Hereinafter, the term "Web" shall refer to the page, among the three previous ones, that the User is using at any given moment.
Who is responsible for the processing of your data?
The data controller of your personal data is the Data Controller, who will treat them in a fair, lawful, transparent and in accordance with the regulations in force on the protection of personal data. To contact the Data Controller, please use the following contact details:
What kind of data will we process, for what purpose and under what legitimacy?
First of all, please note that we will only process the personal data that you - as User - provide us with, which may correspond to one or more of the following categories: identification and contact data - name, surname, e-mail address, postal address and telephone number -, economic-financial data - account and/or bank card number -, as well as, if applicable, connection and navigation data.
So, if we go into detail, during your Web browsing, we will try to...
|...these categories of data...||...for these purposes...||...and based on...|
|I||Your identification and contact information, your economic-financial data.||Manage the contracting of those products or services that you have purchased through the Web.||The need to execute the contract that will bind us to you as soon as you expressly accept our general and specific terms and conditions.|
|III||Your e-mail address.||Send you information regarding services or products provided by GTM similar to those you have previously contracted.||Our legitimate interest in keeping you informed of similar products or services that, given your purchase history with us, we believe may be of interest to you.|
How long will we keep your data?
In accordance with the purposes described in the previous section...
|I||For a period of three (3) years from the end of our contractual relationship with you.|
|II||For a period of two (2) years after your inquiry or request for information has been fully processed.|
|III||Two (2) years from the end of our contractual relationship with you.|
After the end of the retention periods indicated, we may need to keep some of your personal data for the period for which legal liabilities may arise, as well as for the formulation of possible claims or the exercise of our defense. In these cases, we will block and/or encrypt your data appropriately so that it cannot be accessed except under these circumstances, and we will keep it only for the following legal periods:
|Purpose||Blocking or encryption time|
|I||Three (3) years from the end of the conservation period, in compliance with commercial regulations.|
|II||One (1) year from the end of the retention period, in compliance with e-commerce and data protection regulations.|
With whom will we share your personal information?
Unless we are legally obliged to do so, we will not pass on - i.e., we will not give, send or provide -your personal data to anyone else. However, our "processors" - for example, our logistics and IT service providers - may need access to your personal data in order to provide their services to us; in such cases, they will do so only on our instructions and under our responsibility. In addition, our processors will preferably be located in the European Union. However, it may sometimes be necessary to have processors located in countries outside the European Union - for example, cloud storage or office automation services - for which the European Commission does not yet consider that they offer a level of protection equivalent to that of EU countries; in such cases, we will take all appropriate steps to carry out such transfers in a secure and law-abiding manner. For further information, please write to us at our e-mail address.
How will we protect your personal data?
We are committed to your privacy, so we keep our information systems under continuous monitoring, control and evaluation, according to international standards, and we have adopted all the necessary technical and organizational measures to ensure the security and integrity of your personal data, as well as to prevent its loss, alteration and/or access by unauthorized third parties.
Whenever we process your personal data, you will have a series of rights recognized by current legislation. You can exercise these rights -access, rectification, deletion, opposition, portability and/or limitation of processing- under the terms established in the regulations -the General Data Protection Regulation 2016/679 and the Organic Law on Data Protection and Guarantee of Digital Rights 3/2018. Likewise, you may withdraw your consent for those purposes for which you have given it, without affecting the lawfulness of the processing in question. You can exercise your rights free of charge by any of the following methods:
Regardless of the method chosen, the request must include name and surname of the User concerned, as well as address for notification purposes, copy of ID card or passport and petition on which the request is based; in the event that the User acts by means of representation, he/she must prove such representation in a reliable manner.
In any case, if you consider that your data protection rights have been violated and/or you understand that GTM does not comply with its privacy obligations, you may file a complaint with the Spanish Data Protection Agency (www.aepd.es).