The web portal is designed for the registration of GRE’s customers/distributors (hereinafter, individually, the “Professional”) for the management of the online purchases that take place on it and for obtaining information on GRE’s products, activities and/or news (hereinafter the “Portal”).
Specifically, the Portal enables Professionals to:
● Manage their accounts on the Portal
● Manage their online purchases
● View GRE’s catalogue and product prices
● Store and manage their portfolios of end customers
● Send orders and quotations and
● Track customers’ order histories
This Portal is designed for professionals who have requested access to it, whose data have been validated by the company’s sales department and who have been granted access to it.
2. TERMS AND CONDITIONS OF USE
These Terms and Conditions of Use govern the access to and use of the Portal. Access to it implies the acceptance of these Terms and Conditions of Use without any reservations whatsoever.
The user is the sole party liable for the use she/he makes of the Portal, any content posted on or through it and any consequences arising thereof.
The user undertakes to use this Portal, its contents and services in compliance with the Law, these Terms and Conditions of Use, generally accepted good practices and public order. Furthermore, the user undertakes not to use the Portal, its contents and services provided through it for unlawful purposes or that go against these Terms and Conditions of Use, that may violate the interests and rights of third parties, or that in any other way may damage the Portal, its contents and services, render them useless, make them inaccessible, impair them or prevent their normal use by other users.
The user likewise expressly undertakes not to destroy, render useless or in any other way damage the data, programs or electronic documents found on the Portal, and not to hinder the access of other users by the mass use of the IT resources through which GRE provides the services, as well as not to carry out any actions that damage, interrupt or give rise to errors in said systems and services.
The user also undertakes not to introduce programs, viruses, macros, applets, ActiveX controls or any other file or character sequence that may cause or are liable to cause any alteration to GRE's IT systems or those of third parties.
The documents and graphics posted on the server may contain technical and typographical errors. Changes are occasionally made to the information available. GRE and/or its respective service providers may make improvements and/or changes to the program at any time.
GRE reserves the right to disable or block access to the Portal by any Professional if she/he breaches these terms and conditions of use, third-party rights or the laws in force.
GRE accepts no liability whatsoever for potential security errors that may arise or for any potential damage caused to the customer/user’s device (hardware or software) and to the files or documents stored on it as a consequence of a virus on the customer/user’s device used for connecting to the services and contents contained on the Portal, Internet malfunctions, telephone breakdowns, interferences, outages or disconnections in the Portal’s operating mode for reasons beyond the control of GRE.
Excluding the contact form, the rest of services or website content involve being subscribed or registered, like for example the Client Area.
In this sense, the Professional data obtained through the registration or subscription, will be protected by means of passwords provided by GRE. The user is committed to maintaining secrecy of its password and to protect it from unauthorised use by third parties. The user must notify GRE immediately of any unauthorised use of its account or any breach of security related to the website service, of which it becomes aware.
GRE adopts the technical and organisational measures to guarantee protection of personal data and avoid its alteration, loss, treatment and/or unauthorised access, considering the state of the art, the nature of the data stored and the risks to which they are exposed, all that, according to that established by Spanish Personal Data Protection legislation.
GRE is not responsible before the use, for divulging ts personal data to third parties that is not due to causes directly attributable to GRE, or for undue use that third parties unknown to the same.
3. LICENSE OF USE OF THE PORTAL
GRE is the owner and holder of all rights on the Portal and, therefore, grants the customer/user an end-user license free of charge, to use the content and functionalities available on the Portal in accordance with the uses for which it has been designed and, specifically, in accordance with the provisions herein and/or the laws in force.
The License of Use of the Portal is restricted to the territorial scope of the EU, so although a Professional may access the Portal from outside of the EU, its use is only authorized in the EU.
4. INTELLECTUAL AND INDUSTRIAL PROPERTY
All Intellectual and Industrial Property rights on information, data, diagrams, designs, software, trademarks and other contents on the Portal are the property of GRE and/or its licensors, so their use, reproduction, transfer, transformation, distribution or exploitation in any way whatsoever by the customer/user is prohibited, unless such use forms part of the service built into the Portal and is solely used for private purposes. A breach of the foregoing may give rise to any court or out-of-court actions to which GRE may be entitled to exercise.
GRE prohibits any acts that go against the laws in force in respect of the documentation/contents that may be downloaded from the Portal and, specifically, the contents, i.e., product catalogs, price lists, amongst others, may not be altered nor use made of them other than that for which they were intended.
7. INTERRUPTIONS AND MODIFICATIONS
The Portal’s services may be interrupted due to maintenance work or failures beyond GRE’s control, which shall be resolved in a reasonable period of time.
GRE reserves the right to modify the features, functions and scope of the Portal’s services at any time without prior warning, as well as to change any of the information herein. The user shall be given reasonable warning about such modifications.
8. COMMISSIONING OF THE PROCESSING OF PERSONAL DATA BY GRE
By means of these Terms and Conditions of Use and pursuant to Article 28 of Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and the free circulation of said data (hereinafter, the “GDPR”) and the provisions of Organic Law 3/2018 on the Protection of Personal Data and Guarantee of Digital Rights, on the understanding that GRE’s operations on the Portal (hereinafter, “GRE” or “Data Processor”) require the processing of personal data on the Professional's own responsibility (hereinafter, “Professional” or “Data Controller”), the two parties sign these provisions (hereinafter the “Contract”) and undertake to:
Obligations of the Data Processor
GRE will always process the data on the instructions of the Data Controller and will not use them for purposes other than those agreed upon in this Contract, unless the two parties expressly agree otherwise.
GRE will not call upon any other processor, except for the provision of the auxiliary services required for the normal functioning of the services and features of the Portal; the Data Controller authorises said outsourcing by accepting these Terms and Conditions. If it is necessary to outsource any additional processing, GRE will inform the Data Controller, which must previously authorise said outsourcing in writing.
In the event of authorisation to outsource, GRE will take the appropriate measures to verify and guarantee to the Data Controller that the Sub-processor is able to provide the service with the utmost assurance, offering a level of protection of the Personal Data equivalent to that offered by the Data Processor, in accordance with the provisions of this Contract. GRE will be held liable to the Data Controller for any breach of the obligations undertaken by the Sub-processor.
The Data Processor hereby guarantees that the authorised personnel are aware of all the security and confidentiality obligations arising from the GDPR and that it has provided the instructions necessary to ensure compliance with it.
In the event that GRE should transfer personal data to a third country or to an international organisation in accordance with any applicable law of the European Union or a member State, it must obtain the Data Controller's prior written authorisation, providing the required information with regard to the suitable guarantees taken in relation to said transfer.
Purpose, duration, nature and aim of the processing.
The processing performed by GRE consists of the management of the B2B Portal for Professionals in accordance with the purposes stated in these Terms and Conditions of Use and, with regard to the provision of access to the Portal and the availability of the information to the Professional, in accordance with the provisions of these Terms and Conditions of use.
In the event that GRE considers that the processing of the personal data covered by this Contract or the instructions provided by the Data Controller in any way infringe the provisions of the current regulations in the area, it will immediately inform the Data Controller.
The means used by GRE to carry out the processing will be computerised.
The Data Controller provides the following information for the performance of this contract:
● Categories of data subjects
● Type of data processed
- Names and surnames
- ID/Tax ID number
- Telephone number
Any amendment to this section will always require the prior written agreement of the parties.
GRE shall implement all the security and organisational measures necessary to guarantee the protection of the personal data owned by the Data Controller, in accordance with the provisions of Article 32 of the GDPR.
In particular, it hereby undertakes to keep the appropriate technical and organisational measures in place and to implement, if necessary, the mechanisms to:
o Guarantee the permanent confidentiality, integrity, availability and resilience of all the processing systems and services.
o Restore the availability and access to personal data quickly in the case of a physical or technical incident.
o Regularly verify, evaluate and assess the effectiveness of the technical and organisational measures in place to guarantee the security of the processing.
Information and collaboration.
GRE shall keep and make available to the Data Controller all the information necessary to demonstrate compliance with its obligations and to carry out audits or inspections made by the Data Controller or by another auditor authorised by it.
Rights of the Data Subjects.
The Data Processor must inform the Data Controller of any exercising of rights by data subjects in relation to the Data Controller.
In accordance with the above, the Data Processor must report, promptly and without delay, any request for the exercising of rights directly received by GRE from any data subject, as well as any complaint or claim related to the processing of the Personal Data.
GRE shall inform the Data Controller of any security breach that affects or may affect in any way whatsoever the Personal Data under the responsibility of the Data Controller.
The Data Processor shall provide the Data Controller with all the information required to enable it to comply with the obligations established in Article 55 of the GDPR in relation to the notification to the competent supervisory authority, as well as, if necessary, notify the data subjects concerned.
If it is not possible for the Data Processor to communicate all the relevant information by the deadline stated in this Clause, immediately or simultaneously, the Processor will be able to and must provide it as said information becomes available.
End of the processing.
This data processing order is linked to the business relationship existing between GRE and the Professional; in the event of loss of this status, access to the Portal will be blocked.
Notwithstanding the above, the Data Controller may end the order or the provision of the services at any time; the Data Processor will not receive a copy of any of them from the moment at which the Controller informs it of its intention to terminate the service.
9. JURISDICTION AND GOVERNING LAW
This Portal shall be governed by and interpreted in accordance with Spanish legislation. In the event that any disagreements or disputes arose, both parties shall submit to the Courts and Tribunals of Barcelona.