Terms and Privacy Policy
This document regulates the rules regarding the Privacy Policy under which the company Damian Valley Partners, S.L.U., as Data Controller, will process the personal data of its customers (buyers or not of its services) and suppliers or third parties, furnished by them during their access to the website www.iflastmile.com in their registration process or provided by any other legally valid means. If you expressly accept the transfer of your data to the Data Controller, whatever the means by which you do so, provided that your consent is express, you give your consent in a free, informed, specific and unequivocal manner for the Data Controller to process your personal data, pursuant to the General Data Protection Regulation of the European Parliament and of the Council 679/2016, of 27 April (hereinafter "GDPR") and Organic Law 3/2018, of 5 December, on Data Protection and the Guarantee of Digital Rights.
1. Data of the Data Controller
Data Controller: Damian Valley Partners, S.L.U.
Corporate Tax ID No. (CIF): B01948199
Website: www.iflastmile.com
Registered office: Calle Jaén Number 10, 2D, 28020 Madrid
Registry data: Entered at the Mercantile Register of Madrid, Volume 40952, Folio 214, Section 8, Sheet M 726446
Email: info@runif.co
2. Data collection
The Data Controller may collect the data of its customers, suppliers and other third parties (hereinafter referred to collectively as "the data subject" or "data subjects") on its website when they access it and register or request its services through the contact link. The data subject must enter all the data required by the Platform at all times (especially those marked with an asterisk), because otherwise they will not be able to complete their registration as a user or will not be able to use certain functionalities or services available through the Platform. Data will also be collected from data subjects when they have provided them to the Data Controller by other means, in the normal course of a commercial or professional activity. Likewise, data subjects shall guarantee that the Personal Data provided are true and accurate, and shall notify, through the appropriate channel, any change or modification thereof. If the data subject provides data of third parties, they shall be responsible for having previously informed them and having their consent to do so, in accordance with article 14 of the GDPR.
3. Category of the data collected
The Data Controller will process the following personal data of the user:
Identification data: name and surname(s), Tax ID No. (NIF).
Contact data: telephone number, email and postal address.
Company for which you work
Credit or debit card for payment
Bank account
4. Recipients of the data
Suppliers who provide services to the Data Controller in relation to the service provided by the latter to the Data Subject or vice versa shall have access to the Data Subject's data. The Data Controller shall have in place the relevant data processing contracts with each of the suppliers that provide services to the Data Controller in order to ensure that such suppliers process your data in accordance with the provisions of the laws in force. Personal data may also be disclosed to the competent authorities where there is a legal obligation to do so. Likewise, they may be communicated to the financial institutions through which collection and payment management is carried out. The data may also be assigned to third party companies related to the activity of the Data Controller, for the purpose of sending users commercial information that may be of interest to them, always in connection with the business of the Data Controller and provided that the user has expressly accepted this.
5. Purpose of the processing
The Data Controller will process personal data for the purposes set out below, according to the reason for which they were provided:
Carry out the provision of the contracted services, maintain the contractual relationship and follow up same.
Contact, process, manage and respond to the user's request, application, incident or query (either by email, contact form or telephone).
Manage, as the case may be, the user's participation in the customer's private area.
Manage, as the case may be, the sending of commercial communications about products and services marketed by the Data Controller by electronic and/or conventional means.
Create, as the case may be, a profile of the user in order to offer them products and services related to the Data Controller in accordance with their interests.
Assess and manage, as the case may be, the résumé provided by the user for selection processes that adapt to their professional profile and carry out the necessary actions for the selection and hiring of personnel.
Based on the foregoing and depending on the user category, the Data Controller may use the data for the following purposes:
Customers:
Budgeting
Invoicing
Sending of commercial communications
Updates of service terms
Regular communication within the contracted service provision
Professional profiling for the service offer
Suppliers:
Invoicing
Sending of commercial communications
Updates of service conditions
Regular communication within the contracted service provision
Social Media Contacts:
Creation of a community of followers
Management of friendship requests
Sending of commercial information
Professional profiling for the service offer
Updates of service terms
Job applicants:
Assessment of the data included in the résumé to analyse suitability for the needs of the Data Controller.
Sending of relevant information related to the job sought in the organisation
If the user expressly agrees, the data may be transferred to collaborating or related companies for the purpose of helping the user to find a job
Professional profiling
6. Legitimacy for the collection and processing of data
The legal basis for the collection and processing of user data is, on the one hand, the imperative obligation of being able to provide the contracted services and, on the other hand, the consent expressly granted by the user for the collection and processing of their data.
7. Duration of data processing and retention
Once said relationship has ended, as the case may be, the data may be kept for the time required by the applicable laws and until the expiry of the statute of limitations for any liabilities arising from the Agreement. Data for managing queries and requests will be kept for the time necessary to respond to them, with a maximum period of one year. Data for sending commercial communications and the creation of commercial profiles of our products or services will be kept for as long as the commercial relationship with the user lasts and they do not withdraw their consent to it. Data from résumés for selection processes will be kept for a period of two years. For information purposes, the legal periods for the conservation of information in relation to different matters are set out below:
Documentation related to employment or social security -> 4 years (Article 21 of Legislative Royal Decree 5/2000, of 4 August, approving the consolidated text of the Infractions and Penalties related to Employment Act).
Accounting and tax documentation for commercial purposes -> 6 years (Article 30 of the Code of Commerce).
Accounting and tax documentation for tax purposes -> 4 years (Articles 66 to 70 of the General Tax Act, Control of access to buildings 1 month Instruction 1/1996 of the Spanish Data Protection Agency, AEPD, on Video-surveillance 1 month Guide of 26 November 2018 of the AEPD, Organic Law 4/1997. Act 5/2014 of 4 April, on Private Security).
8. User rights
Users who furnish their personal data to the Data Controller may exercise the following rights:
Access, rectification, objection, erasure, portability and limitation of processing, as well as refusal of automated processing of personal data collected by the Data Controller. In addition, all users shall have the right to withdraw any consent they may have given at any time. These rights may be exercised free of charge by users, with reference to the request specified in the application via the contact details given in the Legal Notice link. Users have the right to revoke their consent to receive commercial communications at any time, by simply notifying the Data Controller and specifying that they no longer wish to receive commercial communications. To do this, users may revoke their consent by making reference to their request via the contact details given in the Legal Notice or by clicking on the link "no more commercial communications". Users have the right to lodge a complaint with the Spanish Data Protection Agency if they consider that the Data Controller has committed any type of infringement in the processing of their data.
9. Minors
The Data Controller shall under no circumstances collect data on minors. Given the difficulty of verifying the age of users, the holders of parental authority or guardianship of minors under 14 years of age shall be responsible for establishing control measures on the devices that minors may access, in order to prevent them from improperly transferring their data. If the Data Controller becomes reliably aware at any time that a minor has accessed its platform and that their data is being processed without the authorisation of their legal representatives, they shall immediately unsubscribe said user.
10. Security measures
The Data Controller undertakes to comply with the commitment to secrecy of personal data and the duty to protect them, treating the user's personal data confidentially, adopting the necessary technical and organisational measures to guarantee the security of the data and to prevent the alteration, loss, unauthorised processing or access, taking into account the state of technology, the nature of the data stored and the risks to which they are exposed.
11. Changes in the privacy policy
The Data Controller may modify the Privacy Policy in accordance with the legislation applicable at any given time. In any case, any modification of the Privacy Policy will be duly notified to users so that they are informed of the changes made to the processing of their personal data and, in the event that the applicable regulations so require, the user may give their consent.