PRIVACY POLICY

In compliance with the principles of lawfulness and transparency and with the aim of providing the information to the interested parties set out in Articles 13 and 14, we inform you of the characteristics of the personal data processing carried out under the responsibility of REGEN GOLF AND HEALTH S.L.(NIF B56154669 ): 

Processing: (I) Web queries. (II) Commercial management. (III) Customer master data. (IV) User account management. (V) Electronic contracting. (VI) Web mail registration. (VII) Security incident management. (VIII) Information system user management. (IX) Administrative management. (X) Accounting and tax management (XI) Human resources management (XII) Video surveillance (XIII) Attention to the exercise of rights. (XIV) Execution of the provision of services to customers.

Purpose: (I) Response to applications received through the website. (II) Preparation and monitoring of service proposals. (III) Registration of customers for accounting and treasury control. (IV) Creation, modification and management of passwords and users of the electronic account available to customers on the website, from which they can access their personal data, access invoices, manage services. (V) Registration and recharging of Voice IP services. (VI) Registration of webmail. (VII) Management of security incidents and vulnerabilities and, where appropriate, notification of affected parties and the supervisory authority of security breaches that may affect the rights and freedoms of affected parties. (VIII) Management of authorisations and passwords for information system users. (IX) Administrative management covering collections and payments and relations with suppliers. (X) Preparation of official accounts and calculation, submission and settlement of taxes, preparation of business documents such as balance sheets and reports. (XI) Personnel selection, training, preparation and dispatch of payroll and other documents necessary for the employment relationship. (XII) Controlling access to facilities through a camera system. (XIII) Assistance with requests to exercise personal data rights. (XIV) Provision of: telecommunications, management and control of computer systems and telematics infrastructure and other computer or telecommunications services.

Standing: (I), (III), (VIII), (IX) and (XII) Legitimate interest. (II) and (XI) Application of pre-contractual measures. (IV) Consent of the data subject. (V), (VI), (XI) and (XIV) Provision of services or performance of a contract. (X) Legal obligations of Law 58/2003 of 17 December on General Taxation and the Royal Decree of 24 July 1889, Civil Code. (VII) and (XIII) Compliance with legal obligations.

Retention period: (I) The period necessary for the fulfilment of the request, as well as for the duration of any liabilities arising therefrom. (II) The period of validity of the proposal. (III) and (V) The period necessary for the fulfilment of this purpose, as well as for the duration of any liabilities that may arise therefrom. (IV) and (VI) Until the deletion of the account by the person concerned or the termination of the contract or service, as well as the liabilities that may arise therefrom. (VII), (VIII), (IX), (XIII) and (XIV) The period necessary for the fulfilment of any purpose, as well as for the duration of any liabilities that may arise therefrom. (X) Six years for business purposes and the period necessary to meet the liabilities arising therefrom. (IX) Duration of employment contract and the period necessary to meet liabilities arising from the provision of labour. (XII) Two months, unless liabilities can be derived from the recorded images.

Addressees: (V) Paypal (VII) and (XIII) Spanish Data Protection Agency.

International transfer and guarantees: (V) Paypal.

Exercise of rights: You may exercise your right of access, rectification, cancellation, portability, restriction and objection to processing, under the terms and conditions laid down by the data protection legislation Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data, by sending an email to the following address: INFO@REGENGHGROUP.COM, or by sending a written request to REGEN GOLF AND HEALTH S.L.  c/e los cardones s/n, complejo the palms – Golf del sur –  San Miguel de Abona – Tenerife – Spain, indicating in each case the reference “Data Protection” and accompanying a document proving your identity, such as a photocopy of your identity card, as well as to lodge a complaint with the Spanish Data Protection Agency.

PRIVACY POLICY

Who is responsible for the processing of your data?

The owner of this website is REGEN GOLF AND HEALTH S.L. so all the data concerning you that you communicate through this website, as well as through forms, documents or contracts on physical supports, will be processed under the responsibility of Andrea Sartore.

Moreover, due to the type of services we provide, for instance regarding the data that our customers host on our servers, we act as Data Processors.

What personal data do we collect (how do we obtain it)?

We will ask you for the minimum data necessary to fulfil the purposes set out in the previous section, normally your full name, address, contact details, in order to prepare the proposals or the development or service contract you request from us.

How do we use the personal data we handle under our responsibility?

We use your data for the following purposes:

(I) Attention to requests received via the web.
(II) Preparation and follow-up of service proposals.
(III) Registration of customers for accounting and treasury control.
(IV) Creation, modification and management of passwords and users of the electronic account available to customers on the website, from which they can access their personal data, access invoices and manage services.
(V) Registration and recharging of VoIP and SMS services.
(VI) Registration of webmail.
(VII) Management of security incidents and vulnerabilities and, where appropriate, notification of security breaches that may affect the rights and freedoms of data subjects to relevant parties and the Supervisory Authority.
(VIII) Management of Information System users’ authorisations and passwords. (IX) Administrative management of receipts and payments and relations with suppliers.
(X) Preparation of official accounts and calculation, filing and settlement of taxes, preparation of business documents such as financial statements and reports.
(XI) Personnel selection, training, preparation and dispatch of payroll and other documents required for the employment relationship.
(XII) Controlling access to the premises through a video camera system.
(XIII) Handling of requests to exercise personal data rights. (XIV) Provision of telecommunication services, management and control of computer systems and telematic infrastructure and other computer or telecommunication services.

And the use we make of it is exclusively that which is necessary for each of the purposes, for example, for human resources management, we send the data to our employment consultants to draw up employment contracts and pay slips, also to the bank for the payment of salaries and to the State Tax Administration Agency to inform about the annual deductions we make from salaries, to the Mutual Aid Society and the Occupational Risk Prevention Society, but except by obligation or to receive a service necessary for the development of our business, we do not communicate or process the data for any other purpose.

We also do not access the data stored on our servers, and we will return or destroy them as requested by the customer at the end of the service.

For how long?

When the processing of data is imposed by a regulation, this regulation usually includes the period during which the data must be processed or retained. Thus, the Commercial Code establishes the obligation to retain data for accounting and commercial purposes for six years, but there are some cases, such as the application of certain deductions, that make it mandatory to retain economic justifications for a longer period, sometimes up to fifteen years.

Disclosure to third parties

As in the previous cases, the data we disclose to third parties is always limited to the bare minimum,

What security measures do we apply to personal data?

REGEN GOLF AND HEALTH S.L. has an Information Security Management System, according to the ISO 27001 standard, for which security policies and technical and organizational measures have been adopted to safeguard and protect your personal data from illegal or unauthorized access, accidental loss or destruction, damage, illegal or unauthorized use and disclosure.

We will also take all reasonable precautions to ensure that our staff and employees who have access to your personal data have received appropriate training.
With regard to customer data that we process as a data controller, our infrastructure for data transmission through our fibre network guarantees the highest security standards for electronic data transmission.

The data stored on our servers is completely confidential to us as a service provider, and we therefore have no knowledge of the type or nature of the data stored by our customers in the context of the services we provide.

What are your rights as a data subject?

You have the right to request the deletion of your data when, among other reasons, the data is no longer necessary for the purposes for which it was collected. You have the right to obtain confirmation that REGEN GOLF AND HEALTH S.L. is processing your personal data or not. The user has the right to access his personal data and to obtain a copy of them, as well as to request the rectification of inaccurate data or, if necessary, to request their deletion when, among other reasons, the data are no longer necessary for the purposes for which they were collected. In certain circumstances, you may request that we restrict the processing of your data, in which case we will only retain it for the exercise or defence of your rights. In certain circumstances and for reasons related to your particular situation, you may object to the processing of your data. REGEN GOLF AND HEALTH S.L. will stop processing your data, except for compelling legitimate reasons, or for the exercise or defence of claims. You may also exercise your right to the portability of your personal data, which we will provide in .csv format, as well as revoke any consent you may have given. You may exercise these rights by sending a request by e-mail to: INFO@REGENGHGROUP.COM, or by sending a written request to: REGEN GOLF AND HEALTH S.L.  c/e los cardones s/n, complejo the palms – Golf del sur –  San Miguel de Abona – Tenerife – Spain, indicating in each case the reference “Data Protection” and enclosing a copy of your DNI or other identity document, and clearly stating the right you wish to exercise. Finally, please note that you can lodge a complaint with the Spanish Data Protection Agency, particularly when you have not obtained satisfaction in the exercise of your rights.