Privacy Policy

Gaizka Arranz Domínguez is committed to adopting the necessary technical and organisational measures in accordance with the level of security appropriate to the risk of the personal data collected.

 

Applicable Laws

This Privacy Policy is adapted to current Spanish and European legislation regarding the protection of personal data on the internet, specifically complying with:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and the free movement of such data (GDPR).

  • Organic Law 3/2018, of 5 December, on the Protection of Personal Data and Guarantee of Digital Rights (LOPD-GDD).

  • Royal Decree 1720/2007, of 21 December, approving the implementing regulation of Organic Law 15/1999, of 13 December, on the Protection of Personal Data (RDLOPD).

  • Law 34/2002, of 11 July, on Information Society Services and Electronic Commerce (LSSI-CE).

 

Data Controller

The data controller for personal data collected via qualityoperations.es is:

Gaizka Arranz Domínguez

NIF: 14262862X

(hereinafter, the Data Controller)

Contact information:

  • Telephone: +34 876 506 306

  • Email: gaizka.arranz@qualityoperations.es

 

 

Personal Data Records

In compliance with the GDPR and LOPD-GDD, we inform you that personal data collected by Gaizka Arranz Domínguez through forms on the website will be stored and processed to facilitate, expedite, and fulfil commitments established between the Data Controller and the User, to maintain the relationship established through completed forms, or to respond to requests or queries.

Unless otherwise exempt under Article 30.5 of the GDPR, a record of processing activities is maintained, specifying the purpose, processing activities carried out, and other circumstances established by the GDPR.

 

Principles Applicable to Personal Data Processing

The processing of Users’ personal data will comply with the principles set out in Article 5 of the GDPR:

  1. Lawfulness, fairness, and transparency: Users’ consent is required with full transparency regarding the purposes of data collection.

  2. Purpose limitation: Data will be collected for specific, explicit, and legitimate purposes.

  3. Data minimisation: Only the data strictly necessary for the intended purposes will be collected.

  4. Accuracy: Data must be accurate and kept up to date.

  5. Storage limitation: Data will only be retained as long as necessary for the intended purpose.

  6. Integrity and confidentiality: Data will be processed to ensure security and confidentiality.

  7. Accountability: The Data Controller is responsible for ensuring these principles are upheld.

 

Categories of Personal Data

Only identifying data is processed. Special categories of personal data under Article 9 of the GDPR are not processed.

 

Legal Basis for Processing

Processing is based on user consent. The Data Controller will obtain express and verifiable consent for one or more specific purposes.

Users may withdraw consent at any time. Withdrawal is as easy as granting consent and generally does not affect the use of the website.

Where data is required to complete forms or requests, users will be informed if providing certain data is mandatory.

 

Purpose of Data Processing

Data is collected to facilitate, expedite, and fulfil commitments between the website and the user, maintain relationships through forms, or respond to queries.

Data may also be used for commercial purposes, including personalisation, operational and statistical analysis, marketing research, and improving website quality, functionality, and navigation.

Users will be informed of the specific purpose(s) at the time data is collected.

 

Retention Period

Personal data will be retained only for the minimum period necessary and, in any case, for 2 years or until the user requests deletion.

Users will be informed of the retention period or, where not possible, the criteria used to determine it.

 

Recipients of Personal Data

User data will not be shared with third parties. Users will be informed about recipients or categories of recipients at the time data is collected.

 
Personal Data of Minors

In accordance with Articles 8 of the GDPR and 13 of the RDLOPD, only persons over 14 years of age may give lawful consent. Parental or guardian consent is required for minors under 14.

 

Confidentiality and Security

The Data Controller will adopt technical and organisational measures appropriate to the level of risk to ensure the security of personal data and prevent accidental or unlawful destruction, loss, alteration, or unauthorised access.

The website has an SSL certificate to ensure secure and confidential transmission of data.

Despite security measures, absolute security cannot be guaranteed, and the Data Controller will notify users promptly in the event of a breach likely to pose a high risk to their rights and freedoms.

Data will be treated as confidential, and employees, associates, and any persons granted access are legally or contractually bound to maintain confidentiality.

 

Users’ Rights

Users may exercise the following rights under the GDPR:

  1. Right of access: Confirm whether data is processed and obtain details of the data and processing.

  2. Right to rectification: Correct inaccurate or incomplete data.

  3. Right to erasure (“right to be forgotten”): Request deletion of data when no longer necessary, consent is withdrawn, or processing is unlawful.

  4. Right to restriction: Limit the processing of data under specific circumstances.

  5. Right to data portability: Receive data in a structured, commonly used, machine-readable format and transmit it to another controller.

  6. Right to object: Object to processing of personal data.

  7. Right not to be subject to automated decisions, including profiling: Unless otherwise permitted by law.

Users can exercise their rights by writing to the Data Controller with the reference “GDPR-www.qualityoperations.es”, including:

  • Name, surname, and a copy of ID (or other valid proof of identity).

  • Specific request or information sought.

  • Contact address for notifications.

  • Date and signature.

  • Supporting documentation.

Contact:

  • Telephone: +34 876 506 306

  • Email: gaizka.arranz@qualityoperations.es

 

Links to Third-Party Websites

The website may include links to third-party websites not operated by Gaizka Arranz Domínguez. These third parties have their own privacy policies and are responsible for their own data and practices.

 

Complaints

Users may lodge a complaint with the relevant supervisory authority in their country of residence, work, or the location of the alleged infringement. In Spain, the authority is the Spanish Data Protection Agency (AEPD): http://www.agpd.es.

 

Acceptance and Updates

Users must have read and agreed to this Privacy Policy and the processing of their data for the purposes described. Using the website constitutes acceptance of this Privacy Policy.

Gaizka Arranz Domínguez reserves the right to modify the Privacy Policy at its discretion or due to legislative, jurisprudential, or doctrinal changes. Updates will be explicitly notified to users.

This Privacy Policy was last updated on 2 February 2018 to comply with Regulation (EU) 2016/679 (GDPR) and Organic Law 3/2018 (LOPD-GDD).

Quality&Operations

We are committed to the success of your business, guiding it towards the operational excellence it truly deserves.

GAIZKA ARRANZ