Privacy policy

1. PRIVACY AND DATA PROTECTION POLICY

In compliance with current legislation, PILATUS (hereinafter, also the Website) undertakes to adopt the necessary technical and organizational measures according to the appropriate level of security corresponding to the risk of the data collected.

Laws incorporated into this Privacy Policy

This Privacy Policy is adapted to the current Spanish and European regulations on the protection of personal data on the internet. In particular, it complies with the following provisions:

• Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, concerning the protection of natural persons with regard to the processing of personal data and the free movement of such data (GDPR).

• Organic Law 15/1999, of December 13, on the Protection of Personal Data (LOPD).

• Royal Decree 1720/2007, of December 21, approving the Regulation implementing Organic Law 15/1999, of December 13, on the Protection of Personal Data (RDLOPD).

• Law 34/2002, of July 11, on Information Society Services and Electronic Commerce (LSSI-CE).

Identity of the Data Controller

The Data Controller of the personal data collected on PILATUS is:
PILATUS KULM S.L., with Tax ID: B88282256, registered in the Commercial Registry of Madrid.

Contact details:

• Address: CALLE TERA 1, EL BOSQUE, VILLAVICIOSA DE ODÓN, 28670 MADRID

• Email: info@pilatusbrand.com

Registration of Personal Data

The personal data collected by PILATUS through the forms provided on its pages will be entered into an automated file under the responsibility of the Data Controller, duly declared and registered in the General Data Protection Register of the Spanish Data Protection Agency (http://www.agpd.es), with the purpose of facilitating, expediting, and fulfilling the commitments established between PILATUS and the User, or maintaining the relationship that is established in the forms the User completes, or to respond to a request or inquiry.

Principles applicable to the processing of personal data

The processing of the User’s personal data will be subject to the following principles set out in Article 5 of the GDPR:

• Lawfulness, fairness, and transparency: User consent will always be required with prior, fully transparent information about the purposes for which personal data is collected.

• Purpose limitation: Personal data will be collected for specific, explicit, and legitimate purposes.

• Data minimization: Personal data collected will be only what is strictly necessary for the purposes for which it is processed.

• Accuracy: Personal data must be accurate and kept up to date.

• Storage limitation: Personal data will be kept in a form that permits identification of the User for no longer than necessary.

• Integrity and confidentiality: Personal data will be processed in a way that ensures security and confidentiality.

• Accountability: The Data Controller is responsible for ensuring compliance with these principles.

Categories of personal data

The categories of data processed by PILATUS are solely identifying data. Under no circumstances are special categories of personal data processed within the meaning of Article 9 of the GDPR.

Legal basis for processing personal data

The legal basis for processing personal data is consent. PILATUS undertakes to obtain the express and verifiable consent of the User for the processing of their personal data for one or more specific purposes.

The User has the right to withdraw their consent at any time. Withdrawal of consent will be as easy as granting it. As a general rule, withdrawal of consent will not condition the use of the Website.

In cases where the User must or may provide their data via forms to make inquiries, request information, or for reasons related to the Website’s content, they will be informed if completing any of the forms is mandatory, as it may be essential for the proper performance of the operation.

Purposes of processing personal data

Personal data is collected and managed by PILATUS with the purpose of facilitating, expediting, and fulfilling the commitments established between the Website and the User, or maintaining the relationship established through the forms completed by the User, or to respond to a request or inquiry.

Additionally, the data may be used for commercial purposes related to personalization, operations, statistics, and activities related to PILATUS’s corporate purpose, as well as for data extraction, storage, and marketing studies to adapt content to the User and improve the quality, functionality, and navigation of the Website.

When personal data is collected, the User will be informed of the specific purposes of processing; that is, the intended use(s) of the collected information.

Retention periods for personal data

Personal data will only be retained for the minimum period necessary for the purposes of its processing, and in any case only for the following duration: 6 years, or until the User requests its deletion.

At the time personal data is obtained, the User will be informed of the retention period or, where not possible, the criteria used to determine such period.

Personal data of minors

In compliance with Articles 8 of the GDPR and 13 of the RDLOPD, only Users over the age of 14 may legally consent to the processing of their personal data by PILATUS. For children under 14, parental or guardian consent is required, and processing will only be lawful to the extent that such consent has been provided.

Confidentiality and security of personal data

PILATUS undertakes to adopt the necessary technical and organizational measures, appropriate to the level of risk, to ensure the security of personal data and prevent accidental or unlawful destruction, loss, or alteration of transmitted, stored, or otherwise processed data, or unauthorized access to such data.

The Website has an SSL (Secure Socket Layer) certificate, ensuring that personal data is transmitted securely and confidentially, with data transfer between the server and the User fully encrypted.

However, since PILATUS cannot guarantee the absolute invulnerability of the internet or the complete absence of hackers or others who fraudulently access personal data, the Data Controller undertakes to notify the User without undue delay if a data security breach occurs that is likely to pose a high risk to the rights and freedoms of natural persons.

Personal data will be treated as confidential by the Data Controller, who undertakes to ensure, by legal or contractual obligation, that such confidentiality is respected by its employees, associates, and anyone to whom it makes the information accessible.

User rights

The User may exercise the following rights recognized in the GDPR before PILATUS:

• Right of access: To confirm whether or not PILATUS is processing their personal data, and if so, obtain information on such data and the processing.

• Right to rectification: To have inaccurate or incomplete personal data corrected.

• Right to erasure ("right to be forgotten"): To request deletion of personal data when it is no longer necessary for the purposes for which it was collected, consent has been withdrawn, data was unlawfully processed, or other circumstances established by law.

• Right to restriction of processing: To request limitation of processing when the accuracy of the data is contested, processing is unlawful, the data is no longer needed by the controller, or the User has objected to processing.

• Right to data portability: To receive personal data in a structured, commonly used, machine-readable format and transmit it to another controller.

• Right to object: To object to the processing of personal data by PILATUS.

• Right not to be subject to automated decision-making, including profiling: To not be subject to a decision based solely on automated processing of personal data, unless provided otherwise by law.

Users may exercise these rights by written communication addressed to the Data Controller with the reference “GDPR-www.pilatusbrand.com”, specifying:

1. Name, surname, and a copy of their ID card. If represented by another person, proof of representation must also be provided.

2. Specific request or information being accessed.

3. Address for notifications.

4. Date and signature.

5. Supporting documents for the request.

Requests may be sent via email to: info@pilatusbrand.com

Links to third-party websites

The Website may include links that redirect to third-party websites not operated by PILATUS. Those third parties will have their own privacy policies, and they are responsible for their own data files and privacy practices.

Complaints before supervisory authorities

If the User believes there is a problem or infringement of applicable regulations in the way their personal data is processed, they have the right to effective judicial protection and to file a complaint with a supervisory authority, particularly in the state of their habitual residence, workplace, or place of the alleged infringement. In Spain, the supervisory authority is the Spanish Data Protection Agency (http://www.agpd.es).

2. ACCEPTANCE AND CHANGES TO THIS PRIVACY POLICY

It is necessary that the User has read and agrees with the terms regarding the protection of personal data contained in this Privacy and Cookies Policy, and that they accept the processing of their personal data so the Data Controller can proceed with it in the manner, timeframes, and purposes indicated. Use of the Website implies acceptance of this Privacy and Cookies Policy.

PILATUS reserves the right to modify its Privacy and Cookies Policy at its own discretion, or due to a legislative, jurisprudential, or regulatory change by the Spanish Data Protection Agency. Changes or updates will not be explicitly communicated to the User. It is recommended that Users periodically consult this page to stay informed of the latest updates.

This Privacy and Cookies Policy was last updated on May 23, 2018, to comply with Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 (GDPR).