Privacy Policy
Through this Privacy Policy, COSMIKAL aims to guarantee the right to privacy and the protection of personal data of USERS, explaining to them in a fair and transparent manner how it collects, uses, shares, and protects their personal information.
Therefore, in accordance with the provisions of European Regulation 2016/679 General Data Protection Regulation (hereinafter, GDPR) and Organic Law 3/2018, of December 5, on Personal Data Protection and Guarantee of Digital Rights (hereinafter, LOPDGDD), and following the recommendations of the Spanish Agency for Data Protection (hereinafter “AEPD”), COSMIKAL informs you of the following:
1. Responsible: Who is responsible for the processing of your personal data?
- Identity: COSMIKAL S.L.
- Postal Address: Barrio Rinconeda M13, 39313, Rinconeda Polanco
- Contact: info@cosmikal.es
- Data Protection Officer (DPO) Contact: dpo@cosmikal.es
2. Purposes of Processing: What purposes do we process your personal data for?
We would like to inform you of the purposes of processing the personal data collected through contact forms, emails you send to our public email accounts, and other mechanisms that we may make available to you:
- To send you technical, operational, and commercial information regarding the products, activities, and services you have shown interest in, as well as other information that may be of interest to you.
- To address and manage your requests, questions, and comments.
- To establish and/or maintain a contractual or commercial relationship with you, if applicable.
- To conduct statistical studies that allow us to improve our services.
In the event that other purposes apply, you will be informed of this, as well as of any other necessary mentions according to applicable law, at the time we request your personal data. Furthermore, some of our services have their own Privacy Policy, such as the case of recruitment processes.
3. Legitimation: What is the legal basis for processing your data?
The legal basis for processing personal data is the USER’S CONSENT.
The submission of personal data by USERS through COSMIKAL’s electronic forms, by ticking the privacy policy acceptance box, or by sending emails, implies the sender’s consent to the processing of their personal data. The personal information collected in the forms may vary depending on the services used; in any case, all the requested data is necessary for the provision of the service. If there are any optional fields, this will be indicated.
COSMIKAL does not use “spamming” techniques and will only process the data transmitted by the USER. Furthermore, the USER guarantees that they are over 14 years old and that the personal data provided is truthful, committing to notify of any changes. If the data pertains to third parties other than the USER, the USER guarantees they have obtained prior consent from those individuals and informed them of this policy.
In the event that we need to process your data for purposes not related to the aforementioned points, we will inform you accordingly and, if applicable, request your additional consent, unless another legal basis for processing exists.
4. Recipients: Who will your data be shared with?
In cases where it is necessary, we will share the USERS’ information with the personnel involved in providing information about the products and services they have requested. Additionally, if there is any legal obligation or authorization by judges, courts, government agencies, or any public entity. Under no circumstances will we share the information with any other third party without informing you and requesting additional consent, unless there is another legitimate basis for doing so.
No international data transfers outside the European Economic Area are planned. In the event that they become necessary, COSMIKAL will ensure an adequate level of protection by complying with the mechanisms and guarantees established in the regulations for such situations.
5. Information Security: How do we protect your personal data?
COSMIKAL continuously strives to adopt the necessary technical and organizational measures to ensure the security of USERS’ personal data and to prevent its alteration, loss, improper processing, or unauthorized access in accordance with applicable regulations.
We use reasonably reliable and effective physical, organizational, and technological measures, controls, and procedures aimed at preserving the integrity and security of your data and ensuring your privacy.
In addition, all personnel with access to personal data have been trained and are aware of their obligations regarding the processing of your personal data.
In the case of the contracts we enter into with our suppliers, we include clauses requiring them to maintain confidentiality regarding the personal data to which they have had access as a result of the tasks performed, as well as to implement the necessary technical and organizational security measures to ensure the confidentiality, integrity, availability, and ongoing resilience of the systems and services for processing personal data.
All these security measures are periodically reviewed to ensure their adequacy and effectiveness.
However, absolute security cannot be guaranteed, and there is no security system that is completely impenetrable. Therefore, if any information subject to processing and under our control is compromised as a result of a security breach, we will take appropriate measures to investigate the incident, notify the Control Authority, and, if necessary, inform any users who may have been affected so they can take the necessary precautions.
6. Retention Period of Data: How long will we keep your data?
User personal data will be kept for as long as necessary to fulfill the purpose for which it was collected and to determine any potential liabilities that may arise from that purpose and the processing of the data.
The deletion of data entails keeping the deleted data “blocked,” which means identifying and reserving it in such a way that it cannot be processed or accessed except for its availability to Public Administrations, Judges, and Courts, to address any potential liabilities arising from the relationship with the USER, and until those liabilities expire. After this period, the data will be permanently deleted. Only individuals authorized for the specified purposes will have access to the blocked data. If the law does not establish a retention period, we will proceed with the permanent deletion of such information within a period not exceeding two (2) years after the termination of the relationship established with you.
7. Rights: What are your rights when you provide your data and how can you exercise them?
The data protection regulations allow you to exercise your rights of access, rectification, deletion, and data portability, as well as opposition and restriction of processing, when applicable.
To facilitate their exercise, we provide the links to the request form for each of the rights:
- Formulario ejercicio del derecho de acceso
- Formulario de ejercicio del derecho de rectificación
- Formulario de ejercicio del derecho de oposición
- Formulario de ejercicio del derecho de supresión (derecho “al olvido”)
- Formulario de ejercicio del derecho a la limitación del tratamiento
- Formulario de ejercicios del derecho a la portabilidad
To exercise your rights, COSMIKAL provides you with the following means:
By means of a written and signed request addressed to Barrio Rinconeda Edif. M13, Rinconeda-Polanco, 39313. Ref: Exercise of Rights – Personal Data.
By sending a scanned and signed form to the email address dpo@cosmikal.es with the subject Exercise of Rights – Personal Data, providing a document that proves your identity and includes the following information (name, surname, validity of the document), while being able to redact any unnecessary information, and identifying the right being requested in relation to the processing carried out by COSMIKAL.
Additionally, and especially if you believe that you have not received full satisfaction in exercising your rights, we inform you that you can file a complaint with the national supervisory authority by contacting the Spanish Data Protection Agency, C/ Jorge Juan, 6 – 28001 Madrid.
This privacy notice may be updated periodically to reflect changes in our privacy practices and legal updates. Updated on May 22, 2024.