Pursuant to article 10 of Law 34/2002, of 11 July, on Information Society Services and Electronic Commerce, we hereby inform you that LABORATORIO DIETETICO D´HERBOS SL, with VAT Reg. No. B96273107 and registered offices at POL. IND. LES MASES – AVDA. LES MASES, PARC. 10-D – 46725 ROTOVA (Valencia), SPAIN is the owner and manager of the website www.derbos.com . Companies Registry data: REGISTRY OF VALENCIA, VOLUME 4875, SHEET 86, PAGE V-34352, 1st ENTRY.

To contact us, you may do so by ordinary mail to the address indicated above, or by email to info@derbos.com

Access to our website is available directly or through any existing redirect, and the following Privacy Policy is applicable.

 

PRIVACY POLICY

This Privacy Policy describes the way in we process your personal data (e.g. retrieval, use, communication, storage and protection of your personal information) and provides information about your rights as an interested party.

LABORATORIO DIETETICO D´HERBOS SL is the data processor and controller, and is responsible for processing, retrieving, using, communicating, storing and protecting your personal data, in accordance with the General Data Protection Regulations, internal rules and policies and any applicable national regulations.

Pursuant to Organic Law 3/2018 of 5 December, on Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD), as well as the new General Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, this document is to inform you of the policies of LABORATORIO DIETETICO D´HERBOS SL:

 

Data Controller Identity and Contact Details

Our identifying information:
LABORATORIO DIETETICO D´HERBOS SL

You can contact us:

• By ordinary post: POL. IND. LES MASES – AVDA. LES MASES, PARC. 10-D – 46725 ROTOVA
• By e-mail: info@derbos.com
• By phone: +34 96 287 69 60
• Website: derbos.com

 

Categories of personal data
We process the following categories of personal data:

• Identification data – name and surname(s), ID No. or equivalent
• Administrative data – company name, address, bank details and contact persons
• Contact information– email, telephone number and address
• Digital data – cookies, IP address, website and social networks and other publicly accessible data on the Internet, etc.
• Employment data – -data on our own employees, CV, studies, professional experience and health status
• Business data – suppliers, customers, administrators and partners
• Other data necessary for processing – for more information on personal data categories in our activities, please our Activities Register, “Data Categories” section.

 

How do we retrieve your data?
We retrieve information about you from the following sources:

• By communicating or interacting with you by phone, e-mail or through any other method of contacting with our company.
• Through the Contact form on the website.
• Through our social networks (see Social Networks section).
• Through application forms for professionals.
• Through the survey form hosted on Google Forms (https://forms.gle/JjpshLffV2WToMEM7)
• Through business visits.
• When you send us a resume or CV.
• Through employee clock-in tools.

For more information on our various data retrieval mechanisms for performing our activities, please consult our Activity Register.

 

How long do we store your data?
Data are stored as long as there is a commercial, contractual or professional relationship with the interested party, and subsequently during the years required to comply with corresponding legal obligations in each case. Notwithstanding the foregoing, data may be stored as long as required for processing provided the interested party does not request deletion.

With regard to employment data or data related to social security, documentation or records or computer media in which the corresponding data have been transmitted to certify compliance with obligations in relation to membership, registration, cancellation or variations that, where appropriate, being produced in relation to said matters, as well as personal contribution documents and receipts supporting salary payment and delegated benefit payments, pursuant to Article 21 of Royal Legislative Decree 5/2000, of 4 August, approving the revised text of the Law on Infractions and Sanctions in the Social Order, the storage period is established at 4 years.

With regard to accounting and tax documentation for tax purposes, accounting books and other mandatory record books under applicable tax regulations (IRPF (personal income tax), IVA (VAT), IS (Corporate Tax), etc.) as well as documentary evidence justifying book registry items (including computer programmes and files and other supporting document of fiscal significance), these data must be stored, at the minimum, for the entire period in which the Administration holds the right to verify and investigate and consequently to settle any outstanding tax debts, pursuant to Articles 66 to 70 of the General Tax Law; and this period is established at 4 years.

With regard to accounting and tax documentation for commercial purposes, books, correspondence, documentation and supporting documents related to business, all duly ordered from the last book entry, except as established by general or special provisions, this commercial obligation extends to both mandatory books (income, expenses, investments and provisions) as well as to documentation and supporting evidence for book entries (invoices issued and received, tickets, corrective invoices, bank documents, etc.), pursuant to Article 30 of the Commercial Code; and this period is established at 6 years.

Data related to the employee hours are stored pursuant to Royal Decree-Law 8/2019, of 8 March, on urgent measures of social protection to combat job insecurity on workdays, and this period is established at 4 years.

For further information on data storage in the performance of our activities, please consult our Activity Register, “Deletion period” section.

 

Who do we transfer your data to?
Depending on processing purpose, your personal data may be transferred to or processed by various categories of recipients:

• Collaborators or external professionals (Consultancy in Labour and Tax matters, Mutualities in charge of health surveillance, Companies for the Prevention of Occupational Risks, Collaborators/Distributors …).
• Public administrations (General Social Security Treasury, the State Public Employment Service, Employment Ministry, Finance Ministry, entities or organizations granting relevant aid or subsidies to the company, using them in the legitimate exercise of their corresponding powers)

In all cases, we only transfer your data to the extent it is strictly necessary and in the relevant form required to perform the processing for the purposes described in this Privacy Policy, and only to those entities with which we have signed agreements to protect your rights and freedoms with regard to your personal data. Said entities and/or professionals considered as Data Processors are governed by the provisions of Art. 28 of the RGPD, and the original Data Controller is responsible for taking all the necessary security measures pursuant to Art. 32 of the RGPD.

For further information on data transfers to third parties in the performance of our activities, please consult our Activity Register, “Category of Recipients” section.

 

Where do we process your data?
In the performance of our activities and the sale of our products, we process your personal data pursuant to the terms and conditions set forth in this Privacy Policy within the European Union (EU).

For further information on where we process data in the performance of our activities, please consult our Activity Register, “International Transfers” section.

 

For what purposes do we process your data?
Your data will be retrieved for relevant processing operations for the following purposes:

• To receive contact information or other requests made by you through any of our communication channels.
• To respond to requests from professional forms.
• To perform administrative tasks derived from the sale of our products.
• To perform data analysis (dissociated data) from our satisfaction survey.
• To ensure employee work schedule control.
• To include CVs in our jobs centre.

For further information about the purposes of data processing in the performance of our activities, please consult our Activity Register, “Purposes of Processing” section.

You may exercise your right to withdraw your consent at any time at no cost by writing a request and attaching a supporting document of your identity, addressed to POL. IND. LES MASES – AVDA. LES MASES, PARC. 10-D – 46725 ROTOVA (Valencia), SPAIN, or by email to info@derbos.com. For further information on exercising your rights with respect to Data Processing, please consult our Activity Register, “Exercising your Rights” section.

 

Why do we process your data?
The use of your data under the terms and conditions described above is permitted by European and Spanish data protection regulations in accordance with the following legal bases:

Art.6. GDPR

• The interested party gave their consent for the processing of their personal data for one or more specific purposes
• Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
• Processing is necessary for compliance with a legal obligation to which the controller is subject

For further information on the legal basis for data processing in the performance of our activities, please consult our Activity Register, “Legitimacy of Processing” section.

 

What rights do you have?
Data protection regulations allow you to exercise your rights vis-à-vis the Data Controller to access, rectify, oppose, delete (“right to be forgotten”), limit processing, data portability, and reject automated data processing decisions.

All interested parties have the right, BEFORE their data is collected, to be provided with basic information on a first level, in summarized form, at the same time and in the same medium in which their personal data is to be collected, and additionally, to have all remaining information provided to them in a more suitable medium for presentation and comprehension.

The information to be provided in “layers” or levels is as follows:

 

1st Layer Information

• Data Controller identity.
• Data to be processed.
• Purpose of processing.
• Where and how data are obtained.
• Legal basis for processing.
• If data are to be communicated, transferred or processed by third parties.
• A reference to procedures for exercising rights.

 

2nd Layer Information

• Contact details of the Data Controller. Identity and data on Representatives (if any). Contact details for the Data Protection Officer (if any).
• Extended description of the purposes for processing. Periods or criteria for data storage. Automated decisions, profiling and logic applied.
• Details on the legal basis for processing, in cases of legal obligation, public interest or legitimate interest. Obligation (if any) of providing data and consequences of failing to do so.
• Recipients or categories of recipients. Adequacy decisions, guarantees, binding corporate regulations or specific situations applicable.
• How to exercise rights of access, rectification, deletion and data portability, and limitation or opposition to processing.
• Right to withdraw consent given.
• Right to complain to a Control Authority.

 

(The following chart indicates what your rights are)

Right to access	To know what your data are being processed for, the purpose of processing, where data have been obtained and if they will be communicated or have been communicated to others.
Right to rectification	To modify any inaccurate or incomplete data.
Right to cancellation	To cancel any inappropriate or excessive data.
Right to object	To prevent your data from being processed or cease to be processed, even if only in the cases established by law.
Right to limit processing	To request that data processing be suspended in cases established by law.
Right to data portability	To receive your data provided in a structured, commonly used, electronic format and to be able to transmit them to another Data Controller.
Right to object to automated individual decision-making	So that decisions about you resulting in legal effects or affecting you are not made based solely on automated data processing operations.

 

These rights are characterized by the following precepts:

• You may exercise them free of charge.
• You may exercise them either directly or through a legal representative.
• If a request is submitted by electronic means, the information will be provided by the same means whenever possible, unless the interested party requests otherwise.
• Before exercising your rights, the Data Controller must be able to identify you properly to protect your personal data against fraudulent access.
• Your request must be resolved within a month.

 

If a request is manifestly unfounded or excessive (e.g., repetitive in nature), the Data Controller may:

• The Data Controller is obliged to inform you as to how and through what media you can exercise your rights. These media must be accessible, and this right may not be denied for the sole reason that you may choose any other medium.
• If the Data Controller does not proceed with your request, they must inform you, within one month at the latest, of the reasons for their non-action, and your right to make a claim before a Control Authority.

 

If you wish to exercise any of the rights described above, you can contact us through our Internal Data Protection Officer:

• By postal address:
  LABORATORIO DIETETICO D´HERBOS SL
  Att. Data Protection Officer
  POL. IND. LES MASES – AVDA. LES MASES, PARC. 10-D
  46725 ROTOVA

• Or by email to: info@derbos.com

 

Control Authority
If you wish to make a claim regarding the processing of your data by LABORATORIO DIETETICO D´HERBOS SL, we inform you that you can contact the Spanish Data Protection Agency, Calle Jorge Juan, 6, 28001-Madrid http://www.agpd.es

 

Cookies
Cookies are files that are downloaded to your computer to collect standard Internet log information and information about browsing habits. This information is used, for example, to track the use made by website visitors and compile statistical reports on website activity.

You can configure your browser so that it does not accept cookies. However, some first-party cookies are necessary to allow a website user session to use our services.

For further information, visit our website’s Cookie Policy.

 

Social Networks
LABORATORIO DIETETICO D´HERBOS SL is present in different media or social networks, such as: Facebook, Twitter and Instagram. The purpose of processing personal data from these sites is as established in the terms and conditions affecting those services. Should you register for certain services using personal data associated with your corresponding user account, you should know that you will be sharing certain information contained in your account. LABORATORIO DIETETICO D´HERBOS SL reminds that you should be familiar with the privacy policies of all social networks where you are registered to avoid sharing unwanted information.

There are privacy settings and account management settings in social networks to manage your privacy, identity, advertising preferences and other details.

Should you register for certain services using personal data associated with your corresponding user account, you should know that you will be sharing certain information contained in your account.

Detailing each of the social networks: On Facebook, when a user becomes a fan of the official Fan Page through the “Like” button, they authorize their personal data to be used only on this Facebook platform for the management of the “Fan Page” itself and bidirectional communications with all followers through chats, publications, comments, messages or other means of communication which this social network now allows or may allow in the future. All data processing on such pages are subject to the privacy policies of the corresponding social network, which users may consult using the following link: https://www.facebook.com/policy.php. By becoming a fan, you have access to the list of members or followers who have also joined the Fan Page. You are also informed that when a user becomes a fan, the news being published also appears on their home page, and if fan users make comments on these publications, both their comments and their profile names will be accessible to other fans, along with, where appropriate, any photographs you may have, depending on your privacy settings, biography and tags. In all cases, using social networks is the user’s responsibility.

In relation to Twitter, when a user follows our profile by clicking the “Follow” button, they have access to the profile pages of people following it, specifically, username, photograph (whenever a user has uploaded a photograph to their profile), and comments or “Tweets” or responses made by the user or by others mentioning it, as well as additional information having been published in the user’s profile, such as users being followed, your followers or your profile favourites. The data of users who follow our profile on Twitter are used only to manage and respond to the “Tweets” or messages exchanged amongst them. The privacy policy governing this social network can be consulted on the following link: https://twitter.com/privacy

In relation to Instagram, when a user follows our profile by clicking the “Follow” button, they have access to the profile pages of people following it, specifically, username, photograph (whenever a user has uploaded a photograph to their profile), and publications made by the user, as well as additional information having been published in the user’s profile, such as users being followed or their followers. The data of the users who follow our profile on Instagram are used only to manage the information exchanged amongst them. The privacy policy governing this social network can be consulted on the following link: https://help.instagram.com/519522125107875

 

Activity Register
You can request an updated copy of our Activity Register through our email address info@derbos.com.

 

Security
LABORATORIO DIETETICO D´HERBOS SL adopts organizational and technical measures to guarantee the security of personal data and prevent alteration, loss, unauthorized processing or access, considering the state of technology, the nature of the data stored and the risks to which they may be exposed.

 

Upgrades
We keep our privacy policy under review, meaning it may change from time to time (primarily to comply with legal and data protection practices).

Updated versions will be posted on our website.

 

Applicable Law and Competent Courts
The terms and conditions that govern this website, as well as all relationships that may be derived from such use, are protected by and subject to the Laws of Spain. The resolution of all controversies, litigations or discrepancies that may arise between USERs and LABORATORIO DIETETICO D´HERBOS SL through the use of this website shall necessarily correspond to the Courts and Tribunals of VALENCIA, Spain.

 

Publication Date: 8 January 2020