fbpx

Privacy Policy

Basic information about data protection

Responsible KPT, SL
Purpose Marketing agency: commercial services
Legitimation Explicit consent and legitimate interest
Recipient No information is disclosed to third parties, unless legally obliged to do so.
Rights Access, rectification, deletion and portability of their data, limitation and opposition to its processing, as well as not to be subject to decisions based solely on the automated processing of your information.

At KPT, SL we work to offer you the best possible experience through our services. In some cases, it is necessary to collect information to achieve this. We care about your privacy and we believe we should be open about it.

Therefore, and for the purposes of the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 2016 (hereinafter, “GDPR”) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and Act 34/2002, of 11 July, on Information Society Services and Electronic Commerce (hereinafter, “LSSI”), KPT, SL informs the user that, as data controller, it will incorporate the personal data provided by users in an automated file.

Our commitment starts by explaining the following to you:

  • Collection of data to improve the user experience, according to your interests and needs.
  • Transparency about what data we collect about you and why we collect it.
  • Aiming to provide the best possible experience. So when we use your personal information, we will always do so in compliance with the law, and where necessary, we will ask for your consent.
  • Understanding that your data belongs to you. Therefore, if you choose not to authorise us to process it, you can ask us to stop processing it.
  • Priority in guaranteeing your security and processing your data in accordance with European regulations.

If you would like more information about how we process your data, please see the different sections of the privacy policy below:

Who is the controller of your personal data?

Company Identity: KPT, SL
Registered office: Avda. Josep Tarradellas. 92. 08029. Barcelona
Email: privacy@otomatico.com

KPT, SL has designated a representative as the internal GDPR Manager within its organisation. If you wish to make an enquiry regarding the processing of your personal data, you can contact him by email at privacy@otomatico.com

What personal data do we collect?

The personal data that the user may provide:

  • Name and Surname
  • Phone number
  • ID / TAX ID NUMBER
  • Company name and trade name
  • Activity related to your activity
  • Bank details
  • Paypal account
  • Address and postal code
  • E-mail address.
  • Your location.
  • IATA accreditation
  • Comments about the service to be contracted and needs.

In some cases, it is mandatory to fill in the registration form to access and enjoy certain services offered on the website, in this case to be a user of the same; therefore, failure to provide the personal data requested or not accepting this data protection policy means the impossibility of subscribing and / or registering for our services.

Why and for what purpose do we process your data?

At KPT, SL we process the information provided to us by interested parties for the following purposes:

  • To manage and carry out the service contracted by the USER, its invoicing and payment.
  • Customer data may be used to carry out market research (statistical reports), which allow the products or services of KPT, SL to be expanded and improved. In any case, no personal data will be included in the statistical reports produced.
  • Manage the sending of information requested, as well as any other query you may have that is not subject to the conditions of the website or the contracting of the service.
  • To develop commercial actions and carry out the maintenance and management of the relationship with the user, as well as the management of the services offered through the website and information tasks and subsequent follow-up.
  • In some cases it will be necessary to provide information to authorities or third parties for auditing purposes, as well as to handle personal data from invoices, contracts and documents in order to respond to customer or government complaints.

We inform you that the personal data obtained as a result of your registration as a user will form part of the Register of Processing Activities and Operations, of which KPT, SL is the owner.

What is the legitimacy for the processing of your data?

The processing of your data may be based on the following legal bases:

  • Consent to the procurement of online services on the website via the contact form and thus to the execution of a contract at the request of the data subject (Section 6.1b) GDPR. For the execution of the corresponding service, the provision of the data is necessary, otherwise the requested services cannot be provided.
  • Processing of customer data for statistical reports (market research) based on the legitimate interest of the company, which is considered prevalent, insofar as no data other than that provided by users will be processed for the sole purpose of improving the services offered by the company. In addition, the statistical reports will not contain users’ personal data and will be anonymised.
  • In order to be able to respond to your request or query and to follow up after the service has been contracted. Providing the data is voluntary, although if you do not do so, we will not be able to respond to your request, query or complaint. Therefore, the communication of your personal data for these purposes is a necessary requirement for us to be able to deal with requests made in this way.
  • The prospective offer of solutions to customers is based on the satisfaction of the legitimate business interest consisting of being able to offer our customers the contracting of products or services and thus achieve their loyalty. In any case, the authorisation to process your data for this purpose is voluntary and your refusal would only result in the fact that you would not receive commercial offers of our products or services. However, we remind you that you have the right to oppose this processing of your data, and you may do so by any of the means described in this Policy.
  • For the processing of curricula vitae with the consent given by the candidate when sending it to participate in the company’s selection processes.
  • Legitimate interest for the processing of our customers’ data in direct marketing actions and the express consent of the interested party for all matters relating to automatic assessments and profiling.
  • Compliance with legal obligations for fraud prevention, communication with public authorities and third-party claims.

How long do we keep your data?

The processing of the data for the purposes described will be maintained for the time strictly necessary to fulfil the commercial relationship with the client, as well as to comply with the legal obligations arising from the processing of the data.

To which recipients is your data disclosed?

In some cases, only when necessary KPT, SL will provide user data to third parties. However, the data will never be sold to third parties. External service providers with whom KPT, SL works may use the data to provide the corresponding services, however, they will not use such information for their own purposes or for transfer to third parties.

KPT, SL endeavours to ensure the security of personal data when it is sent outside the company and ensures that third-party service providers respect confidentiality and have appropriate measures in place to protect personal data. These third parties are obliged to ensure that the information is processed in accordance with data privacy regulations and in accordance with the provisions of Art.28 RGPD and Art.32.

In some cases, personal data may be required by law to be disclosed to public bodies or other parties, only that which is strictly necessary for the fulfilment of such legal obligations will be disclosed.

Personal data obtained may also be shared with other group companies.

KPT, SL as a Data Processor

For more information, you should consult our Terms and Conditions.

In what cases may KPT, SL be obliged to access the data stored and used by the client within the framework of the services?

KPT, SL will only access this data under two circumstances:

• To guarantee the correct execution of the services and to improve customer service when the latter contacts KPT, SL support. In this case, access to customer data will be regulated by means of specific permissions and specific control and security measures.

• To comply with legal obligations within the framework of judicial and/or administrative requirements. These requirements are strictly regulated.

Access in the context of a request from a judicial or administrative authority:

In order to comply with the regulations in force, KPT, SL is obliged to respond to requests from judicial or administrative authorities. These requests for access to data are governed by a strict legal framework, and KPT, SL only authorises them once it has verified their validity and basis. Furthermore, provided that the request or the law does not prevent it, KPT, SL undertakes to inform the client of such a request as soon as possible. Requests from a third country will only be processed when they are based on an international agreement, such as a judicial cooperation treaty in force between the requesting country and the Union or a Member State.

Where is your data stored?

In general, data is stored within the EU. For data sent to third parties outside the EU, we will ensure that they guarantee an adequate level of protection by having Binding Corporate Rules (BCRs) in place. A list of these countries can be found on the European Commission’s website.

Thanks to the guarantees offered by KPT, SL in terms of data transfer, the client can comply with its regulatory obligations. Article 45 of the GDPR, which specifies the cases of “transfers based on an adequacy decision”, states that a transfer of personal data to a third country or international organisation may take place where the Commission has decided that the third country, a territory or one or more specified sectors within that third country, or the international organisation concerned, ensures an adequate level of protection. Such a transfer shall not require any specific authorisation.

Call recording

Calls may be recorded in order to be able to process your requests or answer your queries, as well as to assess and improve the answers provided by our agents and to analyse the decisions you make based on those answers.

Your data will be processed on the basis of the legitimate interest of the entity, this being prevalent due to the need to have tools to be able to assess and improve the quality of the answers we offer you and the decisions you make based on them. Also, to increase security and to have a means of accreditation of the services or products requested and those offered by us, being necessary for this purpose the recording of the calls.

The recording will be stored for a minimum period of 12 months, and in any case until your request has been processed or your query has been answered. In the event that new data is collected by telephone as a result of a complaint, contracting, change of product or service, etc., the recording will be kept as proof of the collection of the data for as long as any type of legal liability may arise by virtue of the relationship maintained. The information relating to the evaluation of the decisions taken by the users by virtue of the answers provided is kept for a period of 12 months.

Processing of personal contact data for commercial calls

Occasionally, KPT, SL processes professional contact data that it obtains from the Internet in order to contact you by e-mail, telephone (or video call) for the purpose of having business conversations.

In view of the above, such processing is based on the provisions of Sec. 6.1.f) of the GDPR (legitimate interest), given that, in any case, the following conditions are met:

a) The processing relates only to data necessary for the professional location of the data subject.

b) The purpose of the processing is to maintain relations of any kind with the legal entity in which the data subject provides his or her services.

The same presumption applies to the processing of data relating to sole proprietors and liberal professionals, where it relates to them solely in that capacity and is not processed for the purpose of establishing a relationship with them as natural persons.

In any case, data subjects may object to their processing at any of the contact addresses of KPT, SL, as it is not compulsory for the entity to carry out such processing. The data will be kept for the indicated purpose indefinitely, unless the interested party objects, in which case they will be deleted.

What rights do you have and how can you exercise them?

You can send your communications and exercise your rights by sending a request to the following e-mail address: privacy@otomatico.com

Under the provisions of the GDPR you can request:

  • Access right: you can request information about the personal data we store about you.
  • Rectification right: you can inform us of any change in your personal data.
  • Right to erasure and the right to be forgotten: you can request the deletion of personal data after it has been blocked.
  • Right of restriction of processing: this entails the restriction of the processing of personal data.
  • Right to object: you can withdraw your consent to the processing of the data by objecting to further processing.
  • Right to portability: in some cases, you can request a copy of the personal data in a structured, commonly used and machine-readable format for transmission to another data controller.
  • Right not to be subject to individualised decisions: you can ask not to be subject to decisions based solely on automated processing, including profiling, which produce legal effects or significantly affect the data subject.

In some cases, your request may be refused if you ask for the deletion of data necessary for compliance with legal obligations.

In addition, if you have a complaint about the processing of your data, you can submit a complaint to the data protection authority: www.aepd.es.

Who is responsible for the accuracy and veracity of the data provided?

The user is solely responsible for the veracity and correctness of the data included, exonerating KPT, SL from any liability in this regard. Users guarantee and are responsible, in any case, for the accuracy, validity and authenticity of the personal data provided, and undertake to keep them duly updated. The user agrees to provide complete and correct information in registration forms and other methods of communication to KPT, SL, who reserves the right to terminate the services contracted with users, in the event that the data provided is false, incomplete, inaccurate or not up to date.

KPT, SL is not responsible for the veracity of the information that is not of its own elaboration and of which another source is indicated, nor does it assume any responsibility for hypothetical damages that may arise from the use of such information.

KPT, SL reserves the right to update, modify or delete the information contained in its web pages and may even limit or deny access to such information. KPT, SL is exonerated from liability for any damage or harm that the user may suffer as a result of errors, defects or omissions in the information provided by KPT, SL, provided that it comes from outside sources.

What security measures do we implement to protect your personal data?

KPT, SL has adopted the legally required levels of security for the protection of Personal Data, and endeavours to install those other additional technical means and measures within its reach to prevent the loss, misuse, alteration, unauthorised access and theft of the Personal Data provided to KPT, SL.

KPT, SL is not liable for hypothetical damages or losses that may arise from interferences, omissions, interruptions, computer viruses, telephone breakdowns or disconnections in the operational functioning of this electronic system, caused by reasons beyond the control of KPT, SL of delays or blockages in the use of this electronic system caused by deficiencies or overloads of telephone lines or overloads in the Data Processing Centre, in the Internet system or in other electronic systems, as well as damage that may be caused by third parties through illegitimate intromissions beyond the control of KPT, SL. Nevertheless, the user must be aware that Internet security measures are not impregnable. Given that no online service can guarantee absolute security.

Links to other websites

The KPT, SL website may contain links to other websites. By clicking on one of these links and accessing an external website, the visit will be subject to the privacy policy of that website, and KPT, SL shall not be held responsible for its privacy policy. It shall only be liable for those redirections or links under the domain and ownership of the KPT, SL group of companies.

Can the privacy policy be modified?

We may change our Privacy Policy from time to time. Please check this page regularly for the current status. We will indicate the dates of the most recent revisions to this Privacy Policy at the bottom of this page; all revisions will be effective upon posting.