POLICY
PRIVACY
I. DATA CONTROLLER
Who is responsible for your data?
- Owner: PILMA DISSENY, S.A.U. (hereinafter, “PILMA DISSENY”)
- CIF: A-59396861
- Registered office: Carrer València, 20, 08015, Barcelona (Spain).
- Public register: Registered in the Mercantile Register of Barcelona, volume 20321, folio 87, page number 4671, Inc.1ª.
- Telephone: +34 93 226 20 69
Data Protection Officer (hereinafter, “DPO”):
E-mail: privacidad@pilma.com
Telephone: +34 93 226 20 69
II. LEGITIMACY, PURPOSE OF DATA PROCESSING AND CATEGORIES OF DATA PROCESSED
What gives us the right to use your personal data?
- In fulfilment of a contractual or commercial relationship.
For example: We need your identification or bank details to issue legally established commercial documents, process payments, deliver your purchases or handle complaints. - When you give us your consent.
For example: To register as a user on our website or newsletter. - For the legitimate interest of PILMA DISSENYTo improve the service of its applications and processes, to introduce you to services, products and initiatives that may be of interest to you.
For example: To handle your requests, complaints or suggestions. Or to analyse user behaviour in order to improve our platforms and services.
- Compliance with legal obligations:
For example: Laws regulating consumption, accounting, taxation, payments, security and advertising, among others. We also use this data to verify compliance with contractual obligations.
We remind you that you can revoke your consent at any time (even if this may make the service impossible) at the following address: privacidad@pilma.com
What categories of data do we process?
Depending on the purpose, PILMA DISSENY processes the following categories of data:
- Identification and professional contact details: Name, surname, NIF, postal address, email address, image, postcode, telephone number.
Necessary to deliver products or services and follow-up on the transaction. - Invoicing and payment data: Necessary to issue commercial documents, manage payments or finance your purchases.
- User identification codes To speed up your access to our platforms, maximise the functionalities we can offer you and guarantee their proper use and operation.
- Traffic and location data (IPs). Primarily to ensure the proper functioning of the platforms and optimise the study of purchase profiles.
- Electronic communications metadata. This is anonymised data that facilitates statistical analysis of our communications.
- Commercial data, such as purchase history, to better monitor our commercial policies and make it easier for you to follow up or offer you recommendations according to your preferences.
- Academic and professional data: Necessary for selection processes.
- Images: Necessary to implement our security policy at our facilities and in accordance with applicable legislation. It will be indicated in all our establishments.
- Others: For specific purposes, for which we will request your prior consent through different forms. You will have the right to revoke your consent at any time. Such as the occasional insertion of images in our advertising or catalogues.
For what purpose and for how long will we process your personal data?
PILMA DISSENY will process the user’s data manually and/or automatically for as long as they are necessary for its purpose, you do not revoke your prior consent, or they do not have to be kept by law.
We process your personal information to operate, provide and improve the services we offer to our customers. These purposes include:
- Managing your registration as a user on the online platforms for which PILMA DISSENY is responsible for the processing (hereinafter, the “Platforms”). However, in all cases, the user must verify and validate their registration on the Platforms by consenting to enter their username and password. And keeping your credentials safe and secure.
- Purchase, delivery and management of products or services. We use your personal information to accept and manage orders through establishments or online shops. As well as to issue paper or electronic commercial documents, deliver products and services, process payments etc. We also need it to communicate with you about your orders, products, services, returns and promotional offers.
- Managing promotions involving subscription to a customer loyalty programme. (VIP customers, PRO customers, among others). To inform you of their advantages, identify you as a subscriber and access your purchase history, which entitles you to certain benefits.
- To send communications (by e-mail, post and/or SMS) of interest and news related to our projects, unless otherwise indicated or unless the user objects.
- To send commercial and/or promotional information, as well as valuation surveys related to the sector of the products and services contracted, unless otherwise indicated or unless the user objects.
- Recommendations and personalisation. We use your personal information to analyse and recommend features, products and services that may be of interest to you, identify your preferences and personalise your experience. Anonymised statistical reports are compiled on interactions with sites, content or services in order to display advertisements based on features, products and services that may be of interest to you. Unless otherwise indicated or unless you object or revoke your consent.
- Providing, troubleshooting and improving services. We use your personal information to provide functionality, analyse performance, fix bugs and improve the usability and effectiveness of the services.
- Use of the Wifi Network: This service is provided by an external provider contracted by Pilma to fully manage the wifi service. Therefore, the data is provided on the basis of the contractual relationship generated when logging in.
- Selection processes: If you send us your CV or register for the different job offers we may publish, we will process your data to assess and manage your application. Unless otherwise indicated, the provision of the required data is necessary, and, therefore, failure to provide it will prevent the continuity of the selection process.
- To comply with legal, tax and accounting obligations: In some cases, we collect, store and use your personal information to comply with laws, including tax, accounting and consumer law. We also use this data to verify compliance with contractual obligations.
- Managing VAT refunds for purchases by non-resident tourists in the European Community.
III. HOW DO WE COLLECT THE INFORMATION?
INFORMATION PROVIDED BY YOU.
We collect the personal information you provide us via some of the PILMA DISSENY websites, by email, mobile phone, when you contract a service or fill in a form, etc. At the time of collection, you will be informed of the data controller, the purpose of the processing and how to exercise the rights granted by the current legislation on data protection, in a concise manner or indicating where you can consult the information.
You may provide us with information when you contact our customer service, place an order, register on our websites, update your preferences and account information, fill out a questionnaire, participate in a loyalty or financing programme, etc. For example:
Creating your account
- Data: Name, surname, e-mail address, telephone number and date of birth.
- Purpose and legitimisation: Creation of a user account legitimised by your consent when creating the account and, in the case of user registration within the framework of an order, the contractual relationship would also apply.
- Data source: registration form
- Recipients: PILMA DISSENY
Creating a customer file
Data: Name, surname, e-mail, telephone, payment details, delivery details.
Purpose and legitimacy: Managing the commercial relationship. To issue documents, manage payments and deliveries.
Origin of the data: Registration form.
Recipients: PILMA DISSENY.
Newsletter and other commercial information
- Data: E-mail address or telephone number.
- Purpose and legitimisation:Sending commercial information or information of interest via email, SMS, or other applications, legitimised with your consent.
- Origin of the data:Website forms
- Recipients: PILMA DISSENY
Interior design service
- Data: Name, surname, e-mail, telephone and address.
- Purpose and legitimisation: To manage the interior design service legitimised by the contractual relationship.
- Data source: Form.
- Recipients: PILMA DISSENY.
Customer service: When you ask us for assistance, you provide us with contact details so that we can help you.
INFORMATION WE COLLECT FROM YOUR VISITS TO OUR WEBSITES
We collect and store limited, anonymised personal information to create anonymous aggregate statistics on all users who visit our websites, whether you actively provide us with this information or simply browse our websites. The information we collect includes the Internet protocol (IP) address of the device you are using, the browser software you are using, your operating system, the date and time of access, the Internet address of the website through which you accessed our websites and also information about how you use our websites.
We use this information to understand how long our websites take to load, how they are used, the number of visits to the different sections and the type of information that most attracts visitors. It also helps to identify if the website is working correctly and, if we detect faults or errors in the operation, to solve them and improve our websites’ performance to offer a better service to all users.
This information is collected through cookies. For more information please consult the cookie policy that can be found on each of the PILMA DISSENY websites.
PUBLICLY ACCESSIBLE DATA ON SOCIAL MEDIA
The information we collect through social media sometimes includes personal information available online and to the public. We always ensure that all information we use is either correctly attributed to its source or anonymised.
These social networks are likely to have their own privacy policies, which will explain how they use and share your personal information.
IV. WHO CAN ACCESS YOUR DATA, AND HOW DO WE ENSURE ITS PROTECTION?
PILMA DISSENY S.A.U. will only transfer your data in those cases where it is necessary for the provision of the service, it is legitimated or when there is a legal obligation to do so.
In the case of social networks, due to the very nature of the service, all information and content published by the user will be communicated and shared with the other users who consult this social network.
PILMA DISSENY ensures that its entire ecosystem necessary to provide its services (employees, collaborators, suppliers) uses your data securely. To this end, we use the technical, contractual and organisational safeguards necessary for its proper handling.
To protect the different types of data contained in the files for which it is responsible, as per this privacy policy, PILMA DISSENY will implement the necessary technical, organisational and procedural security measures to prevent its loss, manipulation, dissemination or alteration. These measures include:
- Data queries by authorised personnel and the management of business transactions are carried out in a secure server environment under SSL (Secure Socket Layer) protocol, and all communications with any device are encrypted with 128-bit encryption, which offers the highest level of protection for communications. They are accessed and processed in a secure virtual desktop platform environment from our own servers and protected by encryption protocols. This digital environment is only accessible with a personalised username and password. User profiles are established with different levels of access to personal data according to user roles.
- Encryption of the information on PILMA DISSENY’s own servers.
- Other measures (such as backups, security updates, etc.) that prevent access to user data by third parties and ensure its loss, manipulation, dissemination or alteration. All our documents and files are secure.
- Prevention of unauthorised access to personal data: avoiding unattended screens, documents in public access areas, etc. Unattended workstations must be locked or have their sessions closed.
- Paper documents and electronic media will be stored in a secure place (cupboards, drawers or restricted-access rooms). Documents or electronic media containing personal data will not be disposed of without ensuring their destruction.
- PILMA DISSENY has an online trust seal. The seal audits and certifies a trusted third party and ensures it meets the highest standards of security for operating and buying through its online platforms.
Your data will primarily be used by:
PILMA Group companies
PILMA DISSENY may share your data with other companies in the Pilma group when necessary for the management of the contracted services. And always with the same standards of confidentiality and technical/organisational measures. The co-responsibility, secure usage, and the purpose for which the data was collected are regulated by contract.
When we obtain your data for the aforementioned purposes, it enters our secure server and is included in files under the responsibility of PILMA DISSENY S.A.U. PILMA TRAVEL S.L.U., PILMA LLAR S.L.U. and PILOBAR ASSOCIATS S.L. may be jointly responsible for the processing, in order to provide you with the contracted service for legitimate management reasons.
Our service providers or partners:
In order to provide our services, we rely on a network of suppliers. For example, carriers who deliver your purchases, interior designers who advise you and credit entities who offer to finance your purchases or manage your payments.
Our cooperation contracts with all our providers and partners include data protection standards that are at least as rigorous as ours and always in accordance with legal standards.
The processing will be carried out on the basis of the execution of the contract itself. In this sense, the processing of data carried out by suppliers shall not be considered a transfer or communication of data, except in the cases established by law.
We also rely on technology providers to maintain and optimise our networks, platforms and systems, and auditing services for compliance with legal obligations.
In all cases, PILMA DISSENY assumes responsibility for the personal information you provide to us, and we ask the companies with whom we share your personal information to apply the same level of information protection as we do.
Necessary partners: Banking institutions, payment platforms, insurance, security.
We only work with reliable and trustworthy partners who apply data protection standards that are at least as rigorous as ours and always in accordance with legal standards.
Third parties by legal imperative: Principally public administrations.
V. DO WE TRANSFER YOUR DATA TO THIRD PARTIES FOR MARKETING PURPOSES?
We will not pass your details to third parties for commercial purposes, we will only send you commercial information about our products and services. We may offer you discounts and benefits with companies with which PILMA DISSENY has reached commercial agreements, but we will not give them your data. We will only send you information about their products or services if they have offered us relevant benefits.
VI. INTERNATIONAL TRANSFER
The personal information collected resides primarily in Spain.
For service efficiency we occasionally rely on technology service providers located in territories outside the European Economic Area, which involves the international transfer of non-sensitive data. We only contract services from providers with data protection policies that meet the European standard. We primarily use Google Analytics and Facebook Ads to analyse the use of our website. It is possible that their servers are hosted outside of Europe, but they have extensive security measures comparable to European standards.
For more information, please see our cookie policy.
VII. LINKS TO THIRD-PARTY WEBSITES
PILMA DISSENY does not provide links to third-party websites. Should we provide links to websites that are not operated or controlled by PILMA DISSENY, we inform you that we have no control over those websites, are not responsible for their content, and that they have their own privacy policies. PILMA DISSENY, however, only cooperates with trusted third parties.
VIII. HOW LONG DO WE STORE YOUR PERSONAL INFORMATION?
We only store your personal information for as long as we need it for the purpose for which it was collected, and in accordance with the legal basis for processing under the applicable law. Or for as long as there is no legal obligation to keep it (for example, for tax and accounting purposes). We will keep your personal information for as long as we have a contractual and/or business relationship with you or until you exercise your right to erase and/or restrict the processing of your data.
In these cases, we will keep the information duly blocked, without making any use of it, for as long as it may be necessary for the exercise or defence of claims, or as long as any type of judicial, legal or contractual liability that may arise from its processing must be attended to, necessitating its recovery.
IX. WHAT RIGHTS DO YOU HAVE IN RELATION TO YOUR PERSONAL DATA?
At any time and free of charge, you may exercise the following rights to:
- Revoke consents granted.
- Obtain confirmation as to whether PILMA DISSENY is processing your personal data or not.
- Access your personal data.
- Rectify inaccurate or incomplete data.
- Request the deletion of your data when, among other reasons, the data is no longer necessary for the purposes for which it was collected.
- Obtain from PILMA DISSENY the limitation of data processing when any of the conditions provided for in the data protection regulations are met.
- In certain circumstances and on grounds relating to their particular situation concerning the processing of their data, data subjects may object to the processing of their data. PILMA DISSENY will cease to process the data unless there are compelling legitimate reasons to do so or it is necessary for the exercise or defence of possible claims.
- Obtain human intervention, express a point of view and to challenge automated decisions taken by PILMA DISSENY, where appropriate.
- Request the portability of your data.
- File a complaint with the Spanish Data Protection Agency (www.agpd.es) when the data subject considers that PILMA DISSENY has infringed the rights recognised by the applicable data protection regulations.
To do so, please send a letter with proof of identity to the following address: C/ Valencia 20, 08015, Barcelona or send an e-mail to privacidad@pilma.com.