Web policies

Legal notice

The owner of this website is Malasa Grupo, S.L., with B70303482 and registered office at Lugar A Telva, nº 1 -A (Sigras) 15181 Cambre -A Coruña- (Spain).

Malasa Grupo, S.L. is an entity registered in the Mercantile Register of A Coruña, Volume 3424, General Section, Folio 23, Page C-47800.

Intending to ensure that the use of the Web Site complies with criteria of transparency, clarity and simplicity, Malasa Grupo, S.L. informs the user that any suggestions, doubts or queries regarding this Legal Notice or any other informative document on the web site will be received and resolved by contacting Malasa Grupo, S.L., via the e-mail address: protecciondedatos@grupomalasa.com.

Intellectual Property

All the contents of this website, and in particular designs, texts, images, logos, icons, commercial names, brands or any other information susceptible of industrial and/or commercial use, are protected by copyright, and their reproduction, transmission or registration of information is not permitted without the prior authorisation of the owner, Malasa Grupo, S.L.

Users may only and exclusively use the material of this website for their personal and private use, and it is forbidden to use it for commercial purposes or illegal activities.

Unilateral modification

Malasa Grupo, S.L. may unilaterally modify the structure and design of the website, as well as modify or eliminate the services, contents and conditions of access and/or use of the website, whenever it deems appropriate, without prior notice.

Links

Malasa Grupo, S.L. assumes no responsibility for the links to other websites or pages which, where appropriate, may be included in the website, as it has no control over them, and therefore the user accesses the content and conditions of use under his or her exclusive responsibility.

Terms of use of the website

The user undertakes to use the website, its services and contents without contravening current legislation, good faith, generally accepted uses and public order.

Likewise, the use of the website for illicit or harmful purposes against the owner or any third party, or which, in any way, may cause damage or impede the normal operation of the website, is prohibited.

Exclusion of warranties and liability

The owner of the website does not give any guarantee and is not responsible, under any circumstances, for damages of any kind that may be caused by:

The lack of availability, maintenance and effective functioning of the website and/or its services or contents.
The lack of usefulness, suitability or validity of the website and/or its services or contents to satisfy the needs, activities or specific results or expectations of users.
The existence of viruses, malicious or harmful programmes in the contents.
The receipt, collection, storage or transmission of content by users.
The illicit, negligent, fraudulent use, contrary to these Conditions, to good faith, to generally accepted uses or public order, of the website, its services or contents, by users.
The lack of legality, quality, reliability, usefulness and availability of the services provided by third parties and made available to users on the website.

Non-compliance by third parties with their obligations or commitments about the services provided to users through the website.

Privacy policy

This Privacy Policy has been developed taking into account the provisions of data protection regulations, specifically Regulation 2016/679 of the European Parliament and of the Council of 27th April 2016 on the protection of natural persons about the processing of personal data and the movement of such data, hereinafter the RGPD, as well as Organic Law 3/2018, of 5th December, on the Protection of Personal Data and Guarantee of Digital Rights, hereinafter the LOPDGDD (its initials in Spanish).

The purpose of this Privacy Policy is to inform the owners of the personal data, whose information is being collected, of the specific aspects relating to the processing of their data, including the purposes of the processing, the contact details for exercising their rights, the periods of conservation of the information and the security measures, among other things.

Data Controller

Malasa Grupo, S.L.
CIF: B70303482
Dirección: Lugar A Telva, Nº 1- A (Sigrás) -15181 Cambre, A Coruña
e-mail: cmalasa@grupomalasa.com Teléfono: 981688014

This Privacy Policy applies to the following entities that are part of the Grupo Malasa (Malasa Group), namely:

Malasa Grupo, S.L.
Comercial Malasa, S.L.U.
Ebanistería Barreiro, S.L.
Montajes Cerceda, S.L.U.
Fresno Metal, S.L.U.
Fresno Cristal, S.L.U.
Malasa Rus, L.L.C.
Noa Design and Architecture, S.L.
Noa Madera Creativa, S.L.U.
Malasa Mex Contract, S.A.

This is because the implementation of technical, organisational and legal security measures converge and are managed in the same way, respecting at all times the logical access control between entities so that each entity has access to the information for which it is responsible.

In this sense, in terms of data protection, the aforementioned entities should be considered Data Controllers, concerning the files they manage (handling of data).

Data processing

The personal data, processed by the entity not only through the website but in any of its activities, will consist of those data strictly necessary for the purposes for which they were collected in each case and which are identified below. Said information will be treated in a loyal, lawful and transparent manner in relation to the interested party. On the other hand, personal data will be collected for specific, explicit and legitimate purposes, and will not be further processed or used in a manner incompatible with those purposes.

The data collected from each person shall be adequate, relevant and not excessive concerning the relevant purposes for each case, and shall be updated whenever necessary.

The data subject shall be informed, before the collection of his/her data, of the general points regulated in this policy so that he/she may provide express, precise and unequivocal consent for the processing of his/her data, following the following aspects.

Purposes of processing

The explicit purposes for which each of the processing operations are carried out are set out in the informative clauses included in each of the data collection methods (web forms, paper forms, announcements or posters and information notes).

However, the personal data of the data subject will be processed for each of the purposes specified in the documents or data collection systems established by the entity and which, in general terms, are specified below:

Clients: economic, financial, administrative and information management, loyalty management and promotion of the entity.
Staff: labour and human resources management.
Suppliers: economic, financial and administrative management.
CVs: candidate management and development of recruitment processes.
Web-users: answering queries or requests for information, management of the commercial relationship and the potential contractual relationship.
Video surveillance: guaranteeing the security of people, goods and facilities and monitoring compliance with labour obligations.

Legitimation

Customers and suppliers: the processing is necessary for the performance of a contract if the data subject is a party or for the implementation of pre-contractual measures at his/her request (A.6.1 b. RGPD).
Staff: the processing is necessary for the performance of a contract if the data subject is party or for the implementation of pre-contractual measures at his/her request (A.6.1 b. RGPD) and compliance with a legal obligation applicable to the data controller (A.6.1 c. RGPD).
CVs and Web users: the data subject consented to the processing of his or her personal data for one or more specific purposes (A.6.1 a. RGPD).
Video surveillance: the processing is necessary for the performance of a task carried out in the public interest (A.6.1 e. RGPD) and for compliance with a legal obligation applicable to the controller (A.6.1 c. RGPD in conjunction with A.20.3 of the Workers’ Statute – “Estatuto de los Trabajadores” in Spanish).

Recipients

As a general rule, the entities identified do not transfer or communicate data to third parties, except as required by law. However, if necessary, the interested party is informed of such transfers or communications of data through the informed consent clauses contained in the different personal data collection channels.

Source

As a general rule, personal data are always collected directly from the data subject; however, in certain exceptions, data may be collected through third parties, entities or services other than the data subject. In this regard, the data subject shall be informed of this fact through the informed consent clauses contained in the different information collection channels and within a reasonable time, once the data have been obtained, and at the latest within one month.

Periods of data retention

The information collected from the data subject will be kept for as long as it is necessary to fulfil the purpose for which the personal data were collected, so that, once the purpose has been fulfilled, the data will be cancelled. Said cancellation will give rise to the blocking of the data, which will only be kept at the disposal of the Public Administrations, Judges and Courts, to attend to any possible liabilities arising from the processing, during the period of limitation of such liabilities, and then the information will be deleted.

For information purposes, the following is a list of the legal deadlines for the conservation of information in relation to different matters:

DOCUMENT	DEADLINE	LEGAL REFERENCE
Documentation of an employment or social security nature	4 years	Article 21 of Royal Legislative Decree 5/2000, of 4th August, approving the revised text of the Law on Offences and Penalties in the Social Order.
Accounting and tax documentation for commercial purposes	6 years	Art. 30 of the Commercial Code
Accounting and tax documentation for tax purposes	4 years	Articles 66 to 70 of the General Tax Law
Building access control	1 month	AEPD (Spanish Data Protection Agency) Instruction 1/1996
Video-surveillance	1 month	AEPD Instruction 1/2006 – Organic Law 4/1997

Navigation data

In relation to the browsing data that may be processed through the website, if data subject to the regulations are collected, we recommend reading the Cookies Policy published on our website.

Rights of data subjects

Data protection legislation grants a series of rights to the data subjects or owners of the data that are processed by the identified entities.

The rights of the persons concerned are as follows:

Right of access: the right to obtain information on whether their data is being processed, the purpose of the processing being carried out, the categories of data being processed, the recipients or categories of recipients, the storage period and the origin of the data.
Right of rectification: the right to obtain the rectification of inaccurate or incomplete personal data.
Right of deletion: the right to delete the data in the following cases:
- When the data are no longer necessary for the purpose for which they were collected.
- When the consent is withdrawn by the data subject.
- When the data subject objects to the processing.
- When they must be deleted in compliance with a legal obligation.
- When the data have been obtained under an information society service based on Art. 8 paragraph 1 of the European Data Protection Regulation.
Right of opposition: the right to object to a particular processing operation based on the data subject’s consent.
Right of restriction: the right to obtain the restriction of data processing in any of the following cases:
- When the data subject contests the accuracy of the personal data, for a time that allows the company to verify the accuracy of the data.
- When the processing is unlawful and the data subject objects to the erasure of the data.
- When the company no longer needs the data for the purposes for which they were collected, but the data subject needs them for the formulation, exercise or defence of claims.
- When the data subject has objected to the processing while it is being verified whether the legitimate business grounds override those of the data subject.

Interested parties may exercise the aforementioned rights by sending a letter and a copy of their ID card to the following address: protecciondedatos@grupomalasa.com indicating in the subject line the right they wish to exercise.

In this regard, the entities identified should respond to your request as soon as possible and taking into account the deadlines set out in the data protection regulations.

On the other hand, it should be borne in mind that the data subject or interested party may at any time lodge a complaint with the competent supervisory authority: Agencia Española de Protección de Datos C/Jorge Juan 6, 28001-Madrid (Spain).

Security

The security measures adopted by the identified entities are those required, following the provisions of Article 32 of the RGPD. In this regard, the identified entities, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing, as well as the risks of varying likelihood and severity to the rights and freedoms of natural persons, have in place the appropriate technical and organisational measures to ensure the level of security appropriate to the existing risk.

In any case, the entities identified have sufficient mechanisms to:

Ensure the continued confidentiality, integrity, availability and resilience of processing systems and services.
Restore availability and access to personal data quickly, in the event of a physical or technical incident.
Regularly verify, evaluate and assess the effectiveness of the technical and organisational measures implemented to ensure the security of the processing.
Pseudonymise and encrypt personal data, where appropriate.

Cookie policy

The purpose of this cookie policy is to provide clear and precise information about the cookies used on the website.

Identification of the data controller

Following the provisions of Regulation (EU) 2016/ 679 of the European Parliament and of the Council of 27th April 2016 on the protection of natural persons concerning the processing of personal data (hereinafter RGPD), as well as by the Organic Law 3/2018, of 5th December, on the Protection of Personal Data and guarantee of digital rights, hereinafter LOPDGDD and Law 34/2002, of 11 July, on services of the information society and electronic commerce (LSSICE) we inform you that the personal data processed through the use of cookies and similar technologies used (such as local shared objects or flash cookies, web beacons or bugs, etc.) will be processed by:

Malasa Grupo, S.L.
CIF: B70303482
Dirección: Lugar A Telva, Nº 1- A (Sigrás) -15181 Cambre, A Coruña
e-mail: cmalasa@grupomalasa.com Telephone number: 981688014

What are cookies?

A cookie is a small file that is automatically downloaded and installed on the user’s device through his/her browser (Internet Explorer, Firefox, Chrome, Safari…) when visiting a website.

In general, these technologies can be used for a wide range of purposes, such as recognizing you as a user, obtaining information about your browsing habits, or personalizing how content is displayed, etc.

The specific uses we make of these technologies are described below.

Classification and types of cookies used

Cookies are classified according to the entity that manages them, according to their purpose and according to the time they remain active

The specific uses we make of these technologies are described below.

Cookies according to the entity that manages them

First-party cookies: These are cookies created by this website and can only be read by the website.
Third-party cookies: These are cookies created and managed by other entities, such as advertising, personalization or analysis service providers; these third parties may report anonymous data to us.

Cookies according to their purpose

Strictly necessary cookies: These are cookies that allow you to browse the website and use its essential functions. Without strictly necessary cookies the website cannot function properly. Some examples of strictly necessary cookies are to control traffic and data communication, identify the session, access restricted areas, use security elements during browsing, etc.
Preference or personalization cookies: these allow information to be remembered so that the user can access the service with certain characteristics that may differentiate his/her experience from that of other users, such as language, regional configuration, or type of browser.
Analysis or measurement cookies: These allow the party responsible for them to monitor and analyze user behavior, the statistical analysis of the use made by users of the service, and the quantification of the impact of advertisements. They are used to measure the activity of websites, applications, or platforms, in order to introduce improvements based on the analysis of the data on the use made by users of the service.

These are usually low privacy risk Cookies if the data is aggregated data

Behavioral advertising cookies: these are cookies that store information on the behavior of users obtained through the continuous observation of their browsing habits, which allows a specific profile to be developed in order to display advertising based on the same.
Advertising Cookies: These are those that allow, in the most efficient way possible, the management of advertising spaces based on criteria such as the edited content or the frequency at which the advertisements are shown.

Cookies according to the time they remain active

Session cookies: Designed to collect and store data while the user accesses the website. They are usually used to store information that only needs to be kept for the provision of the service requested by the user once.
Persistent cookies: These are a type of cookie in which the data remains stored in the device and can be accessed and processed for a period defined by the party responsible for the cookie, which can range from a few minutes to several years.

Cookies used on this website

COOKIE – NECESSARY	DURACIÓN	DESCRIPCIÓN
“cookielawinfo-checkbox-advertisement”	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category “Advertisement”.
“PHPSESSID”	2 hours	This cookie is native to PHP applications. The cookie is used to store and identify a users’ unique session ID for the purpose of managing user session on the website. The cookie is a session cookies and is deleted when all the browser windows are closed.
“cookielawinfo-checkbox-necessary”	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category “Necessary”.
“cookielawinfo-checbox-functional”	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category “Functional”.
“cookielawinfo-checkbox-performance”	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category “Performance”.
“cookielawinfo-checbox-analytics”	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category “Analytics”.
“cookielawinfo-checbox-others”	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category “Other.
“viewed_cookie_policy”	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

COOKIE -ANALYTICS	DURACIÓN	DESCRIPCIÓN
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the wbsite is doing. The data collected including the number visitors, the source where they have come from, and the pages viisted in an anonymous form.
_ga	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site’s analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.

Additional information

Google Analytics cookie. Analysis cookies are those that allow us to quantify the number of users and thus carry out the measurement and statistical analysis of the use made by users of the service offered. To do this, your browsing on our website is analyzed to improve the range of products or services that we offer.

Information about Google

Legal basis and retention period

The legal basis for the processing of certain personal data (e.g. device identifier data or IP addresses) for the purposes indicated in the above table is the consent of the user, which is given as set out in the information banner and in this policy, except for those cookies that are strictly necessary for browsing our website.

The period of data retention is the one established for each Cookie in the table of Cookies.

Consent

In order to install cookies on the user’s device, we ask for consent, which the user expressly grants by clicking the “accept” button on the banner. We do not request consent in cases where cookies are necessary for browsing our website.

Withdrawal of consent

To withdraw your consent, simply activate the buttons we have provided or set your browser to reject cookies. You should also delete the history to remove the cookies already installed.

If for any reason you decide that you do not want cookies to be installed on your computer, we are obliged to inform you how to do this, and to do so you must configure your browser. Below, we provide you with the links to configure cookies in the main browsers.

Communications and international data transfers

The third-party cookies used on this website belong to the supplier indicated in the table, which may be located in the United States or elsewhere outside the European Economic Area. These territories may not provide a level of protection for your data equivalent to that of the European Union.

Deactivation of cookies

In addition to the cookie configuration buttons in this policy, below we provide links to the information necessary to disable cookies in the most commonly used browsers:

Google Chrome

Google Chrome para móviles

Microsoft Edge

Mozilla Firefox

Safari

User rights

Users may exercise their rights of access, rectification, deletion, opposition, limitation of processing and portability, where applicable, and may revoke their consent to the processing by writing to the entities identified, together with a copy of their National Identity Card, sent to the following address: protecciondedatos@grupomalasa.com, indicating the right they wish to exercise in the subject line.

On the other hand, it should be borne in mind that the data subject or data owner may at any time lodge a complaint with the competent supervisory authority: Agencia Española de Protección de Datos C/Jorge Juan 6, 28001-Madrid (Spain).