Privacy Policy

The identification data of the Data Controller appear in this paragraph.

The data collected refers to the category of identifying data, such as: Name and Surname, Telephone, Postal Address, Company, E-mail, as well as the IP address from which you access the data collection form.

RCA Systems processes personal data for the following purposes, depending on the reason for which the data were provided:

1. To carry out the provision of the contracted products/services, the maintenance of the contractual relationship and the follow-up of the same.
2. Contact, process, manage and respond to the user's request, application, incident or query (either via email, contact form or telephone).
3. Manage the customer's purchase process and any query associated with the products/services contracted.
4. Manage, if necessary, the sending of information about products, services and news associated with RCA Systems by electronic and/or conventional means.

• The legal basis for the processing of your personal data for the purposes set out in the previous section is the execution of the provision of the corresponding service, and it is an imperative obligation to do so, as established in article 6.1,b) of the RGPD.

• With regard to the sending of information about products, services and news associated with RCA Systems, the legal basis for the processing of personal data provided is the explicit consent given by the user, as established in article 6.1,a) of the RGPD.

• Data related to managing the client relationship, invoicing, and payment of services will be retained for as long as the contract remains in force. Once the contractual relationship has ended, the data may be kept for the period required by applicable legislation and until any potential liabilities arising from the contract have expired.

• Data related to handling inquiries and requests will be retained for the time necessary to respond to them, and, if applicable, as long as the data subject does not request the withdrawal of their consent to receive information related to their inquiry.

• Data used for sending information related to RCA Systems' products or services will be retained until the user revokes their consent.

As a general rule, your data will not be disclosed to third parties unless there is a legal obligation or it is necessary for the provision of the service. Taking this into account:

• The user's personal data may be communicated to financial institutions through which the management of collections and payments is arranged.
• Only in legally required cases will the data be communicated to law enforcement authorities.
• They may also be disclosed to the competent Public Administrations in cases provided for by law.
• If applicable, they will also be communicated to Data Processors of RCA Systems for the proper provision of the service.

Data protection regulations allow you to exercise your rights of access, rectification, erasure, and data portability, as well as to object to and restrict processing, and to not be subject to decisions based solely on automated processing of your data, where applicable.

These rights are characterized by the following:

• Exercising them is free of charge unless the requests are manifestly unfounded or excessive (e.g., repetitive requests), in which case RCA Systems may charge a fee proportional to the administrative costs incurred or refuse to act.
• You can exercise these rights directly or through your legal or authorized representative.
• We must respond to your request within one month. However, considering the complexity and number of requests, this period may be extended by up to two additional months.
• We are required to inform you of the means available to exercise these rights, which must be accessible, and we cannot deny you the exercise of your rights solely based on your choice of a different means. If the request is submitted electronically, the response will be provided through the same means whenever possible, unless you request otherwise.
• If RCA Systems does not process the request, it will inform you, no later than one month, of the reasons for not taking action and the possibility of filing a complaint with a Supervisory Authority.

In order to facilitate the exercise of your rights, we provide you with links to the request forms for each of them:

To exercise your rights, RCA Systems provides the following means:

1. By written and signed request addressed to RCA Systems, with the reference "Exercise of GDPR Rights"
2. By sending a scanned and signed form to the email address of This email address is being protected from spambots. You need JavaScript enabled to view it., indicating "Exercise of GDPR Rights" in the subject line.

In both cases, you must verify your identity by providing a photocopy or, where applicable, a scanned copy of your ID card (DNI) or an equivalent document, to ensure that we only respond to the data subject or their legal representative. In the case of representation, a document accrediting such representation must also be provided.

Likewise, and especially if you consider that you have not obtained full satisfaction in the exercise of your rights, we inform you that you may file a complaint with the national supervisory authority, the Spanish Data Protection Agency (AEPD), at C/ Jorge Juan, 6 – 28001 Madrid (www.aepd.es).

At RCA Systems, we are committed to protecting your personal information.

We implement physical, organizational, and technological measures, controls, and procedures that are reasonably reliable and effective, aimed at preserving the integrity and security of your data and ensuring your privacy.

Additionally, all personnel with access to personal data have been trained and are aware of their obligations regarding the processing of personal data.

For contracts with our service providers, we include confidentiality clauses that require them to maintain secrecy regarding personal data accessed as part of their service provision. They are also required to implement the necessary technical and organizational security measures to ensure the confidentiality, integrity, availability, and ongoing resilience of systems and services processing personal data.

All these security measures are regularly reviewed to ensure their adequacy and effectiveness.

However, absolute security cannot be guaranteed and no security system is impenetrable, so in the event that any information under our control and under our control is compromised as a result of a security breach, we will take appropriate steps to investigate the incident, notify the Control Authority and, where appropriate, those users who may have been affected to take appropriate action.