Privacy Policy

1.-OBJECTIVE OF THE POLICY

This “Privacy and Data Protection Policy” is intended to publicize the conditions that govern the collection and processing of your personal data by Ilusión Visual Producciones, S.L to ensure fundamental rights, your honor and freedoms, all in compliance with current regulations governing the Protection of Personal Data according to the European Union and the Spanish Member State.

In accordance with these regulations, we need your authorization and consent for the collection and processing of your personal data, so below, we indicate all the details of your interest regarding how we carry out these processes, with what purposes, what other entities could have access to your data and what your rights are.

For all of the above, once you have reviewed and read our Data Protection Policy, it is essential that you accept it as proof of your agreement and consent.

 

2.- DEFINITIONS

  • «Personal data»: Any information about an identified or identifiable natural person (“the user of the Website”); an identifiable natural person is any person whose identity can be determined, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more elements of identity physical, physiological, genetic, mental, economic, cultural or social of said person.
  • «Processing»: any operation or set of operations carried out on personal data or sets of personal data, whether by automated procedures or not, such as the collection, registration, organization, structuring, conservation, adaptation or modification, extraction, consultation , use, communication by transmission, diffusion or any other form of authorization of access, collation or interconnection, limitation, suppression or destruction.
  • “Limitation of processing”: the marking of the personal data stored in order to limit their processing in the future.
  • “Profiling”: any form of automated processing of personal data consisting of using personal data to evaluate certain personal aspects of a natural person, in particular to analyze or predict aspects related to professional performance, economic situation, health, preferences information, interests, reliability, behavior, location or movements of said natural person.
  • “Pseudonymisation”: the processing of personal data in such a way that they can no longer be attributed to a data subject without the use of additional information, provided that such additional information appears separately and is subject to technical and organizational measures designed to ensure that the data are not attributed to an identified or identifiable natural person.
  • “File”: any structured set of personal data, accessible according to certain criteria, whether centralized, decentralized or distributed functionally or geographically.
  • “Data controller” or “controller”: the natural or legal person, public authority, service or other body which, alone or jointly with others, determines the purposes and means of the processing; if the law of the Union or of the Member States determines the purposes and means of the treatment, the controller or the specific criteria for his appointment may be established by the law of the Union or of the Member States.
  • “Data controller” or “processor”: the natural or legal person, public authority, service or other body that processes personal data on behalf of the data controller.
  1. “Recipient”: the natural or legal person, public authority, service or other body to which personal data is communicated, whether or not it is a third party. However, public authorities that may receive personal data in the context of a specific investigation in accordance with Union or Member State law shall not be considered recipients; the processing of such data by said public authorities will be in accordance with the data protection regulations applicable to the purposes of the processing.

 

 

Data Protection Authorities (other European countries) :

 

Other International Data Protection Authorities:

 

  • “Cross-border processing”: a) the processing of personal data carried out in the context of the activities of establishments in more than one Member State of a controller or a processor in the Union, if the controller or processor is established in more than one Member State, or b) the processing of personal data carried out in the context of the activities of a single establishment of a controller or a processor in the Union, but which substantially affects or is likely to substantially affect data subjects in more than one Member State.
  • “Information society service”: any information society service, that is, any service normally provided for remuneration, remotely, electronically and at the individual request of a recipient of services.

 3.-IDENTITY OF  RESPONSIBLE FOR TREATMENT

Who collects and processes your data?

The Data Controller is that natural or legal person, of a public or private nature, or administrative body, which alone or jointly with others determines the purposes and means of personal data processing; in case the purposes and means of the treatment are determined by the Law of the European Union or the Spanish Member State.

In this case, our identification data as Data Controller are the following:

Ilusión Visual Producciones, S.L NIF/DNI B09717752

How can you contact us?

  • Postal address and our offices: Calle Camino de los Vinateros 106, Despacho 1.. 28030, Madrid (Madrid), Spain
  • Registered address: Calle Entre Arroyos Nº 15. 3A. 28030, Madrid (Madrid), Spain
  • Email: a.carrillo@ilusionvisual.com- Telephone: 655 16 99 93

 

Who can help you with our Data Protection Policy?

We have a person or entity specialized in data protection, which is in charge of ensuring the correct compliance in our entity with current legislation and regulations. This person is called the Data Protection Officer (DPO)  and, if you need it, you can contact him in the following way:

AURATECH LEGAL SOLUTIONS SLP- CIF B87984621

Email: rgpd@auratechlegal.es- Telephone: 0034 91 113 49 63

 

4.- APPLICABLE LAWS AND REGULATIONS

This Privacy and Data Protection Policy is developed based on the following regulations and data protection laws:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council, of April 27, 2016, regarding the protection of natural persons with regard to the processing of personal data and the free circulation of these data. Hereinafter GDPR.

  • Organic Law 3/2018, of December 5, Protection of Personal Data and Guarantee of Digital Rights. Hereinafter LOPD/GDD.

  • Law 34/2002, of July 11, on Services of the Information Society and Electronic Commerce. Hereinafter LSSICE.

 

5.- PRINCIPLES APPLICABLE TO THE PROCESSING OF PERSONAL DATA

The personal data collected and processed through this website will be treated in accordance with the following principles:

  • Principle of legality, loyalty and transparency: All processing of personal data carried out through this Website will be legal and fair, being completely clear to the user when the personal data that concerns him or her is being collected, used, consulted or processed. The information regarding the treatments carried out will be transmitted in advance, easily accessible and easy to understand, in simple and clear language.

  • Purpose limitation principle: All data will be collected for specific, explicit and legitimate purposes, and will not be subsequently processed in a manner incompatible with the purposes for which they were collected.

  • Principle of data minimization: The data collected will be adequate, pertinent and limited to what is necessary in relation to the purposes for which they are processed.

  • Principle of accuracy: The data will be exact and, if necessary, updated, adopting all reasonable measures so that personal data that is inaccurate with respect to the purposes for which it is processed is deleted or rectified without delay.

  • Principle of limitation of the term of conservation: The data will be kept in a way that allows the identification of the interested parties for no longer than is necessary for the purposes of the processing of personal data.

  • Principle of integrity and confidentiality: The data will be treated in such a way as to guarantee adequate security of personal data, including protection against unauthorized or illicit treatment and against accidental loss or damage, through the application of technical measures. and appropriate organizational

  • Principle of proactive responsibility: The entity that owns the Website will be responsible for compliance with the principles set forth in this section and will be able to demonstrate it.

 

 

6.-SECURITY MEASURES

What do we do to guarantee the privacy of your data?

Ilusión Visual Producciones, S.L adopts the necessary organizational and technical measures to guarantee the security and privacy of your data, avoid its alteration, loss, treatment or unauthorized access, depending on the state of the technology, the nature of the data stored and the risks to which they are exposed.

Among others, the following measures stand out:

  • Guarantee the permanent confidentiality, integrity, availability and resilience of treatment systems and services.
  • Restore the availability and access to personal data quickly, in the event of a physical or technical incident.
  • Verify, evaluate and assess, on a regular basis, the effectiveness of the technical and organizational measures implemented to guarantee the security of the treatment.
  • Pseudonymize and encrypt personal data, in the case of sensitive data.

 

On the other hand, Ilusión Visual manages information systems according to the following principles:

  • Principle of regulatory compliance: All information systems will comply with the regulations of regulatory and sectoral legal application that affect information security, especially those related to the protection of personal data, system security , data, communications and electronic services.

  • Principle of risk management: Risks will be minimized to acceptable levels and seek a balance between security controls and the nature of the information. Security objectives should be established, reviewed and consistent with information security aspects.

  • Principle of awareness and training: Training, awareness programs and awareness campaigns will be coordinated for all users with access to information, in terms of information security.

  • Principle of proportionality: The implementation of controls that mitigate the security risks of assets will be carried out seeking a balance between security measures, nature and information and risk.

  • Principle of responsibility: All members of the Data Controller will be responsible for their conduct in terms of information security, complying with the established standards and controls.

  • Principle of continuous improvement: The degree of effectiveness of the security controls implemented in the organization will be reviewed on a recurring basis to increase the ability to adapt to the constant evolution of risk and the technological environment.

 

7.- PURPOSES OF TREATMENT

Why do we want to process your data?

We need your authorization and consent to collect and process your personal data, so below we detail the intended uses and purposes:

Website queries Response to queries received through the web electronic form


Social Networks Share information on Social Networks

 

Resume management / Job bank Personnel selection

 

Email Communications via email

How long do we keep your data?

We use your data for the time strictly necessary to fulfill the purposes indicated above. Unless there is an obligation or legal requirement, the expected retention periods are:

Website inquiries: For a period of 1 year from the last confirmation of interest

Social networks: As long as their deletion is not requested by the interested party

Resume management / Job bank: For a period of 1 year from the last confirmation of interest. The personal data provided will be kept as long as its deletion is not requested by the interested party and it is appropriate, and as long as they are necessary -including the need to keep them during the applicable limitation periods- or relevant for the purpose for which they were collected or registered. If you do not update your resume or do not carry out any job search for a period of one year, your data will be deleted, implying the blocking of the same.

Email: For a period of 6 years from the last confirmation of interest

 

8.- LEGITIMATION OF THE TREATMENT

Why do we process your data?

The collection and processing of your data is always legitimized by one or more legal bases, which we detail below:

Website Inquiries

  • Explicit consent of the interested party

Social networks

  • Explicit consent of the interested party

Resume management / Job bank

  • Explicit consent of the interested party
    • RGPD: 6.1.a) Consent of the interested party. . The legal basis for sending information related to professional practice or professional interest and for the provision of voluntary services is the consent you give, which you may withdraw at any time.

Email

  • Legitimate interest of the Data Controller or third parties

9.- RECIPIENTS OF YOUR DATA

To whom do we transfer your data within the European Union?

Sometimes, in order to comply with our legal obligations and our contractual commitment to you, we are faced with the obligation and need to transfer some of your data to certain categories of recipients, which we specify below:

Social networks. Providers of social network services

Resume management / Job bank: Organizations or people directly related to the person in charge. As a consequence of the management of the authorized purposes, your data may be communicated to job offerers who may be interested in your profile.

Do we carry out International Transfers of your data outside the European Union?

We do not carry out international transfers of your data

 

10.- DATA PROCESSING ACTIVITIES

The data processing activities carried out through the website are detailed below, specifying each of the following sections:

  • Activity: Name of the data processing activity
  • Purposes: Each of the uses and treatments that are carried out with the data collected
  • Legal basis: The legal basis that legitimizes the processing of the data
  • Data processed: Typology of data processed
  • Provenance: Where the data is obtained
  • Retention: Period during which the data is kept
  • Recipients: Third parties or entities to whom the data is provided
  • International transfers: Cross-border transfers of data outside the European Union

10.1 -Main treatment activities

Are those data processing activities whose purposes are necessary and essential for the provision of services.

Email
Legal basesLegitimate interest of the Data Controller or third parties
PurposesCommunications via email
Data categories and groupsClients (Identification data). Employees (Identification data). Suppliers (Identification data)
Data source The interested party or his legal representative
Recipient CategoryNot planned
International TransferNot planned
Retention periodFor a period of 6 years from the last confirmation of interest

10.2 -Optional treatment activities (if the user has marked their acceptance)

These are those personal data processing activities whose purposes are not essential for the provision of the service and that are only carried out if the user has marked YES in the consent to carry out these activities.

Website Queries
Legal basesExplicit consent of the interested party
PurposesResponse to queries received through the electronic form on the web
Data categories and groupsWeb contacts (Identification data)
Data source The interested party or his legal representative
Recipient CategoryNot planned
International TransferNot planned
Retention periodFor a period of 1 year from the last confirmation of interest

 

Social networks
Legal basisExplicit consent of the interested party
PurposesShare information on Social Networks
Data categories and groupsFollowers (Identification data)
Data source The interested party or his legal representative
Recipient CategorySocial network service providers
International TransferNot planned
Retention periodAs long as its deletion is not requested by the interested party

 

Resume management / Job bank
Legal basisExplicit consent of the interested party (RGPD: 6.1.a) Consent of the interested party. )
PurposesStaff Selection
Data categories and groupsEmployees (Identifying data; Academics and professionals). Job candidates (Identifying data; Academic and professional; Employment details)
Data source The interested party or his legal representative
Recipient CategoryOrganizations or people directly related to the controller; As a consequence of the management of the authorized purposes, your data may be communicated to job offerers who may be interested in your profile.
International TransferNot planned
Retention periodFor a period of 1 year from the last confirmation of interest. The personal data provided will be kept as long as its deletion is not requested by the interested party and it is appropriate, and as long as they are necessary -including the need to keep them during the applicable limitation periods- or relevant for the purpose for which they were collected or registered. If you do not update your resume or do not carry out any job search for a period of one year, your data will be deleted, implying the blocking of the same.

11.- DATA OF MINORS

Children under 14 years of age may not use the services available through the Website without the prior authorization of their parents, guardians or legal representatives, who will be solely responsible for all acts carried out through the Website by minors. at your expense, including the completion of the electronic forms with the personal data of said minors and the marking, where appropriate, of the boxes that accompany them.

In compliance with the provisions of article 8 of the RGPD and article 7 of the LOPD/GDD, only those over 14 years of age may grant their consent for the processing of their personal data in a lawful manner by Ilusión Visual.

 

12.-ORIGIN AND TYPES OF DATA PROCESSED

Where did we get your data from?

Website Inquiries

  • Web contacts: The interested party or her legal representative

Social networks

  • Followers: The interested party or his legal representative

Resume management / Job bank

  • Employees: The interested party or his legal representative
  • Job candidates: The interested party or their legal representative

Email

  • Clients: The interested party or his legal representative
  • Employees: The interested party or his legal representative
  • Suppliers: The interested party or his legal representative

 

What types of data have we collected and processed about you?

Website Inquiries

Web contacts

  • Identification data (Name and Surname; Electronic address; Telephone)

Social networks

Followers

  • Identification data (Name and Surname; Electronic address)

Resume management / Job bank

Employees

  • Identification data (Name and Surname; Postal address)
  • Academic and professional (Professional experience)

Job candidates

  • Identification data (Name and Surname; Postal address; Electronic address; Telephone)
  • Academic and professional (Curriculum Vitae; Degrees)
  • Employment Details (Worker History)

Email

Clients

  • Identification data (Electronic address)

Employees

  • Identification data (Electronic address)

Suppliers

  • Identification data (Electronic address)

 

 13- RIGHTS OF INTERESTED PARTIES

What are the rights that protect you?

The current data protection regulations protect you in a series of rights in relation to the use we give to your data. Each and every one of your rights are unipersonal and non-transferable, that is, they can only be exercised by the owner of the data, after verifying their identity.

Next, we indicate what are the rights that assist you:

  • Right of access: It is the right that the user of the Website has to obtain confirmation of whether or not the Data Controller is treating their personal data and, if so, to obtain information about their specific personal data and the treatment that the Data Controller has made or is carrying out, as well as, among other things, the information available on the origin of said data and the recipients of the communications made or foreseen in them.

  • Right of rectification: It is the right that the user of the Website has to modify their personal data that turns out to be inaccurate or, taking into account the purposes of the treatment, incomplete.

  • Right of deletion: It is usually known as “right to be forgotten”, and it is the right that the user of the Website has, provided that the current legislation does not establish otherwise, to obtain the deletion of their personal data when these are no longer necessary for the purposes for which they were collected or processed; the User has withdrawn their consent to the treatment and this does not have another legal basis; the User opposes the treatment and there is no other legitimate reason to continue with it; the personal data has been unlawfully processed; the personal data has been obtained as a result of a direct offer of information society services to a child under 14 years of age. In addition to deleting the data, the Data Controller, taking into account the available technology and the cost of its application, will take reasonable measures to inform other possible controllers who are processing the personal data of the interested party’s request to delete any link to those personal data.

  • Right to data limitation: It is the Website User’s right to limit the processing of their personal data. The User of the Website has the right to obtain the limitation of the treatment when he contests the accuracy of his personal data; the processing is unlawful; the Data Controller no longer needs the personal data, but the User needs it to make claims; and when the User of the Website has opposed the treatment.

  • Right to data portability: In those cases in which the treatment is carried out by automated means, the User of the Website will have the right to receive from the Data Controller their personal data in a structured format, of common use and mechanical reading, and to transmit them to another data controller. Whenever technically possible, the Data Controller will transmit the data directly to that other Controller.

  • Right of opposition: It is the right of the User to not carry out the processing of their personal data or to cease the processing thereof by the Data Controller.

  • Right not to be subject to automated decisions and/or profiling: The Website User’s right not to be subject to an individualized decision based solely on the automated processing of their personal data, including profiling, existing unless current legislation establishes otherwise.

  • Right to revoke consent: It is the Website User’s right to withdraw, at any time, the consent given for the processing of their data.
  • Right to file a data protection claim with the Control Authority: Spanish Data Protection Agency

 

The interested party can exercise any of the aforementioned rights by contacting the Data Controller and prior identification of the User using the following contact information:

  • Responsible: Ilusión Visual Producciones, S.L
  • Address: Calle Camino de los Vinateros 106, Office 1.. 28030, Madrid (Madrid), Spain
  • Phone: 655 16 99 93
  • E-mail: a.carrillo@ilusionvisual.com
  • Web page: http://www.ilusionvisual.com

You can also exercise your rights before the Data Protection Officer:

Email: rgpd@auratechlegal.es – Telephone: 0034 91 113 49 63

 

How can you exercise your rights in relation to your data?

To exercise your rights of access, rectification, deletion, limitation or opposition, portability and withdrawal of your consent, you can do so as follows:

Website Inquiries

  • Responsible: Ilusión Visual Producciones, S.L
  • Address: Calle Camino de los Vinateros 106, Office 1.. 28030, Madrid (Madrid), Spain
  • Phone: 655 16 99 93
  • E-mail: a.carrillo@ilusionvisual.com
  • Web page: http://www.ilusionvisual.com

Social networks

  • Responsible: Ilusión Visual Producciones, S.L
  • Address: Calle Camino de los Vinateros 106, Office 1.. 28030, Madrid (Madrid), Spain
  • Phone: 655 16 99 93
  • E-mail: a.carrillo@ilusionvisual.com
  • Web page: http://www.ilusionvisual.com

Resume management / Job bank

  • Responsible: Ilusión Visual Producciones, S.L
  • Address: Calle Camino de los Vinateros 106, Office 1.. 28030, Madrid (Madrid), Spain
  • Phone: 655 16 99 93
  • E-mail: a.carrillo@ilusionvisual.com
  • Web page: http://www.ilusionvisual.com

Email

  • Responsible: Ilusión Visual Producciones, S.L
  • Address: Calle Camino de los Vinateros 106, Office 1.. 28030, Madrid (Madrid), Spain
  • Phone: 655 16 99 93
  • E-mail: a.carrillo@ilusionvisual.com
  • Web page: http://www.ilusionvisual.com

 

How can you file a claim?

 

In addition to the rights that assist you, if you believe that your data is not being collected or processed in accordance with current Data Protection regulations, you may file a claim with the Control Authority, whose contact information we indicate below :

  • Spanish Data Protection Agency
    C/. Jorge Juan, 6. 28001, Madrid (Madrid), Spain
    Email: info@aepd.es- Telephone: 912663517
    Web: https://www.aepd.es

 

 

 

Data Protection Authorities (other European countries) :

14.-ACCEPTANCE

The acceptance and availability of this document indicates that you understand and accept all the clauses of our privacy policy, for which you authorize the collection and processing of your personal data in these terms. This acceptance is done by activating the “Read and Accept” checkbox of our Privacy Policy.

Ilusión Visual reserves the right to modify this Privacy Policy, according to its own criteria, or motivated by a legislative, jurisprudential or doctrinal change of the Spanish Data Protection Agency or the rest of the European control authorities mentioned in the previous point. The changes or updates made to this Privacy Policy that affect the purposes, retention periods, data transfers to third parties, international data transfers, as well as any right of the User of the Website, will be explicitly communicated to the user.< /p>

Last Updated: Jun 21, 2022< /u>