Who is responsible for the treatment?
In terms of data protection, QUALITAS EQUITY FUNDS SGEIC SA must be considered the Data Controller, in relation to the processing of personal data carried out by this entity.
Below are the contact details of the Data Controller:
- Identity of the person responsible: QUALITAS EQUITY FUNDS SGEIC SA
- Physical address: C/ Velázquez 31, 2, 2800, Madrid
- Email: firstname.lastname@example.org
Who is the data protection officer?
This entity includes the figure of data protection delegate, who can be contacted through the following email address: email@example.com, or by writing to the address of this entity for the attention of the “Data Protection Officer”.
What personal data do we process?
All information collected by QUALITAS EQUITY FUNDS SGEIC SA will be treated in a loyal, lawful and transparent manner.
Likewise, the data requested in each of the treatments carried out will consist only of those strictly essential to achieve the intended and informed purpose in each case.
This way, the collected data will be adequate, relevant and not excessive in relation to the purposes for which they are processed in each case. Therefore, your personal data will be collected for certain explicit and legitimate purposes and will not be further processed in a manner incompatible with said purposes. In addition, they will be updated whenever necessary.
In general terms, within the framework of the different treatments of activities carried out in the organization, the following data types are collected:
- Identification data.
- Academic, professional and training data.
- Commercial information.
- Transactions of goods and services.
- Economic and Financial.
Minors’ data may be processed, as long as it is provided by legal representatives, guardians, parents and in relation to the contracted product or service.
Where does the personal data come from?
Personal data is always collected directly from the owner; however, exceptionally the data may be collected through third parties, entities or services other than the interested party.
In this sense, this point will be conveyed to the interested party through the information clauses contained in the different ways of collecting information and within a reasonable period or in the first communication made to the interested party.
For what purpose and specific cases do we process personal data?
In general terms, personal data is processed for the following purposes:
- User registration management: The information you provide us in the registration form will be processed for the management of users on our platforms.
- Contracting of products and services: to manage the contracting of the products and services that have been requested and their execution; for transaction payment management; to contact you in case of any incident related to your service or product; to inform you about the availability of the requested products.
- Compliance with regulatory obligations: for the prevention of money laundering and the financing of terrorism or tax fraud, among others. For example, to request information from you to verify the origin of funds in your accounts.
- Newsletter: to send information through the means provided about news, products and services related to us or our sector.
- Contact: to respond to requests for information received about the products and services offered, as well as to respond to any other type of question sent by users.
- Surveys: to carry out a survey of customer service and/or quality of our products. n order to improve these services, we will process your personal data in order to obtain information about our products or about the attention provided by our customer service.
- Customers: to carry out the management of the sale of goods and services, billing, accounting, collections, non-payments, offers, budgets and contracts, customer service, contact and commercial relationships.
- Potential customers: to track commercial opportunities for the organization.
- Suppliers: to carry out purchasing management, accounting, payments, management of delivery notes and orders, contact and commercial relationships.
- Video surveillance: to control access to the organization’s facilities and ensure the security of the company’s assets and people.
- Candidates: to carry out internal personnel selection processes, both current and future.
- Complaint channel: to process personal data for the purpose of managing the complaints channel (or internal information system), investigating the facts and proposing resolution measures, preventing regulatory breaches and correcting those already detected, as well as contributing to the effectiveness of the Organization’s operation. with the continuous improvement of internal processes for the management and control of illegal conduct or conduct contrary to the ethical culture of the Organization.
No profiles will be created with the personal data collected nor will automated decisions be made.
However, all the explicit purposes for which each of the treatments are carried out are included in the information clauses incorporated in each of the data collection methods (web forms, paper forms, speeches or posters and informative notes , invoices, contracts and other documents containing personal data).
What is the legitimacy for data processing?
As a general rule, prior to the processing of personal data, QUALITAS EQUITY FUNDS SGEIC SA informs of the legal basis by which it establishes the legitimacy of the processing in question.
However, the organization may process personal information to:
- Comply with legal and regulatory obligations: By way of example and not limitation. General Law for the Defense of Consumers and Users, General Tax Law, Corporate Tax Law, Account Audit Law, Value Added Tax Law, Civil Code, Commercial Code, as well as the existence of a law or specific rule that authorizes or requires the processing of the interested party’s data, which will be stated in the corresponding information clause.
The complaints channel (or internal information system) is legitimized by Law 2/2023, of February 20, regulating the protection of people who report regulatory infractions and the fight against corruption.
- Execution of a Contract: for the prior management of a contracted service or product, development of the execution of a contract or subsequent procedures derived from said operations.
- Legitimate interest: Data processing based on the legitimate interest of the controller will be established, mainly, to send communications or commercial events about products or services similar to those contracted. According to article 21.2 of the Information Society Services Law, this treatment will only be valid when, as a client, you have not expressly refused at the time of data collection or in any of the communications we make.
How long do we process personal data?
Personal data is processed for the time necessary to fulfill the purpose for which they were collected, as long as the provision of the service or the employment or contractual relationship is maintained, there is a mutual interest and/or for the time provided for in the corresponding regulations.
Once the established deadline criteria have been met, the data will be canceled. Data cancellation will consist in the blocking of the data, being kept only at the disposal of the Public Administrations, Judges and Courts, to address the possible responsibilities arising from the treatment, during the limitation period thereof, once the aforementioned period has elapsed, the destruction of the data will be carried out.
In the case of the data contained under the complaints channel: The data will be kept as long as it is necessary to fulfill the purpose for which it was collected. In any case, after three months from the introduction of the data, it will be deleted from the complaints system, unless the purpose of the conservation is to leave evidence of the functioning of the model for preventing the commission of crimes by the legal entity. After the aforementioned period, the data may continue to be processed by the body responsible for the investigation of the reported events, and will not be kept in the complaints channel itself.
Who do we share personal data with?
To fulfill the purposes described above, personal data may be shared with, but not limited to:
- Supervisory Authority for the prevention of money laundering (SEPBLAC)
- Commercial Registry
- General Council of the Judiciary
- Bank of Spain
- National Stock Market Commission
- Tax Agency and General Treasury of Social Security
- Public authorities, regulatory bodies and supervisory bodies, such as central banks and other financial sector supervisors
- Bank entities
- Tax authorities when they ask us to inform them about your assets or other personal data
- Justice and investigation authorities, such as the State Security Forces and Bodies, the Public Prosecutor’s Office, courts and tribunals, mediation and arbitration organizations, following an express judicial request
- Administration with jurisdiction over money laundering and terrorist financing
And any other entity that is necessary in compliance with our duties.
Are international transfers made?
We inform you that, in general, international transfers are not made outside the European Economic Area (EEA). In the event that a data transfer occurs outside the EEA, THE ORGANIZATION will have the appropriate guarantees to carry out said transfer, under the requirements established by the General Data Protection Regulation.
What rights can you exercise?
According to European regulations, your rights are the following:
- Right of access, Right to request information from the person responsible for a file about whether your personal data is being processed.
- Right of Rectification, Right that allows the affected person to request the modification of data that are inaccurate or incomplete.
- Right of Opposition, Right of a person to oppose the processing of their personal data or the cessation of these.
- Right to automated individual decisions, the right not to be the subject of a decision based solely on automated processing, including profiling, that produces legal effects on it or significantly affects it in a similar way
- Right of Limitation, right to suspend the processing of the user’s personal data in certain cases
- Right to Deletion or Oblivion, right to delete the personal data of the interested party
- Portability Right, right to request the data controller to provide personal data in a structured and clear format to another controller.
- Right to file a claim before the competent control authority if you consider that the treatment does not comply with current regulations.
How to exercise your rights?
The applicant can exercise their rights through the following Email: firstname.lastname@example.org.
Documentation proving the identity of the applicant may be required (copy of the front of the National Identity Document, or equivalent). In any case, you can request the protection of the Spanish Data Protection Agency through their website
In this sense, QUALITAS EQUITY FUNDS SGEIC SA will respond to your request as soon as possible and taking into account the deadlines provided for in data protection regulations.
What could be the consequences of not providing the information?
The data requested in the established fields marked with an asterisk (*) or those provided in the documents or media where the information is provided, are those strictly necessary in relation to the purpose for which they are collected, or for the provision of a optimal service to the interested party or through a legal obligation imposed on the person responsible for the treatment or a necessary requirement to sign a contract, the inclusion of data in the remaining fields being voluntary.
If all data is not provided, it is not guaranteed that the information and services provided are completely tailored to your needs.
Therefore, in the event that the required data is not provided or is done in an erroneous or incomplete manner, your request cannot be met, making it completely impossible to provide the requested information or carry out the contracting of the services.
Likewise, the user guarantees that the information transmitted in any of the forms is true, accurate and corresponds to the user’s own data.
The services of our platforms are not intended for minors, so registration is only permitted for people over 18 years of age. Otherwise, please note that any possible liabilities that may arise as a result of the use of our Platforms will be the responsibility of of the parents or guardians of the minor.
To prevent the use of our services by minors, we try to verify the age of our users when they formalize their registration by requesting their date of birth.
What security measures do we have in place?
The security measures adopted by QUALITAS EQUITY FUNDS SGEIC SA are those required, in accordance with the provisions of article 32 of the RGPD.
In this sense, QUALITAS EQUITY FUNDS SGEIC SA taking into account the state of the art, the costs of application and the nature, scope, context and purposes of the processing, as well as the risks of varying probability and severity for the rights and the freedoms of natural persons, has established the appropriate technical and organizational measures to guarantee the level of security appropriate to the existing risk.
In any case, QUALITAS EQUITY FUNDS SGEIC SA has implemented sufficient mechanisms to:
- Guarantee the confidentiality, integrity, availability and permanent resilience of the treatment systems and services.
- Restore the availability and access to personal data quickly, in the event of a physical or technical incident.
- Verify, evaluate and assess, on a regular basis, the effectiveness of the technical and organizational measures implemented to guarantee the security of the treatment.