Privacy policies

Last revision of the Privacy policies: December 03, 2019

"We", CROIX IBERICA SLL, a company incorporated under Spanish law, with registered office at Calle Rosalía de Castro 70. Pontevedra 36003 Spain Spanish tax identification number B94196409, we process personal data that we collect from or about "you" while visiting our website or interact with us by other means. Since we have our headquarters in the European Union, we treat your personal data in accordance with the provisions of European data protection laws and the rest of the applicable regulatory provisions.

I don't know

This Privacy Policy (hereinafter the "Policy") informs you about how we collect and use your personal data and how you can control its use, and describes our practices related to the data collected on our websites linked to this Policy or affected by it (for example, websites, computer or mobile software applications, social networks and email messages in HTML format), as well as through conventional commercial and marketing activities (together and hereinafter, the “Services ”).

I don't know

1. What is personal data?

Personal data are those that identify you, the user of the Services, directly or indirectly as a person (indirect identification means the combination of those data with other types of information), such as your name, username, postal address, email address, phone number, unique device identifier (such as IMEI number or MAC address) or IP address.

I don't know

1. How do we collect personal data and why do we do it?

a) Data that you provide us during your use of the Services, we may collect your personal data. In any case, you will be asked for your explicit consent for the collection and subsequent treatment of your personal data or, at a minimum, you will be informed that said treatment is based on a legal premise.

I don't know

We will use your personal data for the following purposes, or for those indicated when requesting your consent.

We will only collect and process the types of personal data strictly necessary for the corresponding purposes. We will only use personal data in the manner set out in this Policy, unless you have given your explicit consent to give other use to your personal data. If we want to use your personal data for purposes other than those for which we initially collected it, we will inform you in advance and, in those cases in which the data processing requires your consent, we will only use your personal data for the purposes in question afterwards. to get your authorization.

I don't know

If the treatment we make of your personal data depends on your consent, you will have the right to withdraw it at any time, without affecting the legality of the treatment based on your consent before you withdraw it.

I don't know

Each registration form will indicate what type of personal data we collect. Depending on the purpose, it may be necessary to collect different personal data; for example:

I don't know

- In order to send you promotional information, you may need to provide us with your full name, postal address, email address and / or telephone number;

-In order to register for one of our contests or other types of promotional actions, you may need to provide us with your full name, postal address, email address and / or telephone number;

-To contact us using a contact form, you may need to provide us with your full name, email address and / or phone number;

-To create a user account to use our commercial tools or online applications (such as online stores, online appointment calendars, vehicle fleet management applications, budget requests, among others), you may be asked to provide us with your full name, address, phone number, email address, bank details, username and password, and your vehicle details (such as registration number, make, model, and registration date);

-To create a user account in social media tools (such as blogs, forums, discussion pages, among others), you may need to provide us with your username, email address and password;

-In order to use the tools mentioned above for certain purposes (for example, to place an order), the user may have to provide additional data, such as their postal address or information related to the order;

-In order to provide you with management services for Filters, accessories, tires and vehicles to which you have subscribed, we may request your consent as an interested party to collect data related to driving behavior and the geographic location of the driver, as part of the functions of the Services.

b) Data we obtain through the use you make of our Services

We seek to continually improve your experience when you visit our websites or interact with us in other ways.

During your interaction with us and your use of the Services, we may collect personal data. The personal data we collect may include, among others:

-Device information (for example, hardware model, operating system version, device identifiers or phone number);

-Registration information (for example, IP addresses, system activity, hardware settings, browser type and language and date and time of your request);

-Cookies (small text files that the browser installs through our website on your computer or the device you are using);

-Customer behavior on the website (for example, where you click, scroll through a page, mouse movements and track your session);

-In order to provide the Services to which you have subscribed, we may collect information about your devices; for example, information contained in HTTP headers (defined below) or other signals of Internet transfer protocols, the type of browser or device and the version of these, the operating system, the user agent strings and information about or derived the presence or use of applications on your mobile devices, the screen resolution and the selected language. We may also collect data on geographic location and driving behavior that is associated with the use of your devices.

I don't know

Please also see our Cookie Policy to find out all the details about the cookies and web beacons we use on our website, including aspects of their management, their specific purposes, the categories of data they allow to store and the periods of time during which they remain active.

I don't know

1. What do we do with your personal data?

All personal data that we collect about you is stored on a secure infrastructure and managed by us with the support of external providers, as described in section 5 of this Policy.

Depending on your use of the Services, we may collect and use your personal data for the following purposes:

• Register you as a user of the Services and provide the contracted Services;

• Ensure that the presentation of the content of the Services is the most appropriate for you and your device;

• Process your orders online; process and process claims and requests;

• Investigate and analyze the market, as well as the use that customers make of our products and services (for example, to analyze by sensors the data of their tires and their vehicle, ask their opinion about our products and services, or ask them to fill out a survey or a questionnaire);

• Use them as an aid to evaluate, correct and improve our products and services;

• Archive them internally;

• Carry out marketing activities, including those consisting of providing you with information that you have requested from us (see the next section on direct marketing.

• Organize contests, competitions and / or other promotional activities;

• Carry out personnel selection processes (if you have provided us with information in this regard); and, send you notifications about certain changes in our Services.

We will not collect personal data that is not relevant for the purposes indicated above or notified at the time of asking for your consent to the processing of your personal data, and we will not retain such data for a period of time longer than necessary to fulfill those purposes or, in your case, during the period of time agreed or determined by law.

I don't know

This means that we will retain personal data:

-Until you, as interested party, object to the processing of the data; This opposition option will be included in each communication, in the event that we process your personal data based on our legitimate interest in those cases in which said opposition is justified »for example, in direct marketing activities, if applicable»;

-Until the legitimate interest disappears, in the event that we process your personal data in order to ensure our legitimate interest in those cases in which the opposition is not justified (for example, to guarantee the execution of its possible obligations and avoid possible frauds);

-As long as there is a legal imperative in force, in case we treat your personal data by legal imperative;

-Until completing the service and / or the action requested by you or until you renounce said service or action, in the event that we process the data in relation to the services we provide and that there is no other purpose that justifies keeping said data;

-Until you withdraw your consent to the data processing, in the event that we depend exclusively on your consent to process your personal user data and there is no legal interest that requires you to retain such personal data (the option to withdraw consent is will include in each communication).

In any case, you will be informed that your personal data will be kept for the purpose in question (even if the applicable laws do not require your consent); if the processing of personal data is carried out due to a legal or contractual requirement, or a requirement necessary to be able to sign a contract; and if you are obliged to provide your personal data, as well as the possible consequences of not doing so.

In general, we will delete the personal data you provide us when it is no longer necessary to fulfill the purposes for which it was originally collected. However, we may be required by law to retain your personal data for a longer period of time.

1. Confidentiality and security of your personal data

The security of your data is very serious for us. We apply an appropriate level of security and, therefore, we have implemented reasonable physical, electronic and administrative procedures to guarantee the security of the information we collect and to avoid any accidental or illegal form of destruction, loss, alteration, unauthorized disclosure or access that may affect the personal data transmitted, preserved or processed in any other way.

Our information security policies and procedures closely follow the most widely accepted international standards, are periodically reviewed and updated as necessary to adapt to business needs, technological changes, and regulatory requirements.

I don't know

Access to your personal data is exclusively granted to those employees, service providers or subsidiary companies that need to know them for business purposes or to be able to carry out their work.

I don't know

Among other things, to optimize the security of your personal data:

-We use encryption techniques if appropriate;

I don't know

-We protect them with a password;

-We request contractual guarantees to third parties;

-We limit access to your personal data according to the “need to know” principle (for example, only those employees who need your personal data for the purposes described above will have permission to access them); and,

-We take all kinds of reasonable preventive measures to ensure that those of our employees and associates who have access to your personal data receive training on data protection requirements and treat your personal data exclusively in accordance with the provisions of this Policy and our obligations. privacy laws.

I don't know

If there is a leak of information that includes personal data, we will comply with all the requirements of the applicable laws regarding the notification of leaks of information.

I don't know

1. To whom do we communicate your personal data?

We will communicate your personal data exclusively for the purposes and to the third parties indicated below. Likewise, we will take the appropriate measures to guarantee that your personal data is processed, secured and transmitted in accordance with applicable laws.

a) Within the Croix Brand Group in Europe We are part of a multinational organization (hereinafter, the "Croix Group") formed by various companies present in Europe and abroad. Your personal data may be transmitted to one or more subsidiary companies of the Croix Group that have their headquarters within or outside Europe as necessary to process and retain your data, provide you with access to our services, meet your needs as a customer, make decisions about improvements in services and develop content, as well as for other purposes described in this Policy.

Everything indicated above will be strictly related to:

-Any type of service provided by one Croix Group company to another (under the corresponding data processing agreement); or,

-The fact that several entities of the Croix Group decide how to use your personal data (under the corresponding joint control agreement); or,

-The fact that another entity of the Croix Group becomes separately responsible for your data for a specific purpose (for example, if you have specifically consented to it).

I don't know

1. b) External service providers: When necessary, we will entrust other companies or individuals to carry out certain tasks that contribute to the provision of our services on our behalf and within the framework of the treatment agreements of For example, we may provide data to agents, contractors or partners for services related to data processing or to send you information that you have requested. We will only share or give access to such information to third-party service providers to the extent they need it to process the requests you make. They may not use this information for any other purpose and, in particular, for their own purposes or those of third parties. Our external service providers are bound by contract to respect the confidentiality of your personal data.

2. c) Transfer of companies: In relation to any reorganization, restructuring, merger or sale, or other type of transfer of assets together, “Transfer of companies”, we will transmit the information, including personal data, on a reasonable scale and in the measure of what is necessary for the Transfer of companies, provided that the receiving party agrees to respect their personal data in a manner consistent with the applicable laws on data protection

We will continue to guarantee the confidentiality of all personal data and will notify affected users of the situation before their personal data is subjected to a different privacy statement.

I don't know

1. d) Public bodies: We will only communicate your personal data to public bodies in those cases where the law requires it. For example, we will respond to requests from courts, law enforcement, regulatory agencies, and other public and government authorities, including authorities outside your country of residence.

2. e) Legal basis: We can also communicate your personal data in order to protect our legitimate interests, or if required or permitted by law or you give your explicit consent for the transmission of your personal data.

3. f) International transfers of personal data: In certain circumstances, it will also be necessary for us to transfer your personal data to countries that do not belong to the European Union or the European Economic Area (EEA) (hereinafter “Third countries”). Transfers to Third countries may affect all the data processing activities described in this Policy. This Policy will also apply if we transfer personal data to Third countries in which there is a level of data protection different from that of your country of residence.

4. Direct marketing:

While using our Services, you may be asked to indicate whether you wish to receive certain business information by phone, mobile messaging, email and / or postal mail. If you accept, you hereby agree that we may use your personal data to provide you with information about products, promotional activities and special offers, as well as any other type of information about our products and services.

If you wish, you can change your preferences regarding direct marketing at any time; For this, you can use the revocation option of the authorization that contains each direct marketing communication, contact us using the data included in section 12 of this Policy or, if appropriate, modify your account information.

I don't know

1. Rights of the user in relation to personal data:

As an interested party, you have specific legal rights in relation to the personal data that we collect from you. This applies to all treatment activities stipulated in this Policy. We will respect your individual rights and respond to your concerns appropriately.

I don't know

The following list contains information on your legal rights, which derive from the applicable laws on data protection:

A.-Right of rectification: you can ask us to rectify those personal data that concern you. We will use reasonable efforts to ensure that the data we maintain in our possession or under our control and is used consistently is accurate and relevant and is complete and up-to-date, based on the most recent data available to us.

When appropriate, we will have self-service portals on the Internet where users can review and rectify their personal data.

I don't know

B.- Right of limitation of the treatment: you can ask us to limit the treatment of your personal data if: o it refutes the accuracy of your personal data during the period we need to verify the accuracy of the same; or the treatment is illegal and requests the limitation of the treatment instead of the deletion of your personal data; or even if we no longer need your personal data, you need them to make, exercise or defend claims; Or, you oppose the treatment, until we verify if our legitimate reasons prevail over yours.

I don't know

C.-Right of access: you have the right to ask us for information about the personal data we have about you; for example, about the types of personal data that are in our possession or under our control, what they are being used for, where we have collected them (if you did not directly provide them to us) and to whom they have been communicated (if applicable).

I don't know

D.-Portability right: If you request it, we will transmit your personal data to another controller, when it is technically feasible, provided that said treatment is based on your consent or is necessary for the execution of a contract. Instead of receiving a copy of your personal data, you can request that we transmit it directly to another person designated by you.

I don't know

E.-Right of erasure ("forgetting"): you can ask us to delete your personal data if: o your personal data is no longer necessary in relation to the purposes for which it was collected or processed; or you have the right to oppose the further processing of your personal data (see the following paragraphs) and to execute said right of opposition to the treatment; or your personal data was unlawfully processed (unless the processing was strictly necessary); or it is necessary to fulfill a legal obligation and that requires such treatment on our part;

I don't know

F.-Right of opposition: you have the right to object at any time to the processing of your personal data for reasons related to your particular situation, provided that such processing is not based on your consent but on our legitimate interests or those of a third party. In that case, we will stop processing your personal data, unless we can prove legitimate and compelling reasons and legitimate interests for said treatment or the formulation, exercise or defense of claims. If you oppose the treatment, you must specify whether you want to delete your personal data or limit its treatment by us.

I don't know

G.-Right to claim: In case of an alleged infringement of applicable privacy laws, you can file a claim with the competent authority for data protection control in your country of residence or the place where the alleged infringement occurred.

I don't know

We will try to respond to your request within a maximum period of 45 days. However, this period could be extended due to specific reasons related to the legal right in question or the complexity of your request.

In certain situations, we may not be able to provide you access to all or part of your personal data for legal reasons. If we deny your request for access to data, we will notify you of the reason for the refusal.

I don't know

In some cases, we may not be able to clearly identify you based on your personal data due to the identifying information you provide in your request. In those cases in which we cannot identify you as interested, we will not be able to satisfy your request to execute your legal rights described in this section, unless you provide us with additional information that allows your identification.

To exercise your legal rights, send your request to info@croix.com.es

If you consider that the processing of your personal data impairs your legal rights, you have the right to file a claim with the data protection supervisory authority, and specifically with a competent body in the Member State where you usually reside, your workplace or the place where the alleged offense was committed.

I don't know

1. Links

Occasionally, our Services may include hyperlinks to websites that are not under our control. Although we will do our best to ensure that the hyperlinks contained on the website redirect you exclusively to websites that share our standards of security and confidentiality, we disclaim all responsibility for the protection or confidentiality of the data that you may provide in such websites. Before providing information on these websites, we recommend that you read their privacy policy and other privacy statements.

1. Minors

Persons under the age of 16 must not provide us with their personal data without the consent and supervision of one of their parents or guardians. Without such consent, we will not retain, process or transmit the data of minors to third parties. If we become aware that personal data of minors has been inadvertently collected, we will delete such data without any unjustified delay.

I don't know

1. Sensitive data

We will not process any kind of special categories of personal data related to you (hereinafter “Sensitive Data”). Sensitive data includes personal data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, union membership, genetic data, biometric data that allow the unique identification of a natural person, the state health or sexual life or sexual orientation of a natural person.

I don't know

1. Changes in this Policy

We reserve the right, at our discretion, to modify our privacy practices and update and make changes to this Policy at any time. For this reason, we recommend that you consult this Policy periodically.

This Policy is effective from the date of "last revision" indicated at the top of this page. We will treat your personal data in a manner consistent with the Policy in force at the time of collecting such data, unless we have your consent to treat it in another way.

I don't know

Croix Ibérica SLL - All rights reserved.