BK Energies

Youtube Jki-linkedin-light

Privacy Policy

Identity: Blakach Energy S.L
Tax ID: B56244072
Registered Address for notifications and legal correspondence: Plaza del Fresno 3, 5D, Oviedo (33007), Asturias, Spain

Email: info@bkenergies.com
DPO Contact: info@bkenergies.com

For what purpose do we process your personal data?

The personal data we process serves the following purposes:

  • Handling your inquiries and requests: managing responses to inquiries, complaints or incidents, requests for technical or corporate information, resources and/or activities, made via email, telephone, contact form and/or instant messaging.

  • Contacting the data subject through the provided communication channels (email, postal address and/or telephone) in order to manage inquiries arising from the relationship between the parties.

  • Commercial offering and management of products and services offered by the Controller. Contacting the data subject to request necessary data, in order to manage the design and proposal of products and/or services.

  • Internal use, operations, and administrative, economic, and accounting management derived from the commercial relationship and/or service provision.

  • Profile analysis, to the extent that you have unequivocally consented “in order to offer you products and services according to your interests, as well as to improve your user experience, we will create a “profile” based on the information provided. No automated decisions will be made based on this profile”.

  • Consulting advertising exclusion systems that may affect your activity, excluding from processing the data of affected parties who have expressed their opposition or refusal through consultation of advertising exclusion systems published by the competent supervisory authority.

  • Associated management, including prior communication, that may arise from the development of any corporate structural modification operation or the contribution or transfer of a business or business unit, provided that the processing is necessary for the successful completion of the operation and ensures, where appropriate, the continuity of service provision.

  • Dissemination of our best practices related to the services we have provided to you and/or the publication and/or communication of graphic material that may include the image of the owner and/or personnel under their charge in corporate media and/or other public communication media to the extent that you have unequivocally consented.

  • Management of contracting and provision of services by the organization, as well as compliance with contractual and regulatory requirements linked to the organization and/or the requested operation.

  • Sending commercial communications about products or services similar to those contracted by the client with whom there is a prior contractual relationship, legitimate according to Article 21 of the LSSICE.

  • Quality control over our products and services, management of process and activity quality, as well as evaluation of satisfaction/perception results and performance of the organization’s stakeholders.

  • Provision of evidence for the justification of campaigns, activities, promotions, contests, projects, and subsidies in which the organization participates.

  • Management of regulatory compliance (applicable regulations, as well as mandatory internal regulations): Investigation, monitoring, and auditing of controls established for crime prevention, including access controls to facilities, video surveillance, information systems, and document printing for all personal data under the organization’s responsibility, and therefore for all information systems of said entity, as well as controls that the entity may establish for the investigation of accidents and/or incidents that may occur, as well as non-compliance with rules, crimes, or illicit behavior.

  • Evaluation of financial solvency and credit to confirm the economic viability of the requested operation, as well as, where appropriate, the communication and management associated with the claim for the amounts agreed upon for the provision of the service.

  • Statistical and historical purposes that allow us to improve the commercial strategy of our products and services, with your data being previously anonymized.

  • Management and auditing of the organization’s management systems and regulatory compliance for processes and facilities.

  • Contact and sending of personal communications, event invitations, congratulating you on special dates, conducting quality and satisfaction surveys, as well as periodically informing you of news, updates, and corporate information, and providing you with offers of products and services of your interest by telephone, written, or electronic means, if you have consented and/or requested.

  • To the extent that you have provided us with your CV to join the company, we will process your data for the management of recruitment processes for job positions, and if you have consented, for the purposes described in the additional consents.

How long do we retain your data?

  • The data provided will be retained as long as the lawful processing relationship is maintained, and its deletion is not requested by the data subject after formal written termination of the relationship with the data subject, with the exception of its retention for the formulation, exercise, or defense of claims by the data controller or for the protection of the rights of another natural or legal person and/or for legal obligation reasons.

  • In any case, at the end of the relationship, the data subject’s data will be duly blocked, as provided in current data protection regulations.

  • Accounting and tax documentation – for tax purposes: Accounting books and other mandatory record books according to applicable tax regulations (IRPF, IVA, IS, etc.), as well as documentary support justifying the entries recorded in the books (including computer programs and files and any other supporting document with tax implications), must be kept, at least, for the statute of limitations period for tax offenses – General Tax Law and Criminal Code, Statute of limitations for infringements 10 years.

  • Accounting and tax documentation – for commercial purposes: books, correspondence, documentation, and justifications concerning your business – Commercial Code – 6 years.

  • Solvency files: data referring to certain, due, and enforceable debts that have not been claimed – LOPD – 5 years.

  • Data processed for sending commercial communications will be retained until the granted consent is revoked.

  • Therefore, data will be retained as long as the commercial relationship remains valid, based on the retention periods established by the current regulations mentioned above, as well as the legally or contractually foreseen periods for the exercise or prescription of any liability action for contractual breach by the data subject or the Organization (the Civil Code establishes a period of 5 years to carry out a civil liability action, a period that counts from the date on which the fulfillment of the obligation can be demanded).

What is the legitimacy for processing your data?

The processing of your data is legitimate based on:

  • The fulfillment of the request you submit to us. The requested data is necessary for its correct provision.

  • The legal basis for processing your data is the fulfillment of the request you submit to us. The requested data is necessary for its correct provision.

  • The execution of a contract, request, offer, order and/or commercial contract, for which the provided data may be communicated to third parties who provide us, where appropriate, with specific products and/or services that are necessary for the management of the contracted service provision, in order to adequately address, where appropriate, the guarantees and responsibilities of the products and services supplied.

  • Compliance with a legal obligation: administrative, commercial, tax, fiscal, accounting, civil, and financial regulations, and consumer and user protection legislation, as well as regulations inherent to the contracted operation and those associated with the sector.

  • Satisfying a legitimate interest of the controller: processing of data as parties to a commercial relationship and/or contract, which are necessary for its maintenance or fulfillment, fraud prevention, legitimate interest cases in which the controller could be an injured party and the processing and communication of the data of the defaulting party to third parties would be necessary to manage regulatory compliance and the defense of the controller’s interests, as well as the legitimate interest in direct marketing enabled by the LSSICE (sending electronic commercial communications about products or services similar to those contracted by the client with whom there is a prior contractual relationship), as well as legitimate interest cases for specific processing contemplated in the LOPDGDD.

  • The consent of the data subject, unequivocally provided through formal means and/or by checking the boxes enabled for this purpose in the data protection clauses enabled in the base document that has regulated the commercial relationship depending on the contact channel.

To whom can your data be communicated?

  • Organizations or individuals directly contracted or with whom there is a collaboration agreement with the data controller for the provision of services linked to the processing purposes (including but not limited to): legal, tax, and accounting advice, debt collection and credit insurance entities, management, accounting, and/or regulatory compliance auditors, IT maintenance, suppliers, courier/transport companies, video surveillance/alarm companies, other professionals/companies necessary for the execution of certain services.

  • Public Administration bodies or agencies with competence in the matters covered by the processing purposes, to fulfill their obligations as required by current legislation at any given time, as well as for the management of service provision.

  • Third parties who have been expressly authorized by the data owner.

  • Financial entities: transfer and/or management of payment instruments.

  • State Security Forces and Bodies and Judicial bodies, to the extent required.

  • Collaborators or promoters of events, projects, and subsidies in which the organization participates, for their technical or economic justification.

  • Media for the promotion/publication of the organization’s activities (public and/or private, such as websites, social networks, newspapers, etc.).

Under what guarantees is your data communicated?

Data communication to third parties is carried out to entities that demonstrate the availability of a Personal Data Protection System in accordance with current legislation.

User Responsibility

You:

  • Guarantee that you are over eighteen (18) years of age and that the data you provide to the data controller is true, accurate, complete, and up-to-date. For these purposes, the user is responsible for the veracity of all data communicated and will keep the provided information duly updated, so that it reflects their real situation.

  • Guarantee that you have informed any third parties whose data you provide, if applicable, of the aspects contained in this document. Likewise, you guarantee that you have obtained their authorization to provide their data to the data controller for the stated purposes.

  • Will be responsible for any false or inaccurate information you provide through the website and for any direct or indirect damages caused thereby to the Data Controller or third parties.

What are your rights?

You have the right to obtain confirmation as to whether or not we are processing personal data concerning you.

Data subjects have the right to access their personal data, as well as to request the rectification of inaccurate data or, where appropriate, to request its erasure when, among other reasons, the data is no longer necessary for the purposes for which it was collected.

In certain circumstances, data subjects may request the restriction of the processing of their data, in which case we will only retain them for the exercise or defense of claims.

In certain circumstances and for reasons related to their particular situation, data subjects may object to the processing of their data, in which case the Data Controller will cease processing the data, except for compelling legitimate reasons, or the exercise or defense of possible claims.

By virtue of the right to data portability, data subjects have the right to obtain the personal data concerning them in a structured, commonly used, and machine-readable format and to transmit it to another controller.

In the event that you have given consent for a specific purpose, you have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

Where to exercise your rights?

If you wish to exercise your rights, please contact the channel established for the exercise of rights by the data controller (info@bkenergies.com) so that we can respond to your request in a managed manner.

What information is required to exercise your rights? To exercise your rights, we need to verify your identity and the specific request you are making, so we ask for the following information:

  • Documented information (written/email) of the request specifying the application.

  • Proof of identity as the data subject exercising the right (Name, surname of the data subject and photocopy of the data subject’s ID and/or of the person representing them, as well as the document proving such representation).

  • Address for notifications, date, and signature of the applicant (in case of written request), or full name and surname (in case of email), or validation of the request in the private area of the communication channel with a personal authentication key for your identity.

  • When the data controller has reasonable doubts regarding the identity of the natural person submitting the request, they may request additional information necessary to confirm the data subject’s identity.

What is the general procedure for exercising your rights? Once the required information is received, we will proceed to respond to your request in accordance with the general procedure for exercising rights of the Data Controller:

  • The data controller shall provide the data subject with information on action taken on a request under Articles 15 to 22 (Data Subject Rights), and in any case, within one month of receipt of the request.

  • That period may be extended by two further months where necessary, taking into account the complexity and number of the requests.

  • The controller shall inform the data subject of any such extension within one month of receipt of the request, together with the reasons for the delay.

  • Where the data subject makes the request by electronic form means, the information shall be provided by electronic means where possible, unless otherwise requested by the data subject.

  • If the data controller does not take action on the request of the data subject, the data controller shall inform the data subject without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.

  • The information provided shall be free of charge, except for a reasonable fee based on administrative costs.

  • The data controller may refuse to act on the request, but shall bear the burden of demonstrating that the request is manifestly unfounded or excessive.

What complaint channels are available?

If you believe your rights have not been properly addressed, you have the right to lodge a complaint with the competent data protection authority (www.agpd.es).

How did we obtain your data?

Your data has been obtained through one of the following channels:

  • Through the data subject themselves or their legal representative.

  • Through third parties with whom the data controller maintains a commercial or service provision relationship.

  • Through public bodies related to the purpose of the contracted service provision.

  • Through third parties at the request of the contracting party.

What category of data do we process?

Identification and contact data (name, surname, telephone or email, etc.); commercial information data; economic, financial and/or payment condition data; other types of data: name, surname and NIF of legal representative, contact data of individuals within the organization involved or related to the service subject to the contract/request.

The data structure we process may contain specially protected data, whose processing is necessary for the correct execution of the products/services contracted by the data subject, and which will be processed by the organization as a data processor. Generally, such data is dissociated and/or anonymized.

How is your personal data kept secure?

Blakach Energy S.L takes all necessary measures to keep your personal data private and secure. Only authorized personnel of Blakach Energy S.L, as well as authorized personnel of third parties contracted/collaborating for the provision of certain services (who have a legal and contractual obligation to keep all information secure) have access to your personal data. All Blakach Energy S.L personnel who have access to your personal data are required to commit to respecting data protection regulations, as well as the Privacy Policy and any instructions, communications, codes, or similar that are developed and provided for their knowledge, and all third parties who have access to your personal data are required to sign relevant confidentiality commitments/data processing agreements.

Blakach Energy S.L follows strict criteria for selecting service providers in order to comply with its data protection obligations and undertakes to sign the corresponding data processing agreement with them, through which it will impose, among others, the following obligations: apply appropriate technical and organizational measures; process personal data for the agreed purposes and solely according to Blakach Energy S.L’s documented instructions; and delete or return the data to the user once the provision of services ends. These agreements do not affect your rights under data protection law. For more information about these agreements, please do not hesitate to contact us.

Changes to the Privacy Policy

Blakach Energy S.L reserves the right to make, at any time, any modifications, variations, deletions, or cancellations in the content and presentation format that it deems appropriate, therefore we recommend that you consult our privacy policy whenever you consider it relevant. If you do not agree with any of the changes, you can exercise your rights according to the procedure described by sending an email to info@bkenergies.com.

Confidentiality and information of third parties whose personal data you provide to us

By accepting and/or validating the process that serves as the basis for formalizing your relationship with Blakach Energy S.L, you expressly consent to the processing of data in accordance with the provisions of the clause and additional information on data protection, and you undertake to inform and obtain the consent of third parties whose personal data you provide to us for such processing.

Likewise, the user undertakes to expressly, precisely, and unequivocally inform the data subjects whose information is transferred to Blakach Energy S.L – within one month following the communication of the data to Blakach Energy S.L – of the data processing carried out, on behalf of and for Blakach Energy S.L.