The personal data processing carried out through the Navantia S.A. SM.E website (hereinafter, Navantia) is regulated in accordance with European data protection regulations – Regulation (EU) 2016/679, General Data Protection Regulation (GDPR), Basic Law 3/2018 of 5th December, on Personal Data Protection and the Guarantee of Digital Rights, and other applicable regulations on data protection, in order to guarantee the fundamental data protection rights of users as data subjects.
2. Data Controller
The data controller of the data processed in this website is Navantia S.A. S.M.E. assigned VAT No.: A84076397, with registered address at C/Velázquez 132 – 28006, Madrid and contact telephone number 913358400.
We also inform you that Navantia has appointed a Data Protection Officer, who you may contact through the Data Protection Officer section of this website.
3. Compiled personal data and right to information
Navantia compiles personal data in order to access and provide you with some of the services available on our website. Some of the data is provided directly, for example when you fill in an application form, whereas other data is obtained indirectly through technology such as cookies.
Whenever data is collected through a form (on-line or via a downloadable form) or other communication channels on the website, the data subject will be informed in accordance with the provisions on data protection regulations.
The methods Navantia uses to collect and subsequently process personal data are as follows:
- Forms: Navantia compiles personal data through forms so that you can access and we can provide you with the different services provided through our website. The information on processing of personal data by the data controller is compiled and submitted through the forms.
- E-mail: The e-mail addresses established on Navantia’s website will be considered possible means for personal data collection. The information on processing by the data controller of personal data compiled by e-mail is available in the section Duty of Disclosure
The data requested on the forms provided on the website are mandatory in general (unless the field states otherwise) in order to comply with the established purposes. When using other means to send data to Navantia, the data subject must only provide the information that is necessary for the specific case.
In this sense, users accept the possible responsibilities stemming from providing excessive or unsuitable data that they voluntarily decide to send Navantia through the established data compilation methods. Moreover, they are responsible for providing truthful, accurate information in regard to the personal details they submit. In the event of there being changes to users’ details, these changes must be reported to Navantia so that we can keep our data up-to-date.
4. Restriction of processing
Navantia does not authorize people under 14 years old to submit their personal data through the means provided on this website (filling in website forms for requesting services, contact or by e-mail). Therefore, people who provide their personal details using those means formally state that they are over 14 years old, and consequently Navantia is exempt from any liability concerning any breaches of this requirement.
In any cases where the services Navantia offers are for people under 14 years old, means will be deployed to obtain authorization from the minor’s parents or legal tutors.
5. Data transfers
It is not expected to transfer any data to third parties or to third party countries or international organizations, except in compliance with a legal obligation or on request by a public organization, courts or tribunals.
6. Conservation period
Navantia shall keep your personal details for the time required and necessary for each processing purpose. This does not affect data subjects’ rights to revoke consent at any time. This period of time will usually be in order to comply with a legal obligation depending on the type of processing, or to deal with any claims that may be filed by data subjects.
7. Security measures
Navantia implements suitable security measures in accordance with the provisions established in data protection regulations in order to guarantee the fundamental rights on data protection of the users of our website. To achieve this, we implement the technical and organizational measures necessary to avoid any loss, misuse, alteration, unauthorized access or theft of the personal data that are provided, bearing in mind the state of the art in regard to technology, the nature of the data and the risks the data are exposed to.
8. Register of Processing Activities
The updated list of processing activities that Navantia carries out is available in the Processing Activities Register (PAR) available on this website.
The rights pertaining to data subjects are as follows:
- To obtain confirmation about whether Navantia is processing their personal data.
- To access their personal data, and to request rectification of any incorrect data, or request erasure thereof when, among other reasons, the data are not required for the purposes they were compiled.
To request under certain circumstances:
- Restricted processing of their data, in which case they will only be kept by Navantia for exercising or defending against claims.
- Object to the processing of their data, in which case Navantia will stop processing their details, unless it is specifically required to for exercising or defending against claims. Including data processing for automated, individual decision-making.
- Portability of data so that they are provided to the data subject or another data controller, in a standard, structured manner suitable for machine reading.
Likewise, when data processing is based on consent, data subjects may withdraw their consent under the terms and conditions established in current data protection regulations.
The procedure and forms for exercising the above rights are available at Rights
Data subjects may exercise their rights before Navantia by writing to: C/Velázquez, 132, – 28006 Madrid, with the subject matter: Ref. Data Protection or by e-mail at: firstname.lastname@example.org
In the event of any breach of personal data protection rights, particularly if data subjects have not been able to satisfactorily exercise their rights, they may submit claims to the competent Data Protection Controlling Authority, which is the Spanish Data Protection Agency – Address: C/ Jorge Juan, 6 – 28001 MADRID (Madrid) – On-line service: sedeagpd.gob.es. Nevertheless, data subjects should initially submit claims to Navantia’s Data Protection Officer.