This Privacy Policy establishes the terms in which The Black Poodle Groom & Care uses and protects the information that is provided by its users when using its website. This company is committed to the security of its users’ data. When we ask you to fill in the fields of personal information with which you can be identified, we do so ensuring that it will only be used in accordance with the terms of this document. However, this Privacy Policy may change over time or be updated, so we recommend and emphasize that you continually review this page to ensure that you agree with such changes.
 
Information that is collected
 
Our website may collect personal information such as: Name, contact information such as your email address and demographic information. Likewise, when necessary, specific information may be required to process a service or make a delivery or billing.
 
Use of the information collected
 
Our website uses the information in order to provide the best possible service, particularly to maintain a record of users, services if applicable, and improve our products and services. Periodically, emails may be sent through our site with special offers, new products and other advertising information which we consider relevant to you or which may provide you with a benefit, these emails will be sent to the address you provide and can be cancelled at any time.
 
The Black Poodle Groom & Care is highly committed to keeping your information secure. We use the most advanced systems and constantly update them to ensure that there is no unauthorized access.
Cookies
 
A cookie refers to a file that is sent for the purpose of requesting permission to be stored on your computer. By accepting this file, the cookie is created and then serves to obtain information regarding web traffic, and also facilitates future visits to a recurring website. Another function that cookies have is that with them the websites can recognize you individually and therefore provide you with the best personalized service on their website.
 
Our website uses cookies to identify the pages that are visited and their frequency. This information is used only for statistical analysis and then the information is permanently deleted. You can delete cookies at any time from your computer. However, cookies help to provide a better service to websites. They do not give access to information about your computer or about you, unless you want it and provide it directly. You can accept or deny the use of cookies, however most browsers automatically accept cookies because it serves to have a better web service. You can also change the configuration of your computer to decline cookies. If you decline them, you may not be able to use some of our services.
 
Links to Third Parties
 
This website may contain links to other sites that may be of interest to you. Once you click on these links and leave our page, we no longer have control over the site to which you are redirected and therefore we are not responsible for the terms or privacy or the protection of your data on those other third party sites. These sites are subject to their own privacy policies, so it is recommended that you consult them to confirm that you agree with them.
 
Control of your personal information
 
At any time you can restrict the collection or use of personal information that is provided to our website. To do so, simply contact us at hola@petservicescostadelsol.com indicating that you do not want us to collect your data.
 
This company will not sell, assign or distribute the personal information that is collected without your consent, unless required by a judge with a court order.
 
The Black Poodle Groom & Care reserves the right to change the terms of this Privacy Policy at any time.

 

CUSTOMER DATA PROCESSING Information clause:
Data of the person responsible for the processing:
 
Identity: “The Black Poodle Groom & Care” – NIF: 26806445Z Postal address: Calle Málaga, 14, Benahavis (MALAGA)
Telephone: 676846223 – Email: fscasesores@gmail.com
 
“At “The Black Poodle Groom & Care” we process the information you provide us with in order to provide you with the requested service and invoice you. The data provided will be kept as long as the business relationship is maintained or for the time necessary to comply with legal obligations and meet any potential liabilities that may arise from compliance with the purpose for which the data was collected. The data will not be transferred to third parties except in cases where there is a legal obligation. You have the right to obtain information about whether “The Black Poodle Groom & Care” is processing your personal data, so you can exercise your rights of access, rectification, deletion and portability of data and opposition and limitation to its processing by contacting “The Black Poodle Groom & Care”, Calle Málaga, 14, Benahavis (MALAGA) or by emailing fscasesores@gmail.com, attaching a copy of your ID or equivalent document. Likewise, and especially if you consider that you have not obtained full satisfaction in the exercise of your rights, you may file a claim with the national control authority by contacting the Spanish Data Protection Agency, C/ Jorge Juan, 6 – 28001 Madrid.
 
We also request your authorization to offer you products and services related to those contracted and to retain you as a customer.”
 
YES
 
NO
 
NOTICE: You must bear in mind that, if your client selects the NO option, you will not be able to send them advertising under any circumstances.
 
PROCESSING OF CANDIDATE DATA Information clause:
Data of the person responsible for processing:
 
Identity: “The Black Poodle Groom & Care” – NIF: 26806445Z Postal address: Calle Málaga, 14, Benahavis (MALAGA)
Telephone: 676846223 – Email: fscasesores@gmail.com
 
“At “The Black Poodle Groom & Care” we process the information you provide us with in order to keep you informed of the different job vacancies that occur in our organization. The data provided will be kept until a job is awarded or until you exercise your right to deletion. The data will not be transferred to third parties. You have the right to obtain information about whether “The Black Poodle Groom & Care” is processing your personal data, so you can exercise your rights of access, rectification, deletion and portability of data and opposition and limitation to its processing by contacting “The Black Poodle Groom & Care”, Calle Málaga, 14, Benahavis (MALAGA) or by emailing fscasesores@gmail.com, attaching a copy of your ID or equivalent document. Likewise, and especially if you consider that you have not obtained full satisfaction in the exercise of your rights, you may file a claim with the national control authority by contacting the Spanish Data Protection Agency, C/ Jorge Juan, 6 – 28001 Madrid.”
 
NOTICE: If candidates provide their CV in paper format, they will be asked to sign a dated form containing the aforementioned information.

 

 

 

REGISTER OF PROCESSING ACTIVITIES
 
Processing: Clients
 
a) Data controller
 
Identity: “The Black Poodle Groom & Care” – NIF: 26806445Z
Postal address: Calle Málaga, 14, Benahavis (MALAGA) Email: fscasesores@gmail.com
 
Telephone: 676846223
 
b)  Purpose of processing: Management of customer relationships
 
c)  Categories of interested parties: Clients: People with whom a commercial relationship is maintained as clients
 
d) Categories of data: Those necessary for the maintenance of the commercial relationship. Billing
Identification: name and surname, NIF, postal address, telephone numbers, e-mail. Bank details: for direct debit payments
 
e) Categories of recipients: State Tax Administration Agency
 
f) International transfers: International transfers are not planned
 
g) Deletion period: Those provided for by tax legislation regarding the limitation of liabilities
 
h) Security measures: Those reflected in the SECURITY MEASURES ANNEX
 
Treatment: Candidates
 
a) Data controller
 
Identity: “The Black Poodle Groom & Care” – NIF: 26806445Z
Postal address: Calle Málaga, 14, Benahavis (MALAGA) Email: fscasesores@gmail.com
 
Telephone: 676846223
 
b) Purpose of processing: Management of the relationship with candidates for employment in the company
 
c) Categories of interested parties: Candidates: People who wish to work for the data controller
 
d) Categories of data: Those necessary to manage the CVs of potential future employees
Identification: name, surname, postal address, telephone numbers, e-mail
 
Academic data Professional data
 
e) Categories of recipients: The sending of personal data to any recipient is not contemplated
 
f) International transfers: International transfers are not planned
 
g) Deletion period: One year from the presentation of the application
 
h) Security measures: Those reflected in the SECURITY MEASURES ANNEX
 
ANNEX INFORMATION OF GENERAL INTEREST
 
This document has been designed for low-risk personal data processing, from which it can be deduced that it cannot be used for personal data processing that includes personal data relating to ethnic or racial origin, political, religious or philosophical ideology, union membership, genetic and biometric data, health data, and data on the sexual orientation of individuals, as well as any other data processing that entails a high risk for the rights and freedoms of individuals.
 
Article 5.1.f of the General Data Protection Regulation (hereinafter, GDPR) determines the need to establish adequate security guarantees against unauthorized or unlawful processing, against the loss of personal data, accidental destruction or damage. This implies the establishment of technical and organizational measures aimed at ensuring the integrity and confidentiality of personal data and the possibility of demonstrating, as established in article 5.2, that these measures have been put into practice (proactive responsibility).
 
In addition, you must establish visible, accessible and simple mechanisms for the exercise of rights and have defined internal procedures to guarantee the effective attention of the requests received.
 
ATTENTION TO THE EXERCISE OF RIGHTS
 
The data controller will inform all workers about the procedure to attend to the rights of the interested parties, clearly defining the mechanisms by which the rights can be exercised (electronic means, reference to the Data Protection Officer if there is one, postal address, etc.) and taking into account the following:
 
o Upon presentation of their national identity document or passport, the holders of the personal data (interested parties) may exercise their rights of access, rectification, deletion, opposition, portability and limitation of processing. The exercise of rights is free of charge.
 
o The data controller must respond to the interested parties without undue delay and in a concise, transparent, intelligible manner, with clear and simple language and keep proof of compliance with the duty to respond to requests for the exercise of rights made.
 
o If the application is submitted electronically, the information will be provided by these means whenever possible, unless the interested party requests otherwise.
 
o Applications must be answered within 1 month of receipt, and may be extended by another two months taking into account the complexity or number of applications, but in this case the interested party must be informed of the extension within one month of receipt of the application, indicating the reasons for the delay.
 
RIGHT OF ACCESS: In the right
– Form for exercising the right of access.
 
RIGHT OF RECTIFICATION: The right of rectification will be used to modify the data of interested parties that are inaccurate or incomplete in accordance with the purposes of the processing. The interested party must indicate in the request which data it refers to and the correction that must be made, providing, when necessary, the supporting documentation for the inaccuracy or incompleteness of the data being processed. If the data has been communicated by the controller to other controllers, they must be notified of the rectification of these unless it is impossible or requires a disproportionate effort, providing the interested party with information about said recipients, if requested.
 
– Form for exercising the right to rectification
 
RIGHT TO DELETION: The right to deletion will mean that the data of interested parties will be deleted when they express their refusal to the processing and there is no legal basis that prevents it, they are not necessary in relation to the purposes for which they were collected, they withdraw the consent given and there is no other legal basis that legitimises the processing or it is unlawful. If the deletion is derived from the exercise of the interested party’s right to object to the processing of their data for marketing purposes, the data subject’s identification data may be retained in order to prevent future processing. If the data has been communicated by the controller to other controllers, they must be notified of the deletion of these unless it is impossible or requires a disproportionate effort, providing the interested party with information about said recipients, if requested.
 
– Form for exercising the right to deletion.
 
 
RIGHT TO OBJECT: In the right to object, when interested parties express their refusal to the processing of their personal data to the controller, the latter will stop processing them provided there is no legal obligation to prevent this. When the processing is based on a mission of public interest or on the legitimate interest of the controller, in response to a request to exercise the right to object, the controller will stop processing the data unless compelling reasons are proven that prevail over the interests, rights and freedoms of the interested party or are necessary for the formulation, exercise or defence of claims. If the interested party objects to the processing for direct marketing purposes, the personal data will no longer be processed for these purposes.
 
– Form for exercising the right to object.
 
RIGHT TO PORTABILITY: In the right to portability, if the processing is carried out by automated means and is based on consent or is carried out within the framework of a contract, interested parties may request to receive a copy of their personal data in a structured, commonly used and machine-readable format. They also have the right to request that they be transmitted directly to a new controller, whose identity must be communicated, when technically possible.
– Form for exercising data portability.
 
RIGHT TO LIMIT PROCESSING: In the right to limit processing, interested parties may request the suspension of the processing of their data to challenge its accuracy while the controller carries out the necessary verifications or in the event that the processing is carried out based on the legitimate interest of the controller or in compliance with a mission of public interest, while verifying whether these reasons prevail over the interests, rights and freedoms of the interested party. The interested party may also request the conservation of the data if they consider that the processing is unlawful and, instead of deletion, requests the limitation of processing, or if the controller no longer needs them for the purposes for which they were collected, but the interested party needs them for the formulation, exercise or defense of claims. The fact that the processing of the interested party’s data is limited must be clearly stated in the controller’s systems. If the data has been communicated by the controller to other controllers, they must be notified of the limitation of processing of these data unless it is impossible or requires a disproportionate effort, providing the interested party with information about said recipients, if requested.
 
– Form for exercising the limitation of processing.
 
If the interested party’s request is not processed, the controller will inform the interested party, without delay and no later than one month after receipt of the request, of the reasons for not acting and of the possibility of filing a claim with the Spanish Data Protection Agency and of exercising legal action.
SECURITY MEASURES
 
Depending on the type of processing you have indicated when you have completed this form, the minimum security measures you should take into account are the following:
 
ORGANISATIONAL MEASURES
 
INFORMATION THAT MUST BE KNOWN BY ALL PERSONNEL WITH ACCESS TO PERSONAL DATA
 
All personnel with access to personal data must be aware of their obligations in relation to the processing of personal data and will be informed about these obligations. The minimum information that must be known by all personnel will be the following:
 
– DUTY OF CONFIDENTIALITY AND SECRECY
o Access by unauthorised persons to personal data must be avoided.
 
To this end, personal data must not be left exposed to third parties (unattended electronic screens, paper documents in public access areas, media with personal data, etc.). This consideration includes screens used to display images from the video surveillance system. When you are absent from your workplace, your screen will be locked or your session will be closed.
 
o Paper documents and electronic media will be stored in a safe place (cupboards or rooms with restricted access) for 24 hours a day.
 
o Documents or electronic media (CDs, pen drives, hard drives, etc.) containing personal data will not be discarded without ensuring their effective destruction.
 
o Personal data or any other personal information will not be communicated to third parties, paying special attention to not disclosing protected personal data during telephone consultations, emails, etc.
 
o The duty of secrecy and confidentiality persists even when the employee’s employment relationship with the company ends.
 
– VIOLATIONS OF PERSONAL DATA SECURITY
o When personal data security violations occur, such as theft or improper access to personal data, the Spanish Data Protection Agency will be notified within 72 hours of said security violations, including all the information necessary to clarify the events that led to improper access to personal data. Notification will be made by electronic means through the electronic headquarters of the Spanish Data Protection Agency at the address https://sedeagpd.gob.es/sede-electronica-web/.
TECHNICAL MEASURES
 
IDENTIFICATION
 
o When the same computer or device is used for the processing of personal data and for personal use, it is recommended to have several different profiles or users for each of the purposes. Professional and personal uses of the computer must be kept separate.
 
o It is recommended to have profiles with administration rights for the installation and configuration of the system and users without privileges or administration rights for access to personal data. This measure will prevent access privileges from being obtained or the operating system from being modified in the event of a cybersecurity attack.
 
o The existence of passwords for access to personal data stored in electronic systems must be guaranteed. The password must have at least 8 characters, a mixture of numbers and letters.
 
o When personal data is accessed by different people, a specific user and password must be available for each person with access to personal data (unique identification).
 
o The confidentiality of passwords must be guaranteed, preventing them from being exposed to third parties. For password management, you can consult the Internet privacy and security guide of the Spanish Data Protection Agency and the National Cybersecurity Institute. Under no circumstances will passwords be shared or written down in a common place and accessible to persons other than the user.
 
DUTY OF SAFEGUARDING
The minimum technical measures to ensure the protection of personal data are set out below:
 
o UPDATING COMPUTERS AND DEVICES: The devices and computers used for the storage and processing of personal data must be kept up to date as far as possible.
 
o MALWARE: An antivirus system will be available on the computers and devices where the automated processing of personal data is carried out to ensure that the theft and destruction of personal information and data is prevented as far as possible. The antivirus system must be updated periodically.
 
o FIREWALL: To prevent undue remote access to personal data, care will be taken to ensure that a firewall is activated and correctly configured on those computers and devices where personal data is stored and/or processed.
 
o DATA ENCRYPTION: When it is necessary to extract personal data from outside the premises where it is processed, whether by physical or electronic means, the possibility of using an encryption method must be considered to ensure the confidentiality of personal data in the event of improper access to the information.
 
o BACKUP: A backup copy will be periodically made on a second medium other than the one used for daily work. The copy will be stored in a safe place, different from the one where the computer with the original files is located, in order to allow the recovery of personal data in the event of loss of information.
 
Security measures will be reviewed periodically, the review may be carried out by automatic mechanisms (software or computer programs) or manually. Consider that any computer security incident that has happened to someone you know can happen to you, and prepare for it.
 
If you require more information or technical guidance to ensure the security of personal data and the information processed by your company, the National Cybersecurity Institute (INCIBE) on its website www.incibe.es, provides you with business-focused tools in its “Protect your company” section where, among other services, you have:
– a training section with a video game, challenges for incident response and interactive videos on sector training,
 
– an awareness kit for employees,
 
11 Facilita 2.0
 
– various tools to help companies improve their cybersecurity, including policies for employers, technical staff and employees, a catalogue of companies and security solutions and a risk analysis tool.
 
– thematic dossiers complemented with videos and infographics and other resources,
 
– guides for employers,
 
In addition, INCIBE, through the Internet Security Office, also provides you with free computer tools and additional information that may be useful for your company or professional activity.
 
IMAGE CAPTURE WITH CAMERAS AND FOR SECURITY PURPOSES (VIDEO SURVEILLANCE)
 
The image of a person, to the extent that it identifies or can identify them, constitutes personal data that can be processed for various purposes. Although the most common is to use cameras to ensure the security of people, property and facilities, they can also be used for other purposes such as monitoring the work performance of employees. Below are the basic guidelines to be followed so that the processing of images obtained from video surveillance cameras complies with data protection regulations. However, it is recommended that you consult the Guide on the use of video cameras for security and other purposes for a more comprehensive understanding of the obligations involved in this type of processing.
 
o LOCATION OF CAMERAS: The capture of images in areas designated for workers’ rest will be avoided, as well as the capture of public roads if external cameras are used, only the capture of the minimum extension essential to preserve the safety of people, property and facilities being permitted.
 
o LOCATION OF MONITORS: The monitors where the images from the cameras are displayed will be located in a restricted access space so that they are not accessible to third parties. Only authorized personnel will have access to the recorded images.
 
o CONSERVATION OF IMAGES: The images will be stored for a maximum period of one month, with the exception of images that prove the commission of acts that threaten the integrity of people, property and facilities. In this case, the images must be made available to the competent authority within a period of 72 hours from when the existence of the recording became known.
 
o DUTY TO INFORM: Information about the existence of cameras and image recording shall be provided by means of an informative sign placed in a sufficiently visible place where, at least, the identity of the person responsible and the possibility of the interested parties to exercise their rights in terms of data protection are identified. The pictogram itself may also include a connection code or internet address where this information is displayed. Models of both the pictogram and the text are available on the Agency’s website.
– Model of a sign warning of a video surveillance area.
 
o WORK CONTROL: When the cameras are to be used for the purpose of work control as provided for in article 20.3 of the Workers’ Statute, the worker and his union representatives will be informed by any means that guarantees receipt of information about the control measures established by the employer with express indication of the purpose of work control of the images captured by the cameras.
 
o RIGHT OF ACCESS TO IMAGES: In order to comply with the right of access of the interested parties to the recordings of the video surveillance system, a recent photograph and the National Identity Document of the interested party will be requested to verify their identity, as well as the details of the date and time to which the right of access refers. The interested party will not be given direct access to the images of the cameras in which images of third parties are shown. If it is not possible for the interested party to view the images without showing images of third parties, they will be provided with a document confirming or denying the existence of images of the interested party.
 
For more information, you can consult the video surveillance guide and sheets and the legal reports published by the Spanish Data Protection Agency in the Video Surveillance section.