IDDERMAN GASTEIZ, S.L. (IDDERMAN) is committed to the protection of privacy and the correct use of all personal data that we process and that you provide to us, both online on this website and, where appropriate, any of its subdomains and/or microsites, as well as off-line.
Please read this policy carefully and make sure you understand and agree with it before providing your personal data. Please refrain from using this website or its services if you do not agree with it or do not wish to provide your details. Simply accessing this site, using any of its services, or providing your data, either online or off-line, will be understood as a clear affirmative action in which you give your consent (whenever such consent is necessary) to process your data for the purposes indicated below.
Who is the data controller of your data?
IDDERMAN
C/ San Andrés, 10
Polígono industrial de Goiain
Legutio, Álava, Spain
E-mail: mail@idderman.com
How did we get your data?
Obtained from the data subject: If you are a current or potential customer, or a mere user of our website, you have provided the data, either off-line or online, when requesting our products or services, or when contacting us to request information; similarly, if you have come to our offices or plant, you have provided them to us by accessing our facilities as a visitor.
When you provide us with your personal data, you guarantee that you are entitled to provide this information and that the information is accurate, truthful, exact and up-to-date, that it is not confidential, that it does not violate any contractual restriction or rights of third parties, and you undertake to not impersonate other Users by using their registration details for the different services and/or contents of the website.
You are responsible for ensuring your data and your profile are correct and up-to-date, with IDDERMAN declining all liability in the event of failure to do so.
Obtained automatically when you visit our website: If you have provided us with data through this website or any of its subdomains and/or microsites, we collect information, for example, when you register as a user, fill in a form with personal details, or communicate with us directly by e-mail.
When you visit our website, data is sent to our server from your browser in order to optimise our services and improve your user experience, for example when you access the page or log in to our Services through third party services such as social networks or Google. Such data may be collected and stored automatically by us or by third parties on our behalf. These data may include:
- the user’s IP address
- the date and time of the visit
- the URL of the site the user comes from
- the pages visited on our website
- information about the browser used (browser type and version, operating system, etc.).
We may process and record such uses, sessions and related information, either independently or with the help of third party services, including through the use of cookies and other tracking technologies such as flash cookies and web analytics.
In relation to the above, we offer location services in some of our mobile apps, such as Google Maps and Bing Maps. These mobile apps may receive information about your actual location (such as via GPS signals sent by a mobile device) or information that can be used to establish your approximate location. Location services can normally be enabled or disabled on your device or in the browser settings.
We do not process specially protected data
Communication of third party data by the data subject:
With regard to other people’s data, you must respect their privacy by taking special care when communicating or publishing their personal data. Only the data subject can authorise the processing of personal data. Whenever you provide third-party data, you are responsible both for ensuring you have express consent to use them and communicate them, and for informing the third party that their data are to be processed by us. Publishing data of third parties without their consent may breach their right to honour, privacy or image, in addition to the rules on data protection. Whenever you provide us with the personal data of third parties, by accepting this privacy policy you expressly guarantee that you have been duly authorised by the data subject, releasing us from any liability in the event of claims by the data subject, with such liability being solely and exclusively assumed by the party who has communicated such third-party data.
What do we process your data for?
We can process the data you give us, as well as any other data generated over the course of the contractual, pre-contractual, commercial or other relationship we maintain with you, for different purposes, such as:
If you are a current or potential customer, in order to maintain contact and communication with you, and manage the contractual and/or commercial relationship, including after-sales services and warranty.
If you are simply a user of our websites, or the sender or recipient of an e-mail, to manage all requests you make online, and, in both cases, to maintain contact and communication with you, to conduct opinion and/or satisfaction polls, and to send you information about our activities, products and/or services (including advertising and/or commercial communications for the purposes of art. 21 LSSICE 34/2002).
In the case of visitor access to our facilities, to manage access and control of visits.
How long will we keep your data?
In the case of current or potential customers and suppliers, we will keep all personal details you provide for the duration of the contractual or commercial relationship, and, once this relationship has concluded, up until the moment the data subject asks for them to be deleted; in the case of the latter, we may continue to hold these details for the time necessary and with limitations on their processing, solely for the purpose of meeting legal obligations; comply with all applicable legal/contractual obligations in force and/or during the legal periods provided for the limitation of any liability on our part and/or the exercise or defence of claims arising from the relationship with the data subject
If you are a simply a user of the website, we will keep them up until the time you ask for them to be deleted, and even in this case we may keep them, with limitations on their processing, solely for the purpose of meeting legal obligations.
In accordance with the aforementioned criteria, personal records, either in electronic or hard copy format, may be deleted, at the organisation’s discretion, based on any logistics requirements and/or storage space that make deleting information or documents advisable.
What is the legitimation for processing your data?
The legal basis that legitimatises us to process your data can be from diverse sources:
Firstly, it may come from the relationship deriving from the contract between us if you are a current customer/supplier; or any type of offer, quote, application or pre-contractual relationship existing between the parties if you are a prospective customer/supplier; or, for example, your consent if you have made a request through our website as a simple user. Whenever you provide us with your data, either online or off-line, you unequivocally grant us this consent, since providing data is considered a clear affirmative action which manifests such consent. You may withdraw this consent at any time by sending an e-mail to mail@idderman.com; this withdrawal does not condition the processing of your data for the rest of the purposes described.
Secondly, it may come from legislation on the prevention of money laundering or on tax, labour or social security matters, occupational health and safety, etc.
Providing the requested data is obligatory as they are essential for the purposes indicated above; failure to provide them will mean we are unable to carry them out.
Given the pertinent, appropriate relationship you maintain with us as a current or potential customer/supplier, user of our website, etc., and in the area of website maintenance and management, our legitimate interest as an organisation constitutes a legal basis to process your data in order to:
- send you information about our activities, products and/or services (including advertising and/or commercial communications for the purposes of art. 21 LSSICE 34/2002)
- carry out opinion and/or satisfaction surveys.
The use of your data for these purposes, as derived from our legitimate interest, is always voluntary and your interests, rights or freedoms will always prevail over our legitimate interest; if you do not wish us to process your data for these purposes, please send us an e-mail indicating this circumstance to mail@idderman.com, in which case we may keep your data securely locked in order to formulate, exercise or defend any claims. Any withdrawal of consent for processing your data does not condition such processing for the other purposes described in the privacy policy.
If there is no prior contractual relationship, in accordance with recital 47 of the General European Regulation on Personal Data Protection (Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016), our legitimate interest in sending you information about our activities, products and/or services (by traditional or electronic means) may constitute a legal basis for processing your data, provided that your interests or your rights and freedoms do not prevail, taking into account your reasonable expectations about whether or not we will send you this type of information at the time and in the context in which you provided us with your data, e.g. if you gave us a business card at a trade fair or on a sales visit, sent us an e-mail or contacted us asking for information, made a request on our website, subscribe to our Newsletter, etc. However, your interests and fundamental rights will always prevail over our legitimate interest if you, when providing your details, do not reasonably expect, or directly do not wish, us to send you this type of informative or commercial communications. Such communications (if they are made electronically) will include, in the message itself, the option to unsubscribe from receiving them. If you choose to do so, we will stop sending you this type of communication in the future. You can also ask us to stop processing your data for this purpose by sending an e-mail to the address indicated in the preceding paragraph.
Who can we communicate your data to?
You are hereby informed that the data you provide may be communicated to third parties for purposes directly related to the legitimate functions of the assignor and the assignee, such as:
To the transport companies in charge of shipping logistics and delivery of our products.
To banks, for management of collections and payments.
To any entities or bodies which must be informed for legal reasons (Tax Administration, etc.).
To providers who may need to process data on our behalf in order to supply a service (for example accommodation, software as a service, remote backup, computer support or maintenance services, email managers, send e-mails and marketing e-mails, transfer files, etc.); we sign a contract with all such providers, obliging them to process the data and protect them in accordance with Spanish and European regulations on data protection and to not use them for any purpose other than for providing the contracted service, and to return them to us or destroy them without keeping a copy once the contractual relationship ends.
International Data Transfers
You are hereby informed that, whenever we use American providers who may have access to personal data in order to provide services auxiliary to our activity (hosting, housing, software as a service, remote backup, computer support or maintenance services, e-mail managers, send e-mails and marketing e-mails, file transfers etc.), these companies may be different and vary over time, although, in all cases, we will only choose companies which have signed up to the Privacy Shield agreement between the USA and the EU, or which belong to countries that have been declared countries with a high level of protection, meaning they are obliged to meet EU-standard requirements in terms of data protection. By accepting this data protection policy, you expressly and unequivocally authorise the communication of data to these companies, and understand that this involves an international transfer of data to a country outside the European Economic Area, to which you give your unequivocal consent.
Social networks
Our website and mobile apps have connectors to various social networks. Whenever you choose to interact with a social network, your activity on our website or through our mobile apps will also be made available to this social network, providing information about your IP address or which pages you visit on our website and installing a cookie to ensure they work correctly.
If you log in to one of these social networks during your visit to one of our websites or mobile apps, the social network will be able to add this information to your profile and transfer it to the social network. You can prevent this data transfer by logging out of the social network before entering our website or mobile app, as it is not in our power to influence this data collection and transfer through the social connectors.
Social networks are not hosted directly in our Services. Your interactions with them are governed by their policies, not ours. Read the privacy policies of these social networks for detailed information on the collection and transfer of personal data, your rights, and also your privacy settings.
What are your rights when you give us your data?
Right of access: You may ask us which personal data we are processing, and also request a copy of them.
Right of rectification: You may ask us to rectify inaccurate or incomplete personal data, including by means of an additional declaration.
Right of suppression (right to forget): You may ask us to delete your personal data whenever: they are not necessary for the purposes they were collected for, you withdraw your consent, they have been processed illicitly, or for compliance with a legal obligation.
Right to limitation of processing: You can ask us to limit the processing of your data, in which case we will only keep them for the exercise or defence of claims.
Right to data portability: You may ask us to return (to you or to a third party of your choice) your personal data in a structured, commonly used and mechanically readable format.
Right to object: You may object to the processing of your data whenever such processing is based on the legitimate interest of the data controller or is for advertising purposes.
You can exercise all these rights by sending us a signed document along with a copy of your ID card, addressed to the postal or email address indicated in paragraph 2 of this privacy policy. Any changes to your data must be reported to the same address, with the company declining all liability in the event of failure to do so.
Once we have received any of the above requests, we will respond to you within the legal deadlines.
You can issue a complaint to the Spanish Data Protection Agency. Visit the Spanish Data Protection Agency’s website at www.aepd.es for more information about the rights you can exercise and to request the relevant forms.