At OFESAUTO we believe in and defend the importance of the security of personal data and your privacy. In accordance with the provisions of current legislation, the Company undertakes to adopt the necessary technical and organisational measures to ensure the processing of your data in a lawful, fair and transparent manner.
- Regulation (EU) 2016/6 79, of the European Parliament and of the Council, of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR).
- Spanish Organic Law 3/2018, of 5 December, on the Protection of Personal Data and the guarantee of digital rights.
1. DATA CONTROLLER
Who will process your personal data?
In accordance with the GDPR and the rest of the applicable legislation on personal data protection, the Company informs you that the personal data provided to request and contract the Border Insurance by filling in the forms on this website or the queries or communications you make will be included in the corresponding register of processing activity owned by the data controller.
The body responsible for processing personal data is:
Company name: OFICINA ESPAÑOLA DE ASEGURADORES DE AUTOMÓVILES
Address: C/ SAGASTA 18 -7ª PLANTA 28004, MADRID
Tel.: +34 91 446 03 00
Spanish tax ID number: G28075240
Registration: Registry of Associations, Group 1, Section 1, National Number 4346.
Data Protection Officer (DPO): firstname.lastname@example.org
What is the purpose of processing your personal data and why do we have a legitimate interest in processing it?
The User should know that in order to contract SEFRON over the Website personal data will be requested and forms must be completed whose fields are obligatory. A failure to complete any of them may make it impossible to register, to process your request or to access or use the aforementioned services and content unless the form itself contains data that is filled in voluntarily.
The only personal data to which the Company will have access will be those that the User voluntarily provides for the following purposes:
a) So that we can formalise, manage and execute the Border Insurance contract (hereinafter SEFRON) including remote sales and issue management. The legitimate basis for this processing is the execution of the insurance contract in accordance with the provisions of art. 6. 1 b) of the GDPR and, where applicable, as a legal obligation to take out motor vehicle liability insurance to allow access to the European Economic Area for vehicles from third parties that are not signatories to Section III of the General Regulation of the Convention of National Bureaux. The basis for legitimisation in this case is art. 6.1 c) of the GDPR.
b) When you exercise one of your Data Protection Rights, we may process your personal data, as they are necessary for the fulfilment of data protection obligations, specifically regarding the rights of data subjects, in accordance with the provisions of articles 12 to 22 of the aforementioned Regulation and articles 12 to 18 of Organic Law 3/2018, of 5 December on the Protection of Personal Data and guarantee of digital rights. The basis of legitimacy in the present case is compliance with a legal obligation in accordance with art. 6.1 c) of the GDPR.
c) To process and answer your requests and queries when using the e-mail information on the Website. We are entitled to do so on the basis of the consent you give at the time of sending messages over this platform in accordance with art. 6.1 a) of the GDPR.
3. INFORMATION COLLECTION
How do we obtain your information?
We will obtain data directly from you by means of the information provided voluntarily when you request and proceed to process the SEFRON contract using the forms, as well as data obtained from browsing (cookies) or through the queries and requests you make using the website’s information e-mail.
In the event that the data provided refers to third parties other than the User, the User guarantees that he/she has obtained their prior consent for the communication of their data and that he/she has informed them prior to providing the data of the purposes of the processing, communication and other terms set out in the Data Protection Information section.
The user declares that he/she is of legal age. Likewise, in the event that the data provided while browsing the website correspond to minors, as the parent or guardian of the minor, he/she expressly authorises the processing of said data, including, where applicable, data relating to health for the purposes detailed in the information on data protection.
4. TYPE OF DATA AND CATEGORY OF DATA SUBJECTS
The personal data that may be processed will be the minimum necessary for the purposes indicated above and for this purpose:
- Name, surname, tax ID number or personal identification document, address and contact details (email, telephone and/or mobile phone number) and bank details.
- Registration number or chassis details of the vehicle that is the object of the SEFRON.
5. QUALITY OF THE DATA
The accuracy of your data is important and they must be up to date.
The Website User and the recipient of the services provided will be solely responsible for the truthfulness and accuracy of the data provided. The Company acts in good faith as a mere service provider.
Furthermore, any inaccuracy in the data provided for contracting SEFRON may lead to the cancellation of the insurance in accordance with art. 10 of the Spanish Insurance Act (LCS).
The data provided should be true, truthful and lawful. The Company reserves the right to exclude from the services those users who have provided false data, without prejudice to any legal action that may be taken, and you undertake to inform us of any changes to your personal data, so that the Company can keep them up-to-date at all times.
6. DATA RETENTION
How long will we keep your personal data?
OFESAUTO will keep the personal data provided for as long as necessary for the duration of the relationship between the parties or for the duration of the SEFRON coverage issued and for three years after that to fulfil the responsibilities derived from civil liability.
Once these periods have elapsed, the data will be deleted, except for those data which, in order to comply with a legal obligation imposed on the data controller, must remain duly blocked until the time limit established by each applicable regulation.
7. COMMUNICATION OF DATA TO THIRD PARTIES AND INTERNATIONAL DATA TRANSFER
To whom will we communicate your data?
In general, the Company will not transfer Users’ data to third parties except when legally obliged to do so. However, for the correct provision of services, the Company may have to communicate certain personal data to third parties that provide services, exclusively for their correct provision.
These data communications will be made as a processing order by said third parties, for the provision of services to the Company.
The Company shall have the corresponding processing assignment contracts with the third parties that process or access the personal data for which the Company is liable in compliance with the provisions of the Data Protection regulations.
The transfer of Users’ data to third countries is not foreseen, but in the event that it were necessary, OFESAUTO guarantees that it will comply with the provisions established in the GDPR.
Browsing the Website will mean that we process your personal data to personalise your experience and for this reason cookies are used.
For more information, please refer to the Cookies Policy.
9. PROACTIVE RESPONSIBILITY
OFESAUTO will keep a Register of Processing Activities with information regarding the data processing it carries out under the framework of its activity, which will be up-to-date at all times.
With regard to security and protection, please be informed that your data will be processed in a lawful, fair, transparent, adequate, relevant, limited, accurate and up-to-date manner.
OFESAUTO undertakes to adopt the technical means, the level of security and the degree of protection legally required to prevent the loss, misuse, alteration, unauthorised access and theft of the data provided by the User through the Website, and which will be treated with due confidentiality and duty of secrecy.
10. EXERCISE OF RIGHTS
What are your rights?
The rights that you may exercise with regard to your personal data are:
|Right of Access||Right to know what data we are processing about you. With regard to Social Networks, this will be defined by the functionality of the Social Network and the capacity to access the information of the users’ profiles.|
Right of revocation of consent
|Right to withdraw consent at any time when you have given us permission to process your data.|
Right of rectification
Right to have us correct or supplement your data if it is inaccurate. This can only be met in relation to information that is under OFESAUTO’s control like deleting comments posted on the page itself. Normally, this right must be exercised before the Social Network.
Right of opposition
The right to oppose processing in which case OFESAUTO will stop processing the data, except for the defence of possible claims.
Right of deletion
|Right to have us delete your data when they are no longer necessary for the purposes for which they were collected. In this case OFESAUTO will stop processing the data except for the exercise or defence of possible claims.|
Right of limitation
Right to limit the processing of your data (in certain cases expressly provided for in the regulations). In this case, OFESAUTO will only process your data with your consent, with the exception of their storage and use for the exercise or defence of claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a specific Member State.
|Right of portability||Right to receive your data (data processed for the execution of the products and services and data that we process with your consent) so that you can pass them on to another data controller when technically possible.|
You may exercise these rights by writing to:
The Company: OFICINA ESPAÑOLA DE ASEGURADORES DE AUTOMÓVILES (OFESAUTO)
Address: C/ C/ SAGASTA 18 -7ª PLANTA 28004, MADRID
Tel.: 91 446 03 00
Data Protection Officer (DPO): email@example.com
If you are not satisfied with the exercise of your rights, you have the right to lodge a complaint with the national supervisory authority. To do so, contact the Spanish Data Protection Agency: C/ Jorge Juan, 6, 28001-Madrid.