Start > Confidentiality and data protection policy

Confidentiality and data protection policy

Bitti Bebè S.L. (hereinafter the Entity) is committed to due diligence and compliance with data protection regulations.

The following is detailed information on the policy of personal confidentiality and protection of data in accordance with Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and the free circulation of such data (General Data Protection Regulation or GDPR) and Article 11 of Organic Law 3/2018, on the Protection of Personal Data and Guarantee of Digital Rights (LOPD GDD). .

Data from the Responsible for Treatment and Contact of the Responsible / Data Protection Delegate (RPD / DPD):

Identity: Bitti Bebé S.L.
Direction / P.C: Avenida Josep Tarradellas 155 Local, 08029 Barcelona
Phone: 93 419 73 19
E-mail: info@bitti.es
RPD / DPD contact data: protecciondatos@bitti.es
Channel: protecciondatos@bitti.es

Treatment purposes

The Entity will deal with the information provided to us by the data subjects for the following purposes:

Manage your attention, visit and meeting in our facilities.
Manage the provision and performance of contracted services and products.
Manage any kind of application, suggestion or request about our professional services that interested persons formulate to us.
Information and commercial communications: Processing your data in order to inform you about activities, articles of interest and general information related to our activity and contracted services/products.
Manage data provided by candidates for a job through the Curriculum vitae (CV) or other means for the purpose of selection and recruitment.
Ensuring the security of offices, facilities and people through access controls, video surveillance systems and other access control/identification systems.
Comply with the legal provisions that apply to the Entity and its activities in the fields of health, equality and prevention of occupational risks.
Manage and control the operation of the internal mechanisms, policies and protocols established by the Entity for the purposes of regulatory compliance and of managing the channels of denunciation for this purpose.
All treatments that result from our application for due compliance with official/sectoral regulations and requirements to which our activity is subject.

For the good purpose and development of their attention and management of the above purposes, the processing of their data for the purposes corresponding to the aforementioned will be carried out under the strictest compliance with the data protection regulations and the policy we are detailing. At any time, it will be able to exercise its rights (see specific section)..

Data retention criterias

Services management / products contracted with Entity: Personal data provided in contracts, offers and/or service proposals, as well as those of the other persons whose intervention is necessary, will be retained for as long as the contracted services are in force. At the end of the provision of the contracted service(s), personal data will be preserved in cases where responsibilities may be derived from the Entity and/or in compliance with other regulatory frameworks that apply to the Entity or a rule with the rank of law requiring the preservation of these. Personal data will be kept in such a way as to allow the identification and exercise of the rights of those concerned and, under the technical legal and organisational measures that are necessary to ensure the confidentiality and integrity of those data.
Management Curriculum vitae: The Entity, as a rule, retains its Curriculum vitae for the maximum period of one year; after this period, its destruction will proceed automatically, in accordance with the principle of quality of data.
Management of Work Contracts: Personal data will, in any case, be retained for as long as the employment relationship is in force and, at the end of the work relationship, in cases where responsibilities could be derived between the parties and when required by a rule of law.
Other: The rest of the data and information provided by the user by any means will be preserved for as long as necessary to fulfill the purpose for which they were collected.

Legitimation

The legal basis that enables the Entity to process the personal data of users, customers, potential customers under the following titles:

The consent of the persons concerned to the processing and management of any request for information or consultation on our services and products.
The framework for providing and/or hiring services / products with Entity.
The legitimate interest in sending it information, commercial and/or promotional communications related to the activity of the Entity and services/products contracted via email or any other medium.
The legitimate interest in ensuring the safety of offices, facilities and people.

Recipients

Data of a personal nature is not transferred to third parties, except legal provision.

Proceeding

Personal data is obtained directly from the data subjects and from our partners. The personal data categories that provide us with are as follows:

Identification data.
Postal or Electronic Addresses.
Data facilitated and/or consented by the interested parties concerned and required for the management and performance of the requested service / product.

Rights

Right of Access, Rectification and Delete: The data subjects have the right to obtain confirmation as to whether or not we are processing personal data concerning them in the Entity. The data subjects have the right to access their personal data, as well as to request the rectification of inaccurate data or to request its deletion when, among other reasons, the data is no longer necessary for the purposes that were collected.

Right to Limitation and Opposition: EIn certain circumstances, the data subjects will be able to request a restriction on the processing of their data, in which case we will only keep them for the exercise or defence of complaints. In certain circumstances, and for reasons related to their particular situation, the data subjects may object to the processing of their data. The Entity will stop processing the data in this case, except for compelling legitimate reasons, or for the exercise or defence of possible claims.

Right to revoke the consent provided: nterested persons have the right to withdraw their consent at any time, except in the case of personal data processing provided for in the Data Protection Regulation or necessary for the provision of the contracted service, which does not require such consent. However, this withdrawal does not have retroactive effects, so it will not affect the application of treatment based on prior consent.

These rights can be exercised on our Channel (see specific section).

Security and Control Measures

General
In compliance with data protection regulations, the Entity will process personal data by applying appropriate technical, legal, organisational and security measures, in order to guarantee the confidentiality and integrity of the information it manages in accordance with the provisions of the current regulations.

We welcome the fact that you are making known to the Data Protection Officer/Data Protection Officer through the contact/channel data established in this Privacy Policy any security risk, of which you have indications or knowledge, that may compromise the integrity and confidentiality of personal data and/or confidential information, in order to be able to take the necessary measures to prevent their unauthorised processing, loss, destruction or accidental damage.

Cybersecurity
As a specific concept and complementary to the above, the Entity applies cybersecurity measures to prevent and manage possible cybercrime attacks and frauds that infringe privacy and data protection that our Entity deals with and accesses within the scope of its activities and operations.

In this regard, we would like to warn against possible risk situations for communications whose content and/or format give rise to authenticity doubts, we recommend omitting these doubts and contacting the Data Protection Officer/Delegate through the contact details indicated in this Privacy Policy.

Likewise, any application that it receives from the origin of our Entity on changes in payment forms, request for data or contact persons or confidential (non-public) information, bank and/or credit card data and/or other official data, must not be attended without direct confirmation of our Entity by another alternative means. We thank you and we need you to cooperate in your communication and to denounce any notification of this type of application and other possible cyber-attack risk situations in which our Entity can be used, as well as any possible security risks that might be known.

Channel

The Entity has implemented a Canal, with the highest commitment, rigour and professionalism in terms of security, experience, independence and knowledge in the treatment of received communications.

The Canal, which includes use in the field of data protection, has been implemented through a web platform, developed and managed by independent external experts, to provide and guarantee our previous commitments.

Through the Channel, it will be able to communicate and process the exercise of its rights (see previous paragraph) and to communicate any indication or knowledge it has of possible violations (baptisms) of security, cyber attacks and/or possible breaches or irregularities on data protection regulations, this Entity Policy and all the aspects mentioned above on confidentiality and company secrets. The channel access data is detailed at the beginning of this Policy.

Controlled self

In case of divergences with the Entity in relation to the processing of its data, it is entitled to lodge a complaint with the corresponding Data Protection Control Authority. In Spain, this Authority is the Spanish Data Protection Agency (www.aepd.es).

Care and support

The interested parties will be able to communicate to the Entity any doubts about the processing of their personal data or interpretation of our Policy, by contacting the Data Protection Officer/DPO in the direction indicated at the beginning of this Policy.

Data retention criterio

The interested parties will be able to unsubscribe from these communications in the following email address: datos@bitti.es.

They can also be decommissioned from commercial communications, in the final text of the communications, by clicking 'decommission'.

The data will be kept for as long as is necessary to fulfil the previously described purposes relating to the contracted services. The data subjects' data are used until the commercial relationship contracted with bitti ends.

Receipt of Curriculums Vitae

In the event of your curriculum vitae being sent to us under the Personal Data Protection Act, we inform you that your personal data will be incorporated into our files, in order to have your curriculum for personnel selection processes if your professional profile meets our needs. As long as he does not expressly cancel his personal data on our files, we understand that he is still interested in being part of them for future selection processes. In order to keep our personal data files up to date, please let us know about any changes or modifications that occur in them.

FEATURED BRANDS

ALL BRANDS

FRIENDS / FAMILY ACCESS

BABY PARENTS LIST ACCESS

USERS ACCESS