The activities of the Sorigué group are conducted in strict compliance with all applicable legal and regulatory provisions. Consequently, any processing of personal data will be carried out in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, as well as Organic Law 3/2018 of 5 December on the Protection of Personal Data and Guarantee of Digital Rights, and any other applicable regulatory provisions.
This policy lays down the basis on which Coutex, Equipos y Proyectos, S.A.U., as the entity responsible for the processing, manages the personal data of web users, users requesting information and customers.
This policy details elements related to the website, notwithstanding other information related to the General Data Protection Regulation (hereinafter, GDPR), which may be detailed in other policies and which can be made available to you through different means.
You can make as many queries as you would like regarding privacy and the GDPR by contacting the following email address rgpd@sorigue.com
Data Controller Information
Identity: Coutex, Equipos y Proyectos, S.A.U. (hereinafter referred to as Coutex)
CIF [Tax Identification Number]: A64569064
Postal Address: Miguel Hernández, 31 (08908 Hospitalet de Llobregat)
Telephone: +34 934 131 600
Email information: sorigue@sorigue.com
Email for GDPR Information: rgpd@sorigue.com
Personal Information
The purpose of our website is to inform any internet user regarding the activities, products and services developed on hydraulic equipment by the company Coutex, Equipos y Proyectos, S.A.U., which belongs to the Sorigué group.
Merely visiting our website can cause cookies to be stored. Please consult the information related to our Cookie Policy. (link pending)
You can also request to sign up to our Newsletter, or send us questions to our company email sorigue@sorigue.com. In both cases, it will be necessary for personal data to be collected in that instance, and we will process your personal data for the requested delivery or to resolve the issues or questions that you have sent us.
This information is always collected with your voluntary, informed and express consent. The personal information that you provide to us will be processed securely and confidentially.
Your data will not be used for purposes other than those described; if necessary, you will always be informed ahead of time, and your express consent will be required.
Purpose of Processing
Purpose
The purpose of collecting and processing your personal data is to be able to manage the requests made by the website users, whether they are requests for information, queries or service proposals, and to be able to send the Newsletter when requested to do so.
When a relationship beyond what is described is derived from these communications, the purpose shall be expanded to cover those described in our Records of Processing Activities.
Basis of Processing
The data collected will be processed under your express consent, which may be revoked at any time. Said consent shall be expressly communicated at each point of the website where it is required; simple, free and accessible systems for opposing the processing of your data when you consider it appropriate have also been established.
Providing personal data implies that said data are true and exact and that they should be updated when they change.
Records of Processing Activities
| WEBSITE USER MANAGEMENT | |
| Purpose of Processing | Managing contact data for website users. Managing information derived from cookies. Managing Newsletter |
| Legitimacy of Processing | Consent/legitimate interest |
| Categories of Personal Data: | Identification data: First name and surnames; identifier; email. Telephone number. Professional data (position and contact data). |
| Rights of the Affected Subjects | Access, rectification, erasure, opposition, restriction and withdrawal of consent. |
| Third Party Access to Personal Data | IT service providers with access to data (website / platform(s) designers and providers; hosting services; maintenance; and support for our databases, software, and web applications). Collaborators for marketing / publicity activities for Newsletter mailings. |
| CLIENT MANAGEMENT | |
| Purpose of Processing | Managing contact data for clients and potential clients. |
| Legitimacy of Processing | Agreement/Legitimate interest |
| Categories of Personal Data: | Identification data: First name and surnames; Identifier; DNI [National Identity Card]; email. Professional data (position and contact data) |
| Rights of the Affected Subjects | Access, rectification, erasure, opposition, restriction and withdrawal of consent. |
| Third Party Access to Personal Data | IT service providers with access to data (platform designers and providers/website; storage services; maintenance and support for our databases, software and web applications). Collaborators in charge of managing client relations. |
| MARKETING | |
| Purpose of Processing | Advertising and marketing activities for products and services associated with the business Group and its foundation. Relations with the press and media. |
| Legitimacy of Processing | Consent/legitimate interest |
| Categories of Personal Data: | Identification data: First name and surnames; DNI [National Identity Card]; email; telephone. Professional data (position and contact data). |
| Rights of the Affected Subjects | Access, rectification, erasure, opposition, restriction and withdrawal of consent. |
| Third Party Access to Personal Data | IT service providers with access to data (platform designers and providers/website; storage services; maintenance and support for our databases, software and web applications). Collaborators managing secondary publicity and marketing activities |
| EXERCISE OF RIGHTS/NOTIFICATION OF SECURITY BREACHES | |
| Purpose of Processing | Exercising rights contained in the European General Data Protection Regulation (GDPR), as well as the possible notification of security breaches to interested parties. |
| Legitimacy of Processing | Legal obligations according to the GDPR |
| Categories of Personal Data: | Identification data: First name and surnames; DNI [National Identity Card]; email |
| Rights of the Affected Subjects | Access, rectification and erasure. |
| Third Party Access to Personal Data | IT service providers with access to data (designers and website / platform(s) providers; hosting services; maintenance; and support for our databases, software, and web applications). |
Categories
Obtained data
The data that may be collected through the website include identification details (name and surname) and contact information (email and telephone number), as well as additional details such as the country of primary activity or the company represented.
Occasionally, we may also process other unique numerical identifier data such as the IP address of your computer, the identifier of your mobile device, or information that we obtain through cookies.
Whenever you send us an email or use specific forms (embedded to receive enquiries from potential customers), we will be collecting the data that you submit to us in the message, which we may need to use to give you an answer.
If you use social networks to contact us, it is possible that we may collect your image on our profile.
Recipients
The personal data that is provided may be shared with entities that help us manage the commercial communications processes and provide and maintain technological services (for example, the website). In addition, we have external collaborators who help us with design, development, marketing and publicity.
In accordance with Sorigué group policy, we only contract entities that offer sufficient guaranties to apply the appropriate technical and organisational measures, so that the data processing they perform for us is in accordance with the requirements of the data protection regulation and guarantees the protection of the rights of the data subject.
We do not sell or exchange personal information. We only share or give access to data to the providers or subcontractors who have been previously evaluated and with whom we maintain confidentiality agreements.
In particular, your personal data may be accessed by the competent authority for the protection of personal data
International Transfers
Generally, personal data will not be processed outside of the EU. However, some providers may store information outside Europe. These include social networks (Facebook®, Twitter®, LinkedIn®, Pinterest®, etc.) and tools that help us to manage activities (e.g., MailChimp® or Google®). All the providers are Privacy Shield certified, which certifies that their security measures meet the European area requirements.
Some of the cookies that we use are from third parties and are being transferred outside of the European area. However, these providers are Privacy Shield certified.
Our external providers must meet the security and due diligence measures in the provision of their services. In some cases, they abide by security standards such as ISO/IEC 27001 or the ISAE international standard on Security.
If, in the future, there are other recipients headquartered in a country outside of the EU/ECC who, additionally, do not have the same level of security required in the EU, we will update our policy and inform you of it at length.
Third Party Links
In some cases, we may provide access to third-party websites or applications (e.g., social networks) from our website. We cannot guarantee the security available in these external environments. Please read the legal policies associated with these third parties carefully. If a user detects that these third parties are not complying with the regulations or are affecting users’ integrity, please inform us via email at rgpd@sorigue.com.
Retention Periods
Our corporate policy dictates that we will only retain your personal data for the time that is absolutely necessary for each purpose of processing. The retention period will generally be set by a legal requirement, which shall be applicable to us either for providing a service or because we must retain evidence of compliance. In any case, the periods will vary based on each one of the processing activities that we perform.
To determine the retention period, the following criteria, among others, are used:
Data associated with cookies. 12 months after the consent of each user.
Exercising rights, during the period indicated by the legislation in force for the exercise of responsibilities.
In any case, the data will be cancelled once the purpose for which the data was collected has been met, initially after 3 years.
When the data is no longer needed in order to comply with the established obligations and duties, they shall be erased regularly and securely.
User Rights
You will be entitled to exercise your rights as the owner of your personal data. To exercise your rights before COUTEX, simply contact us by email at rgpd@sorigue.com.
In summary, the personal rights that can be exercised are as follows:
- The right to obtain confirmation of the processing of personal data.
- The right to access personal data that is being processed.
- The right to rectify inaccurate personal data.
- The right to delete personal data when it is no longer necessary for the purpose for which it was collected or when that purpose no longer exists.
- The right to withdraw consent, although this does not impact legality of any processing activities that took place before you withdrew consent
If you no longer wish to receive the Newsletter, please send an explicit message to rgpd@sorigue.com stating your desire to unsubscribe.
Where technically feasible, the right to receive your data or to transfer it to a third party in a structured, accessible and machine-readable format will be granted in accordance with Article 20 of the GDPR.
Details of Rights
In more detail, the personal rights that can be exercised are as follows:
- The right to obtain information clearly and transparently regarding how your personal data is processed, the purpose of processing, the retention period, the transfer of data to third parties, or the international transfer of the same, and the possibility of presenting claims to the Spanish Data Protection Agency.
- The right to access and know what personal data we are processing.
- The right to request:
- The suspension of processing pending the rectification of personal data, where such rectification has been requested.
- The retention of personal data for exercising actions or claims to defend one’s own interests. The rectification of personal data that is inexact or incomplete.
- The right to have personal data erased when the purpose for which they were collected no longer exists or when the consent that legitimised their processing is revoked, with the data being deleted unless there is a legal obligation to retain it.
- The right to oppose the processing of your personal data.
- The right to restrict the processing of your personal data to specific activities.
- The right to the portability of your personal data, which applies in specific circumstances in which data processing is automated whenever possible.
It is also important to remember that the right to revoke or withdraw consent to the processing of personal data remains valid at all times.
How to exercise your personal rights
To process your request to exercise any of your rights, which is always free of charge, you can contact us via the following email address rgpd@sorigue.com. To exercise these rights, you must reliably verify your identity using a valid identity document. If you are acting on behalf of a third party, you will need to present us with the document authorising representation.
Supervisory Authority protection
You can present claims to protect your rights to the Spanish Data Protection Agency at its electronic headquarters or to the postal address Calle Jorge Juan 6, 28001, Madrid, Spain. If you need more information, please visit the website agpd.es.
Security Measures
It is corporate policy to apply the technical and organisational measures that are necessary to guarantee the security of personal data and prevent unauthorised alteration, loss, processing or access thereto, in compliance with the legislation in force to protect personal data.
All the security measures developed and implemented are based on risk management. All the measures have been considered based on the requirements established in the General Data Protection Regulation.
We require our providers to implement our measures. All personnel with access to personal data at our entity, either their own or those belonging to a third party, must follow these security measures.
It is the policy of our group to maintain the security, integrity and confidentiality of personal data. Any breach of internal rules will be duly investigated.
Any attempt to attack our security measures, made knowingly, will result in actions by our IT department and specialised providers to protect the personal data and investigate the source of the breach.
Security Violation Notice
When a security breach affecting personal data is detected, steps will be taken to rectify the damage caused, and it will be reported to the competent authority within 72 hours. Affected data subjects will be sent a communication with the necessary information and, if necessary, a description of the security measures that will be implemented to prevent negative consequences.
Security Measures as a User
Internet use poses significant cybersecurity risks, so here are some guidelines to follow:
Regularly update the operating system and software on both smartphones and computers. Ensure your browsers are up to date and disable unnecessary add-ons using the available options to manage installed extensions.
You should maintain an up-to-date and active antivirus program, and it is recommended to also use anti-malware and anti-spyware software.
Remember to regularly update your passwords and adhere to security guidelines (e.g., at least 8 characters including symbols and numbers). Avoid using easily guessable information or simple patterns. Ensure that mobile devices have the necessary security features enabled for access.
Do not trust emails from banks or suppliers, and never disclose personal information or security codes online.
Minimise access to public Wi-Fi networks and avoid sharing information or accessing services that require login credentials.
Changes in Policy
Any change in the Coutex, Equipos y Proyectos, S.A.U. Privacy Policy shall be published and shall take effect from the day of publication. This policy is published on the reference date that appears at the bottom of the page.
If any user considers that an element is not applicable and needs to be expanded or modified, please communicate that via email to rgpd@sorigue.com.
Translation
This policy is available in several languages. In the event that there are discrepancies between these texts, the original and official policy is the one in Spanish, and it should always be interpreted in accordance with the terms set forth therein.
Any error, omission or ambiguity shall not be considered the responsibility of our entity.
Cooperation
It is the policy of the Sorigué group to cooperate and collaborate on anything that may be required by the competent authority.
In addition, we will always make efforts to facilitate compliance with the legal provisions established in current privacy regulations and, directly, to uphold the rights of data subjects and manage incidents.
Communications and Contact.
To facilitate communication with our users and any third parties wishing to contact the Sorigué Group, we provide the email address rgpd@sorigue.com, ensuring accessibility for all users.
To unsubscribe from our mailing list, you can follow the instructions provided in the messages themselves or send us an email to rgpd@sorigue.com.