In accordance with Regulation (EU) 2016/679 on General Data Protection and Organic Law 3/2018, 5 December, on Personal Data Protection and Guarantee of Digital Rights, please be advised as follows:
Tax Identification Number (NIF): B14853485
Registered address: Carretera de Palma del Río, km 10 – 14710 Villarrubia, Córdoba
For what purpose do we process your personal data?
We collect and process your general personal data to manage our relationship with you, for the following main purposes:
- Managing and arranging our company’s products and services
- Channelling any information requests, suggestions and complaints we receive
- Keeping you informed about events, offers, products and services that could be of interest to you through different communication channels, providing you have given your consent.
- Managing the employment relationship, in the case of employees.
- Managing our commercial relationship with suppliers
- Management the recruitment process
- Guaranteeing the safety of people and facilities
How do we collect your information?
We collect your personal information in different ways, but you will always be informed about the data controller, the purpose and lawful basis, the recipients of the data and the retention period, as well as how you can exercise your personal data protection rights.
The information we process is usually limited to personal details (name and surname, date of birth, address, ID card number, telephone number and e-mail address), the services hired and payment and invoicing details.
We collect personal data directly from our potential clients/users (name and surname, tax identification number, postal address, telephone number and e-mail address) and their professional details (job position, place of work and sector) when they send us requests for information or purchase requests through the available channels.
During staff management and recruitment processes we collect academic and employment data to fulfil our obligations as part of the employment relationship or to hire as necessary.
We are on social media, which is another way we can reach you. The information collected from your messages, comments and posts could contain personal data that is available online and to the public. These social media have their own privacy policies that explain how they use and share your information, and we recommend that you read them to make sure you consent to how your data is collected, processed and shared.
On our website we collect information about your browsing habits through cookies. Our Cookies Policy explains clearly and precisely the cookies we use, their purpose and how to configure or disable them.
Our facilities are equipped with a video surveillance system to protect the safety of people and property, which means your image may be recorded on camera on entering the premises. Those images are kept for a maximum of one month from the time of recording and will only be disclosed to the law enforcement forces and agencies if necessary.
When you provide us with your data by electronic means, as the user you guarantee that you are over 14 years old and that the data provided is truthful, accurate, complete and up-to-date. You are accountable for the truthfulness of the data provided, and must keep it updated, to ensure that it reflects your actual status at all times. You will be liable for any false or inaccurate information, and any direct or indirect damages and losses caused.
For how long do we keep your information?
We only keep your information for as long as necessary to fulfil the intended purpose, comply with our legal obligations and fulfil any responsibilities in relation to the purpose for which the data was collected.
If you wish to join our workforce and choose one of our job positions, the data provided will be included in our job board and kept for the duration of the selection process and for a maximum of two years, or until you exercise your right of erasure.
If we have collected your data at any time to contact you as a potential user of our services or to respond to an information request from you, this data will be kept for a maximum of two years from the time it was collected, after which it will be deleted if no contractual relationship has been established or as soon as you request that it be deleted.
As a general rule, we will keep your personal information while there is a contractual relationship in place or until you exercise your right to erasure and/or restriction of processing, in which case the data will be blocked and not used, although it will be kept in case it is necessary to defend claims or respond to any liability that arises.
To whom do we disclose your data?
In general we do not share your personal information unless we are legally obliged to do so.
Although it is not a disclosure of data, to provide you with the requested service, third companies (acting as our suppliers) may access your information to provide the service for which we have hired them. Those data processers access your data in accordance with our instructions, may not use them for any other purpose and must keep them strictly confidential.
In the event an incident is recorded by our security cameras, your images might be disclosed to the law enforcement agencies as required by law.
Your personal information will be made available to the public administrations and courts and tribunals to respond to any liabilities that arise from processing it.
International data transfers
There will be no international transfers of your data outside the European Economic Area (EEA).
What are your data processing rights and how can you exercise them?
Data protection regulations allow you to exercise your rights of access, rectification, erasure, data portability and objection to and restriction of processing, and your right not to be subject to a decision based solely on automated processing, when applicable.
The following conditions apply to these rights:
- You can exercise them free of cost, unless your requests are manifestly unfounded or excessive (e.g., repetitive), in which case we may charge a fee for the administrative costs incurred or refuse to act
- You can exercise them directly or through a legal representative or volunteer
- We must respond to your request within one month, although this period can be extended for another two months depending on the complexity and number of requests
- It is our duty to inform you of how to exercise these rights and ensure that the necessary means are accessible. We cannot deny you the right to exercise your rights for the sole reason of choosing other means. If the request is submitted by electronic means, the information will be provided by these means whenever possible, unless you request otherwise
- If, for any reason, your request is not granted, we will inform you, within a maximum period of one month, of the reasons and of the possibility of filing a claim with a supervisory authority
To make it easier for you to exercise your rights, the following are links to the forms for each of them:
Right of access form
You can exercise your rights using the following means:
- By sending a signed, written request to the company, Ref. Exercise of GDPR Rights.
- By sending a signed, scanned form to the above e-mail address, including Exercise of GDPR Rights in the subject field.
In both cases you must provide proof of identity by attaching attach a photocopy or scanned copy of your ID or equivalent document. If your rights are exercised through a representative, proof of representation is also required.
If you feel you have not been able to exercise your rights successfully, you can file a claim with the national supervisory authority: Spanish Data Protection Agency, C/ Jorge Juan, 6 – 28001 Madrid.
How do we protect your information?
We undertake to protect your personal information.
We have reasonably reliable and efficient physical, organisational and technological measures, controls and procedures in place to ensure the integrity and security of your data and to guarantee your privacy.
All employees who have access to personal data have received training and are aware of their obligations regarding personal data processing.
All contracts we sign with our suppliers include clauses requiring them to protect the confidentiality of the personal data they have accessed due to the service provided and to implement the necessary technical and organisational security measures to ensure the permanent confidentiality, integrity, availability and resilience of personal data processing systems and services.
All of these security measures are checked regularly to make sure they are appropriate and effective.
However, no security system is impenetrable and complete security cannot be guaranteed. Therefore, if any information processed and under our control is compromised following a security breach, we will take the appropriate measures to investigate the incident and notify the supervisory authority and any users who could have been affected so that they can act accordingly.