PRIVACY POLICY

Last updated: January 15, 2024

PRIVACY POLICY

GEMSER PUBLICATIONS, S.L. (hereinafter, “GEMSER”) with N.I.F. B-61976270 and domicile in Calle Castell, n.º 38 – 08329 Teià (Barcelona), duly registered in the Mercantile Registry of Barcelona in Page B-199687, Volume 31724, and Sheet 55, declares that it is the owner of the website https://www.gemserpublications.com/ (hereinafter, the “Web”), in accordance with the obligations provided for in the Law 34/2002, of July 11th, on services of the information society and electronic commerce (hereinafter, the “LSSICE”).

1. Identity and contact details of the Data Controller

Under the terms of the applicable data protection regulations and, in particular, the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter, the “GDPR”), and the Organic Law 3/2018, of December 5th, on the Protection of Personal Data and the guarantee of digital rights (hereinafter, the “LOPDGDD”), the Data Controller is:

Data Controller	GEMSER PUBLICATIONS, S.L.
N.I.F.	B-61976270
Domicile	Calle Castell, n.º 38 – 08329 Teià (Barcelona)
Telephone	(+34) 93 540 13 53
Contact email	info@mercedesros.com

2. Compliance with applicable regulations

GEMSER has adapted the Web to the GDPR and the LOPDGDD. To this end, it has put into practice those policies, means and technical and organizational procedures to guarantee and protect the confidentiality, integrity and availability of your personal data.

The transmission of data by the user of GEMSER services through the Web (hereinafter, the “User”), is carried out voluntarily and being informed prior to the processing of its uses and purposes

3. Principles we apply to your personal data

The data supplied to GEMSER by different means, online or offline contact forms or any other procedure used for the collection of your data, will be carried out in accord with current data protection regulations, and with the unique purpose of providing the service that has been informed.

In the processing of your personal data, we apply the following principles that comply with the requirements of the GDPR:

Principle of legality, loyalty and transparency: We will always have a legal basis for the processing of your personal data for one or more specific purposes that we will inform you in advance with absolute transparency. GEMSER informs you that it only collects that information necessary to achieve the purpose of the treatment, and it will only process the data you have provided for the purpose(s) for which you were informed.
Principle of data minimization: We will only ask you for the strictly necessary data in relation to the purposes reported.
Principle of limitation of the retention period: Personal data will be kept for the time strictly necessary until the purpose for which they were collected ends, and as long as the cause that legitimized the processing of these personal data is maintained. Once the cause that legitimized the processing has ended, the personal data will be kept duly blocked during the limitation period of the actions that may arise from the relationship between the parties and/or the legally stipulated retention periods.
Principle of integrity: Your data will be processed in such a way as to ensure adequate security of personal data and guarantee confidentiality. You should know that we take all necessary precautions to prevent unauthorized access or abuse of data by third parties.
Principle of confidentiality: GEMSER, in its capacity as Data Controller, guarantees confidentiality in the processing of all the personal data of the User to which it has access. The Data Controller, like any other person who intervenes in any phase of the processing, is subject to the strictest professional secrecy, with a special commitment to adopt the levels of protection and the necessary measures, both technical and organizational, to guarantee the security of personal data and prevent its alteration, abuse, loss, theft, treatment or unauthorized access.
Principle of data accuracy: All information that the User provides to GEMSER must be truthful, and will be the responsible for any false or inaccurate statements he makes and for the damages he causes to GEMSER or third parties.

GEMSER reserves the right to exclude from the services any User who has provided false data, without prejudice to other legal actions that may apply.

4. Processing of personal data

4.1. Collection and processing of personal data

By providing us with your data through the Web, online or offline forms or by any other means, the User guarantees that these are true, exact, complete and up-to-date, being responsible for any damage, direct or indirect, that may be caused as a result of the breach of such obligation.

In the event that you provide GEMSER with third-party data, the User must have their consent and undertake to transfer the information contained in this clause to them, exempting GEMSER from any responsibility in this regard. However, GEMSER may carry out the actions to verify this fact, adopting the corresponding due diligence measures, in accordance with the data protection regulations.

4.2. Purposes of the processing

The purposes of the processing carried out by GEMSER of the User’s personal data are:

Data processing	Purpose of the processing	Legal basis	Retention period
Provision of services	To manage the provision of the service and its queries	Performance of a contract	6 years after the resolution of the commercial relationship
Resolution of queries	Respond to requests and queries raised though the Contact form enabled for this purpose on the Web.	Performance of a contract or consent of the data subject	12 months after the queries resolution.
Commercial communications in electronic format	Sending commercial communications of the activities, services, promotions, publicity, news, newsletter and other information about the products and services of GEMSER by electronic media.	Consent of the data subject	Revocation of the consent of the data subject

4.3. Data category

In accordance with the aforementioned purposes, GEMSER collects and processes the following categories of data from Users:

Contact data: Name, surname, role, company and email.
In the case of organizing contests, promotions or events: Images, recordings and/or videos of the User, with their previous express consent.
Also, through cookies we collect certain information related to the User’s navigation. To obtain more information about the uses of the cookies, you can consult our Cookies Policy.

Regarding the queries made using the form available in the “CONTACT” section, it is allowed to briefly explain the reason of the query. Keep in mind that personal inquiries cannot be answered there, except those strictly established by current legislation. Under no circumstances will the User communicate special categories of data (such as, for example, health data, religion, etc.). In case of doing so, the User exempts GEMSER from total responsibility. In the event that queries or inappropriate content are sent, GEMSER will proceed to its elimination.

5. Processing of data by third parties and transfer

Depending on the purposes for which personal data is collected, your personal data may be processed by:

Authorized personal of GEMSER or its representatives acting on its behalf, subject to the applicable data protection regulations.
Administrations, Authorities and Public Bodies, including Courts and Tribunals, when required by applicable regulations.
Third party providers of external services that GEMSER hires and that have the status of data processor [IT service providers, hosting servers, maintenance of database support, software and applications]. All this only after carrying out the necessary measures to ensure that we can share such information in compliance with data protection regulations.

If there is a sale, a merger, consolidation, change in corporate control, substantial transfer of assets, reorganization or liquidation of GEMSER, then, at our discretion, we may transfer, sell or assign the information collected on the Web to one or more relevant parties.

6. Security measures

GEMSER adopts the security levels required by the GDPR appropriate to the nature of the data that is being always processed for its activity. In this sense, it uses encryption techniques that do not allow a third party to trace the identity of the User who interacts with our services. Likewise, it may also carry out secure anonymization techniques for the personal data it processes to carry out its activity. However, technical security in a medium such as the Internet is not impregnable and there may be malicious actions by third parties, although GEMSER uses all the means at its disposal to avoid such actions.

7. International data transfer

We do not transfer the User’s personal data to third parties outside the European Economic Area. In the case of international data transfers, we will carry out the appropriate technical and organizational measures to guarantee data security.

8. Rights of the data subjects

In accordance with the GDPR and the LOPDGDD, Users can exercise the following rights:

Right to access: The User may ask GEMSER if it is processing their data and, if so, access them.
Right to rectification: The User may request the rectification of the data if they are inaccurate or incomplete.
Right to request the deletion of your data, when it is possible. In any case, at the time the User exercises this right, all personal data linked to their account, as well as the information and content that are included in their profile will be unsubscribed and will remain blocked until the end of the established legal term. Likewise, in the event that the User exercises the right to erasure the data necessary for GEMSER to be able to provide the services of the Web, GEMSER will be obliged to finish its relationship with the User, proceeding to cancel it, without right to any claim.
Right to request the limitation of your processing: In this case, we will only keep them for the exercise or defence of claims.
Right to object to processing: GEMSER will stop processing personal data, with the exception that they must continue to be processed for reasons of compelling legitimate interest or for the exercise or defence of possible claims.
Right to data portability: If the User wants their data to be processed by another data controller, GEMSER will facilitate the transfer of their data to the new controller in the event that both have the necessary technical means to it.
Right not to be the subject of a decision based only on the automated processing of your personal data.
Right to revoke consent: If the User had granted consent for any specific purpose, he may withdraw it whenever he wishes, without affecting the legality of the processing based on the previous consent to its withdrawal.

Right to file a claim to the Spanish Data Protection Agency: If you consider that GEMSER has committed an infringement of data protection legislation regarding the processing of your personal data, you can file a claim to the Spanish Data Protection Agency (hereinafter the “AEPD”) (https://www.aepd.es/es)

To exercise your rights, you can use the models and forms available on the official page of the AEPD (https://www.aepd.es/es/derechos-y-deberes/conoce-tus-derechos), and send a communication to the domicile of GEMSER or by email to the address info@mercedesros.com, REF: “Data Protection”.

9. User consent

The User declares to have read and expressly accepted this Privacy Policy.

The User undertakes to hold GEMSER harmless from any possible claim, fine or sanction that it may be obliged to bear as a result of the User’s breach of the duty described in this paragraph.

10. Changes in the Privacy Policy

We will only use personal data as established in the Privacy Policy that is in force at the time such data is collected.

GEMSER reserves the right to modify this Privacy Policy at any time with effect from the date of publication of such modifications on the Web, so it is recommended to visit it each time it is accessed. If at any time we decide to use personal data in a different way that what was declared at the time it was obtained, it will be communicated to the User by email, if we have it. At that time, you will be given the option to authorize other uses or disclosures of the personal data that you have provided to us prior to the amendment of our Privacy Policy.

If any clause of this Privacy Policy is annulled or considered void, the rest of the conditions will not be affected, fully preserving its validity and validity, in accordance with current regulations applicable at all times.

11. Applicable law

The privacy of all the information provided, both by the User through the different personal data request forms, and that accessible through the Web, is regulated by current data protection regulations, especially by the GDPR and the LOPDGDD.

12. Cookies

Access to the Web may imply the use of cookies. Cookies are small amounts of information that are stored in the browser used by each user so that the server remembers certain information that it can later use. This information allows you to be identified as a specific user and allows you to save your personal preferences, as well as technical information on the use and operation of the Web.

Those Users who do not wish to activate cookies or want to be informed before they are stored on their devices, can configure their own device for this purpose. For more information, you can consult our Cookies Policy.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	2 years	This cookie stores a unique user ID so we can distinguish our users.
_gid	24 hours	This cookie stores a unique user ID and is used to store information of how visitors use a website