Skip to main content

Privacy Policy


Introduction

This Privacy Policy has been developed in accordance with the provisions of the current Organic Law on Personal Data Protection, as well as Regulation 2016/679 of the European Parliament and Council of April 27, 2016, concerning the protection of natural persons regarding the processing of personal data and the free movement of such data, hereinafter referred to as the GDPR.

The purpose of this Privacy Policy is to inform data subjects about the collection and processing of their personal data, including the purposes of processing, contact details for exercising their rights, data retention periods, and security measures.

Data Controller

For data protection purposes, Tornillería y Servicios SLU is considered the Data Controller for the files and processing activities identified in this policy.

Controller's Information:
Tornillería y Servicios SLU
Postal Address: Polígono Ctra Amarilla, Avd. Montes Sierra 5, 41007, Seville
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

Data Processing

The personal data requested will be limited to those strictly necessary to identify and process the data subject's request. This data will be processed fairly, lawfully, and transparently. Personal data will only be collected for specific, explicit, and legitimate purposes and will not be further processed in a manner incompatible with those purposes.

Collected data will be adequate, relevant, and not excessive, and will be updated when necessary. Data subjects will be informed in advance about the details of data processing to provide explicit, precise, and unequivocal consent.

Processing Purposes

The specific purposes for processing personal data are detailed in the information clauses included in the data collection methods (web forms, paper forms, recordings, posters, and notices).

Personal data will only be processed to provide effective responses and fulfill user requests, as specified in the service, form, or data collection system used by the data subject.

Legal Basis

As a general rule, Tornillería y Servicios SLU obtains the explicit and unequivocal consent of data subjects before processing their personal data, using informed consent clauses in various data collection systems.

However, in cases where consent is not required, data processing is based on legal provisions or specific regulations authorizing or requiring such processing.

Data Recipients

Tornillería y Servicios SLU does not transfer or disclose personal data to third parties unless legally required. If any data transfers become necessary, the data subject will be informed through informed consent clauses in data collection forms.

Data Sources

Generally, personal data is collected directly from the data subject. However, in certain exceptions, data may be collected through third parties, entities, or external services. In such cases, this will be communicated to the data subject within a reasonable period and no later than one month after data collection.

Data Retention Periods

Collected data will be retained as long as necessary to fulfill the purpose for which it was collected. Once the purpose is fulfilled, the data will be deleted and only retained for legal compliance purposes.

Document Retention Period Legal Reference
Employment and Social Security documentation 4 years Article 21, Royal Legislative Decree 5/2000
Accounting and tax documentation (commercial purposes) 6 years Article 30, Commercial Code
Accounting and tax documentation (tax purposes) 4 years Articles 66-70, General Tax Law
Access control to buildings 1 month AEPD Instruction 1/1996
Video surveillance 1 month AEPD Instruction 1/2006 / Organic Law 4/1997

Browsing Data

For website navigation data subject to regulations, refer to the Cookie Policy available on our website.

Data Subject Rights

Data protection laws grant data subjects the following rights:

  • Right of Access – The right to obtain information on whether their data is being processed, the purposes of processing, categories of processed data, recipients, retention period, and data source.
  • Right of Rectification – The right to correct inaccurate or incomplete personal data.
  • Right of Erasure – The right to request the deletion of data when:
    • The data is no longer needed for its original purpose.
    • The data subject withdraws consent.
    • The data subject objects to processing.
    • The data must be deleted for legal compliance.
    • The data was obtained through online services under Article 8(1) of the GDPR.
  • Right to Object – The right to object to processing based on the data subject's consent.
  • Right to Restriction of Processing – The right to limit processing when:
    • The accuracy of personal data is contested.
    • Processing is unlawful, but the data subject opposes deletion.
    • The company no longer needs the data, but the data subject requires it for legal claims.
    • The data subject objects to processing while verification of legitimate interests is pending.
  • Right to Data Portability – The right to receive data in a structured, commonly used, and machine-readable format and to transfer it to another controller when:
    • Processing is based on consent.
    • Processing is carried out by automated means.
  • Right to Lodge a Complaint – The right to file a complaint with the relevant Data Protection Authority.

Data subjects may exercise their rights by contacting Tornillería y Servicios SLU at This email address is being protected from spambots. You need JavaScript enabled to view it., specifying the right they wish to exercise. Tornillería y Servicios SLU will process requests as quickly as possible, considering the deadlines set by data protection regulations.

Security Measures

The security measures adopted by Tornillería y Servicios SLU comply with Article 32 of the GDPR. These measures consider the state of technology, implementation costs, processing scope, and associated risks to ensure data confidentiality, integrity, availability, and resilience.

Tornillería y Servicios SLU has implemented mechanisms to:

  • Ensure permanent confidentiality, integrity, availability, and resilience of processing systems and services.
  • Restore availability and access to personal data quickly in the event of a physical or technical incident.
  • Regularly evaluate and review the effectiveness of technical and organizational measures for processing security.
  • Pseudonymize and encrypt personal data when necessary.