This Privacy Policy has been developed in accordance with the provisions of Organic Law 3/2018 of December 5, on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD), and Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 (GDPR), regarding the protection of natural persons with regard to the processing of personal data and the free movement of such data.
Its purpose is to inform data subjects about how their personal data is processed, including the purposes of such processing, the contact details to exercise their rights, the retention periods for their data, and the applicable security measures.
2. Data Controller
Entity: ACTIVA NORTE GESTIÓN INMOBILIARIA, S.L.
Postal Address: Carretera General Santander-Oviedo S/N, 39500 Cabezón de la Sal, Cantabria
Email Address: info@activanorte.com
ACTIVA NORTE GESTIÓN INMOBILIARIA, S.L. is the Data Controller for the personal data collected and processed through this website.
3. Data Processing
The personal data collected will be limited to that which is strictly necessary to identify and respond to the request made by the data subject. Data is collected for specific, explicit, and legitimate purposes and will not be further processed in a manner incompatible with those purposes.
The data collected will always be appropriate, relevant, and not excessive in relation to the purpose for which they are collected and will be kept up to date where necessary. before collecting data.
Purposes of Processing
The specific purposes for which each data processing operation is carried out are detailed in the informative clauses provided in each data collection method (web forms, paper forms, recorded messages, notices, and information banners).
However, the personal data of the data subject will be processed solely for the purpose of providing an effective response and fulfilling the user’s requests, as specified next to the option, service, form, or data collection system used.
Legal Basis
As a general rule, before processing personal data, the Data Controller obtains the data subject’s express and unequivocal consent, through informed consent clauses included in the various data collection systems.
However, where consent is not required, the legal basis for processing shall be the existence of a specific law or regulation that authorizes or mandates the processing of the data subject’s information.
Recipients
As a general rule, the Data Controller does not disclose or transfer personal data to third parties, except where legally required. If such disclosures or transfers are necessary, they will be communicated to the data subject through informed consent clauses included in the respective data collection mechanisms.
Source of Data
As a general rule, personal data is always collected directly from the data subject. However, in certain exceptions, data may be collected from third parties, entities, or services other than the data subject. In such cases, the data subject will be informed via the informed consent clauses included in the different data collection mechanisms, within a reasonable time and no later than one month after the data has been obtained.
Data Retention Periods
The information collected from the data subject will be retained for as long as necessary to fulfill the purpose for which it was collected. Once this purpose has been fulfilled, the data will be deleted. This deletion will lead to the blocking of the data, which will then be available only to Public Administrations, Judges, and Courts, for the purpose of addressing any potential liabilities arising from the processing, and only for the timeframes established by law. After these timeframes have elapsed, the data will be permanently destroyed.
For informational purposes, the legal retention periods for various types of documentation are listed below:
| Document Type | Retention Period | Legal Reference |
|---|---|---|
| Employment or Social Security documentation | 4 years | Article 21, Royal Legislative Decree 5/2000 |
| Accounting and tax documentation (for commercial use) | 6 years | Article 30, Spanish Commercial Code |
| Accounting and tax documentation (for tax purposes) | 4 years | Articles 66–70, Spanish General Tax Law |
| Access control to buildings | 1 month | AEPD Instruction 1/1996 |
| Video surveillance footage | 1 month | AEPD Instruction 1/2006 and Organic Law 4/1997 |
| Job applicants’ CVs | Until the end of the initial selection process for non-selected candidates. CVs held in the job pool may be retained for a maximum of 2 years unless updated. | — |
Browsing Data
Regarding browsing data that may be processed through the website, if such data falls under applicable regulations, please consult our Cookies Policy available on the website.
Rights of Data Subjects
Under applicable data protection laws, individuals whose data is processed (website users or users of the Data Controller’s social media profiles) have the following rights:
-
Right of access to their personal data
-
Right to rectification of inaccurate or incomplete data
-
Right to erasure (right to be forgotten)
-
Right to restriction of processing
-
Right to data portability
-
Right to object to data processing
-
Right to withdraw consent at any time
-
Right to lodge a complaint with a supervisory authority
You may exercise these rights by contacting the Data Controller at info@activanorte.com, indicating the specific right you wish to exercise in the subject line.
The Data Controller will process your request as soon as possible, in accordance with the deadlines set out in the applicable data protection regulations.
Security Measures
The security measures implemented by the Data Controller are those required under Article 32 of the GDPR. Taking into account the state of the art, the costs of implementation, the nature, scope, context, and purposes of the processing, as well as the risks of varying likelihood and severity to the rights and freedoms of natural persons, the Data Controller has established appropriate technical and organizational measures to ensure a level of security appropriate to the risk.
In any case, the Data Controller has implemented sufficient mechanisms to:
(Nota: Aquí el texto original se corta. Si deseas que complete esta sección, por favor indícame qué medidas deseas incluir, como control de acceso, cifrado, copias de seguridad, etc.)
