Legal notice

LEGAL, PRIVACY AND COOKIES POLICY

Last Updated: 01/10/2022

The present policy is applied to the following Companies:

  • ARAVEN GROUP, S.L. Spain, located in calle Montalbán 7, Postcode . 28014, Madrid and holding V.A.T. number B-87705323.
  • GRUPO OM COMUNICACIÓN VISUAL, S.L., with registered offices in calle Mariano Benlliure 2 (28521) – Rivas Vaciamadrid (MADRID) and holding V.A.T. number B-85330421.
  • ARAVEN, S.L., with registered offices in Pol. lnd. San Miguel C/ Río Martín 6, Postcode 50830, Villanueva de Gállego, Zaragoza and holding V.A.T number B-    99138950.

ARAVEN, S.L. and GRUPO OM COMUNICACIÓN VISUAL, SL. belong to ARAVEN GROUP S.L., owner of web aravengorup.com, araven.es, grupo-om.com y shopandroll.com websites.

This legal policy is also aplicable to the rest of assets of ARAVEN GROUP S.L. or of any other Group’s entities, it is to say, mobile applications, websites, domains, subdomains, and any of their websites and profiles on social media.

Take into account that on some of the websites mentioned above, particular or specific conditions derived from their speciality.

That is the reason why we recommend to access and read them before navigation.

  • Social media profiles:
    o Twitter
    o Linkedin
    o Instagram
    o YouTube
  •  Applications for mobile devices:

2. Data protection and cookies policy of ARAVEN GROUP

ARAVEN GROUP offers a simple data protection document composed by the following sections:

  • General information on personal data protection
  • Information on cookies and other trackers used by ARAVEN GROUP
  •  MAR- Management Activities Record of ARAVEN GROUP
  • Information quality and safety policy
  • Websites terms of use and navigation

Every management responsible or corresponsibles are indicated in MAR section. When in doubt, ARAVEN GROUP, S.L. will always be Responsible for Management.

2.1 General information on personal data protection

To exercise your data protection rights, address to ARAVEN GROUP by writing an email to our Data Protection Delegate (dpd@araven.com) or to any of the addresses show on this web legal warning.

Should you stop receiving email communications, you will be able to unsubscribe through the link provided on every email you will receive from ARAVEN GROUP or from any of its branches. If you are registered in ARAVEN GROUP, you can exercise some of your rights from your user panel.

The main rights you can exercise are:

  • Right to request access to personal data: We will tell you whether we are managing your data and, if it is the case, which data, how we obtained them, what we manage them for, whether they have been communicated, maintenance period… As well, we will inform you about the other rights you are entitled to and about the possibility to file a claim to ARAVEN GROUP.
  • Right to request their rectification or elimination, for you to correct them or to be able to ask us to stop managing and possessing them.
  • Right to request management limitation, in which case ARAVEN GROUP will only keep data for the legally suitable purposes, for example, to be used in a claim.
  • Right to object to management: You can request ARAVEN GROUP to stop managing data in the way you state, except that due to legitimate imperative reasons or when exercising or defending against possible claims, data must continue being managed.
  • Right to data portability: In the event that you want to export your data to be managed by a third-party, ARAVEN GROUP will facilitate such portability.

In the evento that consent for any specific purpose would have been given, you are entitled to withdraw the consent at any moment, without affecting the lawfulness of the management based on previous consent to its withdrawal.

To exercise your rights there are available templates, forms and further information on the web of Agencia Española de Protección de Datos, to which you can address if you think there are problems in the way ARAVEN GROUP manages your data.

2.2 Information on cookies and other trackers used by ARAVEN GROUP

ARAVEN GROUP, through its applications and websites, uses cookies and other trackers for different purposes. Cookies are files generated on your device when you navigate through any of the ARAVEN GROUP’S applications or websites. These files ma keep information on your navigation, or simply remind you that you are a registered user. ARAVEN GROUP or any third party may access to the information, so it is relevant to decide whether you want to accept these managements.

Hereinafter, “cookies” will refer to any kind of tracker used by ARAVEN GROUP.

Details on cookies on ARAVEN GROUP’s applications and websites:

A.- Technical cookies (our own):

  • Purpose: Identifier of users as new visitors:
    • Managed data: Log In Identifier
    • Management period: At the latest, until cookies are eliminated from users’ navigator.
  • Purpose: Reminder of users response to cookies banner
    • Managed data: Identifier of responses to banner
    • Management period: At the latest, until cookies are eliminated from users’ navigator.

B.- Technical cookies (from third-parties)

  • reCAPTCHA (Google). Purpose: anti-spam security
    • Managed data: This website has Google API reCAPTCHA implemented for the established purpose. This system allows Google to collect information from software and hardware, as well as application and device’s data and to send them to Google to be analysed. This information is used to improve reCAPTCHA service and general security. It will not be used to publish Google customised ads.
    • Management period: Conservation periods are set by Google for every kind of data depending on the reason for being collected. For example, Google keeps navigator height and weight data as well as the IP address for nine months the longest; while cookies information are eliminated after 18 months.
    • Further information: https://policies.google.com/technologies/retention
  • WAF. Purpose. Security
    • Managed data: This website has a firewall and antimalware service implemented that prevents and mitigates attacks to the web and against data circulating as well as resting, to do so information on software and hardware used for navigation is collected as well as on actions to the web such as SQL injection attempts or brute-force attacks. The implemented system can block users by IP or by user’s name when it identifies specific patterns regarded as malicious or potentially harmful.
    • Management duration: 90 days.

C.- Analytics cookies (from third parties)

  • Purpose: Differentiation of single users on Google Ltd’s Google Analytics.
    • Managed data: IP, port, kind of requested file and language and character configuration, as well as the web of origin and operating system.
    • Management duration: Conservation periods are set by Google for each kind of data depending on the reason for being collected. For example, Google keeps navigator height and weight data, as well as the IP address for nine months the longest whereas cookies information are eliminates after 18 months.
    • Further information: https://policies.google.com/technologies/retention

Social cookies on ARAVEN GROUP sites:

ARAVEN GROUP has profiles on social media (for example, Instagram) listed in the legal warning and, besides, has integrated on their applications and websites some contents from third parties (for example Youtube videos). These actions mean that ARAVEN GROUP collaborates with these sites managers to initially obtain users’ data with advertising or statistical purposes. ARAVEN GROUP is corresponsible, together with the owners of the social media being indicated and linked on this website ‘legal warning’ for management corresponding to initial obtention of users’ data. Regarding this management, the social media owners are main corresponsibles for receiving applications for exercise of rights from the interested parties.

How to delete cookies or to change cookies configuration:

Users can restore or change their cookies preferences at any moment through the cookies control panel, clicking here. To delete cookies from your navigator, configure it according to their directions.

If you are willing to, you can install the Google Analytics Opt-out Browser Add-on to disable the use of your personal data.

For further information on the way ARAVEN GROUP manages your data, please read the security, analytics, advertising profiling management activities, of MAR of ARAVEN GROUP.

2.3 MAR

Click here to read the MAR Document

2.4 Information quality and security policy of ARAVEN GROUP

ARAVEN GROUP implemented a quality and security management system aiming at meeting or surpassing the expectations of users, contacts, clients, workers and suppliers. Processes are periodically audited and check whenever they are improved or a relevant event to ARAVEN GROUP happens. The main objectives of these processes are:

  • To reduce risks keeping technical and organisational security measurements.
  • To ensure confidenciality, availability and integrity of personal data as well as industrial secrets.
  • To be proactive to meet regulation to be applied to the development of the activity.
  • To choose only providers fulfilling better or similar standards to those ones in terms of quality and security.
  • To keep a safe registration of assets and their changes
  • To obtain a high credibility and reliability in third-parties and suppliers.
  • To raise awareness among workers and collaborators about physical and logical security by means of a continual training process.

Personal data management is always done by ARAVEN GROUP after having applied technical and organisational measurements suitable to ensure a security level adjusted to the risk. By means of all of them we try to ensure permanent confidentiality, integrity, availability and resilience in the management systems. As well, they conduct verification, assessment and valuation of efficacy of the technical and organisational measurements to ensure management safety. The minimal measurements ARAVEN GROUP deployed are the following ones:

1. a) Physical:

  •  ‘Clean desks’ policy
  • Minimal use of paper and similar formats.
  • Printed working with a password and out-trays non accessible to third parties.
  • Document destruction service.
  • Fireproof material to keep paper data and information.
  • Classified and tagged documents
  • Workstations protected with own and outsourced security measurements or with systems limiting or reducing non-authorised people access.

1. b) Logical:

  • Use only and always original updated software with official license.
  • Double use devices have an exclusive profile for professional purposes.
  • Coded disks, and in addition, coded files.
  • Ability to quickly restore availability and access to personal data in case of a physical or technical incident thanks to a specific service.
  • Firewall and updated endpoint protection systems in each device.
  • For remote access, tethering is used except for trustworthy nets.
  • Different passwords on each application, periodically changed.
  • 2FA systems in applications and websites.
  • ARAVEN GROUP’s websites are coded and have specific security systems. Th state of security measurements is periodically checked, by hand and by means of forensic solutions designed to do these actions.
  • Other usual protection tools: session block when devices stop being use, privacy filters when used in mobility, screensavers blocked with password, etc.

Security measurements are periodically checked, manually as well as by means of specific software.

1. d) Organisational, educational

ARAVEN GROUP has safe data management protocols such as systems separating data access on a departamental basis, an active privilege board or continual training on personal data protection and information safety for all staff.

1. e) Resource management compulsory rules

Email and any other data store or communication tools, as well as fixed and mobile devices are exclusively work tools provided by ARAVEN GROUP for the performance of work or commercial tasks, according to contract, and cannot be used for personal or for professional purposes different from the ones agreed. ARAVEN GROUP will be able to do back-up copies and access to the content derived from the use of these means only in order to check the compliance of labour obligations, statutory obligations or those ones established by a commercial contract and to ensure devices integrity. In any case, accesses will be done according to data protection regulation and looking out for privacy of those affected.

ARAVEN GROUP employees will not be able to allow third parties to access to the accounts and devices provided by ARAVEN GROUP due to their labour or commercial relationship. After the reason for this delivery expires, users credentials will be withdrawn and content will be eliminated, having to be blocked for the suitable time. Messages to be received on that professional accounts will be resent to a corporate account managed by an assigned person.

The person in charge states their full commitment to the quality and security management system that has implemented.

2.5 Regulation to be applied and ways of conflict resolution

This legal, privacy and cookies policy is written in English, will be accessible on the Internet on this website itself and must be interpreted under regulations to be applied in Spain.

Should you want more information, report any failure or make any inquiry, it can be done by contacting ARAVEN GROUP on the addresses mentioned at the beginning of these warning.

3. WEBSITE USE TERMS AND CONDITIONS

Click here to the website use terms and conditions.