In accordance with the provisions of Organic Law 15/1999, on Personal Data Protection (hereinafter, LOPD), as well as its implementing regulations, approved by Royal Decree 1720/2007, dated 21 December (hereinafter, RLOPD) and Regulations 2016/679 of the European Parliament and of the Council, dated 27 April 2016 on the protection of physical persons with regards to the processing of personal data and the free circulation of said data (hereinafter, RGPD), ICEX España Exportación e Inversiones, E.P.E., M.P. (ICEX) informs Users of its Data Protection Policy, so that these may freely and voluntarily determine whether or not they wish to provide the personal data which may be required for subscription or registration purposes as regards some of the Services offered. With the exception of those fields that indicate otherwise, answers to questions on personal data are voluntary.
ICEX reserves the right to modify this policy to adapt it to changes in legislation or legal or judicial requirements, as well as the practices of the industry, at all times taking into consideration the legitimate interests of the consumer or user. Certain services offered in the Portal may contain their own Specific Conditions with specific stipulations regarding personal data protection.
Confidentiality in the automated processing of Users’ Personal Data
Data collected through the ICEX Portal will be treated as secret and confidential.
The personal data collected will be subject to automated processing and included in the corresponding automated processing activity files owned by ICEX and for which ICEX is responsible.
ICEX will provide Users with suitable technical resources so that, prior to delivery of personal data, they may access the notice on the Personal Data Protection Policy as well as any other relevant information, and may provide their consent so that ICEX may proceed with the automated processing of its Users’ personal data. The User’s acceptance of the processing of personal data is always revocable, without retroactive effects.
Finality of the collection and automated processing of Personal Data
ICEX, responsible for data processing, informs that the automated collection and processing of personal data requested is used for purposes of management, administration, provision, expansion and improvement of the services offered by ICEX in its Portal at any time, and all of the foregoing based on the contractual relationship between the User and ICEX or the User’s consent. Likewise, based on legitimate interests, its purpose is the quantitative and qualitative study of visits and of the use of services by Users, the design of new services related to ICEX’s own services and their updates, and the remission by traditional and electronic means of technical and operational information and any other information related with specific parameters selected by the User in the Registration Form, surveys or commercial or advertising information on the products and services offered by ICEX or third-party Collaborators.
Users are not required to receive the aforementioned advertising or surveys, and may mark this option in the means provided for this purpose by ICEX in the Registration Form with regards to the offered services, through a written communication or directly through the pre-notice procedure in each commercial communication.
ICEX, as a result of the existence of a previous contractual relationship and based on legitimate interests, may send commercial communications on its own products and services similar to those which were initially object of a contract with the User, without requiring the User’s authorisation or express request. Nevertheless, the User, in any case, will have the aforementioned means available to express his or her opposition to receiving this type of commercial communications.
In no case will ICEX use its Users’ personal data for purposes other than those mentioned above.
The User declares that all of his or data provided are true and correct and is obligated to communicate to ICEX any changes in relation to the same. The User is entitled to oppose the processing of any of his or her data that is not absolutely necessary for formalizing the contract and the use of the same for any other purposes different from the maintenance of his or her contractual relationship.
Likewise, the User guarantees being over the age of 14 and having sufficient legal capacity to enter into obligations with regards to the services offered by ICEX, in accordance with applicable regulations.
Personal data of third parties provided by the User to ICEX
Transfer of personal data of Users to third parties
The transfer of personal data of Users to third parties will not take place without prior consent granted by the Users. In this case, ICEX will expressly inform the User of the transfer of his or her personal data to third parties, identifying the transferees of said data and the purpose of the transfer of that personal data.
Notwithstanding the preceding paragraph, the User grants permission for the use of his or her personal data when this is required by Public Administrations, the State Fiscal Authority, Courts and competent administrative Authorities or by judicial sentence; likewise, in general, to physical or legal persons to which the communication of said data is necessary for the correct and improved customer service, or by legal imperative.
The User’s acceptance of the transfer of personal data is always revocable, without retroactive effects.
Retention period of personal data
Users’ data will be retained for the minimum time period necessary to correctly render the service offered as well as to respond to any liabilities which may derive of the same and with regards to any other legal requirement.
In the case of the use of Users’ data to receive commercial communications from ICEX, Users’ data will be retained until the User declares the wish to no longer receive said communications, whether through the means offered in the communications themselves or through one of the ways explained below.
Given the fact that the majority of the activities ICEX implements to promote the internationalisation of Spanish companies take place abroad, it might be necessary for ICEX to communicate specific personal data of its clients to Fair Institutions and other foreign companies and bodies with which ICEX carries out said activities for purposes of their execution. The transfer of this data will be limited solely and exclusively to pertinent issues related with service provision by ICEX, which will at all times guarantee compliance with data processing standards and that the data will not be used for other purposes.
Users’ Rights in relation to their personal data
Users are entitled to exert their rights to access, rectify, suppress, oppose, limit and in relation to the portability of their data, for which Users must send a letter or email, attaching a copy of their National Identity Card (DNI) or equivalent documentation for identification purposes, to the following address:
Paseo de la Castellana, 278
Models, forms and other information are available on Users’ rights in the website of the Spanish Data Protection Agency, the Agencia Española de Protección de Datos www.agpd.es.
Security and updates of Users’ personal data
ICEX has adopted the legally required levels of protection of personal data, and has installed all of the technical means and measures within its reach to avoid the loss, misuse, alteration, unauthorised access or theft of personal data provided, in line with technical state-of-the-art and in compliance with legislation in effect. Despite this, the User must be aware that security measures used in the Internet are not impregnable.
For purposes of keeping Users’ personal data updated, it is important for Users to notify ICEX whenever any change occurs in the same.
Data Protection Officer
The ICEX DPO (Data Protection Officer) is in charge, within ICEX, of compliance with regulations on personal data.
Users may contact the ICEX DPO at the following address: firstname.lastname@example.org or at the postal address in Spain, Madrid, Paseo de la Castellana, 278 (att. Data Protection Officer).
Cancellation of the commercial communications service
Users are entitled to revoke, at any time, the consent given to receive commercial notifications, by notifying ICEX of the wish to no longer receive these. For this, the User may either revoke his or her consent via the means described in the preceding section on Users’ rights in relation to personal data, or click on the link included in each commercial communication, thereby cancelling the sending of electronic commercial communications.