PRIVACY POLICY

Through this Privacy and Cookies Policy, Epicom S.A. (or “Epicom”) aims to guarantee the right to privacy and personal data protection of USERS, explaining to them in a fair and transparent manner, the way in which it collects, uses, shares and protects their personal information.


Therefore, and in accordance with the provisions of the European General Data Protection Regulation 2016/679 (hereinafter, GDPR) and Organic Law 3/2018, of 5 December, on the Protection of Personal Data and Guarantee of Digital Rights (hereinafter, LOPDGDD), and following the recommendations of the Spanish Data Protection Agency (or “AEPD”), Grupo Oesía informs you of the following:


1. DATA CONTROLLER: Who is the Data Controller for the processing of your personal data?
  • Identity: Epicom S.A.
  • Postal Address: Marie Curie, 17, Planta 6, 28521 - (Rivas Vaciamadrid) - Madrid
  • Contact : 913098600 / epicom@epicom.es
  • Data Protection Officer (DPO): epicom@epicom.es

2. PURPOSES OF THE PROCESSING: For what purposes do we process your personal data?
Below we inform you of the purposes of the processing of personal data collected through contact forms, e-mails you send to our public e-mail accounts, and other mechanisms that we may make available to you:

  • To send you technical, operational and commercial information about the products, activities and services in which you are interested, and other information that may be of interest to you.
  • To attend to and manage your requests, questions and comments.
  • To establish and/or maintain a contractual or commercial relationship with you, if applicable.
  • To carry out statistical studies that allow us to improve our services.

If other purposes apply, you will be informed of this and other information required by applicable law at the time we request your personal data.In addition, some of our services have their own Privacy Policy, as is the case of recruitment processes.


3. LEGITIMATION: What is the legal basis for processing your data?
The legal basis for the processing of personal data is the USER’S CONSENT. The sending of personal data by USERS through the use of Epicom electronic forms, by ticking the box to accept the privacy policy or, where appropriate, by sending e-mail messages, implies the sender's consent to the processing of personal data. The personal information collected on forms may vary depending on the services used, but in any case, all data requested are necessary for the provision of the service. If there are voluntary fields, you will be informed accordingly. Epicom does not use spamming techniques and will only process the data transmitted by the USER.Likewise, the USER guarantees that they are over 14 years of age and that the personal data provided are truthful, undertaking to communicate any change in the same. In the event that the data refers to persons other than the USER, the USER guarantees to have obtained their prior consent and to have informed them of this policy.If we need to process your data for purposes unrelated to the above, we will inform you of this and, where appropriate, ask for your additional consent, unless there is another legitimate basis for the processing.


4. RECIPIENTS: To which recipients will your data be communicated?
Where necessary, we will share USER information with the staff involved in providing information about the products and services you have requested. This enables it to be sent to the other entities of the group of which Epicom forms part or to service providers with the appropriate guarantees. This is also the case in the event of any legal obligation or authorisation by judges, courts, governmental bodies or any public entity. In no event shall we disclose the information to any other third party without informing you and seeking your further consent, unless there is another legitimate basis for doing so. International transfers of data outside the European Economic Area are not foreseen, and in the event that they are required, Epicom will guarantee an adequate level of protection by complying with the mechanisms and guarantees established in the regulations for such situations.


5. INFORMATION SECURITY: How do we protect your personal data?
Epicom works continuously to adopt the necessary technical and organisational measures to guarantee the security of USERS’ personal data and prevent their alteration, loss, inappropriate processing or unauthorised access as required by law.


6. DATA RETENTION PERIOD: How long will we retain your data?
The personal data of USERS will be kept for the time necessary to comply with the purpose for which they were collected and to determine any possible liabilities that may arise from this purpose and the processing of the data. The deletion of the data means that we will keep the cancelled data in a blocked form, which will entail the identification and reservation of the same, in such a way that they cannot be processed or accessed except to make them available to the Public Administrations, Judges and Courts, to attend to possible liabilities arising from the relationship with the USER, and until the statute of limitations on such liabilities expires. After this period has elapsed, the data will be definitively deleted. The blocked data may only be accessed by persons authorised for the purposes indicated. If the law does not establish any retention period, we will proceed with the final deletion of such information, within a period not exceeding two (2) years after the end of the relationship established with you.


7. RIGHTS: What are your rights when you provide your data and how can you exercise them?
USERS have the right to obtain confirmation as to whether Epicom is processing their personal data. They also have the right to access their personal data, as well as to request the rectification of any inaccurate data or, where appropriate, to request their deletion when, among other reasons, the data are no longer necessary for the purposes for which they were collected. In certain circumstances, you may object to the processing of your data and request the limitation of the processing of your data, in which case Epicom will stop processing the data, except for compelling legitimate reasons, or the exercise or defence of possible claims. They may also exercise the right to data portability, as well as withdrawing the consents provided at any time, without affecting the lawfulness of the processing based on the consent prior to its withdrawal. Said rights may be exercised at any time, free of charge, by writing to Epicom, S.L., Marie Curie, 17 Planta 6 28521 - (Rivas Vaciamadrid) - Madrid, or to the e-mail address: dpo@oesia.com, duly identifying yourself and indicating the right you are requesting in relation to the processing carried out by Epicom. In the event that you consider that you have not obtained satisfaction in the exercise of your rights, you may lodge a complaint with the Spanish Data Protection Agency (https://www.aepd.es/es).


8. COOKIES POLICY:

What are cookies and what are they used for?

Cookies are small files that are set up as information gathering tools to collect information in order to:

  • 1) improve navigation;
  • 2) improve the user experience;
  • 3) for the purpose of statics on the use of services, user behaviour and/or page visits;
  • 4) analyse user activity;
  • 5) carry out personalised advertising; and,
  • 6) user profiling;
  • 7) capture intrusive data such as where you live, what you buy, how you pay, where you send your purchases, your passwords, phone numbers, what you search for online, etc.
  • Cookies are stored on the user’s device and often save their website settings, such as language of use, connection hardware, operating system, and in some cases, even location. The cookies installed can obtain a lot of information about users and can even identify a person together with their activity on the web, reading of emails, use of applications, etc.
  • As soon as a cookie is able to identify an individual, the data obtained are considered to be personal data. Not all cookies are used for the purpose of identifying users, but many of them are. Cookies that identify users and/or are capable of profiling them are most commonly used for marketing and advertising purposes by website owners or their linked third parties.
  • Functionality cookies are generated either with each visit or on the first visit to our website. To do this, a cookie is generated and saved in your browser. On subsequent visits, the server may request the information stored on your computer in order to establish and adapt the website to your preferences or the equipment and terminals with which you connect in order to make your visit as personalised as possible.

Types of cookies

Cookies can be classified in different ways.

  • When focusing on the entity that manages the domain from which the cookies are sent and that processes the data obtained, we can differentiate between first-party cookies and third-party cookies.
  • First-party cookies are those that are sent to the user's terminal equipment from a computer or domain managed by the publisher itself and from which the service requested by the user is provided. Third-party cookies, on the other hand, are those that are sent to the user's terminal equipment from a computer or domain that is not managed by the publisher, but by another entity that processes the data obtained through the cookies. In the event that the cookies are served from a computer or domain managed by the publisher itself, but the information collected through these is managed by a third party, they cannot be considered as own cookies if the third party uses them for its own purposes (for example, to improve the services it provides or to provide advertising services for other entities).
    If we focus on the Purpose, we will differentiate between:
  • a) Technical cookies: cookies that allow the user to browse through a website, platform or application and use the different options or services that exist on it, including those that the publisher uses to allow the management and operation of the website and enable its functions and services, such as, for example, controlling traffic and data communication, identifying the session, accessing restricted access parts, remembering the elements that make up an order, carrying out the purchase process of an order, managing payment, control fraud linked to the security of the service, making an application for registration or participation in an event, counting visits for the purposes of billing licences for the software with which the service (website, platform or application) operates, using security features during browsing, storing content for the broadcasting of videos or sound, enabling dynamic content (for example, animation of loading text or images) or sharing content on social networks.
    Also in this category, due to their technical nature, are those cookies that allow management, in the most efficient way possible, of the advertising spaces that, as another element of the design or “layout” of the service offered to the user, the publisher has included on a website, application or platform based on criteria such as the content edited, without collecting information from users for other purposes, such as personalising that advertising content or other content.
  • Also belonging to this category, due to their technical nature, are those cookies that allow the management, in the most effective way possible, of the advertising spaces that, as another element of design or "layout" of the service offered to the user, the editor has included in a web page, application or platform based on criteria such as the edited content, without collecting information from users for other purposes, such as customizing that advertising content or other content.
  • b) Preference or personalisation cookies: cookies that allow information to be remembered so that the user can access the service with certain characteristics that can differentiate their experience from that of other users, such as, for example, the language, the number of results to be displayed when the user performs a search, the appearance or content of the service depending on the type of browser through which the user accesses the service or the region from which the user accesses the service, etc.
  • c) Statistical, analysis or measurement cookies: cookies that allow their owner or proprietor to monitor and analyse the behaviour of the users of the websites to which they are linked, including the quantification of the impact of advertisements. The information collected through this type of cookie is used to measure the activity of the website, application or platform, in order to make improvements based on the analysis of the data on the use users make of the service.
  • With regard to the processing of data collected through analytical cookies, these cookies require informed consent for their use, although they are unlikely to represent a risk to users’ privacy provided that they are first-party cookies, that they process aggregate data for strictly statistical purposes, that information is provided on their uses and that the possibility for users to express their refusal to use them is included.
  • d) Behavioural advertising cookies: cookies that store information on user behaviour obtained through continuous observation of their browsing habits, which allows a specific profile to be developed in order to display advertising based on the profile.

  • Finally, focusing on the duration of storage in the user's browser, we differentiate between session cookies and persistent cookies.

  • a) Session cookies: cookies designed to collect and store data while the user accesses a web page. They are usually used to store information that is only relevant for the provision of the service requested by the user on a single occasion (e.g. a list of products purchased) and disappear at the end of the session.
  • b) Persistent cookies: cookies in which the data continue to be stored in the terminal and can be accessed and processed for a period defined by the party responsible for the cookie, which can range from a few minutes to several years.
  • We recommend deleting cookies from your device.



Our legal obligations under the Cookie Policy

As the owner of a website and in accordance with the requirements of transparency and loyalty to the user, we inform you in a clear, simple, complete and continuous manner, so that you have a real and effective option about the use of your data and the operation of cookies on our website; about the information stored on your devices; about the reading, processing and recovery of your data; about the purposes of data processing; about the possibility of modification and revocation of consent and about the possibility of deleting cookies and stored data.


We declare our responsibility for the use of cookies on our website and undertake to comply with all legal requirements and obligations, including possible accountability for the processing of data collected and linked to the website.


Consent must be given prior to the setting of cookies and the initial processing of personal data through an affirmative, positive and evident (explicit) action. Therefore, we will initially set only those cookies that are strictly necessary, with the possible rejection of cookies, as well as the withdrawal of the authorisation given being a real option. If you refuse to give consent, we do not prevent you from browsing.


It is important and necessary that as a user you can access your declaration of consent at any time and can modify or even completely withdraw your consent.


In any case, the cookies installed will remain in place for the minimum time necessary and the consent given will not exceed 24 months from your first visit to the website.


We have made an effort to give the user a real choice to limit the use of their data.


All consents given as a user are stored securely by us using Blockchain technology, to ensure the traceability of the consent.


Disabling and deleting cookies in your browser


You can also allow, block or delete the cookies installed on your computer by configuring your browser options. If you disable cookies, some of the services available may not work properly.


As for the way to disable cookies, it depends on the browser you use; although normally this will be done from Menu - Tools or Options. In this way, you can choose at any time which cookies you want to work on this website.


Below are the links to prevent the installation of cookies, depending on which browser you are using on your computer: