Logotipo Xamai Global Azul

Privacy Policy

1.- CONTROLLER

1.1.- Who is responsible for processing your data?

The data controller is the owner of this website, XAMAI GLOBAL S.L. (hereinafter, the Controller), with registered office at Calle Camino de Ardanaz, 2, 31620 – Gorráiz (Navarra), Spain, and NIF ESB71474530.

However, if you have any questions regarding our privacy policy, you can contact XAMAI GLOBAL S.L. by visiting our offices at Calle Camino de Ardanaz, 2, 31620 – Gorráiz (Navarra), Spain, or via email at dpo@xamaiglobal.com.

2.- PURPOSE

2.1.- How will the Controller use my data?

The data you provide may be used by the Controller for one or more of the purposes listed below, depending on the reason for the data collection. The purpose will be determined by factors such as your relationship with us (e.g., request for a quote) or the method used to send the data (e.g., contact form, email, etc.).

Below, we describe the processing covered by this privacy policy, without prejudice to other processing for which you may be informed or asked for consent:

  • Service Provision: To provide and manage the services you request from us, including the preparation of quotes and offers, whether related to an existing service or a new request.
  • Information Requests: If you contact us via the contact form on our website, phone, email, social media, or in person, to request information, make suggestions, complaints, or claims, we will process your data to manage and respond to your request.
  • Marketing Communications: If you authorize us to send marketing communications (newsletters, promotions, etc.), we will use your data to manage and send such communications related to our activities, services, and products, including by electronic means. You may withdraw your consent at any time.
  • Cookies: If you accept cookies when visiting our website, our cookie policy will apply. We recommend reviewing this policy for details on the types of cookies used, their purpose, and configuration options.

2.2.- How long will my data be retained?

Your data will be stored for the time necessary to fulfill the purpose for which it was collected and to determine any potential liabilities. Specific retention periods include:

  • Contact form requests: Data will be processed as long as necessary to manage your request.
  • Marketing communications: Data will be retained while you remain a customer and do not object to the processing, or, if you have expressly requested to receive communications, until you opt out.
  • Cookies: Retention periods depend on the type of cookies used, as detailed in the cookie policy.

3.- LEGAL BASIS FOR PROCESSING

3.1.- What authorizes the Controller to process my data?

  • Information requests and contact forms: The Controller is legally allowed to process this data to manage and respond to your request.
  • Marketing communications: Based on a legitimate interest in sending communications about services you have contracted (you may object at any time).
  • Administrative and legal compliance: Processing is necessary to comply with commercial, tax, and other legal obligations.
  • Cookies: Processing is based on the consent given when you visit our website.

3.2.- Consequences of withdrawing consent or objecting to data processing

If we request your consent for a specific purpose and you do not grant it (or withdraw it later), this will not negatively affect you in any way. However, certain mandatory fields in contact forms are necessary to process your request, and withdrawing consent may prevent us from responding.

4.- DATA RECIPIENTS

4.1.- Will my data be shared with third parties?

Except for processing carried out by the website owner, your data will not be transferred to third parties. However, your data may be disclosed to entities and public bodies when legally required.

To fulfill the purposes outlined in this Privacy Policy, we may also grant access to your data to group companies or third-party service providers who assist in delivering our services. If these providers are outside the European Economic Area (EEA), we will ensure appropriate safeguards for your data.

4.2.- Website-related service providers

  • Hosting: Our website is hosted by the provider professionalhosting.com.

5.- YOUR RIGHTS

5.1.- What data protection rights do I have?

You have the right to:

  • Access: Request confirmation of whether your data is being processed and obtain details about the processing.
  • Rectification: Correct inaccurate or incomplete data.
  • Deletion (Right to be forgotten): Request the deletion of your personal data unless legal exceptions apply.
  • Portability: Receive your data in a structured, commonly used, and machine-readable format or request its transfer to another data controller.
  • Objection: Object to data processing, except when legal obligations require processing.
  • Restriction: Request that your data processing be restricted under specific circumstances.

You may also withdraw your consent at any time by emailing dpo@xamaiglobal.com. If necessary, we may request proof of identity.

Additionally, you may file a complaint with the Spanish Data Protection Agency (AEPD) or another competent authority if you are not satisfied with the response to your request.

5.2.- What do these rights consist of?

Right of access: This right allows the data subject to obtain from the Controller confirmation as to whether or not personal data relating to him/her are being processed and, if so, the right of access to the personal data as well as to the following additional information: (a) the purposes of the processing; (b) the categories of personal data concerned; (c) the recipients or categories of recipients; (d) the intended period of retention or, the criteria used to determine this period; (e) the existence of the right to request from the controller the rectification or erasure of personal data or the restriction of the processing of personal data relating to the data subject, or to object to such processing; (f) the right to lodge a complaint with a supervisory authority; (g) available information on the origin of the data; (h) the existence of automated decisions.

Right of rectification: This right entitles the data subject to urge the Controller to rectify or complete inaccurate personal data without delay. It is important that the data contained in the databases are up to date and in this sense we are at your disposal to rectify any error or inaccuracy that may exist in them.

Right to erasure: At any time you have the right to ask us to erase your personal data. This request will be complied with without delay unless one of the circumstances set out in the General Data Protection Regulation applies, in particular if we need to retain your data in order to comply with a legal obligation or to defend ourselves against a claim.

Right of portability: In the case of automated data processing based on consent, you may ask us to transfer your personal data in a structured, commonly used and machine-readable format to another data controller.

Right of objection: Through this right, the data subject objects to the processing of his or her data by the data controller. This right is not absolute, which means that the data controller may continue to process the data provided that it can prove legitimate reasons that prevail over the interests, rights of the data subject or for the formulation, exercise and defence of claims.

Right to restrict processing: This right confers on you the right to request the controller to restrict the processing of your personal data under certain circumstances, as set out below. In the event that this right is exercised, the data controller may only process the data with the consent of the data subject. The circumstances under which this right may be exercised are as follows:
(i) the data subject contests the accuracy of the personal data, for a period of time which allows the controller to verify the accuracy of the personal data;
(ii) the processing carried out by the controller is unlawful and the data subject objects to the erasure of the personal data and requests instead the restriction of their use;
(iii) the controller no longer needs the personal data for the purposes of the processing but the data subject needs them for the purposes of the formulation, exercise or defence of claims;
(iv) the data subject has objected to the processing, while it is being verified whether the legitimate grounds of the controller override those of the data subject.

5.3.- How and where can I exercise my rights?

You can submit your request through the contact details provided at the beginning of this Privacy Policy.

Alternatively, you may also contact the appropriate data protection authority in your country, such as the AEPD in Spain. The AEPD provides complaint forms available on its electronic headquarters.

5.4.- How long will it take to process my request?

We will respond within one month from receipt of your request. If necessary, this period may be extended by two additional months due to complexity or volume of requests. In such cases, we will inform you within one month of the request submission.

5.5.- Will exercising my rights cost me anything?

Exercising your rights is free of charge. However, if requests are manifestly unfounded or excessive, particularly repetitive ones, we may:

  • Charge a fee that covers administrative costs.
  • Refuse to process the request.

This fee will not generate additional revenue but will only reflect the actual cost of processing the request.