Privacy Policy I Canussa Lab

1.- GENERAL INFORMATION

This "Privacy and Data Protection Policy" aims to explain the conditions governing the collection and processing of your personal data by our entity or corporate group, ensuring the protection of your fundamental rights, honor, and freedoms, in compliance with current regulations, including Organic Law 3/2018, of December 5, on Personal Data Protection and Digital Rights Guarantee. Regulation (EU) 2016/679 of the European Parliament and Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation).

In accordance with these regulations, we need your authorization and consent for the collection and processing of your personal data. Below, we provide all the relevant details regarding how we carry out these processes, the purposes, which other entities may have access to your data, and your rights.

2.- DATA CONTROLLER

Who collects and processes your data?

The Data Controller is the individual or legal entity, whether public or private, or administrative body, who determines, alone or jointly with others, the purposes and means of the processing of personal data; in the case that the purposes and means of the processing are determined by European Union or Spanish law. In this case, our identifying information as Data Controller is as follows: CANUSSA EUROPE, S.L.U. – B87882452.

How can you contact us?

Office address:
C/ Orihuela, 49 – 1B 46009 Valencia (Valencia)
650925207 – maria.cano@canussa.com
canussa.com

3.- SECURITY MEASURES

What do we do to ensure the privacy of your data?

Our entity or corporate group adopts the necessary organizational and technical measures to ensure the security and privacy of your data, to prevent its alteration, loss, processing, or unauthorized access, based on the state of technology, the nature of the data stored, and the risks they are exposed to. Some of the main measures include:

  • Ensuring the confidentiality, integrity, availability, and resilience of the processing systems and services.
  • Quickly restoring the availability and access to personal data in the event of a physical or technical incident.
  • Regularly verifying, evaluating, and assessing the effectiveness of the technical and organizational measures implemented to ensure the security of processing.
  • Pseudonymizing and encrypting personal data if sensitive data is involved.

4.- PURPOSE OF THE PROCESSING

Why do we process your data?

Below are the intended uses and purposes. However, we will only carry out those you have authorized by accepting the privacy policy.

  • Management and processing of information requests and orders through our online store: management, provision, expansion, and improvement of the requested services, following up on inquiries and orders.
  • Customer service: Managing customer service requests related to product inquiries or follow-ups.
  • Legal obligations: Managing all actions derived from executing the contract between the parties during purchase, invoicing obligations, payment processes, and other legal requirements.
  • Instant messaging communications: Using instant messaging to keep you informed about your order status and information requests.
  • Marketing and Advertising: Sending informational and promotional communications: We will use your email address and phone number to send you offers and promotions about products that might be of interest. This communication will only happen if you have accepted the relevant consent checkbox.

How long do we keep your data?

We use your data only for the period strictly necessary to fulfill the above purposes. Unless a legal obligation or requirement exists, the planned retention periods are as follows:

  • Management and processing of information requests and orders: For a period of 5 years from the last confirmation of interest.
  • Sending informational and promotional communications: Until you request deletion.

5.- LEGAL BASIS FOR PROCESSING

Why do we process your data?

The collection and processing of your data is always legitimized by one or more legal bases, which we detail below:

  • Maintaining a commercial relationship and contract execution (legitimate interest of the controller, Art. 6.1.f GDPR)
  • Marketing actions, sending communications about products or services, based on the consent of the interested party (Art. 6.1.a GDPR) through acceptance of the privacy policy in the forms designated for these purposes.

6.- RECIPIENTS OF YOUR DATA

Who do we share your data with within the European Union?

Sometimes, to comply with our legal obligations and our contractual commitment to you, we may need to share some of your data with certain categories of recipients, as long as they are related to the provision of requested services.

Your data will be shared with delivery companies for the purpose of ensuring your products are delivered. Data may also be shared with public organizations and entities if required or by legal obligation.

Do we transfer your data outside the European Union?

In the data processing processes carried out by our entity, we may need to contract external services that could result in your data being stored and/or processed by organizations established or operating outside the European Union, which would imply international data transfers. In this case, no international data transfers are made.

7.- SOURCE AND TYPES OF DATA PROCESSED

Where have we obtained your data?

We have obtained your data directly from you, by filling out forms designed for this purpose or by phone when you have contacted us to request information or purchase products. We may also have obtained them through your legal representative.

What types of data have we collected and processed?

We request only the necessary data to provide the requested service and never ask for data that could be considered excessive.

8.- RIGHTS OF THE DATA SUBJECT

What are your rights?

Current data protection regulations grant you a series of rights in relation to the use of your data. Each of these rights is personal and non-transferable, meaning they can only be exercised by the data subject after verifying their identity.