This is the data protection policy of Moycor Vic SL. It refers to the data that are processed in the exercise of its commercial activities in compliance with the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council, dated 27 April 2016) and Organic Law 3/2018, dated 5 December 2018, on data protection and guarantee of digital rights.
Who is the data controller of the personal data?
The data controller of the personal data is Moycor Vic SL (commercial name ‘ModyHome’), with tax ID number ESB59094524 and headquartered at Carrer Roc Gros, 21, in Hostalets de Balenyà (CP 08550), telephone (+34) 93 017 39 34, email address contact@modyhome.com, www.modyhome.com, registered in the Business Registry of Barcelona, volume 24011, folio 181, page B65496.
For what purpose do we process data?
At ModyHome, we process personal data for the following purposes.
Contact.
To attend to inquiries from people who contact us by means of the contact forms on our website. We use the data solely for this purpose.
Telephone service.
We serve the people who contact us by telephone using this means. In order to offer a higher quality service, the conversations may be recorded, after previously notifying the person with whom we are communicating.
Hiring.
Receipt of curriculum vitae sent to us by people interested in working with us and managing the persona data generated by participating in hiring processes, with the purpose of analysing the suitability of the candidate’s profile according to the vacant or newly created jobs. Our criterion is to store the data of people who are ultimately not hired for at most one year, in case there is a new vacancy or job in the short term. However, in this latter case, we immediately eliminate the data if the interested party asks us to do so.
Customer services.
Registering new customers and any addition data that may be generated as the result of the commercial relationship with customers. In the contracting process, we only request the data that are strictly needed, including bank information (bank account or credit card number), which will be shared with the banks that manage the payments (these data may only be used for this purpose). The commercial relationship also entails other kinds of processing, such as adding the data to our accounting, invoicing or information to the tax administration.
Information on our products or services.
As long as there is a contractual relationship with its customers, ModyHome uses their contact data to share information inherent to this relationship, which may circumstantially include references to our products and services, either general or referring more specifically to our customers’ characteristics and needs.
Other product information.
With our customers’ explicit authorisation, once the contractual relationship is over the contact data are kept in order to send them advertising related to our products and services, general information or specific information tailored to the customer’s characteristics. This information is sent to people who have never been our customers but have requested it or have agreed to receive it by filling in our forms.
Managing the data on our suppliers.
We register and process the data on our suppliers from whom we receive services or goods. This may include the data of people acting as freelancers or representatives of legal entities. We only get the data needed to maintain the commercial relationships, only use them for this purpose and use them properly for this type of relationship.
Video surveillance.
When applicable, we inform visitors to our facilities of the existence of video surveillance cameras at the entrances via standardised signs. The cameras record images only at the points where it is justified in order to guarantee the safety of the goods and people, and the images are only used for this purpose.
Users of our website.
The browsing system and programming which makes it possible for our website to work collect the data that are ordinarily generated in the use of Internet protocols. This category of data includes other IP addresses or the domain name of the computer used by the person who connects to the website. This information is not associated with specific users and is solely used to get statistical information about the use of the website. Our website does not use cookies which enable us to identify the specific physical persons who use the site. The use of cookies is reserved for collecting technical information in order to facilitate the accessibility and efficient use of the website.
Other channels to get data.
We get data by means of in-person interaction and other channels such as the receipt of emails, by means of our profiles on the social media. In all cases, the data are only used for the explicit purposes that justify their collection and processing.
What is the legal legitimation for the data processing?
The data processing we do has different legal underpinnings according to the nature of each kind of processing.
In fulfilment of a precontractual relationship. This applies to the data of possible customers or suppliers with whom we have relations prior to the formalisation of a contractual relationship, such as by drawing up or studying estimates. It also applies to the processing of the data of people who have sent us their curriculum vitae or who are participating in hiring processes.
In fulfilment of a contractual relationship. This applies to relations with our customers and suppliers and all the actions and uses entailed in these relations.
In fulfilment of legal obligations. Communicating data to the tax administration is established by the rules regulating commercial relationships. Data may be shared with judicial bodies or security corps or forces, also in fulfilment of laws which obligate us to collaborate with these public bodies.
Based on consent. When we send information on our products or services, we process the contact data of the receivers with their explicit authorisation or consent.
Due to legitimate interest. The images we obtain from video surveillance cameras are processed due to our company’s legitimate interest in preserving its goods and facilities. Our legitimate interest also justifies processing the data we obtain from contact forms.
With whom are the data shared?
As a general criterion, we only share data with public administrations or authorities solely in fulfilment of legal obligations. When issuing invoices to customers, the data may be shared with banks. In justified cases, we share data with the security corps or forces or with the judicial bodies holding authorities. No data are transferred outside the European Union (international transfer).
In another sense, for certain tasks we obtain the services of companies or individuals who provide their experience and specialisation. Sometimes these outside companies have to access the personal data for which we are responsible. This is not cession of data per se but delegated processing. Services are only contracted with companies that guarantee fulfilment of the data protection regulations. When they are contracted, their confidentiality obligations are formalised, and their actions are tracked. Examples may include data hosting, IT support services or legal, accounting or tax consulting.
How long are the data kept?
We fulfil the legal obligation to limit the amount of time we keep data to the utmost. For this reason, they are only kept the amount of time needed and justified by the purpose which motivated collecting them. In certain cases, such as the data that appear in accounting documentation and invoices, the tax regulations force us to keep them until we have no further responsibilities on these matters. In the case of data processed based on the consent of the interested party, they are kept until this person revokes this consent. The images obtained by the video surveillance cameras are kept for at most one month, although in the case of incidents justifying it they are kept as long as needed to facilitate the actions of the security corps and forces or the judicial bodies.
What are people’s rights in relation to the data we process?
As provided for in the General Data Protection Regulation, people whose data we process have the following rights:
To know whether it is processed. Any person first has the right to know whether we are processing their data, regardless of whether or not there has been a previous relationship.
To be informed of data collection. When personal data are obtained from the interested party, when they provide these data they must be clearly informed of the purposes for which they will be used, who the data controller is and any other aspects stemming from this processing.
To access the data. This is an extremely broad right that includes knowing precisely what personal data are being processed, the purpose for which they are being processed, any communications of this data with others (if applicable) and the right to get a copy of the data or find out the amount of time the data is expected to be kept.
To ask that the data be rectified. This is the right to request the rectification of inaccurate data to be processed by us.
To ask that data be erased. In certain circumstances, there is the right to ask that the data be erased, among other reasons when they are no longer necessary for the purposes for which they were collected that justified their processing.
To request a restriction in processing. Also in certain circumstances, the right to request a restriction in data processing is recognised. In this case, the data are no longer processed and are only kept for the exercise of or defence against claims, in accordance with the General Data Protection Regulation.
To portability. Certain cases provided for in the regulations recognise the right to obtain one’s own personal data in a structured and commonly used format that is machine legible and to transmit them to another data controller if the interested party decides to do so.
To object to processing. A person may cite motives related to their particular situation which shall entail that their data cease to be processed to the degree or measure which could cause them harm, except for legitimate reasons or the exercise of or defence against claims.
Not to receive commercial information. We immediately attend to requests to cease sending commercial information to people who had previously authorised us to do so.
How can one exercise or defend one’s rights?
The rights we have just listed can be exercised via a written request to Moycor Vic SL at the postal address Roc Gros, 21, Hostalets de Balenyà (postcode 08550), or by sending an email to contact@modyhome.com, in both cases indicating ‘Protection of personal data’.
If a satisfactory response to the exercise of rights is not received, users may file a claim with the Spanish Data Protection Agency via the forms or other channels accessible on its website www.agpd.es.