This "Privacy and Data Protection Policy" aims to inform users of the conditions governing the collection and processing of their personal data by Integral de Servicios de Eventos Málaga, S.L. (hereinafter, ISEM), in compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR), and with Organic Law 3/2018 of 5 December on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD).
We inform you about the purposes of the processing, the legal bases, the possible recipients and the rights you hold as the data subject. The use of our services, access to our website or the submission of any form implies that you have read and accepted this policy.
Basic information on data protection
- Controller: Integral de Servicios de Eventos Málaga, S.L.
- Purposes: Handling enquiries and contact with users; managing the commercial and contractual relationship with clients and suppliers of technical event services.
- Legal basis: Consent of the data subject (Art. 6.1.a GDPR), legitimate interest (Art. 6.1.f GDPR) and performance of the contractual relationship (Art. 6.1.b GDPR).
- Retention: For as long as necessary to handle the request and, in contractual relationships, for the duration of the relationship and the applicable legal periods.
- Recipients: No data is shared with third parties, except where required by law or technically necessary to provide the service.
- International transfers: No international transfers of personal data are carried out.
- Source: The data subject or their legal representative.
- Rights: Access, rectification, erasure, restriction, objection, portability, not being subject to automated decisions, withdrawal of consent and lodging a complaint with the AEPD.
1. Data controller
The Controller of the personal data collected through this website and the commercial relationships established is:
- Company name: Integral de Servicios de Eventos Málaga, S.L.
- Tax ID: B93449338
- Registered office: Málaga, España
- Email: info@isemsportsevents.com
- Website: www.isemsportsevents.com
2. Security measures
ISEM adopts the technical and organisational measures necessary to ensure the security, confidentiality, integrity and availability of the personal data processed, preventing its alteration, loss, unauthorised access or unlawful processing. These measures include:
- Ensuring the confidentiality, integrity, availability and resilience of processing systems.
- The ability to quickly restore the availability of and access to data in the event of a physical or technical incident.
- Regular verification and assessment of the effectiveness of the technical and organisational measures implemented.
- Pseudonymisation and encryption of data where required.
- Access to personal data restricted solely to authorised ISEM staff whose duties justify it.
3. Purpose of processing
Website management
The data provided through the contact form, by email or by telephone will be used exclusively to handle the enquiry raised and, where appropriate, to send information about ISEM services. Failure to provide the requested data will make it impossible to respond to your request.
Management of clients and suppliers
The data of individuals linked to client and supplier companies (representatives, commercial contacts, administrative contacts) is processed for the proper management of the contractual relationship: quoting, invoicing, operational coordination of sporting events and service follow-up.
Data retention
Data will be retained for the time strictly necessary for the purpose for which it was collected, and in any case for the periods established by the applicable regulations:
- Website management: for as long as necessary to handle the request, unless a legal obligation or legitimate interest requires a longer period.
- Client and supplier data: for the duration of the contractual relationship and, once it has ended, for the statutory limitation periods set out in tax (4 years) and commercial (6 years) regulations.
4. Legal basis for processing
The processing of personal data is based on the following legal grounds:
- Website management: Art. 6.1.a GDPR (consent of the data subject) and Art. 6.1.f GDPR (legitimate interest in handling enquiries).
- Management of clients and suppliers: Art. 6.1.b GDPR (performance of a contract or pre-contractual measures) and Art. 6.1.c GDPR (compliance with legal obligations in tax, employment and Social Security matters).
5. Recipients of the data
As a general rule, ISEM does not share personal data with third parties. However, it may be necessary to share it with the following recipients in order to comply with legal or contractual obligations:
- Tax Authority (AEAT): in compliance with tax obligations.
- General Treasury of the Social Security: in compliance with Social Security obligations.
- Banking institutions: for the management of payments and collections arising from the activity.
- Technology and web hosting providers: acting as data processors, with the appropriate contractual safeguards.
Under no circumstances will data be shared with third parties for commercial purposes without the express consent of the data subject.
6. International transfers
ISEM does not carry out international transfers of personal data outside the European Economic Area. Should any technology service provider carry out international transfers, these will be covered by the appropriate safeguards provided for in the GDPR (adequacy decisions, standard contractual clauses or other equivalent mechanisms).
7. Source and categories of data
The personal data processed comes from the data subject or their legal representative, through the following channels:
- Website contact form.
- Communications by email or telephone.
- Contracts, proposals and commercial documentation exchanged within the scope of ISEM activity.
The categories of data processed are:
- Identification data: full name, NIF/CIF, email, telephone, postal address.
- Economic and financial data: banking details necessary for invoicing and collection management.
- Professional data: position, company or organisation to which the data subject belongs.
ISEM does not process special categories of data (health data, ideology, racial origin, etc.) in the ordinary course of its activity.
8. Rights of data subjects
In accordance with current data protection regulations, data subjects may exercise the following rights, which are personal and non-transferable, upon proof of their identity:
- Access: to know which of your personal data ISEM processes.
- Rectification: to request the correction of inaccurate or incomplete data.
- Erasure ("right to be forgotten"): to request the deletion of your data when, among other cases, it is no longer necessary for the purpose for which it was collected.
- Restriction of processing: to request the suspension of processing in certain circumstances.
- Objection: to object to the processing of your data on grounds relating to your particular situation.
- Portability: to receive your data in a structured and commonly used format.
- Automated decisions: not to be subject to automated decisions or profiling with significant legal effects.
- Withdrawal of consent: to withdraw consent at any time, without affecting the lawfulness of prior processing.
- Complaint: to lodge a complaint with the Spanish Data Protection Agency (AEPD).
To exercise any of these rights, the data subject must contact ISEM in writing at the designated email address: info@isemsportsevents.com.
Likewise, if you consider that your data is not being processed in accordance with current regulations, you may lodge a complaint with the competent supervisory authority:
- Supervisory authority: Spanish Data Protection Agency (AEPD)
- Address: C/ Jorge Juan, 6. 28001 Madrid
- Phone: 900 293 183
- Website: https://www.aepd.es
9. Cookies
The ISEM website may use its own and third-party cookies for technical, analytical or personalisation purposes. Detailed information about the cookies used, their purpose and how to manage them can be found in our Cookie Policy, accessible from the footer of the website.
10. Consent and acceptance
The use of the ISEM website, the submission of contact forms or the signing of contracts with our company implies that you have read and accepted this Privacy Policy. Consent to the processing of data for information or contact purposes is given by ticking the box provided for that purpose in the relevant forms.
ISEM reserves the right to amend this policy to adapt it to legislative, case-law or business-practice developments. Significant changes will be communicated to users with due notice.