política de Privacidade

PRIVACY POLICY

Identification of the Data Controller

Entity name: ASÚA PRODUCTS, S.A.

Tax Identification Number (CIF): A-48480016

Registered office: Carretera Sangroniz, 20 – 48150 Sondika (Bizkaia), Spain

Email address: protecciondatos@asua.com

WHO IS RESPONSIBLE FOR PROCESSING YOUR PERSONAL DATA?

ASÚA PRODUCTS, S.A. (hereinafter, “ASÚA”) acts as Data Controller in respect of the personal data obtained from users through their use of this website, pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter, the “GDPR”), and Organic Law 3/2018 of 5 December on the Protection of Personal Data and the Guarantee of Digital Rights (hereinafter, “LOPDGDD”).

To ensure the proper handling of your personal data, should you require any clarification, please do not hesitate to contact us at the following email address: protecciondatos@asua.com

SOURCES FROM WHICH WE COLLECT YOUR PERSONAL DATA

ASÚA may process personal data provided by you through any of the following sources:

  • Data provided by the data subject, or by an authorised third party, by completing the forms made available for that purpose, by sending electronic communications, or through any other means by which the user establishes contact with ASÚA.
  • Data generated as a result of the user’s browsing activity and use of the ASÚA website.
  • Data generated in connection with the formation, performance, management, and maintenance of the contractual relationship.

WHAT CATEGORIES OF PERSONAL DATA DO WE PROCESS?

Category

Personal Data

Customers and prospective customers

Identification and contact data

National Identity Document (NIF/DNI), name and surnames, postal address, telephone number, signature, and email address.

Data relating to enquiries, incidents, complaints, and claims

Data relating to enquiries, operational incidents arising in the course of service delivery, complaints and claims submitted, as well as the exercise of data protection rights.

Data relating to contact persons of legal entities

Where the individual acts as a contact person or authorised representative of a legal entity, we will process their identification and contact data, details of their authority or power of attorney, and their professional title.

Suppliers

Identification and contact data

National Identity Document (NIF/DNI), name and surnames, postal address, telephone number, signature, and email address.

Economic and financial data

Banking details, goods and services transactions.

Commercial data

Commercial information.

Data relating to enquiries, incidents, complaints, and claims

Data relating to enquiries, operational incidents arising in the course of service delivery, complaints and claims submitted, as well as the exercise of data protection rights.

Data relating to contact persons of legal entities

Where the individual acts as a contact person or authorised representative of a legal entity, we will process their identification and contact data, details of their authority or power of attorney, and their professional title.

Data obtained through the whistleblowing channel

Identification and contact data

Name and surnames (where the report is not submitted anonymously).

Other data

Data that may arise from the content of the report.

Website users

Identification data

User identification data.

Browsing data

Browsing history (pages visited and clicks on content), device ID, advertising ID, IP address.

FOR WHAT PURPOSES AND ON WHAT LEGAL BASES DO WE PROCESS YOUR PERSONAL DATA?

Set out below are the purposes for which your personal data are processed and the legal bases underpinning each processing activity.

Performance of a contract or pre-contractual measures

The legal basis for the following processing activities is the performance of, or the taking of steps prior to entering into, a contractual relationship:

  • Customer relationship management. This processing covers the full lifecycle of the relationship with customers and prospective customers, including acquisition and follow-up; management of opportunities, quotations, orders, and contracts; post-sales support and incidents arising from the contractual relationship; and the core execution of invoicing and collections related to the commercial relationship.
  • Supplier relationship management. This processing covers the selection, approval, and onboarding of suppliers; contract and supply conditions management; order processing, receipt of goods and services; invoice validation, accounting, and payment; and the management of incidents, warranties, and returns.
  • Tax, accounting, and administrative management. This processing covers financial accounting; the issuance and recording of invoices and receipts; the management of receipts and payments, treasury, and bank reconciliations; the preparation and filing of tax returns and fulfilment of tax obligations; the preparation of financial closings, financial statements, and internal reporting; responses to requests from public authorities; document and archive management; and coordination with external advisors where applicable.

Compliance with a legal obligation

ASÚA will also process your personal data in order to comply with the legal obligations to which it is subject from time to time, including, without limitation, those arising under the following legislation:

  • Law 58/2003 of 17 December, General Tax Law. Compliance with this legislation requires the collection and processing of tax-related information and documentation concerning you, as well as the disclosure of your personal data to the competent tax authorities where it may have tax implications, all in accordance with applicable tax legislation in force at any given time.
  • Law 10/2010 of 28 April on the Prevention of Money Laundering and Terrorist Financing. This legislation requires ASÚA to carry out a series of activities, including: Applying customer due diligence measures for the identification and verification of clients; checking the accuracy of information provided; assessing the level of risk for anti-money laundering and counter-terrorist financing (AML/CTF) purposes; verifying relationships with corporate entities and any controlling interest therein; and liaising with the Register of Financial Ownership managed by the Executive Service of the Commission for the Prevention of Money Laundering and Monetary Offences (SEPBLAC), including reporting instances of non-compliance as required by law.
  • Organic Law 3/2018 of 5 December on the Protection of Personal Data and the Guarantee of Digital Rights (LOPDGDD), which requires ASÚA to respond to requests, exercise of rights, and complaints submitted in the field of data protection.

Additionally, should a Court or Tribunal, the State Security Forces and Corps, or any other competent Authority or Public Administration require ASÚA to disclose your personal data in accordance with applicable legislation, such disclosure will be made in fulfilment of a legal obligation.

The legal basis for the following processing activities is the legitimate interests pursued by ASÚA:

  • Tax, accounting, and administrative management. This processing covers financial accounting; the issuance and recording of invoices and receipts; the management of receipts and payments, treasury, and bank reconciliations; the preparation and filing of tax returns and fulfilment of tax obligations; the preparation of financial closings, financial statements, and internal reporting; responses to requests from public authorities; document and archive management; and coordination with external advisors where applicable — in circumstances where no specific legal obligation applies.
  • Customer service and enquiry management. This processing covers the receipt and resolution of enquiries, requests, complaints, and claims submitted by customers and users to the email addresses set out on the website.

The legal basis for the following processing activity is the consent of the data subject:

  • Installation of cookies. Where you grant your express consent through the dedicated cookie banner, ASÚA will carry out a series of personal data processing activities through the installation of cookies. For further information, please refer to our Cookie Policy, available at the following link: https://www.asua.com/politica-de-cookies-ue/

TO WHOM WILL YOUR PERSONAL DATA BE DISCLOSED?

The personal data you provide may be disclosed to those third parties to whom ASÚA is legally required to transmit information, including public administrations and Courts and Tribunals, for the purpose of complying with requests from such authorities and with applicable legislation, where relevant.

ARE INTERNATIONAL DATA TRANSFERS ENVISAGED?

No international transfers of your personal data are envisaged. Notwithstanding the foregoing, should it become necessary to transfer your personal data to countries whose level of data protection has not been deemed adequate by the European Commission, appropriate safeguards will be put in place, in accordance with applicable legislation, to ensure the protection of your personal data at all times.

FOR HOW LONG WILL YOUR PERSONAL DATA BE RETAINED?

The retention period for your personal data will be determined by the duration of your relationship with ASÚA and by any legally mandated retention periods. The criteria applied to establish retention periods have been determined in accordance with the requirements set out in applicable legislation, having regard to the purpose of each processing activity.

In particular, personal data will be retained as follows:

  • Data relating to an enquiry or request you submit will be retained until the matter is considered resolved, and in no case for more than six months from the date on which the enquiry or request was initiated.
  • Personal data processed on the basis of a contractual relationship will be retained for the duration of the commercial or contractual relationship and, thereafter, for a maximum period of five (5) years.
  • Personal data processed on the basis of consent will be retained until such time as you withdraw the consent previously granted.
  • Notwithstanding the above, your personal data will be retained in a duly restricted form for as long as liability may arise from the performance of our contractual or pre-contractual relationship, as well as for the fulfilment of other legal obligations, for a period of up to ten (10) years.
  • In this regard, your data will not be processed unless it is necessary for the establishment, exercise, or defence of legal claims, or when required to be provided to Public Administrations, Courts, or Tribunals during the limitation period applicable to the relevant rights or legal obligations.

WHAT ARE YOUR DATA PROTECTION RIGHTS?

You may exercise the following rights:

  • Right of access: you may request information as to whether the Data Controller is processing your personal data, the purposes for which it is being processed, and its origin.
  • Right to rectification: where your personal data are inaccurate or incomplete, you may request that they be corrected or completed.
  • Right to erasure: you may request the deletion of your personal data where, among other grounds, the data are no longer necessary for the purposes for which they were collected.
  • Right to restriction of processing: you may request that we restrict the processing of your personal data for a specific purpose where any of the conditions set out in applicable data protection legislation are met.
  • Right to object: you may request that the Data Controller cease processing your personal data, except where the processing must continue for compelling legitimate reasons or for the establishment, exercise, or defence of legal claims.
  • Right to data portability: you may request that your personal data be transferred to another data controller. ASÚA will facilitate the transfer of your data to the new controller.

To exercise any of the rights described above, please submit a written request to ASÚA PRODUCTS, S.A., at its registered office at Carretera Sangroniz, 20 – 48150 Sondika (Bizkaia), Spain, or by email to: protecciondatos@asua.com

Where there are reasonable doubts as to the identity of the individual submitting the request, ASÚA may ask you to provide such additional information as may be necessary to confirm your identity.

Should you wish to lodge a complaint, you may contact the Spanish Data Protection Agency (Agencia Española de Protección de Datos), located at Calle Jorge Juan, 6, 28001 Madrid, in order to safeguard your rights (www.aepd.es).

USE OF COOKIES

For information on the Cookie Policy applied by the Data Controller to this website, please refer to the Cookies Policy section.

WHAT SECURITY MEASURES ARE APPLIED TO YOUR PERSONAL DATA?

ASÚA will process your personal data in strict confidence and subject to the mandatory duty of confidentiality required by applicable legislation, implementing appropriate technical and organisational measures to ensure the security of your personal data and to prevent its alteration, loss, unauthorised processing, or unauthorised access, taking into account the state of the art, the nature of the data stored, and the risks to which it is exposed.

To protect your personal data, we maintain appropriate policies and technical and organisational measures. We will also take all reasonable precautions to ensure that our staff and collaborators who necessarily have access to your personal data have received appropriate training for the role they perform.

AMENDMENTS TO THIS PRIVACY AND DATA PROTECTION POLICY

ASÚA reserves the right to amend this Privacy and Data Protection Policy at any time in order to bring it into line with the legislation in force and with any instructions or recommendations issued by the supervisory authorities. Accordingly, we recommend that you review this Policy before each visit to and use of this website.

Last update: 26 February 2026