Privacy policy

Website ownership

Our website URL is: https://shopcanarias.es

Company details:


Marketplace Canarias SL (from now on; ShopCanarias.es)
CIF: B76819259 (tax ID nº)
Location: Santa Úrsula (38390 – Tenerife, Canary Islands, Spain)

Contact us:


E-mail address: info@ShopCanarias.es

Other internet pages (from now on; Web Sites):

Main domain:
www.ShopCanarias.es

E-mail address:
info@shopcanarias.es

Social profiles:
Facebook; ShopCanarias.es
Twitter; ShopCanarias.es
Instagram; ShopCanarias
Pinterest; ShopCanarias.es
YouTube; ShopCanarias

Secondary domains:
www.ShopCanarias.com.es
www.marketplacecanarias.com
www.marketplacecanarias.es
www.marketplacecanarias.com.es

Personal data

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Contact forms

When visitors send a contact form on the site we collect the data shown in the contact form boxes, and also the visitor’s IP address and browser user agent string to answer the visitor´s demands properly.

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Analytics

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Visitor comments may be checked through an automated spam detection service.

TREAMENT ACTIVITIES REGISTRY

This is the data treatment activities registry made as the data controller.

We have included some additional data to the required ones, privately reserving those that allow us keep systems safe.

Security measures applied to all data treaments

The treatment of the personal data is made by ShopCanarias.es, always after applying technical measures and organizational ones, appropriate to guarantee a safety level adequate to the risk.

With each one, we try to guarantee permanent condidentiality, integrity, availability, and resilience of the tratment´s systems and services. Likewise, we carried out regularly verification processes , evaluation and assessment of the effectiveness of technical and organizational measures to guarantee the treatment´s safety. On a yearly basis, we make a full audit.

The minimum measures which ShopCanarias.es apply are the following:

a) Logical:

Only and always original software, automatic updated and with official license.                                                     
Ability to restore availability and fast access to personal data in the case of 
physical or technical incident, thanks to a specific service hired to a trusted provider, which includes incremental and periodic backups for each change made, and on a weekly and monthly basis.                                                           
Firewall and updated protection systems of the endpoint in all terminals.                                                            
VPN hired to a trusted service provider for all terminals.                                                           
Different passwords in each app, change periodically and stored encrypted in an official password manager hired to a trusted service provider.                                                         
Usual protection tools: user blocked when it is not active, privacy filter for screens, screensavers with password blocking system, and USB shield to prevent data synchronization.                                                         

The security measures are reviewed periodically, both manually and with specific software.

ShopCanarias.es website has an encrypted system SSL TLS v1.2, and has own safety systems and others hired to trusted service providers. We periodically review the security measures status, manually and with installed and online specific solutions.

b) Organizational:

ShopCanarias.es treats data by itself, and in some cases, through duly authorized third parties for those interested, or with whom it maintains contracts in charge of the data treatment, adapted to regulations in force.

c) Formative:

Data protection and related subject´s training is continuous.

d) Others:

Confidentiality; ShopCanarias.es and its employees are committed not to disclose or make use of the information that they have accessed due to their professional activities.
The information given by the Customer will have, in any case, the consideration of being confidential, without it being used for other purposes than those related to the contracted services to ShopCanarias.es.
ShopCanarias.es undertakes not to disclose information about the customer's claims, the reasons for the advice requested, or the duration of the relationship with the customer.
Regulations in force; all of the data treatments made by ShopCanarias.es are carried out complying with at least the additional legal requirements established by the applicable regulations, such as drawing up or reviewing and signing contracts for data controller, conducting preventive and maintenance audits, or diligent custody of consents, as well as assistance to those interested in the exercise of their rights.                                                
                                                      

Criteria for using digital devices

The e-mail server and the rest of data storage or communication instruments , as well as fixed or mobile terminals, are exclusively working tools provided by ShopCanarias.es, for the performance of labor or commercial functions, according to the contract, and cannot be used for personal, domestic, or professional purposes other than those agreed upon.

ShopCanarias.es can make backups and access to the content derivative of the use of this media for the sole purpose of controlling compliance with labor obligations, statutory or established by commercial contract, and to ensure the integrity of such devices. In any case, the accesses will be made in accordance with the data protection regulations, and ensuring the protection of the privacy of those affected.

Users cannot allow the access of third party to the accounts and devices that would have been entrusted to them by ShopCanarias.es, due to your employment or business relationship. Once the motive of the suit ceased the delivery, user credentials will be removed and content will be deleted, having to be blocked for the appropriate time. The messages that are received in those accounts will be redirected to an institutional mail (info@), not assigned to a particular person but controlled by ShopCanarias.es, or until its termination, the person it has designated.

Data suppression protocol and destruction of supports

Data is deleted locally, as well as the backup copies of these on storage servers, in those intended for the provision of email services and on backrest supports located in places other than work or home. The cases in which the person in charge requests the return are excepted and when there is legal justification, to be documented en each case, to maintain or guard the data beyond the provision of the service. The destruction of media will be done by physically guaranteeing the impossibility of extracting data.

Actions against security breaches

When security breaches of personal data occur, for example, a document theft or the improper access to personal data, the person in charge will notify the Spanish Data Protection Agency within 72 hours about such security breaches, including all the information necessary to clarify the facts that would have resulted to improper access to personal data. The notification will be made by electronic means through the electronic headquarters of the Spanish Data Protection Agency (from now on AEPD).

Web analytical and advertising activities [cross treatments]


Analysis of user navigation through the web sites and social profiles that the person in charge manages in order to improve communication activity and allow third parties to learn from the user and show you personalized advertising for your and the data controller financial benefits.

1.- Community

Users who access websites or social profiles managed by the data controller.

2.- Data categories

The type of data that is processed for this activity is the following:


Browser user agent chain and IP address relationship, along with charts and total values ​​about navigation of the set of users for each website pages. These data are shown disaggregated, 
in a way that does not allow the person in charge to identify the users.                                    
Third parties who have been charged with this treatment could have access to user identifying data by connecting your browsing activities with other information available to you.                                 

3.- Purposes of treatment

Treatments are carried out with two related purposes:

Analytics purposes: Analysis of the user navigation by connecting your browsers and social profiles which are managed by the data controller with the purpose of implement improvements in the communication activities. I also allows third parties to know these user activities.                            
Advertising purposes: Allow third parties to learn from the user and allow to show the user customized advertising with the purpose of the data controller to obtain economic benefits.                                  

4.- Legal basis

This data processing finds its legal justification in that it is necessary for the satisfaction of legitimate interests pursued by the data controller (art. 6.1.f of the General Data Protection Regulation (from now on GDPR). In particular, these legitimate interests consist of obtaining information which allows to improve the activities of the data controller and to obtain revenues through their own and third parties advertising systems.

5.- Third parties with access to data

Google LLC
https://about.google/intl/es/
Description: United Stated Entity attached to the Privacy Shield, with its own privacy policy.
Contact information: Torre Picasso, Plaza Pablo Ruiz Picasso, 1, 28020 Madrid.
International Transfer: Yes.
YouTube: Analytics of views of videos through the Google Analytics service.

Twitter Inc
Description: United Stated Entity attached to the Privacy Shield, with its own privacy policy.
Contact information: 1355 Market Street #900 San Francisco, California 94103.
International Transfer: Yes.
Twitter Analytics: analytics service of each user interactions with the posts of the data controller in the social network Twitter. Generate an analytical report of global interactions, which is available to the data controller.

Raiola Networks SL
Domain registration company.
Description: Spanish entity, with its own privacy policy.
Contact information: info@raiolanetworks.es
AWStats: Website user analytical service, through the passive fingerprinting, on the contracted server.

6.- Recipients categories

Data communications are not planned.

7.- International transfers

International transfers are planned for United States businesses indicated in the section «Third parties with access to data».

The international transfers are indicated in the cross treatments activities registry as long as the interested party provides data through the data controller website or its social profiles or send or receive a communication to the data controller.

Other international data transfers are not planned.

8.- Deletion period

Data is deleted after the following storage periods have elapsed:

Google LLC: aproximately, 26 months                                 
Twitter: as long as necessary                                  

However, data could be preserved for a longer period to attend to the possible responsibilities that may arise form the data treatment or from the user activities.

9.- Data protection officer

Not required for this treatment, for the data processed and as its manager executes it, in accordance with the provisions of article 37 of the GDPR and in the article 34 of the Organic Law 3/2018.
https://eur-lex.europa.eu/legal-content/ES/TXT/?uri=CELEX%3A32016R0679 article 37 of the GDPR
https://www.boe.es/buscar/doc.php?id=BOE-A-2018-16673 article 34 of the Organic Law 3/2018

10.- Impact evaluation

Not required for this treatment, for the data processed and as its manager executes it, in accordance with the provisions of article 35 of the GDPR and in the article 28 of the Organic Law 3/2018.
https://eur-lex.europa.eu/legal-content/ES/TXT/?uri=CELEX%3A32016R0679 article 35 of the GDPR
https://www.boe.es/buscar/doc.php?id=BOE-A-2018-16673 article 28 of the Organic Law 3/2018

11.- Risk analysis

A risk analysis has been carried out on the security of the data. The security measures are those referred to above. Periodically and whenever a change occurs the effectiveness of the security measures implemented are reviewed and evaluated. This evaluation it is done whenever an update occurs on the systems. For the logical measures, we have the collaboration of an IT team.

Promotion and communications activity [cross treatments]

The data controller carries out his promotional activities in the media, and through this website, including the service web pages or secondary websites and social profiles indicated in the section ‘Website ownership’.

1.- Community

Users who access websites or social profiles managed by the data controller.

Users interested in the activities and in the information related to the data controller activities or related to the contents created or published by the data controller.

2.- Data categories

The type of data that is processed for this activity is the following:

Main identifying data: name and last name; user name
Other data: ID; postal address or e-mail address; signature; phone nº and economic activity sector.

3.- Purposes of the treatment

Treatments are carried out with the purposes of advertising and commercial prospecting, including: sending communications, advertising and information, conducting opinion polls, commercial prospecting, market segmentation, decision support systems and collection of addresses.

4.- Legal basis

This data processing finds its legal justification in that it is necessary for the satisfaction of legitimate interests pursued by the data controller (art. 6.1.f of the General Data Protection Regulation or GDPR). In particular, these legitimate interests consist of creating image, improving reputation, generating or maintaining conversations about on topics of interest and attracting users and potential customers, partners and stakeholders, all this also through actions of direct marketing and obtaining historical and statistical data.

5.- Third parties with access to data

Google LLC
https://about.google/intl/es/
Description: United Stated Entity attached to the Privacy Shield, with its own privacy policy.
Contact information: Torre Picasso, Plaza Pablo Ruiz Picasso, 1, 28020 Madrid.
International Transfer: Yes.
YouTube: Analytics of views of videos through the Google Analytics service.

Twitter Inc
Description: United Stated Entity attached to the Privacy Shield, with its own privacy policy.
Contact information: 1355 Market Street #900 San Francisco, California 94103.
International Transfer: Yes.
Twitter Analytics: analytics service of each user interactions with the posts of the data controller in the social network Twitter. Generate an analytical report of global interactions, which is available to the data controller.

Raiola Networks SL
Domain registration company.
Description: Spanish entity, with its own privacy policy.
Contact information: info@raiolanetworks.es
AWStats: Website user analytical service, through the passive fingerprinting, on the contracted server.

Others: The data controller uses auxiliary managers such as courier services or as telecommunications, for the reception and remission of messages and data.

6.- Data categories

Data communications are not planned.

7.- International transfers

International transfers are planned for United States businesses indicated in the section «Third parties with access to data».

The international transfers are indicated in the cross treatments activities registry as long as the interested party provides data through the data controller website or its social profiles or send or receive a communication to the data controller.

Other international data transfers are not planned.

8.- Deletion period

Feed: personal data of the users interested in receiving information, including those subscribed to the e-mail feed, will remain in the system indefinitely as long as the interested party does not request its deletion.

Comments on the data crontroller web sites: Comments and their metadata will remain in the system indefinitely with the purpose of recognizing and approve automatic successive comments instead of maintaining them in a moderation queue. The cookies which you decide to create on your browser related to your comments will store your data during one year.

Activities: personal data of those users registered in general activities will be deleted when they were finished.

Data published online by the data controller: personal data uploaded by the data controller to the web sites and social profiles will remain since the user offers his consent until he withdraws it.

9.- Data protection officer

Not required for this treatment, for the data processed and as its manager executes it, in accordance with the provisions of article 37 of the GDPR and in the article 34 of the Organic Law 3/2018.
https://eur-lex.europa.eu/legal-content/ES/TXT/?uri=CELEX%3A32016R0679 article 37 of the GDPR
https://www.boe.es/buscar/doc.php?id=BOE-A-2018-16673 article 34 of the Organic Law 3/2018

10.- Impact evaluation

Not required for this treatment, for the data processed and as its manager executes it, in accordance with the provisions of article 35 of the GDPR and in the article 28 of the Organic Law 3/2018.
https://eur-lex.europa.eu/legal-content/ES/TXT/?uri=CELEX%3A32016R0679 article 35 of the GDPR
https://www.boe.es/buscar/doc.php?id=BOE-A-2018-16673 article 28 of the Organic Law 3/2018

11.- Risk analysis

A risk analysis has been carried out on the security of the data. The security measures are those referred to above. Periodically and whenever a change occurs the effectiveness of the security measures implemented are reviewed and evaluated. This evaluation it is done whenever an update occurs on the systems. For the logical measures, we have the collaboration of an IT team.

Web´s security activity and e-mails [cross treatments]

The data controller analyze user behavior in your navigation through the website and the different social profiles in order to prevent and block logical attacks.

1.- Community

Users who access websites or social profiles managed by the data controller.

2.- Data categories

The type of data trated for this activity is the following:

IP address.
Browser´s User agent chain.

3.- Purposes of the treatment

Treatments are carried out with the purpose of analyze user´s behaviour in your navigation through the website and in the different social profiles in order to prevent and block logical attacks.

4.- Legal basis

This data processing finds its legal justification in that it is necessary for the satisfaction of legitimate interests pursued by the data controller (art. 6.1.f of the General Data Protection Regulation or GDPR). In particular, these legitimate interests consist of avoiding destruction or alteration of data and systems , as well as avoiding access to them or third parties to be blocked perform other unauthorized treatments

About tracking pixels:

The data controller has determined that exists the above legitimate interest about using tracking pixels in our web sites for analytical purposes, which forces us to inform to the user but not to seek the user´s consent, after having made a weighting judgment analyzing the rights of the interested parties, and in particular, to maintain the user´s navigation as anonymous as possible, even in opposition to third party hired controllers, without the user´s data is being processed.

Weighted rights and to the commercial need of the data controller to have access to fully anonymised statistics about the use of the website and after studying the content of the report 0011/2014 of the AEPD, the data protection normative (RGPD, LOPDGDD…), the LSSI and the LGDDCU, among other, the data controller has concluded that the analytical treatment based on your legitimate interest does not violate the rights of the interested parties and has made the determination to, although the pixels are not properly storage and data recovery devices in recipient terminal equipment, show a first informative layer fulfilling the requirements established in the article 11 LOPDGDD as a cookie banner and this registry as a second informative layer.

5.- Third parties with access to data

Google LLC
https://about.google/intl/es/
Description: United Stated Entity attached to the Privacy Shield, with its own privacy policy.
Contact information: Torre Picasso, Plaza Pablo Ruiz Picasso, 1, 28020 Madrid.
International Transfer: Yes.

Treatments:
Google services (Gmail, YouTube, etc.): The American company has implemented and maintain defending systems against intrusions and anti-malware systems in the different services used by the data controller.

6.- Data categories for recipients

Data communications are not planned.

7.- International transfers

International transfers are planned for United States businesses indicated in the section «Third parties with access to data».

The international transfers are indicated in the cross treatments activities registry as long as the interested party provides data through the data controller website or its social profiles or send or receive a communication to the data controller.

Other international data transfers are not planned.

8.- Deletion period

Data is deleted after the following storage periods have elapsed:

Google LLC: aproximately, 26 months
However, data could be preserved for a longer period to attend to the possible responsibilities that may arise form the data treatment or from the user activities.

9.- Data protection officer

Not required for this treatment, for the data processed and as its manager executes it, in accordance with the provisions of article 37 of the GDPR and in the article 34 of the Organic Law 3/2018.
https://eur-lex.europa.eu/legal-content/ES/TXT/?uri=CELEX%3A32016R0679 article 37 of the GDPR
https://www.boe.es/buscar/doc.php?id=BOE-A-2018-16673 article 34 of the Organic Law 3/2018

10.- Impact evaluation

Not required for this treatment, for the data processed and as its manager executes it, in accordance with the provisions of article 35 of the GDPR and in the article 28 of the Organic Law 3/2018.
https://eur-lex.europa.eu/legal-content/ES/TXT/?uri=CELEX%3A32016R0679 article 35 of the GDPR
https://www.boe.es/buscar/doc.php?id=BOE-A-2018-16673 article 28 of the Organic Law 3/2018

11.- Risk analysis

A risk analysis has been carried out on the security of the data. The security measures are those referred to above. Periodically and whenever a change occurs the effectiveness of the security measures implemented are reviewed and evaluated. This evaluation it is done whenever an update occurs on the systems. For the logical measures, we have the collaboration of an IT team.

Attention to the rights of the interested parties

The treatments consists on the own efforts linked to the exercise of third parties rights about their embedded data in files whose treatment corresponds wholly or partially to the data controller.

1.- Community

The natural persons whose data is processed, are those including the representatives of legal entities, who address a request to ShopCanarias.es to excersice their rights.

2.- Data categories

The type of data that is processed for this activity is the following:

Main identifying data: name and last name
Other data: ID; postal address or e-mail address; signature; phone nº and economic activity sector.
Other data: Those who may be included in the exercise or that have to be treated because of the provision of the service, or that may include data from special categories.

3.- Purposes of the treatment

The treatments consists on the own efforts linked to the exercise of third parties rights about their embedded data in files whose treatment corresponds wholly or partially to ShopCanarias.es.

4.- Legal basis

This data processing finds its legal justification in that it is necessary for the satisfaction of legitimate interests pursued by the data controller (art. 6.1.f of the General Data Protection Regulation or GDPR).

5.- Third parties with access to data

They will be able to access data, depending on the case, third parties indicated in the cross treatments.

6.- Recipients categories

Recipients are not anticipated.

7.- International transfers

The international transfers are indicated in the cross treatments activities registry as long as the interested party provides data through the data controller website or its social profiles or send or receive a communication to the data controller.

Other international data transfers are not planned.

8.- Deletion period

They will be kept for the necessary time to fulfill the purpose for which they were collected and to determine the possible responsibilities that may arise from said purpose and from the data treatment.

9.- Data protection officer

Not required for this treatment, for the data processed and as its manager executes it, in accordance with the provisions of article 37 of the GDPR and in the article 34 of the Organic Law 3/2018.
https://eur-lex.europa.eu/legal-content/ES/TXT/?uri=CELEX%3A32016R0679 article 37 of the GDPR
https://www.boe.es/buscar/doc.php?id=BOE-A-2018-16673 article 34 of the Organic Law 3/2018

10.- Impact evaluation

An impact assessment has been carried out only for cases where data affected form part of a treatment which anyway would request it, in accordance with the provisions of article 28 of the Organic Law 3/2018.
https://www.boe.es/buscar/doc.php?id=BOE-A-2018-16673 article 28 of the Organic Law 3/2018.

In these cases, it has been included as its own section.

11.- Risk analysis

A risk analysis has been carried out on the security of the data. The security measures are those referred to above. Periodically and whenever a change occurs the effectiveness of the security measures implemented are reviewed and evaluated. This evaluation it is done whenever an update occurs on the systems. For the logical measures, we have the collaboration of an IT team.

Supplier management

The data controller account with suppliers which provide services such as the web hosting and the email service, among others.

1.- Community

The natural persons whose data is processed, are sellers or service providers, including the representatives of legal entities, in which case the contact information data is processed.

2.- Data categories

The type of data that is processed for this activity is the following:

Main identifying data: name and last name, ID; postal address or e-mail address; signature; phone nº and picture.
Job Details: entity or public institution and job position. Mitigate risks, to minimize incidents, by maintaining technical and organizational security measures.
Economic and financial data: bank data. Guarantee the confidentiality, availability and integrity of both personal data and industrial secrets.

3.- Purposes of the treatment

Be proactive in compliance with the set of regulations applicable to the development of the activity.
Choose only providers that comply with better or similar standards in terms of quality and safety.
The purpose of the treatment is the management and control of the relationship with suppliers. Maintain a secure record of assets and their changes.
Achieve high credibility and trust in third parties and suppliers.

4.- Legal basis

Raise awareness among workers and collaborators on physical and logical security through a process of continuous training.

This data processing finds its legal justification in that it is necessary for the performance of a contract in which the interested party is part or for the application at the request of the interested party of a contract of pre-contractual measures (art. 6.1.f of the General Data Protection Regulation or GDPR).

5.-Third parties with access to data

They will be able to access data, depending on the case, third parties indicated in the cross treatments.

6.- Recipients categories

The data may be communicated to financial entities and to the State Agency Tax Administration.

7.- International transfers

The international transfers are indicated in the cross treatments activities registry as long as the interested party provides data through the data controller website or its social profiles or send or receive a communication to the data controller.

Other international data transfers are not planned.

8.- Deletion period

They will be kept for the necessary time to fulfill the purpose for which they were collected and to determine the possible responsibilities that may arise from said purpose and from the data treatment.

9.- Data protection officer

Not required for this treatment, for the data processed and as its manager executes it, in accordance with the provisions of article 37 of the GDPR and in the article 34 of the Organic Law 3/2018.
https://eur-lex.europa.eu/legal-content/ES/TXT/?uri=CELEX%3A32016R0679 article 37 of the GDPR
https://www.boe.es/buscar/doc.php?id=BOE-A-2018-16673 article 34 of the Organic Law 3/2018

10.- Impact evaluation

An impact assessment has been carried out only for cases where data affected form part of a treatment which anyway would request it, in accordance with the provisions of article 28 of the Organic Law 3/2018.
https://www.boe.es/buscar/doc.php?id=BOE-A-2018-16673 article 28 of the Organic Law 3/2018.

In these cases, it has been included as its own section.

11.- Risk analysis

A risk analysis has been carried out on the security of the data. The security measures are those referred to above. Periodically and whenever a change occurs the effectiveness of the security measures implemented are reviewed and evaluated. This evaluation it is done whenever an update occurs on the systems. For the logical measures, we have the collaboration of an IT team.

Provision of jobs

In the event that an interested party is hired or an internship is awarded, the appropriate treatment record would be previously prepared. For now, the only treatment carried out in this regard is the receipt of applications.

1.- Community

The persons whose data is processed, are those interested on job positions or internships.

2.- Data categories

The type of data that is processed for this activity is the following:

Main identifying data: name and last name, ID; social security number; postal address or e-mail address; signature; phone nº and picture.
Special data categories: health data (disabilities).
Personal characteristics data: Gender, marital status, nationality, age, date and place of birth and family data.
Academic and professional data: academic carrers, training and professional experience.
Job Details: entity or public institution and job position

3.- Purposes of the treatment

The purpose of the treatment is the selection of personnel.

The data controller will analyze the documents to be forwarded by the candidate, and all the content which would be directly accessible through search engines (Bing, Yandex, Google, Baidu, DuckDuckGo, etc.), the social profiles which would maintain in the professionals social network (LinkedIn, Xing, Viadeo, etc.), the data obtained in the entrance tests and the information which would reveal on the job interview, with the goal of assess his or her candidacy, and to be able, where appropriate, to offer him or her a position. This analysis can be done to discover and assess candidates needed for certain positions or assignments.

4.- Legal basis

This data processing finds its legal justification in that it is necessary for the performance of a contract in which the interested party is part or for the application at the request of the interested party of a contract of pre-contractual measures (art. 6.1.f of the General Data Protection Regulation or GDPR). When it is mandatory to check the background of the interested party, then the tratment will be based on compliance with a legal obligation applicable to the controller (art. 6.1.c of GDPR). The proactive search for candidates and the details about them based on third party data is based on the legitimate interest to discover them to fill positions or to know them better to know if the position fits in their profile (art. 6.1.f of GDPR). In the processes, the labor regulations will be taken into account, and especially, the Workers’ Statute.

5.-Third parties with access to data

They will be able to access data, depending on the case, third parties indicated in the cross treatments.

6.- Recipients categories

Recipients are not anticipated.

7.- International transfers

The international transfers are indicated in the cross treatments activities registry as long as the interested party provides data through the data controller website or its social profiles or send or receive a communication to the data controller.

Other international data transfers are not planned.

8.- Deletion period

They will be kept for the necessary time to fulfill the purpose for which they were collected and to determine the possible responsibilities that may arise from said purpose and from the data treatment. In case the candidate is not selected, the person in charge will be able to keep his CV stored a maximum of two years to incorporate it into future calls, unless the candidate manifests otherwise or express your wish that it be kept longer.

9.- Data protection officer

Not required for this treatment, for the data processed and as its manager executes it, in accordance with the provisions of article 37 of the GDPR and in the article 34 of the Organic Law 3/2018.
https://eur-lex.europa.eu/legal-content/ES/TXT/?uri=CELEX%3A32016R0679 article 37 of the GDPR
https://www.boe.es/buscar/doc.php?id=BOE-A-2018-16673 article 34 of the Organic Law 3/2018

10.- Impact evaluation

An impact assessment has been carried out only for cases where data affected form part of a treatment which anyway would request it, in accordance with the provisions of article 28 of the Organic Law 3/2018.
https://www.boe.es/buscar/doc.php?id=BOE-A-2018-16673 article 28 of the Organic Law 3/2018.

In these cases, it has been included as its own section.

11.- Risk analysis

A risk analysis has been carried out on the security of the data. The security measures are those referred to above. Periodically and whenever a change occurs the effectiveness of the security measures implemented are reviewed and evaluated. This evaluation it is done whenever an update occurs on the systems. For the logical measures, we have the collaboration of an IT team.

INFORMATION QUALITY AND SECURITY POLICY

The established processes were approved by the head of the firm on April 3th, 2020, and they are reviewed with each relevant change, and as minimum, every 12 months. The main goals of these processes are:
Mitigate risks, to minimize incidents, by maintaining technical and organizational security measures.
Guarantee confidentiality, availability and integrity both of the personal data, and industrial secrets.
Be proactive in compliance with the regulatory set applicable to the development of the activity.
Choose only suppliers that meet better or similar quality and safety standards.
Keep a safe record of the assets and their changes.
Achieve high credibility and trust on third parties and suppliers.
Raise awareness among workers and collaborators on physical and logical security through a process of continuous training.

The person responsible expresses his total commitment to the system, in order to fulfill it, the sectoral duties of confidentiality and secrecy and the normative set regarding comprehensive quality and information security.

Personal data protection

Contact details of the person in charge: ShopCanarias.es with fiscal domicile on Santa Úrsula (38390 – Tenerife, Spain), and Contact E-Mail: info@ShopCanarias.es.

How to exercise your rights: Users can direct a written communication to the fiscal address of ShopCanarias.es or to the e-mail address indicated in the heading of this legal notice, including in both cases a photocopy of your ID or other similar identification document, to exercise your rights, which are as follows:


Right to request access to personal data: We will tell you if we are treating your data or not, and in that case: what data, how did we obtained it, what for we treat them, if we have communicated them, the conservation period, etc. Moreover, we will inform you about the rest of the rights that assist you, and about the possibility of filing a claim to the AEPD.                  
Right to request its rectification (in case they are inaccurate) or deletion.                   
Right to request the limitation of the treatment, in which case they will only be kept by ShopCanarias.es for the exercise or defense of claims your.                 
Right to object to processing. ShopCanarias.es will stop treating the data in the way that you indicate, except that for compelling legitimate reasons or exercise or defense of possible claims have to keep trying.                    
Right to data portability. In case you want me to your data is processed by a third party, ShopCanarias.es will facilitate the portability of your data to the new person in charge.                   

Models, forms and more information on the referred rights: Official page of the AEPD:
https://www.aepd.es/ Agencia Española de Protección de Datos

Possibility of withdrawing consent: in the case that consent has been granted for some specific purpose, you have the right to withdraw consent at any time, without affecting the legality of the treatment based on consent prior to withdrawal.

How to claim to the Control Authority: If a user considers that there is a problem with the way ShopCanarias.es is handling your data, you can direct your claims to the corresponding data protection authority, being the AEPD the one indicated in the case of Spain.

Contenido del Sitio Web

The literary content of the Website is offered under license indicated in the footer of the page. All non-literary content licenses are excepted from this license, those on which another applicable license is indicated, the distinctive signs (brands, business names, etc.), and the template, whose authorship and use license must be consulted on their web.

Responsibility for the content of the Website

The Website contains elaborate texts for informational or informative purposes only, they may not reflect the current state of legislation or jurisprudence and that refer to general situations reason why its content can never be applied on by the user to specific cases. The opinions expressed therein do not necessarily reflect the views of ShopCanarias.es. The content of the articles published on this website cannot be considered, in no case, substitute for professional advice. The user must not act on the basis of the information contained in this website without previously resorting to the corresponding professional advice.

The external links contained in this Website lead to managed sites by third parties. ShopCanarias.es is not responsible for the content or status of such sites. The use of external links does not imply that ShopCanarias.es recommend or approve the contents of the landing pages.

Regulations and conflict resolution

These Website Conditions of Use are governed in each and every one of its extremes by Spanish law. The language of writing and interpretation of this legal notice is in spanish. This legal notice will not be archived individually for each user but it will remain accessible through the Internet on this same Website.

To resolve any controversy or claim derived from any activity of ShopCanarias.es within the framework of a service that requires membership and who has been loaned as a professional by ShopCanarias.es, the Customer must go to the corresponding public institution.

Users who have the status of consumers or users according to the spanish regulation´s definition and reside in the European Union, if they have had a problem with an online purchase made to ShopCanarias.es, to try to reach a settlement can go to the Online Dispute Resolution Platform, created by the European Union, and developed by the European Comission under the Regulation (UE) 524/2013:
https://ec.europa.eu/consumers/odr/main/index.cfm?event=main.home.chooseLanguage
https://eur-lex.europa.eu/legal-content/ES/TXT/?uri=celex%3A32013R0524

As long as the User is not a consumer or user, and when there is no rule that forces something else, both parties agree to submit to the Courts and Tribunals of Santa Cruz de Tenerife capital city, as this is the place of conclusion of the contract, expressly waiving any other jurisdiction that may correspond to them.

Fingerprinting, pixels and cookies


The person in charge extracts data from users’ browsing on this website via passive browser fingerprinting (never active).

In this website, the person in charge could use cookies and pixels with technical purposes (for example, to mitigate risks related to safety), advertising and analytics.

1.- Types and purposes of fingerprinting, pixels and cookies used on this Website

Passive browser fingerprinting : The data controller, through the server from which this Website is offered, stores, with basic analytic purposes, some data related to the user´s navigation such as: IP, data port, type of file requested, browser and language and characters settings. If you want more information of the data treatment which we make, you may see below the log of analytical and advertising activities.        

Tracking pixels. Through this website, tracking pixels could collect data on user´s navigation, such as the links you clicked on, or the web pages visited. These information is collected by the website ownership through Automattic with safety purposes (never analytical or advertising).  If you want more information of the data treatment which we make, you may see below the security activity log on the web and in the emails.     

Technical cookies of cibersecurity: This website uses tachnical cookies with cibersecurity purposes (never analytical or advertising) for blocking attacks. If you want more information of the data treatment which we make, you may see below the security activity log on the web and in the emails.  

2.- Additional information

Social networks: On other sites in which the data controller has a webpage or a social profile, third parties use cookies and tracking pixels for all the visitors, even when the user is not registered on the corresponding platforms: Twitter and Facebook.       

Have you detected any other additional cookie or pixel on this website?. Please notify us, so we can act on it.      

Analytic system to avoid spam: This website has implemented the API reCAPTCHA, which collects information of software and hardware, as well as application and device data, and sends them to Google for analysis. This information is used to improve the service of reCAPTCHA and general safety. It will not be used to post personalized Google´s ads.

User identification: fingerprinting, cookies and tracking pixels used by the data controller don´t allow it to identify users. Specific through Google Tag Manager, the visitor’s IP is tagged and also the type of device, for advertising purposes such as remarketing with Google Ads.

The owner of the Website has prepared this legal notice on its own initiative based on the legal texts available under License CC By in www.pablofb.com.

Date of the last edition of this legal notice: July 17th, 2019.