1.- GENERAL INFORMATION
This “Privacy and Data Protection Policy” explains the terms and conditions governing how our company collects and processes your personal data to ensure your fundamental rights, honour and freedoms, all of this in compliance with the regulations in force governing personal data protection in accordance with the EU General Data Protection Regulation and Spanish Constitutional Act 3/2018 of 5 December on Data Protection and Digital Rights Guarantee.
Based on those regulations, we inform you of all the details of interest to you regarding our processes and purposes, who else has access to your data and your rights.
2.- DATA CONTROLLER
Who collects and processes your data?
The Data Controller is the natural or legal person, public or private authority, or administrative body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by a law of the European Union or of the Spanish Member State.
In this case, our identification data are as follows:
Data Controller: R. ESPINAR, S.L.,
Tax number (CIF): B58468992
Registered office: Avenida del Vallès, 322, Polígono Industrial “Els Bellots”, 08227 de Terrassa (Barcelona)
3.- PURPOSE OF THE PROCESSING
In some cases, we need your consent to collect and process your personal data, so we set out the uses and purposes envisaged below:
- Communications: advertise and communicate activities.
- Queries and requests for information: answer the requests made.
- Job applications: participate in the company’s selection processes.
- Clients and suppliers: manage the business relations.
- Contact persons at clients and suppliers: maintain commercial relations with their organisations.
4.- LEGITIMACY OF THE PROCESSING
Collecting and processing your data is legitimate always on one or more legal bases, detailed as follows:
- Communications: in the case of clients, a legitimate interest in direct marketing (article 21.1 of Act 34/2002); in the case of potential clients, the explicit consent from the data subject (article 21.1 of Act 34/2002).
- Queries and requests for information: a legitimate interest in dealing with clients and/or data subjects.
- Job applications: the explicit consent from the data subject.
- Clients and suppliers: contractual compliance.
- Contact persons at clients and suppliers: a legitimate interest from the data controller (article 19 of the Act on Data Protection and Digital Rights Guarantee).
You are entitled to withdraw your consent at any time.
5.- ORIGIN AND TYPE OF PROCESSED DATA
How do we obtain your data?
From the data subject itself or its legal representative.
What type of data do we collect and process?
- Identification data.
- Email address.
- Postal address.
- Tax/foreigner identity/passport number.
- Forename and surnames.
Regarding job applicants, we also process the employment and education data provided in their résumé.
Regarding clients and suppliers which are natural persons, we also process their bank data (bank account number).
6.- DATA RETENTION PERIODS
We use your data strictly for the time required to meet the purposes stated above and you can withdraw your consent at any time, unless there is a legal obligation or requirement and, in any case:
- Commercial communications data: will be processed until the data subject states otherwise.
- Data regarding queries and requests for information: will be retained for 1 year from the query or request.
- Job application data: will be retained for 1 year from receiving the résumé.
- Client and supplier data: will be processed during the contractual relations and up to 6 years, in accordance with article 30 of the Spanish Code of Commerce.
- Data regarding contact persons at clients and/or suppliers: will be processed during the contractual relations and up to 6 years, in accordance with article 30 of the Spanish Code of Commerce.
7.- SECURITY MEASURES
How do we guarantee your data privacy?
Our company adopts the necessary technical and organisational measures to ensure the security and privacy of your data and prevent data alteration, loss or unauthorised treatment or access, based on the state of the technology, the nature of the stored data and the risks to which they are exposed.
The following measures are also adopted:
- Guarantee the permanent confidentiality, integrity, availability and resilience of the processing systems and services.
- Rapidly restore the personal data availability and access in the event of a physical or technical incident.
- Regularly verify, evaluate and assess the efficacy of the technical and organisational measures implemented to ensure security of processing.
- Pseudonymise and encrypt the personal data, if such data are sensitive.
8.- DATA RECIPIENTS
We inform you that we do not communicate your data to third companies and we do not transfer your personal data internationally outside the European Union.
9.- DATA SUBJECTS’ RIGHTS
The data protection regulations in force grant you a number of rights in relation to how we use your data. All of your rights are personal and non-transferable, i.e. they can only be exercised by the data subject, after its identity has been checked.
You have the following rights:
- Access.- The data subject is entitled to obtain confirmation from the data controller regarding whether or not the latter is processing the data in question and detailed information about the certain processing features being carried out.
- Rectification.- The data subject is entitled to obtain rectification of the inaccurate personal data in question or complete any incomplete information.
- Erasure.- The data subject is entitled to request the erasure of its personal data; in any case, the erasure is subject to the limits established in the regulations.
- Restriction of processing.- The data subject is entitled to request a restriction of processing of its personal data.
- Objection to processing.- Under certain circumstances and for reasons related to its specific situation, the data subject can object to the processing of its data. R. ESPINAR, S.L. will cease to process your data, except for compelling legitimate grounds or to file or defend potential claims.
- Data portability.- The data subject is entitled to receive the personal data which concerns it and which was provided to the data controller in a structured, commonly used and machine-readable format, and transfer such data to another controller.
- The right to WITHDRAW your consent at any time.
- The right to file a data protection CLAIM at the Supervisory Authority, i.e. the Spanish Data Protection Agency.
How can you exercise your rights in relation to your data?
To exercise your right of access, rectification, erasure, portability, objection, restriction of processing and withdrawal of consent, you can write to R. ESPINAR, S.L at Avenida del Vallès, 322, Polígono Industrial “Els Bellots”, 08227 de Terrassa (Barcelona) or send an email to firstname.lastname@example.org, attaching, in any case, a copy of your identity document, passport or equivalent identification document.
How can you file a claim?
In addition to your rights, if you believe that your data are not being processed in accordance with the data protection regulations in force, you can file a claim at the corresponding supervisory authority, whose contact data are set out below:
Agencia Española de Protección de Datos, C/. Jorge Juan, 6. 28001, Madrid, Spain; Email: email@example.com – Telephone: 912663517 – Website: www.agpd.es