PRIVACY POLICY

With this privacy policy, we inform you of the treatment we carry out on the personal data you provide or are going to provide in browsing, as well as the data protection policy that we will apply so you can freely and voluntarily determine if you wish to provide such information, continuing your browsing.

1. Data Processing Controller

The Data Processing Controller and owner of the website www.aftgrupo.eu is the commercial entity A Forged Tool, S.L. (hereinafter AFT) with registered office at Avenida de Andalucía, 139 - 18015-Granada (Spain), with Tax ID (CIF) A18030064e registered in the Granada Mercantile Registry, Volume 127, General 68, Section 3, Sheet 20, Page 1141, 1st Entry.

Contact details:

• Telephone (+34) 958 208 900
• Email info@aftgrupo.eu

2. Purpose of processing and legitimacy

The purpose of the data you provide us with is for:

1. Processing the order is received, managing the returns that may occur and maintaining the contractual relationship derived from both wholesale and online sales of our products and services. The legal basis for the processing of this data is the execution of the contract of sale or provision of services that binds us to you and is subject to the requested information, without which, the execution thereof would not be possible

   In fulfilling these obligations, we may communicate your data to the Public Administrations and courts, provided that such information is required in accordance with the established legal processes.

2. Conduct statistical analysis. When you browse our website, our servers generally store, among other data, information about the browser and operating system you use, the website from which you visit us, the pages you visit and the date. With the exception of the IP address, personal data is only stored if you have voluntarily provided us with it beforehand. We may draw up a "commercial profile" based on the information provided in order to inform you about products that may be of interest to you, but automated decisions will never be taken on the basis of that profile. We will also carry out statistical studies through Google Analytics, on the basis of a legal interest

3. Payment service providers

Through the Web Site, by means of links, you will be able to access third party web sites, in order to make payments for the products purchased. We inform you that they are governed by their own conditions of use and contract, so you should read the established conditions. At no time will our staff have access to the bank details you provide to such third parties. In order for you to make the payment, we will send the data strictly necessary to these payment processors for the issuance of the corresponding payment request

4. Type of data processed

For the purposes described in the previous section, we process personal data that can be divided into the following sources and categories:

1. Data you provide directly:

   At the time of submission through the various forms provided on the website.

   You guarantee that the data provided for the provision of the requested services responds truthfully to the actual situation and that you will communicate any changes that affect such data. Consequently, you will be liable to AFT for any damages caused as a result of breaching the obligations assumed in this clause.

2. Data collected indirectly:

   All data that, if you have given your consent, we collect from the type of external sources listed in purpose 2b.

3. Data derived from the provision of the service itself.

5. Data retention period

The data you supply us with will be kept for as long as there is a mutual interest in maintaining the purpose for the processing. It will be blocked when it is no longer necessary for the purpose for which it was collected or when you have exercised your right of deletion, cancellation and/or limitation of processing. After this period, the data will be deleted in accordance with the provisions of the data protection regulations, which implies its blocking. It will remain at the exclusive disposal of Judges and Courts, the Public Prosecutor's Office and the competent Administrations, in particular the Data Protection Authority for the attention of liabilities arising from the processing, during the prescription period thereof. Once the indicated term has expired, they will be destroyed with the appropriate security measures to guarantee their pseudonymisation or total destruction.

In addition to the general treatment of the previous point, the following particularities on data conservation will be observed:

• Customer Data: retention period of 4 years (Art. 66 et seq. of the General Tax Law), and 6 years for accounting books and invoices (Art. 30 of the Commercial Code).

6. Your rights

Our data protection regulations give you the following rights in relation to data processing:

• Right to access: To know what type of data we are processing and the characteristics of the processing we are carrying out.
• Right to rectification: To be able to request the modification of your data due to the latter being inaccurate or untrue.
• Right to portability: To be able to obtain a copy in an interoperable format of the data being processed.
• The right to treatment limitation, in the cases included in the Law.
• Right to deletion: Request the deletion of your data when such processing is no longer necessary.
• Right to object: To request the cessation of the sending of commercial communications in the terms indicated.
• The right to withdraw the consent given.

In order to exercise these rights, you must send an express request, together with a copy of your ID card or equivalent supporting document, via:

• E-MAIL addressed to info@aftgrupo.eu with subject Data Protection. The sending of this email must be done from the e-mail address you included on the form. Otherwise, they will not be shown to you, as your identity will not be considered sufficiently proven.
• BY POST: Directed to the address Avenida de Andalucía, 139 - 18015-Granada (Spain)

If you do not receive a response from us to the request made in good time, or if you do not find it satisfactory, we inform you that the competent supervisory authority is the Spanish Data Protection Agency (www.aepd.es). On its website, there are a series of forms that will help you exercise of your rights.

7. Non-transfer of data

We inform you and expressly guarantee you that your personal data will not be passed on to third parties under any circumstances. Any exception to this rule will require your prior, unequivocal, express and informed consent.

8. Safety Measures

In accordance with the provisions of the current regulations on the protection of personal data (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 and Organic Law 3/2018, of 5 December, on the Protection of Personal Data and the Guarantee of Digital Rights), we comply with all the provisions of the GDPR and LOPD regulations for the treatment of personal data for which we are responsible, and manifestly with the principles described in article 5 of the GDPR, under which they are processed in a lawful, fair and transparent manner in relation to the data subject and must be appropriate, relevant and limited to what is necessary in relation to the purposes for which they are processed.

We have sufficient mechanisms in place to:

• Guarantee the confidentiality, integrity, availability and permanent resilience of processing systems and services.
• Restore availability and access to personal data quickly in the event of a physical or technical incident.
• Verify, evaluate and assess on a regular basis, the effectiveness of technical and organisational measures implemented to ensure the security of the processing.
• Pseudonymise and encrypt personal data, if necessary.

We have implemented appropriate technical and organisational policies to apply the security measures established by the GDPR and the LOPD in order to protect your rights and freedoms, providing you with all the necessary information so that you can exercise your rights. We have installed all the technical means and measures at our disposal to prevent the loss, misuse, alteration, unauthorised access and theft of the personal data you provide us. However, you must be aware that Internet security measures are not impregnable.

9. Minors

It is forbidden for minors under 14 years of age to access and use this portal. We are not responsible for the veracity and accuracy of the data you fill in. If you are in charge of minors, it will be your sole responsibility to determine which services and/or content are or are not appropriate for the age of the latter.

We remind you that there are computer programs that allow you to filter and block access to certain content and services and decide which content and services on Websites your children can access and which they cannot.

10. Duration and modification of the privacy policy

We reserve the right to modify this Privacy Policy, in whole or in part, by posting changes on the Website. Likewise, we may change, delete or add, without prior notice, both the contents and services provided, as well as the way in which they are presented. Consequently, as the general conditions/policies published at the time you access will be understood to be valid, you should read them on a periodic basis

Notwithstanding the foregoing, we may terminate, suspend or interrupt, at any time and without prior notice, access to the contents of the Website, without the User being able to demand any compensation whatsoever.