Privacy Policy

ASSEK EUROPE COMPAÑÍA DE SEGUROS Y REASEGUROS, S.A.U. is committed to protecting the privacy of users who access this website and/or any of its services. Use of the website and/or any of the services offered by ASSEK EUROPE COMPAÑÍA DE SEGUROS Y REASEGUROS, S.A.U. implies the user’s acceptance of the provisions contained in this Privacy Policy and that their personal data will be processed as stipulated herein. Please note that, although there may be links from our website to other websites, this Privacy Policy does not apply to other companies or organizations to which the website redirects. ASSEK EUROPE COMPAÑÍA DE SEGUROS Y REASEGUROS, S.A.U. does not control the content of third-party websites and accepts no responsibility for the content or privacy policies of such websites.

 

 

1) OWNER INFORMATION


In compliance with Article 10 of Law 34/2002, of 11 July, on Information Society Services and Electronic Commerce, the identifying details of the Owner are set out below:
Website: www.assekeurope.es
 Owner: ASSEK EUROPE COMPAÑÍA DE SEGUROS Y REASEGUROS, S.A.U.
 Registered address: PASEO DE LA CASTELLANA. 28046 – MADRID
 Tax ID: A67961474
 Telephone: 910 886 019
 Email: info@assekeurope.es
 Registration details: Registered in the Commercial Registry of Madrid, Volume 43008, Page 84, Sheet M760154, Entry 1ª

 



2) APPLICABLE LAWS

 

 

This Privacy Policy has been drafted in accordance with current Spanish and European regulations on the protection of personal data on the internet. In particular, it complies with the following:
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR).


Organic Law 3/2018, of 5 December, on the Protection of Personal Data and the Guarantee of Digital Rights (LOPD-GDD).


Law 34/2002, of 11 July, on Information Society Services and Electronic Commerce (LSSI-CE).

 



3) PRIVACY MATTERS

 


In compliance with Regulation (EU) 2016/679 (GDPR) and Organic Law 3/2018 (LOPD-GDD), we provide the following information about the processing of personal data that you may provide:
Data Controller
ASSEK EUROPE COMPAÑÍA DE SEGUROS Y REASEGUROS, S.A.U.
 Our details appear at the top of this legal notice.
Personal Data Register
In accordance with the GDPR and the LOPD-GDD, we inform you that personal data collected by ASSEK EUROPE COMPAÑÍA DE SEGUROS Y REASEGUROS, S.A.U. through the forms on its pages will be incorporated into and processed in our files in order to facilitate, streamline, and fulfill the commitments established between ASSEK EUROPE COMPAÑÍA DE SEGUROS Y REASEGUROS, S.A.U. and the User, to maintain the relationship established through the forms the User completes, or to respond to a request or query. Likewise, in accordance with the GDPR and the LOPD-GDD, unless the exception provided in Article 30.5 of the GDPR applies, a record of processing activities is maintained, specifying, according to their purposes, the processing activities carried out and the other circumstances established in the GDPR.
Legal Basis for Processing
The legal basis for processing personal data is consent. ASSEK EUROPE COMPAÑÍA DE SEGUROS Y REASEGUROS, S.A.U. undertakes to obtain the User’s express and verifiable consent for the processing of their personal data for one or more specific purposes.
The User has the right to withdraw consent at any time. Withdrawing consent will be as easy as giving it. As a general rule, withdrawal of consent will not condition the use of the Website.
When the User must or may provide their data through forms to make inquiries, request information, or for reasons related to the Website’s content, they will be informed if completing any of those forms is mandatory because the data are essential for the proper development of the transaction.
Other legal bases:
Compliance with legal obligations.


Legitimate interest: sending of own advertising.


Data Categories
The categories of data processed by ASSEK EUROPE COMPAÑÍA DE SEGUROS Y REASEGUROS, S.A.U. are only identifying data. Under no circumstances are special categories of personal data processed within the meaning of Article 9 of the GDPR.
Source of Your Data
Data provided by client recipients of the services, by any means.


Data users provide through the different services offered on the website.


Data included in website forms.


Data collected through cookies to improve browsing experience as explained in the Cookie Policy.


Data collected by cookies to analyze profiles and usability in order to improve the user experience on our portal.


Personal Data Retention Period
Personal data will only be retained for the minimum time necessary for the purposes of processing and, in any event, only for the following period: as necessary for the purposes for which the data were collected, never beyond what current legislation establishes, or until the User requests their right to cancellation or objection or limitation of processing. However, we will retain certain identifying and traffic-related personal data for a maximum period of 2 years in case it is required by courts or for initiating internal actions arising from improper use of the website.
When personal data are obtained, the User will be informed of the period for which the data will be kept or, where that is not possible, the criteria used to determine that period.
We also inform you that our information retention policies comply with the time limits established for different legal liabilities for limitation purposes:
a) General rule:
 Pursuant to Article 30 of the Commercial Code, and unless other criteria apply, all company documents and/or information will be kept for 6 years. This affects all accounting, tax, labor, or commercial documentation, including correspondence.
b) Specific periods:
 Our company must also establish minimum periods depending on the type of data involved and the different limitation periods, which each department must be aware of.
No decisions will be made based on automated processing that produces effects on your data.
Purposes of Processing
We detail below the purposes of the data processing carried out:
CUSTOMER MANAGEMENT: To provide the services contracted within the natural activity of each company and invoice them. The data provided will be kept while the business relationship is maintained or for the years necessary to comply with legal obligations.


QUOTE MANAGEMENT: To send potential clients quotes for services and/or products. The data provided will be kept until you request the cessation of such processing.


POTENTIAL CLIENT MANAGEMENT: To send people with a legitimate interest information related to our products and services by any available means, and to invite them to events of interest. The data provided will be kept until you request the cessation of such processing and will be collected with prior express consent.


Data Recipients
The User’s personal data will not be shared with third parties.
In any case, when personal data are obtained, the User will be informed about the recipients or the categories of recipients of the personal data.
Personal Data of Minors
In accordance with Articles 8 of the GDPR and 7 of Organic Law 3/2018, only persons over 14 years of age may lawfully give consent for the processing of their personal data by ASSEK EUROPE COMPAÑÍA DE SEGUROS Y REASEGUROS, S.A.U. If the User is under 14, the consent of parents or guardians will be required, and processing will only be considered lawful to the extent that they have authorized it. Otherwise, the legal representative must inform us as soon as possible.
Rights Arising from the Processing of Personal Data
The User may exercise the following rights recognized in the GDPR and Organic Law 3/2018:
Right of access: The right to obtain confirmation as to whether ASSEK EUROPE COMPAÑÍA DE SEGUROS Y REASEGUROS, S.A.U. is processing their personal data and, if so, to obtain information about the data and the processing carried out, including the origin and the recipients of communications made or planned.


Right to rectification: The right to have inaccurate personal data corrected or incomplete data completed.


Right to erasure (“right to be forgotten”): The right (unless otherwise provided by law) to have personal data deleted when they are no longer necessary for the purposes collected, when consent has been withdrawn and there is no other legal basis, when the User objects and there are no overriding legitimate grounds, when data have been processed unlawfully, when deletion is required by law, or when data were obtained as a result of a direct offer of information society services to a minor under 14. The controller must also take reasonable steps to inform other controllers processing the data of the erasure request, considering available technology and implementation costs.


Right to restriction of processing: The right to restrict processing when the User contests accuracy, the processing is unlawful, the controller no longer needs the data but the User needs them for claims, or the User has objected to processing.


Right to data portability: If processing is carried out by automated means, the right to receive personal data in a structured, commonly used, machine-readable format and to transmit them to another controller. Where technically feasible, the controller will transmit the data directly to the other controller.


Right to object: The right to object to the processing of personal data or to request cessation of processing.


Right not to be subject to automated decision-making, including profiling: The right not to be subject to a decision based solely on automated processing, including profiling, except where otherwise provided by applicable law.


Finally, data subjects have the right to lodge a complaint with the competent Supervisory Authority (AEPD) if the User believes there is a problem or infringement in how their personal data are processed.
You may exercise the above rights by sending us a written request attaching a copy of a document that identifies you to our address or email (shown at the beginning of this text).

 

 


4) PRINCIPLES APPLICABLE TO PERSONAL DATA PROCESSING

 


The processing of the user/customer’s personal data will be subject to the principles set out in Article 5 of the GDPR and in Article 4 and following of the LOPDGDD:
Lawfulness, fairness, and transparency: The user’s consent will be required at all times, after fully transparent information is provided about the purposes for which personal data are collected.


Purpose limitation: Personal data will be collected for specified, explicit, and legitimate purposes.


Data minimization: Personal data collected will be strictly necessary in relation to the purposes for which they are processed.


Accuracy: Personal data must be accurate and kept up to date.


Storage limitation: Personal data will be kept in a form that allows identification of the user only for as long as necessary for the purposes of processing.


Integrity and confidentiality: Personal data will be processed in a way that ensures appropriate security and confidentiality.


Accountability: The website controller will maintain and regulate sufficient technical and logistical means to ensure compliance with all applicable principles.



5) WHAT SECURITY MEASURES DO WE APPLY?

 


We apply the security measures set out in Article 32 of the GDPR. Therefore, we have adopted the necessary security measures to guarantee a level of security appropriate to the risk of processing, with mechanisms that allow us to ensure the confidentiality, integrity, availability, and ongoing resilience of processing systems and services.
Some of these measures include:
Informing staff about data processing policies.


Performing periodic backups.


Access control to data.


Regular verification, evaluation, and assessment processes.

 

 

 

6) SECRECY AND SECURITY OF PERSONAL DATA

 


ASSEK EUROPE COMPAÑÍA DE SEGUROS Y REASEGUROS, S.A.U. undertakes to adopt the necessary technical and organizational measures, according to the level of security appropriate to the risk of the data collected, in order to guarantee the security of personal data and prevent accidental or unlawful destruction, loss, or alteration of personal data transmitted, stored, or otherwise processed, or unauthorized disclosure or access.
The Website has an SSL (Secure Socket Layer) certificate, which ensures that personal data are transmitted securely and confidentially, as the transmission of data between the server and the User—and in feedback—is fully encrypted.
However, since ASSEK EUROPE COMPAÑÍA DE SEGUROS Y REASEGUROS, S.A.U. cannot guarantee the invulnerability of the internet or the total absence of hackers or others who fraudulently access personal data, the controller undertakes to notify the User without undue delay when a personal data security breach occurs that is likely to entail a high risk to the rights and freedoms of natural persons. As established in Article 4 of the GDPR, a personal data breach is any breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored, or otherwise processed.
Personal data will be treated as confidential by the controller, who undertakes to inform and ensure—by means of a legal or contractual obligation—that such confidentiality is respected by its employees, associates, and any person to whom the information is made accessible.



7) LINKS TO THIRD-PARTY WEBSITES

 


The Website may include hyperlinks or links that allow access to third-party websites other than ASSEK EUROPE COMPAÑÍA DE SEGUROS Y REASEGUROS, S.A.U. and therefore are not operated by ASSEK EUROPE COMPAÑÍA DE SEGUROS Y REASEGUROS, S.A.U. The owners of such websites will have their own data protection policies and will be responsible, in each case, for their own files and privacy practices.

 


8) ACCEPTANCE AND CHANGES TO THIS PRIVACY POLICY

 


The User must have read and agreed to the conditions on the protection of personal data contained in this Privacy Policy, and must accept the processing of their personal data so that the controller may proceed with such processing in the manner, for the time periods, and for the purposes indicated. Use of the Website implies acceptance of this Privacy Policy.
ASSEK EUROPE COMPAÑÍA DE SEGUROS Y REASEGUROS, S.A.U. reserves the right to modify this Privacy Policy at its own discretion, or due to legislative, case law, or doctrinal changes by the Spanish Data Protection Agency. Changes or updates to this Privacy Policy will not be explicitly notified to the User. Users are advised to consult this page periodically to stay informed of the latest changes or updates.
Last updated: 06/05/24