Privacy Policy

DATA PROTECTION POLICY

The Management / Governing Body of MIREN ARGIÑE RODRÍGUEZ AMESTI (hereinafter, the data controller), assumes the highest responsibility and commitment to the establishment, implementation, and maintenance of this Data Protection Policy, ensuring the continuous improvement of the data controller with the aim of achieving excellence in compliance with Regulation (EU) 2016/679 of the European Parliament and Council of 27 April 2016, concerning the protection of natural persons with regard to the processing of personal data and the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119/1, 04-05-2016), as well as Spanish regulations on personal data protection (Organic Law, specific sectoral legislation, and its development regulations).

The Data Protection Policy of MIREN ARGIÑE RODRÍGUEZ AMESTI is based on the principle of proactive responsibility, whereby the data controller is accountable for complying with the legal and regulatory framework governing this Policy and is capable of demonstrating it to competent supervisory authorities.

In this regard, the data controller shall be guided by the following principles, which shall serve as a reference and framework for all personnel when processing personal data:

Data protection by design: The data controller will apply, both at the time of determining the means of processing and at the time of processing itself, appropriate technical and organizational measures, such as pseudonymization, designed to effectively implement data protection principles, such as data minimization, and to integrate necessary safeguards into the processing.
Data protection by default: The data controller will apply appropriate technical and organizational measures to ensure that, by default, only personal data that is necessary for each specific processing purpose is processed.
Data protection throughout the information lifecycle: Measures to guarantee the protection of personal data shall apply throughout the entire information lifecycle.
Lawfulness, fairness, and transparency: Personal data shall be processed lawfully, fairly, and transparently in relation to the data subject.
Purpose limitation: Personal data shall be collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
Data minimization: Personal data shall be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.
Accuracy: Personal data shall be accurate and, where necessary, kept up to date. Every reasonable step shall be taken to ensure that inaccurate personal data, considering the purposes for which they are processed, are erased or rectified without delay.
Storage limitation: Personal data shall be kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
Integrity and confidentiality: Personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing, and against accidental loss, destruction, or damage, using appropriate technical or organizational measures.
Information and training: A key aspect of ensuring personal data protection is the information and training provided to personnel involved in processing such data. Throughout the information lifecycle, all personnel with access to data will be appropriately informed and trained regarding their obligations concerning compliance with data protection regulations.

The Data Protection Policy of MIREN ARGIÑE RODRÍGUEZ AMESTI is communicated to all the staff of the data controller and made available to all interested parties.

Consequently, this Data Protection Policy involves all the staff of the data controller, who must be aware of it and adopt it, considering it as their own. Each member is responsible for applying it and verifying the data protection regulations applicable to their activities, as well as identifying and suggesting opportunities for improvement that they deem appropriate, with the aim of achieving excellence in compliance.

This Policy will be reviewed by the Management / Governing Body of MIREN ARGIÑE RODRÍGUEZ AMESTI as often as deemed necessary, to ensure it is always in line with the provisions in force regarding personal data protection.

NAME / COMPANY NAME: MIREN ARGIÑE RODRÍGUEZ AMESTI
CIF / NIF: 02612235X
ADDRESS: C. José Reyes Martín, 16, El Médano, Santa Cruz de Tenerife (Canary Islands)
TELEPHONE: +34 640 37 61 99
E-MAIL ADDRESS: olatenerife2021@gmail.com
WEB ADDRESS: onelanguageacademy.com

In compliance with the General Data Protection Regulation (GDPR), the personal data that you send us through any of the website forms will be treated as “Website users and subscribers.”

In this sense, our company is committed to implementing the necessary technical and organizational measures to ensure the security established in the current legal framework.

Purpose of Data Processing

The information provided may vary in nature: name, surname, email address, postal address, phone number, IP address, etc.

By providing this information, the user consents to the collection, use, management, and storage of their data on https://onelanguageacademy.com as described in the Privacy Policy and the Legal Notice. At any time, you can contact us in any way.

At https://onelanguageacademy.com, we enable different methods of collecting personal information through forms.

If you belong to any of the following groups, please consult the corresponding information:

a) Contact via the website or email.
What data do we collect through the website?

We may process data anonymously, such as your IP address, duration of your visit to the website, geographic origin, operating system, or browser used, all in an anonymous manner.

If you provide data in the contact form, you will identify yourself so that we can contact you if necessary.

Managing your inquiries or information requests.
Auditing improvements on the website regarding our services to enhance our service catalog.

Acceptance and Consent of the Interested Party: In cases where it is necessary to fill out a form and click the submit button to make a request, doing so implies that you have been informed and have expressly given your consent to the content of the clause attached to that form or the acceptance of the privacy policy.

All our forms have an asterisk (*) next to mandatory fields. If you do not provide this information or do not check the box accepting the privacy policy, the submission of the information will not be allowed.

b) Contact via subscription or newsletter forms.
What data do we collect through the website?

We will only store your email in our database and will proceed to send you emails periodically until you request to unsubscribe or we stop sending emails.

You will always have the option to unsubscribe in any communication.

Managing the requested service and commercial information as long as we have your express authorization.

Acceptance and Consent of the Interested Party: In cases where you subscribe, it will be necessary to check a box and click the submit button. This will imply that you have been informed and have expressly given your consent to receive the newsletter.

If you do not check the box accepting the privacy policy, the submission of the information will not be allowed.

c) Contact via blog comments: For a user to leave comments on the blog posts on your website, the user is required to register through a form that requests the following personal information: Name, email, and website.

d) Contact via file download request form: We request the name, surname, and email address to manage registration.

e) Managing communication with clients:

What data do we process if you are a client?

Data necessary for preparing quotes and handling necessary commercial communications related to your request.
Data for managing administrative, communication, and logistics services performed by the Data Controller.
Billing data and declaration of the relevant taxes.
Data needed to carry out the various transactions that correspond.

e) Management of Communication with Suppliers

What data do we use as a service provider?

Data collected through electronic means related to your request.
Commercial or event information via electronic means, provided there is express authorization.
Data for managing administrative, communication, and logistics services performed by the Data Controller.
Billing data necessary for the contractual relationship.
Data needed to carry out the relevant transactions.
Data for billing and declaration of the relevant taxes.

The legal basis is the acceptance of a contractual relationship or, if applicable, your consent when contacting us or offering your products by any means.

f) Contacts Generated Through Social Media

What data do we use from social media?

To respond to your inquiries, requests, or demands.
To manage the requested service, respond to your request, or process your demand.
To interact with you and create a community of followers.

The acceptance of a contractual relationship within the relevant social network, in accordance with their Privacy Policies:

Facebook: Privacy Policy
Instagram: Help Center
Twitter: Privacy Policy
LinkedIn: Privacy Policy
Google+: Privacy Policy

How Long Will We Keep Your Personal Data?

We can only access or delete your data in a restricted manner if you have a specific profile. We will process your data for as long as you allow us to follow you, be friends, or click “like,” “follow,” or similar buttons.

Any correction of your data or restriction of information or posts must be made through the settings of your profile or user account on the social network itself.

2.1 Data Retention

The personal data provided will be maintained during the commercial relationship and will continue as long as the user does not request its deletion.

We have adopted an optimal level of protection for the personal data we handle, and we have installed all available technical means and measures according to the state of technology to prevent loss, misuse, alteration, unauthorized access, and theft of personal data.

2.2 Communication of Personal Data

Under no circumstances will personal data be shared with other companies except in strictly necessary cases for compliance with the law or where there is express authorization from users.

Legitimacy of Data Processing

Express consent is the legal basis for processing user data, requiring users to check the consent boxes where applicable.

We will ask for express consent when contacting or leaving comments on our website. Through consent, we also base our commercial offers of products or services; however, the withdrawal of this consent does not affect the execution of the subscription.

The contracting of products and services is also governed by the terms and conditions of the commercial policy.

Security and Confidentiality

At https://onelanguageacademy.com, we do not transfer, sell, or rent our users’ personal data to third parties, now or in the future. If we need to collaborate with other companies, express consent will be required, explaining the reason. Additionally, we will always comply with security standards to safeguard the data.

We guarantee the use and processing of data with full respect for confidentiality and intended purposes, as well as the storage of such data, adopting the necessary measures to prevent alteration, loss, unauthorized processing, or access, in accordance with current data protection regulations.

However, we cannot guarantee that data will not be compromised due to fraudulent use by third parties.

Rights Regarding Personal Data

In the processing of personal data, you have the following rights:

Access to personal data related to the user.
Request any type of modification or deletion.
Request to limit the processing of your data.
Object to the processing of personal data.
Request the portability of your data.
Right to withdraw consent at any time, without affecting the legality of the processing based on consent prior to its withdrawal.

You may request access to personal data, request rectification of inaccurate data, or, if applicable, request deletion when the data is no longer necessary for the purposes for which it was collected.

In some cases, interested parties may request the limitation of the processing of their personal data. In this way, we will only retain the data for the exercise or defense of claims.

At MIREN ARGIÑE RODRÍGUEZ AMESTI, we will cease processing the data when the user expressly opposes it, except in cases where legitimate grounds require it, or for the exercise or defense of potential claims.

You also have the right to request the portability of personal data.

To request any of these rights, you must submit a written request to our address, along with a photocopy of your ID for identification purposes.

In our offices, we have specific forms to request these rights and we offer our assistance for their completion.

If the user believes that the Regulation has been violated, they have the right to judicial protection and to file a complaint with the Spanish Data Protection Agency, the competent authority.

For more information about your data protection rights, you can visit the website of the Spanish Data Protection Agency (www.agpd.es).

Do We Use Cookies?

If we use other types of cookies that are not strictly necessary, you can consult the cookie policy via the relevant link at the beginning of our website.

How Long Will We Keep Your Personal Data?

Personal data will be maintained as long as you remain linked to us. Once you disconnect, the personal data processed for each purpose will be retained for the legally prescribed periods, including the time during which a judge or court may require them according to the statute of limitations for legal actions.

Data will be retained until the legal periods mentioned expire, if there is a legal obligation for retention, or if there is no legal period, until the interested party requests deletion or revokes the consent granted.

We will keep all information and communications related to your request or our service provision while the product or service warranties are valid, to address potential claims.

For each type of data processing, we provide a specific period, which you can consult in the following table:

File	Document	Retention
Clients	Invoices	10 years
Forms and Coupons	15 years
Contracts	5 years
Human Resources	Payroll, TC1, TC2, etc.	10 years
Resumes	Until the end of the selection process, and 1 year more with your consent
Documents for severance pay		4 years
Contracts
Data of temporary workers		4 years
Employee File	Until 5 years after termination
Marketing	Databases or website visitors	As long as processing occurs
Suppliers	Invoices	10 years
Contracts	5 years
Access Control and Vide surveillance	Visitor list	30 days
Videos	30 days blocked; 3 years destruction
Accounting	Accounting books and documents	6 years
Partnership agreements and board minutes, company bylaws, regulations	6 years
Financial statements, audit reports		6 years
Records and documents related to grants		6 years
Tax	Management of the company’s administration, rights and obligations regarding tax payments	10 years
Dividend payment and tax withholding administration		10 years
Information on intragroup pricing establishments		18 years
8 years for intragroup transactions for pricing agreements
Health and Safety	Employee medical records	5 years
Environment	Information on hazardous chemicals	10 years
Documents related to environmental permits while the activity is ongoing	3 years after activity closure; 10 years
Records on recycling or waste disposal		3 years
Grants for cleaning operations must retain documents of rights and obligations, receipts, and payments	4 years
Accident reports	5 years
Insurance	Insurance policies	6 years
	2 years
	5 years
	10 years
Purchases	Record of all goods delivered or services provided, intra-community acquisitions, imports and exports for VAT purposes	5 years
Legal	Intellectual and Industrial Property documents	5 years
Contracts and agreements		5 years
Permits, licenses, certificates		6 years from expiration date
	10 years (criminal prescription)
Confidentiality and non-compete agreements	Always for the duration of the obligation or confidentiality
LOPD	Processing of personal data, if different from the processing notified to the AEPD	3 years
Personal data of employees stored on networks, computers, and communication devices used by them, access controls and internal management/administration systems	5 years

Consent and Acceptance

In this way, the user accepts that they have been properly informed about the use and processing of their personal data and the conditions for their protection, giving consent for MIREN ARGIÑE RODRÍGUEZ AMESTI to use this data under the terms set forth in this privacy policy.

At https://onelanguageacademy.com, we are opposed to practices considered spam; therefore, we will never send commercial emails that have not been expressly authorized by the user or previously requested, in compliance with Law 34/2002 on Information Society Services and Electronic Commerce.

In any form on our website, users are given the option to provide express consent to receive our newsletter, regardless of the information previously requested.

Thus, in each form available on the website, users have the opportunity to give their express consent to receive the newsletter, regardless of the specific commercial information requested.

In accordance with the provisions of the LSSICE, we are committed to not sending commercial communications without them being properly identified.

Changes to the Policy

We reserve the right to modify and adapt this privacy policy in order to align it with future legislative or jurisprudential changes. Should this occur, we will properly announce the changes in advance so that users are adequately informed.