PRIVACY POLICY

This Privacy Policy has been developed taking into account the provisions of Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and the movement of such data, hereinafter the GDPR, as well as the Organic Law 3/2018, of 5 December, on Data Protection and Digital Rights (hereinafter, LOPDGDD) and other applicable regulations.

The purpose of this Privacy Policy is to inform individuals who provide their personal data, and/or those of the person they represent, in respect of which information is being collected, of the specific aspects relating to the processing of their data, the purposes of the processing, the contact details for exercising their rights, the periods of conservation of the information and the security measures, among other things.

1. Who is responsible for your personal data?
In terms of data protection, GRUPOTEC SERVICIOS AVANZADOS SA shall be considered the Data Controller in relation to the processing of personal data carried out by this entity.

The contact details of the Data Controller are given below:

  • Identity of the data controller: GRUPOTEC SERVICIOS AVANZADOS SA (A96827829)
  • Physical address: AVDA. DE LOS NARANJOS 33, 46011, VALENCIA, VALENCIA
  • E-mail: rgpd@grupotec.es
  • Telephone: 963 391 890

2. What personal data do we process?

All information collected by GRUPOTEC SERVICIOS AVANZADOS SA will be processed in a loyal, lawful and transparent manner.

Likewise, the data requested in each of the processing operations carried out will consist only of those that are strictly necessary for the purpose intended and informed in each case.

In this way, the data collected will be adequate, relevant and not excessive in relation to the purposes for which they are processed in each case.

Are processed in each case. Likewise, your personal data will be collected for specific, explicit and legitimate purposes, and will not be further processed in a way that is incompatible with the purposes for which they are processed.

Further processed in a way that is incompatible with those purposes. Furthermore, they will be updated whenever necessary.

In general terms, the following types of data are collected as part of the various processing activities carried out within the organisation:

  • Data of an identifying nature.
  • Academic, professional and training data.
  • Detailed employment data.

3. WHERE DOES THE PERSONAL DATA COME FROM?

As a general rule, personal data are always collected directly from the data subject, however, in certain exceptions, data may be collected through third parties, entities or services other than the data subject.

In this regard, the data subject will be informed of this fact through the informative clauses contained in the different information collection channels and within a reasonable period of time or in the first communication made to the data subject.

4. FOR WHAT PURPOSES DO WE PROCESS PERSONAL DATA?

In general terms, personal data are processed for the following purposes:

  • Candidates:  To carry out internal recruitment processes, both current and future.
  • Contact: To respond to requests for information received about the products and services we offer, as well as to respond to any other type of question sent by users.
  • Internal information system: Processing of personal data for the purpose of managing the internal information system or ethical channel, investigating the facts and proposing measures to prevent breaches of regulations and correct those already detected, as well as to contribute to the efficiency of the Organisation’s operation with the continuous improvement of internal processes for the continuous improvement of internal processes for the management and control of illegal conduct or conduct contrary to the ethical culture of the Organisation.

By means of this processing, no profiles of the users who browse the website are drawn up nor, therefore, are automated decisions made based on this data.

5. WHAT IS THE LEGAL BASIS FOR DATA PROCESSING?

As a general rule, the data subject’s consent is the legal basis for the processing of data in accordance with the purposes described above. This consent is expressed by a declaration or a clear affirmative action, such as ticking a box provided for this purpose, voluntary subscription or by submitting data via the forms. This consent may be revoked at any time by contacting the company through its means of contact and, in general, we will request your consent for uses for purposes other than those for which you originally gave it.

Specifically, and for the processing indicated below, the following legitimate bases are used:

  • Internal information system: The purpose in the processing is legitimised by a legal obligation: the Law 2/2023, of 20 February, regulating the protection of persons who report regulatory infringements and the fight against corruption.

6. HOW LONG DO WE KEEP PERSONAL DATA?

In general, personal data are processed and kept for one year, for the purpose for which they were collected, for as long as the service or contractual relationship is maintained, there is a mutual interest and/or for the time provided for in the corresponding regulations.

Once the established time criteria have been met, the data will be cancelled. Said cancellation will lead to the blocking of the data, which will only be kept at the disposal of the Public Administrations, Judges and Courts, in order to attend to any possible liabilities arising from the processing, during the period of limitation of these, after which time the information will be destroyed.

Specifically, and for the processing indicated below, the data are kept for the following periods:

  • Internal information system:

    The data will be kept for as long as they are necessary to fulfil the purpose for which they were collected. In any case, three months after the data have been entered, they shall be deleted from the complaints system, unless the purpose of their retention is to provide evidence of the functioning of the model for the prevention of the commission of offences by the legal person. Once the aforementioned period has elapsed, the data may continue to be processed by the body responsible for the investigation of the reported facts, but shall not be retained in the internal complaints information system itself.

7. WITH WHOM DO WE SHARE PERSONAL DATA?

Personal data will not be transferred or communicated to third parties, except in the cases necessary for the attention of the consultation formulated and in the cases provided for by law. However, we inform you that the data may be transferred, on the basis of legitimate interest, to other Grupotec companies for administrative and statistical purposes.

Likewise, we inform you of the transfer of data outside the European Economic Area, based on the existence of adequate guarantees in accordance with the General Data Protection Regulation and these guarantees being available to anyone who expressly requests them to rgpd@grupotec.es.

The personal data collected may be communicated to the public administration with competence in the matter and to third parties when necessary for the adoption of disciplinary measures or for the processing of any legal proceedings that may be appropriate.

8. WHAT RIGHTS CAN YOU EXERCISE?

According to European legislation, you have the following rights:

  • Right of Access, the right to request information from the data controller about whether your personal data is being processed.
  • Right of rectification, the right that allows the data subject to request the modification of data that is inaccurate or incomplete.
  • Right of Opposition, the right of an individual to object to the processing of his or her personal data or the cessation of such processing.
  • Right against automated individual decisions, the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects on him or her or significantly affects him or her in a similar way.
  • Right of restriction, the right to suspend the processing of the user’s personal data in certain circumstances
  • Right of Deletion or Oblivion, the right to erasure of the data subject’s personal data
  • Right of Portability, the right to request the controller to provide the personal data in a structured and clear format to another controller.
  • Right to lodge a complaint with the competent supervisory authority if you consider that the processing does not comply with the regulations in force.

9. HOW TO EXERCISE YOUR RIGHTS

The applicant may exercise his/her rights by the following means:

  • Email to rgpd@grupotec.es
  • Postal mail to AVDA. DE LOS NARANJOS 33, 46011, VALENCIA, VALENCIA.

In both cases, if necessary, documentation may be required to prove the identity of the applicant.

In any case, you may request the protection of the Spanish Data Protection Agency through its website.

In this regard, your request will be dealt with as soon as possible and taking into account the deadlines set out in the data protection regulations.

10. WHAT COULD BE THE CONSEQUENCES OF NOT PROVIDING THE INFORMATION?

The data requested in the fields marked with an asterisk, or identified as mandatory, or those provided in the media where the information is provided, are those strictly necessary in relation to the purpose for which they are collected, or for the provision of an optimal service to the data subject or through a legal obligation imposed on the data controller itself or a necessary requirement to enter into a contract, with the inclusion of data in the remaining fields being voluntary.

If not all data is provided, there is no guarantee that the information and services provided will be completely tailored to your needs.

Therefore, in the event that the required data is not provided or is provided incorrectly or incompletely, we will not be able to deal with your request, making it impossible to provide you with the requested information or to carry out the contracting of services.

Likewise, the user guarantees that the information transmitted in any of the forms is truthful, accurate and corresponds to their own data.

The services of our platforms are not intended for minors, so only persons over 18 years of age are allowed to register, otherwise we warn that any liabilities that may arise as a result of the use of our platforms will be borne by the parents or guardians of the minor. To avoid the use of our services by minors, we try to verify the age of our users when they register by requesting their date of birth.

11. WHAT SECURITY MEASURES DO WE HAVE IN PLACE?

The security measures adopted by GRUPOTEC SERVICIOS AVANZADOS SA are those required, in accordance with the provisions of article 32 of the RGPD.

In this regard, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing, as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons, the appropriate technical and organisational measures are in place to ensure the level of security appropriate to the existing risk.

In any case, GRUPOTEC SERVICIOS AVANZADOS SA has implemented sufficient mechanisms to:

  • Guarantee the permanent confidentiality, integrity, availability and resilience of the processing systems and services.
  • Restore availability and access to personal data quickly in the event of a physical or technical incident.
  • Regularly verify, evaluate and assess the effectiveness of the technical and organisational measures implemented to ensure the security of the processing.
  • Enable the encryption of data and communications.

12. CHANGES TO THIS PRIVACY POLICY

From time to time, this Privacy Policy may be revised in order to update changes in current legislation, update the procedures for collecting and using personal information, the appearance of new services or the exclusion of others. These changes will be effective from the date of publication on the website, so it is important that you regularly review this Privacy Policy in order to remain informed about the changes.