Microsoft Authorized Refurbisher Microsoft surface authorized reseller

Personal data

What is the General Data Protection Regulation (GDPR)?

The General Data Protection Regulation (GDPR), whose implementation started on 25 May 2018, applies to companies based in the European Union and to international companies that process personal data belonging to individuals residing in the European Union.

While many of the principles of the GDPR Regulation are in fact an extension of existing EU data protection rules, the GDPR Regulation has a broader scope and more stringent standards and provides for significant financial penalties. For example, it sets more stringent requirements in terms of obtaining consent for the use of certain types of data and expands the rights of individuals to access their data and to transfer that data. It also provides for significant sanctions, giving supervisory authorities the possibility to impose financial penalties of up to 4% of a company's total annual revenues for certain infringements.

The commitment and preparation of Alfanet S.A.

Data protection is a key issue for Alfanet S.A., which complies with current European Union data protection legislation and the General Data Protection Regulation (GDPR).

Having already initiated the necessary procedures to comply with the GDPR regulation, we make the following commitments:

  1. Transparency: Our Data Policy will remain the sole means of describing our methods for processing users' personal data. In addition, however, we will provide consent options for new and existing customers and recipients of our updates, notifications within the products and solutions we advertise, and education campaigns for our end customers.
  1. Control: In this context, we will always provide the possibility to exercise the "right to be forgotten" through the newsletters we send out.
  1. Accountability: Our legal department has regular meetings with regulatory and legislative authorities, as well as privacy experts, to ensure we remain highly informed and make adjustments where necessary.

Relevant legal bases

Under the GPDR regulation, there are a number of grounds that justify the processing of personal data. Below we outline the most relevant legal bases under the GDPR regulation.

Contractual necessity

The data being processed must be necessary for the performance of the task and must be set out in the contract entered into with the individual concerned.


Legitimate interests

Alfanet S.A. as data controller and as data processor

Data Controller: Data controllers should adopt compliance measures covering how the data are collected, the purposes for which they are used and the period for which they are retained and ensure that individuals have a right of access to the data held.

Data processor: Also, in cases directly involving data processors, data controllers must engage data processors to ensure that the data are processed securely and lawfully.

Although Alfanet S.A. manages most of its services as a data controller, there are certain cases in which it also acts as a data processor in the context of its cooperation with businesses.

Where Alfanet S.A. processes data as a data processor on your behalf, your business must have its own legal basis on which it processes and discloses data to us.

Our Certifications
Why we Stand out
Microsoft authorized refurbisher
Microsoft surface authorized reseller
ADISA Accredited Pass
ISO 27001
ISO 14001
ISO 9001

This site uses cookies to distinguish visitors. To accept the use of cookies, please select
Cookies policy