9. Rights of the data subjects
What are your data protection rights?
Right of Access: you have the right to request information about your personal data processed by us, in particular about the purposes of the processing, the categories of personal data concerned, the recipients or categories of recipients, storage terms, exercises of rights, the right to lodge a complaint with a supervisory authority (Spanish Data Protection Agency), the origin of your data if they were not collected by us and the existence of automated decision-making including profiling.
Right to Rectification: you have the right to obtain from us the rectification of inaccurate or incomplete personal data. In such cases, you will have to indicate the wrong data and the correction that must be made or provide the necessary information to complete your data.
Right to erasure (“right to be forgotten”): you have the right to obtain from us the erasure of your personal data in certain cases assessed pursuant to data protection regulation:
- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
- if you withdraw consent on which the processing is and there is no other legal ground for the processing.
- you object to the processing and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing for marketing, including profiling.
- your personal data have been unlawfully processed.
- your personal data have to be erased for compliance with a legal obligation in Union or Member State law to which us are subject.
- your personal data have been collected in relation to the offer of information society services.
Right to object: if the processing by us of your personal data is based on legitimate interest, you have the right to object to processing of your personal data on grounds relating to your particular situation or if such processing is based on marketing, including profiling. In this sense, the purpose of the processing of your personal data by EOS Spain is not marketing, neither profiling.
Right to restriction of processing: you have right to to obtain from us restriction of processing where one of the following applies:
- the accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data.
- the processing is unlawful and you oppose the erasure of the personal data and requests the restriction of their use instead.
- we no longer need your personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims.
- if you have objected to processing pursuant to article 21.
Right to data portability: you have the right to receive your personal data provided to us in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without our hindrance, where:
- the processing is based on your consent or on a contract.
- the processing is carried out by automated means.
Finally, you have the right to withdraw the consent you previously granted us at any time. This shall mean that we may not continue the data processing upon which this consent was based in the future.
How can you exercise your rights?
If you wish to exercise your Data Protection rights, you can contact EOS Spain, S.L.U., at any time and free of charge sending a written request under ref. “Data Protection”:
EOS Spain, S.L., Sociedad Unipersonal
C/ Manuel Guzmán, 1, Esc. 1, Planta 1.
15008, A Coruña (A CORUÑA)
The content of the written request must include:
- request addressed to EOS Spain.
- two-side copy of your ID Card, NIE (Foreign ID Card) or Passport. You can also use the electronic signature instead of ID.
- in case of legal representation:
- the document which certifies the legal representative.
- two-side copy of your ID Card, NIE (Foreign ID Card) or Passport.
- two-side copy of the ID Card, NIE (Foreign ID Card) or Passport of your representative.
- concrete request (access, rectification, erasure, object, restriction of processing, data portability, …).
- address for the purpose of communications, date and signature of the data subject. If you don´t give an address, we will respond to you by the same way we received the request.
- documentation certifying the request made, when appropriate.
We may deny your request where one of the following cases:
- the request is sent by a legal person.
- the data subject is not you or your representative.
- you don´t state the file or the terms on which the data protection rights are exercised.
- the request is manifestly groundless or excessive, especially as a result of their repetitive nature.
- in case of the right of rectification, if you don´t indicate the wrong data and the correction that must be made or don’t provide the necessary information to complete your data.
- generic-looking requests.
EOS Spain will provide you the information requested within a one month from the reception of the request. This term can be extended for a further two months when required, considering the complexity and number of requests. We will inform you about any of those extensions within a month since the request was served, explaining the reasons of the delay.
If your request doesn´t meet any of the requirements indicated above, we will notify you as soon as possible so that it can be rectified and later, within one month from the date we receive your request.
If the defects of the request are rectified, the period of one month to answer will begin from the moment we receive the completed request.
If the defects of the application are not rectified within a reasonable period, we will understand that you have desist from submitting it and it will be filed.
EOS Spain has a Data Protection Officer with whom any individual may contact at the following email address: firstname.lastname@example.org, on all matters related to the processing of personal data and exercise of Data Protection Rights according to the GDPR.
We inform you that you have the right to file a claim before the responsible data protection regulatory authority, in particular, before the Spanish Data Protection Agency, if you consider any breach of Data Protection regulations has been committed when processing your personal data (www.aepd.es).