sobre el uso de cookies de la AEPD |
· 24 months maximum |
| · Information requestors |
Commercial
Legal |
Art. 20.1 a y d) Constitución Española |
· The shortest time possible or as indicated in the laws. |
| · Customers
· Suppliers
· Visitors
· Job applicants
· Working people |
Video monitoring |
Art. 22.3 LOPDGDD – protección de datos personales |
· 1 month |
| · Complainants
· Affected |
Internal Whistleblower Channel Reports |
· Art. 26.2 Ley 2/2023 (internal information systems)
· Art. 32.3 Ley 2/2023 (internal information systems)
Art. 32.4 Ley 2/2023 (internal information systems) |
· In case the reported facts have been investigated, it shall not exceed 10 years of conservation.
· For the time necessary to decide on the appropriateness of initiating an investigation into the facts reported. If it is proven that the information provided or part of it is not truthful, it must be immediately deleted, unless such lack of truthfulness may constitute a criminal offense, in which case the information will be kept for the time necessary during the judicial proceedings.
· If after 3 months from the receipt of the complaint the investigation is not initiated, the following shall be deleted. |
8. Profiling
We do not profile or make automated decisions using your personal data, but if we do, we will inform you and ask for your prior permission to do so.
Likewise, you have the right to object to this type of processing at any time by writing to us at
info@trolliberica.com.
9. Transfer of data
As a general rule, our company does not transfer personal data to third parties without prior consent, however, it will be necessary to transfer data in the following cases:
In the case of our
customers or suppliers, your personal data may be transferred to third parties by legal obligation (e.g. Tax Agency), or in those cases and entities necessary to provide our services or pay invoices (e.g. Banks) or in the case of delivery of goods, your data may be transferred to transport companies collaborating with our entity.
Likewise, the personal data of
customers or suppliers may be processed by third parties to whom we delegate some of our obligations (e.g. accountants) and all of them have committed themselves through a data processor contract to comply with the same security measures implemented by our entity, as well as to submit to the duty of secrecy and confidentiality of the personal data processed, among other obligations regarding the protection of personal data.
In the case of
job applicants, your data will not be disclosed to third parties, unless we are legally obliged to do so.
With respect to
applicants for information or users of our website, your data will not be transferred to third parties, except in the cases set out above and informed at all times of its collection and only with your express consent, unless our legitimate interest prevails or we are legally obliged to do so, in which case your consent will not be necessary.
In the case of
whistleblowers, their data may be lawfully processed by persons other than those responsible for the internal information system and may also be communicated to third parties when necessary for the adoption of corrective measures in our entity or the processing of disciplinary or criminal proceedings, if any, as appropriate (art. 32.2 Law 2/2023).
In general terms, we may transfer your personal data to the Judges, Courts, Public Prosecutor's Office and/or to the competent Public Administrations in case of possible claims when we are obliged to do so.
10. International data transfer
In the case of transfers to third parties located in countries outside the European Economic Area, we will inform and request the prior and express consent of the persons concerned.
11. Security Measures
Our company has implemented all the necessary technical and organizational measures to protect the personal data processed, avoiding its loss, theft or unauthorized use.
These measures have been created according to the type of data processed and the purposes for which it is processed. These are periodically verified in our internal controls of compliance with personal data protection regulations and by means of external audits.
12. Your Rights
You, as the owner of your personal data and acting on your own behalf or through your legal representative (e.g. persons under 14 years of age) may contact our entity at any time and ask us to exercise your rights regarding personal data protection.
These rights are explained below:
12.1 Right of Access:
You have the right to know and ask us at any time to know the following information:
- Whether or not we are processing your personal data.
- The purposes of the processing, as well as the categories of personal data being processed.
- The origin of your data, in case you did not provide it to us yourself.
- The recipients or categories of recipients to whom my personal data have been or will be disclosed, including, where applicable, recipients in third parties or international organizations.
- Information on appropriate safeguards regarding the transfer of my data to a third country or an international organization, if applicable.
- The expected conservation period, or if this is not possible, the criteria for determining this period.
- If there are automated decisions, including profiling, meaningful information about the logic applied, as well as the significance and expected consequences of such processing.
- Copy of your personal data that are the subject of processing.
12.2 Right of Rectification:
To ask us to rectify your personal data when they are inaccurate, as well as to complete them when they are incomplete.
12.3 Right of Opposition:
You can object to the processing of your data when it is incorrect or no longer necessary to process it.
If you act as a respondent or person affected by a complaint under Law 2/2023, you may not exercise your right of opposition, since it is presumed (upon proof to the contrary) that there are grounds that legitimize the processing of your personal data, in accordance with the provisions of Article 31.4 of the Law.
12.4 Right of Suppression:
Ask us to delete your data for any of the following reasons:
- Your data is no longer necessary for the purposes for which it was collected or processed.
- You have not consented to the processing of your data.
- When the right of object has been exercised.
- When the data have been processed unlawfully.
- When the data must be deleted in order to comply with a legal obligation.
12.5 Right to Limitation of Processing:
You may ask us to exercise this right when one or more of the following situations arise:
- When you contest the accuracy of your data, for a period of time that allows the data controller to verify the accuracy of your data.
- When the processing is unlawful, and you object to the deletion of your data and request instead the restriction of its use.
- When the data are no longer required for the purposes of the processing, but the data subject needs them for the formulation, exercise or defense of claims.
- Where you have objected to the processing pursuant to Article 21(1), while it is being verified whether the legitimate grounds of the controller outweigh those of the data subject.
12.6 Right of Portability:
This refers to the right to obtain data relating to you, in a structured, commonly used and machine-readable format, and to transmit it to another data controller for further processing.
12.7 Right not to be subject to automated decisions:
The right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects on him or her or significantly affects him or her in a similar way.
To exercise any of your rights, you must write to TROLLI IBÉRICA, S.A., either by post to the address: C/ Bombers, 22, 46980, Paterna (Valencia) Spain or email:
info@trolliberica.com, stating the rights you wish to exercise, accompanied by a copy of your ID (DNI) or equivalent document to know about whom we must provide the requested information and your contact details to send you our reply. If you are acting on behalf of another person, you must prove your representation.
If you have any suggestions or questions about the processing of your personal data, you can contact the data protection officer at:
BUSINESS ADAPTER, S.L.
Ronda Guglielmo Marconi, 11, 26, (Parque Tecnológico) 46980 Paterna (Valencia).
Customer service form
We inform you that you have the right to make a complaint to the Spanish Data Protection Agency at: C/ Jorge Juan, 6, 28001 Madrid or at
www.aepd.es.
13. Commitment to Personal Data Protection
Scope of application
Our commitment to the protection of personal data will be mandatory for all departments and employees of our company, as well as those third parties acting on our behalf.
Object
We have established protocols for the processing of your personal data, in accordance with the provisions of European and Spanish data protection regulations.
Principles
We will treat your data with lawfulness, fairness, transparency, data minimization, accuracy, limitation of the storage period, integrity, confidentiality and active responsibility.
Special category of data
Our entity prohibits the processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, the processing of genetic or biometric data, data concerning health or data concerning sexual orientation, except in the legally authorized exceptions and with the prior consent of the data subject.
Rights of interested parties
Our entity will attend and respond as quickly and diligently as possible to your requests to exercise your rights.
Registration of Activities, Impact Assessment and Security Measures
Our entity will keep a record of processing activities and analyze the purposes of processing, categories of data subjects and data, recipients, international transfers, storage periods, etc., to assess the risks of processing and implement the necessary security measures to ensure the confidentiality, integrity and availability of personal data.
Likewise, for each processing activity, we have analyzed the need to prepare an Impact Assessment and determine whether there is an obligation to appoint a Data Protection Officer, establishing, if necessary, that the person appointed to this position has sufficient knowledge and experience in accordance with the provisions of current legislation.
Control
We rely on external assistance to advise us on this matter, monitoring all publications issued by the competent control bodies and other European and Spanish entities related to data protection regulations, in order to comply with these regulations at all times.
14. Updating this Policy
Our entity reserves the right to modify this policy without prior notice. For this reason, we recommend that you consult it every time you visit our website.
Text updated on August 2, 2024
