By means of this Privacy Policy, Q-CMIM intends to show its commitment to compliance with the regulations and legislation arising from the processing of the information necessary for the provision of its services, and the use of Information and Communication Technologies.

In particular, Q-CMIM declares its commitment to comply with the regulations oriented to the protection of personal data. In this sense, they are considered as a frame of reference, mainly:

• Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (GDPR).
• Organic Law on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD)
• Law 34/2002, of July 11, 2002, on information society services and electronic commerce (LSSI).

This statement applies to any website, application, product, software or service owned or operated by Q-CMIM that is linked to it (collectively, our “Services”). Occasionally, a service will link to a separate privacy statement, which will list the particular privacy practices for that service.

This policy may be updated from time to time and we encourage you to access and review it. If we make changes that we consider important, we will notify you by posting a notice on the relevant services or by communicating with you by other means such as email.

• ABOUT US

Q-CMIM we are a company of Malaga origin, dedicated to the consultancy for the obtaining of CMIM marking of product, according to the current Moroccan legislation.

Our address for notification, communication and contact purposes is C/Juan Cabanilles, 11, office 409, 29018, Málaga. Also, please contact us, Q-CMIM has enabled the following e-mail address for communications and notifications related to the processing of information and personal data, including the exercise of the rights indicated in this Policy: info@cmim.eu

Furthermore, in compliance with data protection regulations, and in order to improve and ensure the proper management of personal data, Q-CMIM has appointed a Data Protection Officer (with the functions indicated in this Privacy Policy), who can be contacted by writing to the address indicated, or through the e-mail address indicated above.

• INFORMATION AND PERSONAL DATA WE COLLECT

Personal information refers to any information that relates to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier, whether a name, an identification number, location data, online identification, or to one or more factors specific to that person’s physical, psychological, genetic, mental, economic, cultural or social identity.

We collect, store and process information (and in particular personal data) necessary for the provision of our services. In particular, the information we collect is:

• Information of our clients necessary for the provision of our services, consulting for CMIM product marking, including identifying and contact information, professional, economic and banking data, data relating to the product under study, necessary to provide our services and for our operational and business purposes. Although most of this information is of a business nature, it may include data of a personal nature, mainly concerning the contact personnel of our client companies.

• For the proper development of these financial intermediation services, the staff of Q-CMIM may have access to information and personal data contained in the files of our client companies. In these cases, Q-CMIM will undertake to maintain the confidentiality and security of said data, for which it will adhere to the necessary confidentiality commitments and external processing contracts.

• Similarly, we will collect information, including personal data (mainly identification and contact), through our website, provided that the contact mechanisms or request for information are used, and only for the action requested by the customer, unless they expressly consent to use it for another purpose.

• We also collect personal information from third parties, such as our partners, collaborators, service providers and publicly available websites, to provide services that we believe may be of interest to you and to help us maintain data accuracy and provide and improve services. In addition, our servers, logs and other technologies collect certain information automatically to help us administer, protect and improve our services, analyze usage and improve the user experience.

• Internally, Q-CMIM collects, stores and processes personal data of its employees and collaborators, necessary to maintain the working relationship with the employees, and to comply with the legal obligations in the matter.

• HOW WE PROTECT INFORMATION AND PERSONAL DATA

At Q-CMIM we are highly committed to the security of the information we handle, and to compliance with the legal requirements that apply to us. In this sense, to ensure the confidentiality, availability and integrity of the information we handle (and, in particular, of personal data), as well as the systems, networks, applications and databases used for its processing, at Q-CMIM:

• We periodically carry out risk assessments of the risks associated with information security and personal data protection, analysing our risk situation and defining action plans accordingly.

• An Information Security and Data Protection Policy has been defined and must be complied with by the different parties involved in the processing of information.

• Procedures have been developed for Access Control, Systems and Communications Security, Incident and Security Violation Management, and Information Backup.
  • The necessary awareness-raising and training activities have been carried out to ensure compliance with these policies and procedures.

In the event that, as a user or affected party, you detect any security incident or breach, or any vulnerability that may be affected, Q-CMIM makes available to those affected the address info@cmim.euthrough which you can make the communications that are considered appropriate or necessary for the improvement of the security of our information and systems.

• • RIGHTS OF DATA SUBJECTS

Q-CMIM has enabled the necessary means to comply with the right to information and with the obtaining of consent in cases where it is necessary to ensure the lawfulness of the processing of personal data. At the time of obtaining or collecting the information, Q-CMIM undertakes to inform those affected about the identity of the person responsible, the purpose, possible communications or transfers, and the possibility of exercising the rights set out in the regulations.

Q-CMIM recognizes and guarantees the possibility of exercising the rights of access, rectification, cancellation, opposition, limitation of treatment and portability, collected by the data protection regulations. You as an interested or affected person can:

• • RIGHT OF ACCESS: Obtain confirmation as to whether your data is being processed and if so, you have the right to access the following information regarding the processing of your data:
    • the purposes of the processing;
    • the categories of personal data concerned;
    • the recipients or categories of recipients to whom personal data may be disclosed;
    • the period of time for which the personal data is to be kept 
    • the existence of the right to request the rectification, erasure, opposition of data, or limitation of processing 
    • the right to lodge a complaint with a supervisory authority;
    • where the personal data have not been obtained from the data subject, any available information on their source
    • the existence of automated decisions, including profiling and meaningful information about the logic applied, and the significance and expected consequences of such processing for the data subject.
    • Where personal data are transferred to a third country or to an international organisation, the data subject shall have the right to be informed of the appropriate safeguards pursuant to Article 46 concerning the transfer.

• • RIGHT OF DELETION: Obtain the deletion of your data when any of the following circumstances occur (provided that the data does not meet any of the requirements set out in the regulations: that it is data of general interest, necessary for compliance with a legal obligation, or to exercise the right to freedom of expression,…):
    • the personal data are no longer necessary for the purpose for which they were collected
    • the data subject withdraws the consent given for the processing of the data;
    • the data subject objects to the processing and no other legitimate grounds for the processing prevail
    • the personal data have been processed unlawfully;
    • personal data must be deleted in order to comply with a legal obligation that may be established; 

• • RIGHT OF RECTIFICATION: To modify inaccurate, erroneous or incomplete data. 

• • RIGHT OF CARRYING: To receive from Q-CMIMthe personal data concerning him/her and to transmit them to another data controller when:
    • the lawfulness of the processing is based on the consent of the data subject or on the performance of a contract 
    • the processing is carried out by automated means. 

• • RIGHT TO OPPOSE: To oppose the processing of personal data concerning him/her based on the fulfilment of purposes of public interest or of legitimate interest for the data controller.

• • RIGHT TO LIMIT THE PROCESSING: Obtain from the data controller the limitation of the data processing when any of the following conditions are met:
    • the data subject challenges the accuracy of the personal data, within a period of time that allows the controller to verify the accuracy of the personal data; 
    • the processing is unlawful and the data subject objects to the erasure of the personal data and requests instead the restriction of their use; 
    • the controller no longer needs the personal data for the purposes of the processing but the data subject needs them for the purposes of making, exercising or defending claims; 
    • the data subject has objected to the processing by virtue of the right to object

For the exercise of these rights, Q-CMIM has enabled the following e-mail address e-mail address: info@cmim.eu, through which you can contact the organisation to request the exercise of the rights recognised by the regulations. Similarly, these may be exercised through the postal address indicated in the first section.

For a proper exercise of these rights, we urge you to use as a reference the templates and models for the exercise of the rights that can be found on the website of the Data Protection Agency. (www.agpd.es).

In addition, we inform you of the possibility, if you consider that your rights have been violated, or that it has not acted adequately with respect to requests for rights that you may have made, to file the corresponding complaint with the Data Protection Agency, which you can contact through the electronic office accessible from your website (www.agpd.es)

• • WHAT INFORMATION WE DISCLOSE OR TRANSFER

As a general rule, from Q-CMIM we only communicate personal data to third parties, or provide them with access to the same, in the cases necessary to develop an adequate provision of the requested service, to comply with legal, fiscal and corporate obligations, or for the development of certain processes or activities of the organization in a subcontracted manner (Access to Data on Behalf of Third Parties).

In particular, we carry out communications and exchanges of information with banking institutions, based on the services provided, for the management of collections and billing of the services provided, the management of payments to service providers, or in compliance with legal requirements, tax and public duties. Likewise, in compliance with these public duties, communications are made to other administrative bodies, such as the Social Security or the Tax Administration.

On the other hand, in Q-CMIM we establish agreements, alliances or collaborations with other entities that provide us with certain services or that collaborate in the development of certain activities, being able to have access to the personal data that we manage. This is the case, for example, of tax and labour consultants who are granted access to the personal data of our employees for the management of payroll, compliance with public duties, or prevention of occupational hazards.

In addition, we have certain outsourced services on which we rely for the provision and development of our services. This is mainly the case of external housing or web hosting services. For the provision of these services, the corresponding external processing contracts have been signed, ensuring compliance with regulatory requirements. It may be the case that these services are provided or require the intervention of entities or systems hosted in third countries. From Q-CMIM we ensure that, in cases where international data transfers are required, these are carried out to countries that accredit a level of security comparable to that of European regulations. In this sense, we will consider the decisions of adequacy of the European Data Protection Committee, or, failing that, certificates, corporate standards, contractual clauses or any other recognized mechanism that proves an adequate level of protection.

• • HOW LONG WE KEEP THE INFORMATION

As a general rule, in Q-CMIM we only keep the information and personal data for the time necessary to comply with the purpose for which the data were obtained, as well as to meet any possible claims or liabilities arising as a result of the processing of the data. In general, once the service has been provided, the data is blocked and no further processing of the data is carried out beyond keeping it at the disposal of the Public Administrations, Judges and Courts, for the attention of any possible liabilities arising from the processing, during the period of limitation of these, after which it must be cancelled. On the other hand, to determine the data retention periods, Q-CMIM takes into account local laws, contractual obligations and the expectations and requirements of our customers. When we no longer need personal information, we securely delete or destroy it.