PRIVACY AND DATA PROTECTION POLICY
In compliance with the stipulations of applicable law, Australis.com (hereinafter referred to as the Website) commits to adopting the necessary technical and organizational measures in accordance to the safety level considered appropriate for the risk of the gathered data.
• EU Regulation 2016/679 of the European Parliament and Council, dated April 27, 2016, on the protection of physical persons regarding the treatment of personal information and the free circulation of such information (GDPR).
• Organic Law 15/1999, dated December 21, on the Protection of Personal Data (LOPD).
• Royal Decree 1720/2007, dated December 21, governing the approval of the regulation for the development of Organic Law 15/1999, dated December 13, on the Protection of Personal Data (RDLOPD).
• Law 34/2002, dated July 11, on Information Society Services and Electronic Commerce (LSSI-CE).
Identity of the Party Responsible for Treating Personal Data
The party responsible for treating the personal data gathered on Australis.com is: TRANSPORTES MARITIMOS TERRA AUSTRALIS S.A., Tax ID: N5121072B, legal representative FREDERIC JEAN MARIE GUILLEMARD (hereinafter referred to as the Party Responsible for the Treatment). His contact information is as follows:
Address: 608 8B Gran Via Corts Catalanes
Phone number: +34934970484
Contact email: [email protected]
Record of Personal Information
The personal information gathered by Australis.com through forms included in its pages will be included in an automatized file under the responsibility of the Party Responsible for the Treatment, and duly declared and registered in the Registro General de la Agencia de Protección de Datos (General Data Protection Regulation), available for consultation on the Data Protection Agency’s website (http://www.agpd.es), so as to simplify, accelerate, and fulfill the commitments established between Australis.com and the User, to maintain the relation established in the forms filled by the User, or to respond to a user request or consultation.
Principles Applicable to the Treatment of Personal Data
The treatment of Users’ personal data shall be governed by the following principles established in Article 5 of the GDPR:
• Principle of legality, loyalty, and transparency: the User’s consent will be required at all times, prior notification of the purposes for which personal data is gathered.
• Principle of limitation of purposes: personal data shall be gathered with specific, explicit, and lawful purposes.
• Principle of data minimization: the personal data gathered shall only be that which is strictly necessary for the purposes for which it is treated.
• Principle of accuracy: personal information must be accurate and up to date at all times.
• Principle of limitation of retention time: personal data shall only be maintained so as to allow identification of the User during the time necessary for its treatment.
• Principle of integrity and confidentiality: personal data shall be treated in a manner that guarantees its safety and confidentiality.
• Principle of proactive responsibility: the Party Responsible for the Treatment shall be responsible for ensuring that the preceding principles are fulfilled.
Personal Data Categories
The data categories treated at Australis.com only correspond to identification information. In no circumstance shall special personal data categories be treated, as defined by Article 9 of the GDPR.
Legal Basis for the Treatment of Personal Data
The legal basis for the treatment of personal data is consent. Australis.com commits to requiring explicit and verifiable consent from Users for the treatment of their personal data for one of various specific purposes.
Users shall have the right to withdraw their consent at all times. Withdrawing consent shall be as simple as granting it. As a general rule, withdrawal of consent shall not condition the use of the Website.
Should the user be required to provide personal data in question forms, requests for information, or due to reasons related to the content of the website, to process an operation, he/she shall be informed of the data mandatorily required to process said operation.
Purposes of the Treatment Given to Personal Data
Personal data is gathered and managed by Australis.com to simplify, accelerate, and fulfill the commitments established between the Website and the User, to maintain the relationship established in the forms filled by the User, or to respond to questions or consultations.
Furthermore, the data may be utilized with commercial purposes of personalization, operation and statistics, activities related to the business purpose of Australis.com, data extraction and storage, marketing studies to adapt the content offered to the user, and to improve the quality, performance, and navigation on the Website.
When personal information is gathered, the User shall be informed of the specific purpose or purposes of the treatment given to such information. That is, the use or uses given to the collected data.
Personal Data Retention Periods
Personal data shall only be retained for the minimum time necessary for its treatment and, in any case, for a maximum of 2 years, or until the User requests its deletion.
Upon gathering personal data, the User shall be informed of the retention period for personal data or, if not possible, of the criteria used to establish such period.
Recipients of Personal Data
The User’s personal data shall not be shared with third parties.
In any case, when personal data is obtained, Users will be informed of the recipients or of the category of recipients of personal data.
Minors’ Personal Data
In compliance with the stipulations of Article 8 of the GDPR and 13 of the RDLOPD, only Users over 14 years of age may authorize Australis.com to treat their personal data. In case of Users under 14 years of age, their parents or guardians shall be responsible for authorizing the treatment of such information, a treatment which shall only be considered legal provided such authorization has been granted.
Secrecy and Safety of Personal Data
Australis.com commits to adopting the necessary technical and organizational measures in accordance to the safety level considered appropriate for the risk of the collected data so as to guarantee the safety of the personal data, preventing the destruction, loss, and accidental or illegal alteration of the personal information provided, kept or treated, as well as the unauthorized communication or access to said information.
The Website boasts an SSL (Secure Socket Layer) certificate, ensuring that personal data is transferred in a safe and confidential manner, such transferences between the server and the User being fully coded or encrypted.
Nevertheless, as complete online safety or total absence of hackers, or of others that may illegally access personal data, can never be fully guaranteed, the Party Responsible for the Treatment commits to informing the User at the earliest possible convenience of eventual breaches of personal data safety that may pose high risk to the liberties and rights of the physical persons involved. In compliance with article 4 of the GDPR, breach of personal data safety shall be understood as all security breaches causing the destruction, loss, or accidental or illegal alteration of the personal data transferred, kept or treated, or the unauthorized communication or access to said data.
Personal data shall be treated confidentially by the Party Responsible for the Treatment, who shall report and guarantee through a legal or contractual obligation that such confidentiality is respected by its employees, associates, and by all persons with access to said information.
Rights Arising from the Treatment of Personal Data
User shall have, and thus may exert, the following rights before Australis.com, as recognized by the GDPR:
• Right of access: It is the User's right to receive a confirmation of whether or not Australis.com is treating his/her personal data and, if so, to obtain concrete information on his/her specific personal data, on the treatment given or to be given by Australis.com, as well as, among others, on the information available about the source of said data and on the recipients of the communications conducted or to be conducted between the parties.
• Right of rectification: It is the User's right to modify personal information that may be inaccurate or, considering the purposes of the treatment, incomplete.
• Right of suppression ("right to oblivion”): It is the User’s right, unless otherwise stated by applicable legislation, to the suppression of his/her personal data when: it is no longer needed for the purposes with which it was gathered or treated; when the User has withdrawn his/her consent for the treatment and such treatment has no other legal bases; when the User opposes to the treatment of his/her personal data and there are no further legitimate legal bases to continue such treatment; when personal data has been treated illegally; when personal data must be suppressed in compliance with a legal ruling; or when personal data has been obtained through a direct service offer made by the company holding the information to a person under 14 years of age. Additionally to suppressing the data, the Party Responsible for the Treatment, considering available technology and the cost of its application, shall take reasonable measures to inform the parties treating the personal data of the User’s request to suppress any connection to said personal data.
• Right to the limitation of treatment: It is the Users’ right to limit the treatment of his/her personal data. Users have the right to limit such treatment when the accuracy of said personal data is questioned; when such treatment is illegal; when the Party Responsible for the Treatment no longer needs personal data but the user requires it to file a claim; and when the User has opposed to such treatment.
• Right to data portability: when data treatment is conducted through automatized mechanisms, the User shall have the right to collect his/her information from the Party Responsible for the Treatment in a structured, readable format, of common use, and to transfer it to another party that shall then become responsible for its treatment. As long as it is technically possible, the Party Responsible for the Treatment shall directly transfer such data to the new party responsible.
• Right to opposition: It is the User’s right to prevent or stop the treatment of his/her personal data from Australis.com.
• Right to not being object of a decision solely based on automatized treatment, including the creation of profiles: It is the User’s right to not be the object of an individualized decision solely based on the automatized treatment of his/her personal data, including the creation of profiles, unless otherwise allowed by the applicable regulations.
Therefore, the User may exert his/her rights through a written notice addressed to the Party Responsible for the Treatment with the reference “GDPR-webqa.australis.com”, specifying:
• User’s name, surnames, and a copy of his/her National Identity Card. When representation is allowed, the identification of the party representing the User shall also be submitted through the same means, as well as a document certifying such representation. A photocopy of the National Identity Card may be replaced by any other valid medium that certifies identity.
• His/her request with the specific reasons for the petition or the information to which access is requested.
• Domicile in case notifications are required.
• Date and signature of the requesting party.
• All documents certifying the request made.
This request and all other attached documents may be sent to the following street or email address:
608 Gran Via Corts Catalanes, 8th floor, Door B
Email: [email protected]
Claims before the control authority
In case a User considers there is a problem or a breach of applicable regulations in the way his/her personal data is being treated, he/she shall have the right to effective legal protection and to file a claim before a control authority, namely, in his/her State of residence, of work, or in the state the alleged breach has occurred. The control authority in Spain is the Spanish Data Protection Agency (http://www.agpd.es).