Privacy Policy

Introduction

We have a high level of commitment to individuals’ privacy, making the protection of personal data important to us.

We process data in accordance with the EU General Data Protection Regulation 2016/679 (GDPR), Organic Law 3/2018 on Personal Data Protection and Guarantee of Digital Rights, and other applicable regulations.

This Privacy Policy has been reviewed in December 2023 to comply with the information and transparency obligations of the website and the data controller. It is intended to provide general terms for all interested parties, not just website users. Variations may occur until its next review.

Who is responsible for processing your data?

  • Data Controller: SISTEMAS Y METODOS DE GESTION DE COMPRAS S.L.
  • NIF/CIF: B30786404
  • Address: C/ BUENAVENTURA, 4, OF. 2. 30394 CARTAGENA (MURCIA)
  • Email: central@bullimporter.com

What is the origin and type of data we process?

The origin of the information we process can fall into any of the following categories:

  • Forms in paper, electronic, or digital formats.
  • Communication and messaging systems: email and messaging applications, telephone, etc.
  • Other lawful sources and origins of information.

The different categories of data we may process, depending on the type of data subject (user, customer, supplier, employee, etc.) and the nature of the data controller’s activity and various data processing activities, include:

  • Identifying data, for example: name and surname, image.
  • Identification codes or keys, for example: username, employee code.
  • Postal or electronic contact addresses, for example: phone, email, social media profile.
  • Personal and professional characteristics data, for example: age, date of birth, qualifications, professional experience, resume.
  • Economic, financial, and insurance data, for example: bank details, credit card, etc.
  • Payroll and other economic and non-economic labor-related information, for example: job position, payroll document, etc.
  • Transaction data, for example: goods and services supplied and received.
  • Special category data, for example: health, union membership, racial origin.
  • Other data and information necessary or implicit in the development of our activities, services, and objectives.

MANDATORY OR OPTIONAL NATURE OF THE INFORMATION PROVIDED BY THE DATA SUBJECT

By ticking the corresponding boxes and entering data in the fields marked as mandatory (e.g., with an asterisk) in the contact form or provided in download forms, the data subject expressly and freely accepts that their data are necessary for the data controller to handle their request. The inclusion of data in the remaining fields is voluntary.

The data subject guarantees that the personal data provided to the data controller are truthful and agrees to communicate any changes to them. The data requested through the website, marked as mandatory, are necessary to provide an optimal service to the data subject. If all the required data are not provided, it is not guaranteed that the information and services provided will fully meet their needs.

For what purpose do we process your personal data?
In general, data is processed to successfully carry out the actions implicit in the normal development and management of the controller’s activity. However, we can specify different processing purposes based on the possible existing categories of data subjects:

  • Customers and Potential Customers: Management and maintenance of commercial, pre-contractual, and contractual relationships; internal administration; economic management; advertising and marketing; customer service.
  • Collaborators, Creditors, and Suppliers: Management and maintenance of commercial relationships; internal administration and economic management.
  • Employees: Management, development, and maintenance of the employment relationship; human resources management; communications; training activities; occupational risk prevention; time tracking; other purposes derived from legal obligations and the development of employment relationships.
  • Candidates: Management of received resumes; management of job offers and personnel selection.
  • Website and Social Media Users: User support; management of communications between the parties.
  • Visitors: Visitor support; access control to facilities.
  • The information of any other category of data subjects processed by the controller will be handled within the framework of its activity, strict compliance with applicable regulations, and under the general criteria of this Privacy Policy.

Other general purposes that the controller may implement are:

  • Creation of a commercial profile: To improve your experience by personalizing offers and communications. No individualized decisions will be made based on this profile, and actions will be taken based on legitimate interest.
  • Video surveillance: For the security of assets and individuals, as well as corresponding labor control, based on legitimate interest.
  • Telephone switchboard: To record communications for security, assurance, and quality of service, based on legitimate interest.
  • Financial risk analysis and control of monetary obligations: In the case of debtors with certain, overdue, and enforceable payments, the controller may communicate this circumstance to credit solvency files, debtor files, and debt management or recovery services, among others, based on legitimate interest.
  • Communications: Development and execution of communications through available contact data and means (email, instant messaging, etc.) with categories of internal (employees) and external (clients, potentials, collaborators, suppliers, etc.) stakeholders. The purposes of these communications can be informational, organizational, commercial, and advertising, as appropriate based on informed consent and the legitimate interest of the controller.
  • Other purposes derived from the nature of the controller, motivated by the normal development and exercise of its activity, based on a valid legitimizing basis.

What is the legal basis for processing your data?

The controller observes and applies the different legal bases that are applicable to each processing purpose. These are:

  • Informed consent of the data subject.
  • Pre-contractual or contractual commitments.
  • Legitimate interests of the controller.
  • Applicable legal obligations.
  • Other legally prescribed legal bases.

Who will your data be disclosed to?

By default, the data of the data subjects will not be disclosed to any third party, except:

  • Auxiliary services, authorized data processors, or other necessary third parties implied in the proper provision of goods and services.
  • Competent authorities and public administrations in the exercise of their functions.
  • Other legitimate stakeholders and third parties legally provided for.

What are your rights when you provide and/or we process your data?

As a data subject, you may at any time request the exercise of any of the following rights that you are entitled to in terms of data protection:

  • Access to the data subject’s personal data to confirm whether or not data concerning them are being processed and to obtain more information about this processing.
  • Rectification or erasure of the personal data concerning the data subject when, among other reasons, they are inaccurate or are no longer necessary for the purposes for which they were collected.
  • Restriction of the processing of the data subject’s personal data in certain circumstances, in which case they will only be retained for the purpose of exercising or defending legal claims, for the protection of another person’s rights, or for reasons of public interest.
  • Receive the personal data concerning them, which they have previously provided to us, and in a structured format whenever possible. (Data portability)
  • Object to the processing of their data in certain circumstances and for reasons related to their particular situation. The company will stop processing their data, except for compelling legitimate reasons, or the exercise or defense of possible claims.
  • Withdraw consent, which may result in the cancellation or termination of the existing business or contractual relationship, if any. Without prejudice to the processing carried out prior to the withdrawal of consent.

To exercise these rights, you only need to contact us through the email or postal address provided at the beginning.

Optionally, you can also contact our designated data protection officer or the Data Protection Agency to learn more about your rights or request their protection by the supervisory authority.

Data Security

In our information system, we implement the necessary technical and organizational measures to ensure an adequate level of confidentiality, integrity, availability, and resilience of data in order to protect the rights and freedoms of data subjects.

The controller complies with the provisions and principles described in the GDPR to process data lawfully, fairly, and transparently in relation to the data subject, and to ensure that the data are adequate, relevant, and limited to what is necessary for the purposes for which they are processed.

However, to the extent permitted by law, we do not assume any responsibility for damages or harm caused by third-party alterations to our information system. Any security breaches will be promptly and appropriately reported to the competent authority and/or law enforcement agencies.

Sending Communications or Information

Our policy regarding sending information via telematic means (email, instant messaging, etc.) is limited to sending only communications that we consider of interest to our users and stakeholders, related to the functions and activities of the company, or that you have consented to receive.

If you prefer not to receive these messages, we will offer you the possibility to exercise your right to unsubscribe and opt-out of receiving these messages, in accordance with Title III, Article 22 of Law 34/2002 on Information Society Services and Electronic Commerce.

Social Media

The controller may have a presence on social networks through corresponding profiles, with this section and any legal and privacy terms present on the website applying to the processing of user or stakeholder data who follow or in any way connect to such profiles.

The purposes of using these profiles by the controller include communication, commercial development, marketing and advertising, processing queries raised to the controller, user support, informing about actions, activities, and events organized by the controller or in which it participates, and interacting through official profiles.

The legitimizing bases outlined in the previous section complement each other in this case because the user or stakeholder may have a profile on the same social network as the controller and has decided to join or connect with the controller’s profile, thus showing interest in the information published by the controller. Therefore, by following the controller’s profiles, the user provides consent for the processing of any data available on their profile.

The user can access the privacy policies and terms of the corresponding social network at any time, as well as configure privacy features that may be implemented on their profile. Posts made by the user will be visible to other users, so the user themselves are primarily responsible for their privacy.

Users who follow and/or participate in our profiles must refrain from:

  • Posting content or information contrary to laws, morals, and good faith. No illegal, annoying, inappropriate use or behavior is allowed that may generate negative opinions on the profile or infringe upon the rights of others.
  • Behaving in a manner contrary to the principles of legality, honesty, responsibility, protection of human dignity, protection of minors, protection of public order, protection of privacy, protection of consumers, and intellectual and industrial property rights.

The controller reserves the right to remove any content considered inappropriate without prior notice. Likewise, it disclaims any responsibility regarding the security measures of each platform, with the user being required to understand them along with the legal terms and conditions of use of the platform itself.

The controller is expressly exempt from any responsibility that may arise from the use of social networks by minors or persons with special needs. The controller’s social networks do not knowingly collect any personal information from minors. Therefore, if the user is a minor, they should not register or use the controller’s social networks or provide any personal information. Particularly in Spain, the processing of personal data of a minor can only be based on being 14 years of age or older. Furthermore, if any rule or regulation requires it, or the user has special needs, the intervention of the holder of their parental authority or guardianship, or their legal representative by means of a valid document proving representation, will be necessary.