Data Protection Info Page / Proteccion de Datos
process the information you provide us on behalf of our company with the
purpose of sending you publicity related to our products and services by any
means (postal, email or telephone) and inviting you to events organized by our
company. The data provided will be kept until you request the cessation of the
activity. The data will not be transferred to third parties except in cases
where there is a legal obligation. You have the right to obtain confirmation as
to whether Peter Quilter SLU is processing your personal data, therefore you
have the right to access your personal data, rectify the inaccurate data or
request its erasure when the data are no longer necessary for the purposes that
authorized as the data processor on behalf of Peter Quilter SLU, as the data
controller to process the necessary personal data to provide the service that
is specified below on the basis of the following clauses.
The processing will consist of website
Identification of the concerned information
Peter Quilter SLU, as the data controller, makes available to the entity
Vistaprint, the information available in the IT equipment that support the data
processing performed by the controller, for the performance of the service level
derived from the fulfilment of this assignment. 3.
Duration of the contract
has a duration of (renewable). Once this
contract is concluded, data processor must return data to the controller or
transmit to another processor appointed by the controller, and erase any copy
in its possession. However, the processor may keep the data locked to address
possible administrative or jurisdictional responsibilities.
Obligations of the data processor
Data processor and their personal are obliged
Use the personal data processed, or those collected to be included, only
for the purpose of this contract. Under no circumstances may data processor use
the data for his own purposes.
Process personal data according to the
instructions of data controller.
processor considers that any of the instructions violate the GDPR or any other
data protection regulation, data processor shall immediately inform to data
Do not disclose
the data to third parties, unless it has the express authorization of data
controller, in cases that are legally admissible.
duty of secrecy with regard to personal data that were accessed under this
contract, even after the end of the contract.
that people authorized to process personal data are explicitly provided with
the necessary written information required to respect confidentiality and to
comply with the security measures, and ensure they are properly informed
supporting documentation to fulfil the obligation established in the previous
section available to data controller.
necessary training on data protection of people authorized to process personal
Notification of personal data breach
As soon as data
processor becomes aware that a personal data breach has occurred, data
processor shall notify the personal data breach to data controller to their
email without undue delay, together with all relevant information to document
and communicate the incident.
At least the following information shall be provided: a) Description of the nature
of personal data breach including, where possible, the categories and
approximate number of data subjects concerned and the categories and
approximate number of personal data records concerned. b) The name and contact
details of data protection officer or other contact point where more
information can be obtained. c) Description of the possible
consequences of personal data breach. Description of the measures adopted or
proposed to be taken to address personal data breach, including, where
appropriate, measures to mitigate its possible adverse effects.
Where, and in
so far as, it is not possible to provide the information at the same time, the
information will be provided gradually without undue further delay. To make available to data controller all necessary information to
demonstrate compliance with their obligations, as well as to accomplish audits,
including inspections, conducted by the controller or another auditor
authorized by data controller. To assist data controller to implement the
necessary security measures to: a) Ensure the ongoing
confidentiality, integrity, availability and resilience of processing systems
and services. b) Restore the availability
and access to personal data in a timely manner in the event of a physical or
technical incident. c) Regularly test, assess and
evaluate the effectiveness of technical and organisational measures for
ensuring the processing security.
Destination of data
will not keep personal data related to the processing of the processor unless
it is strictly necessary for the provision of the service, and only for the
time strictly necessary for its provision.
Obligations of the data
controller is obliged to: a) Deliver the necessary data to the processor to
provide the service. b) Ensure, prior and
throughout the whole processing, the GDPR compliance by the processor. c) Supervise the processing of personal data.