DATA PROTECTION POLICY
PROTECTION OF YOUR WEBSITE AND APPLICATION DATA
GRUP HIPER PAS, processes the identification data provided by consumers for various purposes: on the one hand, to send information to consumers who request it through commercial communications and/or the newsletter, to process incidents or complaints and to keep them informed about the activity of GRUP HIPER PAS, and, on the other hand, to maintain the security of its establishments.
We inform you that the legitimate basis for the processing is consent, the fulfilment of the contractual relationship and, failing that, legitimate interest, and also, where appropriate, the maintenance of security.
GRUP HIPER PAS respects the confidentiality of personal data; if necessary, it will communicate them to the authorities in accordance with the fulfilment of its legal obligations.
The data is kept for the duration of the contractual relationship that led to its collection, provided that the owner does not object to its processing, or for the time necessary to comply with the legal obligations that affect GRUP HIPER PAS in the event that any liability may arise.
Data relating to video surveillance
In GRUP HIPER PAS establishments, security cameras are installed and are duly identified at the entrances of the establishments, as well as in the interior. The data obtained from the cameras is stored for a maximum period of 30 days. The Shopping Centre guarantees the absolute confidentiality of the data processing and only communicates the data to official bodies and agents of the authority who request it, as well as to insurance companies whenever they necessarily have to access the information to resolve the claim.
The legitimate basis for the processing is the maintenance of the safety of the establishments at work and of their assets, as well as the fulfilment of the legal obligations that affect them.
If a consumer submits a complaint for any circumstance, by means of our corresponding form or formal complaint, we inform you that GRUP HIPER PAS uses the data exclusively to resolve the complaint and does not pass them on to third parties, unless the complaint requires communicating them and exclusively for this purpose. The data provided is kept for the years necessary to comply with legal obligations, as long as the object of the claim is not time-barred. The legitimate basis for processing is in any case the fulfilment of legal obligations or, failing this, consent.
Data relating to candidates – CV
Were a holder to have given their CV to the GRUP HIPER PAS as a potential candidate to form part of the different establishments that make up the group, the GRUP HIPER PAS will use the data exclusively to manage the candidature and will not pass it on to third parties, except to other companies or establishments in the Group and exclusively for this purpose. The data provided will be kept for 6 months. The legitimate basis for the processing is the consent given by the holder of the CV who sends it to the GRUP HIPER PAS by means of the corresponding form.
WIFI at establishments
The WIFI network of the GRUP HIPER PAS establishments is completely free and open access.
The WIFI zone of the GRUP HIPER PAS establishments does not undertake any type of guarantee as to the availability and functionality of this free service. When using the free WIFI service, the user acknowledges that GRUP HIPER PAS is not responsible for the security and integrity of the data or the security of the users’ systems. The user is responsible for the security of their systems and the use of encryption technology when using e-mail. Likewise, the user is responsible for the use of the correct configuration and parameters on their equipment. GRUP HIPER PAS, reserves the right to withdraw the WIFI service completely, modify its conditions or technology, or make the service payable without notification.
The WIFI zone network of GRUP HIPER PAS establishments is only available to customers of the Shopping Centre.
Questions regarding data privacy
In compliance with the LQPD 29/2021, of 28 October, qualified personal data protection and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, (GDPR) we provide the following information on the processing of your personal data:
- Who is the controller of the processing of your data?
The OWNER; Our details are set out at the beginning of this Data Protection Policy.
- For what purposes do we process your personal data?
- We process the information provided to us in order to provide and invoice our services and products.
- If you give us your consent, we may also process your data to send you the newsletter, commercial information about our activities, products, discounts or services.
- If you participate in any of our prize draws and/or contests, we will publish your name and surname, as well as your image, if applicable, in the different spaces and means of communication and dissemination that we use, including social networks, in order to promote our activities, services and products.
- How long will we keep your data?
The personal data provided will be kept for as long as you are a user of our services or wish to receive information, and thereafter, for the periods established to comply with our legal obligations.
- What is the legal basis for processing your data?
The legal basis for the processing of your data is the consent you give us.
In the case of information sent to us by minors under 16 years of age, it will be understood that it has been sent with the consent of their legal representatives. If this is not the case, the legal representative of the minor must communicate this as soon as he/she becomes aware of it.
- To which recipients will your data be communicated?
The data will not be disclosed to third parties, unless this is required by law or is necessary to fulfil the purpose of the processing.
- What are your rights when you provide us with your data?
- Any person has the right to obtain confirmation as to whether we are processing their personal data.
- Data subjects have the right to access their personal data, as well as the right to request the rectification of inaccurate data or, where appropriate, to request its deletion when, among other reasons, the data is no longer necessary for the purposes for which it was collected.
- In certain circumstances, data subjects may request the limitation of the processing of their data, in which case we will only keep them for the exercise or defence of claims. Or, for carrying out the administrative, fiscal and accounting management of the services provided.
- Also, in certain circumstances and for reasons relating to their particular situation, data subjects may object to the processing of their data. In this case, we will stop processing them, except for compelling legitimate reasons or for the exercise or defence of possible claims.
- Data subjects also have the right to data portability.
- Finally, data subjects have the right to lodge a complaint with the competent supervisory authority.
- How can you exercise your rights?
By sending us a letter attaching a copy of a document that identifies you to our physical or electronic address.
Details identifying the person responsible: MERCA CENTER, SAU (GRUP HIPER PAS) A-703134-P C/ Prat de la Coma, s/n -AD200- LES BONS – ENCAMP (PRINCIPALITY OF ANDORRA).
Tel. +376.735 050
Identification of our DPD – Berta Faura: firstname.lastname@example.org
- Who is the Data Protection Delegate?
The Data Protection Delegate (DPD) is the person who supervises compliance with the data protection policy of the GRUP HIPER PAS, ensuring that personal data is treated appropriately and that the rights of individuals are protected. Its functions include dealing with any queries, suggestions, complaints or claims from people whose data is processed.
You can contact our Data Protection Delegate by writing to C/ Prat de la Coma, s/n -AD200- LES BONS-ENCAMP (PRINCIPALITY OF ANDORRA), or to the following e-mail address: dpd.hiperpasriver @gruphiperpas.com
Identification of our DPD: Berta Faura, date of public designation 9/06/2022 in the APDA with Resolution Number: APD-2022-000139.
- How did we obtain your data?
The personal data that we process comes from the interested party, who guarantees that the personal data provided is true and is responsible for communicating any changes. The data requested or marked with an asterisk are obligatory in order to be able to provide the requested service.
- What data do we process?
The categories of data we may process are:
- Data of an identifying nature.
- Postal or e-mail addresses.
- Other data requested in our forms.
The data is limited, given that we only process the data necessary for the provision of our services and the management of our activity.
- What security measures do we have in place?
We have security measures in place established by Article 35 of LQPD – Security and Confidentiality in data processing and established by Article 32 of GDPR – Data Processing Security. We have adopted necessary security measures to guarantee an adequate level of security for the risks associated with processing data, with mechanisms that allow us to ensure confidentiality, integrity, availability and permanent resilience of the processing systems and services.
- Some of these measures include:
- Information on staff data processing policies
- Periodical security copies produced
- Data access controls
Regular and permanent verification, supervision, assessment and valuation processes.