Privacy Policy

PRIVACY POLICY

 

DATA CONTROLLER

Data controller is IDRUS FLEXIBLES, SL, P.I El Regadiu, C/ Comarca de la Marina, N25, 46880, Bocairent (VALENCIA).

 

Privacy principles

We are commited to work continuosly to guarantee your privacy in all our processing activities, and to offer you the most complete and clear information we can provide. We encourage you to read this section carefully before providing us with your personal data.

If you are under fourteen years of age, please do not provide us with your data without the consent of your parents.

In this section, we inform you on how we process personal data of people involved with our organization. Starting with our privacy principles:

– We do not request any personal data, unless is needed to fulfill any service you require from us.

– We never share your personal data with third parties unless we are forced by law, or you have granted us your express consent.

– We will never use your personal data for other purposes than those stated in this privacy policy.

– We will process your personal data always with an appropiate level of protection, according with data privacy regulations, and we will not execute automated decision-making without your express consent.

We have written this privacy policy taking into account the requirements of current data protection regulations:

– REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (GPDR).

– Spanish Ley Orgánica 3/2018, de 5 de diciembre, de Protección de Datos de Carácter Personal y garantía de los derechos digitales (LOPD).

– Spanish Real Decreto 1720/2007, de 21 de diciembre (RLOPD).

This privacy policy is written on December 6, 2018.

We may modify this privacy policy in the future in order to facilitate its understanding or to adapt it to changes in legislation, or changes in our processing activities. We will update its date, so that you can check its validity.

 

PROCESSING ACTIVITIES

EMPLOYEES PROCESSING
Lawful basis for processing: GPDR: 6.1.b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
GPDR: 6.1.c) processing is necessary for compliance with a legal obligation to which the controller is subject.
Spanish job regulation: Real Decreto Legislativo 2/2015, de 23 de octubre, por el que se aprueba el texto refundido de la Ley del Estatuto de los Trabajadores.
Purposes of the processing: – Management of contracted personnel.
– Personal file. Time control. Training. Pension plans. Prevention of occupational hazards.
– Issuance of staff payroll.
– Management of union activity.
Categories of individuals: Employees
Categories of personal data: – Name and surname, DNI / CIF / Identification document, personnel registration number, Social Security / Mutuality number, address, signature and telephone number. – Special categories of data: health data (sick leave, work-related accidents and degree of disability, excluding diagnoses), union membership, for the exclusive purposes of paying union dues (where appropriate), union representative (where appropriate). case), proof of attendance from own and third parties.
– Personal characteristics data: Sex, marital status, nationality, age, date and place of birth and family data. Data on family circumstances: Date of registration and cancellation, licenses, permits and authorizations.
– Academic and professional data: Qualifications, training and professional experience.
– Details of employment and administrative career. Incompatibilities.
– Presence control data: date / time of entry and exit, reason for absence.
– Economic-financial data: Economic data of payroll, credits, loans, guarantees, tax deductions, loss of assets corresponding to the previous job (if applicable), judicial withholdings (if applicable), other withholdings (if applicable) . Bank data.
Categories of recipients: – Entity to which we entrust the management of occupational risks.
– Spanish Job Agency (Tesorería General de la Seguridad Social.)
– Trade union organizations.
– Financial entities.
– Spanish Tax Administration Agency.
– Main contractors that we provide services to as subcontractors.
Third countries or international organizations that personal data are transferred to: No international transfer of your personal data is planned.
Retention schedule: Your personal data will be kept for the time necessary to fulfill the purpose for which they were collected and to determine the possible responsibilities that may arise.
Security measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.

CONTACTS PROCESSING
Lawful basis for processing: This processing is lawful because you have given us your consent.
Purposes of the processing: Manage your request, send you information and follow up on your request.
Categories of individuals: Persons who contact us, customers and suppliers
Categories of personal data: Name and surname, phone, email.
Categories of recipients: Your personal data will not be disclosed to third parties without your express consent.
Third countries or international organizations that personal data are transferred to: No international transfer of your personal data is planned.
Retention schedule: Your personal data data will be kept for an indefinite period, or until you requests its erasure.
Security measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.

DATA SUBJECT RIGHT EXERCISING PROCESSING
Lawful basis for processing: GPDR: 6.1.c) processing is necessary for compliance with a legal obligation to which the controller is subject.
Purposes of the processing: Facilitate your rights under GPDR: Right of access, rectification and erasure, restriction of processing, portability, and object to automated individual decision-making.
Categories of individuals: Individuals who request to exert their rights (employees, clients, suppliers, contact persons)
Categories of personal data: Full name, address, signature and phone.
Categories of recipients: Your personal data may be disclosed to the Supervisory Authority (In Spain: Agencia Española de Protección de Datos) if you lodge a complaint.
Third countries or international organizations that personal data are transferred to: No international transfer of your personal data is planned.
Retention schedule: Your personal data will be kept for a period of five years
Security measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.

CANDIDATES FOR SELECTION PROCESSES (WORK WITH US) PROCESSING
Lawful basis for processing: GPDR: 6.1.a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes
GPDR: 6.1.b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
Purposes of the processing: Selection of personnel and provision of jobs.
Categories of individuals: Job applicants.
Categories of personal data: – Name and surname, ID / CIF / Identification document, personnel registration number, address, signature and telephone number.
– Personal characteristics data: Sex, marital status, nationality, age, date and place of birth and family data.
– Academic and professional data: Qualifications, training and professional experience.
– Job detail data.
Categories of recipients: Your personal data will not be disclosed to third parties without your express consent.
Third countries or international organizations that personal data are transferred to: No international transfer of your personal data is planned.
Retention schedule: Your personal data will be kept for the time necessary to fulfill the purpose for which they were collected and to determine the possible responsibilities that may arise.
Security measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.

SUPPLIERS PROCESSING
Lawful basis for processing: GPDR: 6.1.b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. GPDR: 6.1.c) processing is necessary for compliance with a legal obligation to which the controller is subject.
Purposes of the processing: – Acquisition of products and / or services that we need for the development of our activity.
– Control of subcontractors if applicable.
Categories of individuals: – Suppliers.
– Individuals who work for our suppliers.
Categories of personal data: – Full name, Proof of identity, address, signature and telephone.
– Employee data: job position. prevention of occupational hazards training.
Categories of recipients: – Financial entities. (Invoice Payment)
– Spanish Tax Administration Agency. (Agencia Estatal de Administración Tributaria)
Third countries or international organizations that personal data are transferred to: No international transfer of your personal data is planned.
Retention schedule: Your personal data will be kept for the time necessary to fulfill the purpose for which they were collected and to determine the possible responsibilities that may arise, according to spanish tax law (Ley 58/2003, de 17 de diciembre, General Tributaria)
Security measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.

CUSTOMERS (SALES) PROCESSING
Lawful basis for processing: GPDR: 6.1.a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes
GPDR: 6.1.b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
GPDR: 6.1.c) processing is necessary for compliance with a legal obligation to which the controller is subject.
GPDR: 6.1.f)processing is necessary for the purposes of the legitimate interests pursued by the controller.
Purposes of the processing: Supply of our products / services
Categories of individuals: Customers
Categories of personal data: – Name and surname, DNI / NIF / Identification document, address, signature and telephone.
– Economic, financial and insurance data: Bank details
Categories of recipients: – Financial entities.
– Spanish Tax Agency (Agencia Estatal de Administración Tributaria).
Third countries or international organizations that personal data are transferred to: No international transfer of your personal data is planned.
Retention schedule: Your personal data will be kept for the time necessary to fulfill the purpose for which they were collected and to determine the possible responsibilities that may arise.
Security measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.

PERSONAL DATA BREACH MANAGEMENT PROCESSING
Lawful basis for processing: GPDR: 6.1.c) processing is necessary for compliance with a legal obligation to which the controller is subject.
Regulation (EU) 2016/679, General Data Protection Regulation, articles 33 and 34
Purposes of the processing: Manage Personal Data Breaches that may occur in our organization.
Categories of individuals: Variable: Employees, Clients, Suppliers, Contact Persons (it will depend on the security breach)
Categories of personal data: Variable: (it will depend on the security breach)
Categories of recipients: – Spanish Supervisory Agency: Agencia Española de Protección de Datos.
– Spanish Police.
Third countries or international organizations that personal data are transferred to: No international transfer of your personal data is planned.
Retention schedule: Your personal data will be kept for the time necessary to fulfill the purpose for which they were collected and to determine the possible responsibilities that may arise.
Security measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.

 

YOUR RIGHTS

You have the right to ask us for a copy of your personal data, to rectify inaccurate data or complete it is incomplete, or if applicable, ask for your data erasure, when it is no longer necessary for the purposes for which we collected them.

You also have the right to limit the processing of your personal data and to obtain your personal data in a structured and legible format.

You have the right to object to the processing of your personal data under some circunstances(in particular, when we do not have to process them to fulfill a contract or other legal requirement, or when the object of the processing is direct marketing)

If we are processing your personal data because you have given us your consent, you can withdraw your consent at any time. The withdrawal of your consent shall not affect the lawfulness of processing based on consent before its withdrawal.

These rights may be limited. For example, if to fulfill your request we had to disclose data about another person, or if you ask us to delete some records that we are obliged to keep by law or to pursue our legitimate interest, such as the exercise of defense against claims. Or even in those cases where the right to freedom of expression and information must prevail.

You can contact us by any of the means indicated in this privacy policy, providing a copy of a document that proves your identity.

You have also the right of not being subject of processing based solely on automated decision-making, including profiling that produces legal effects or affects you.

If you consider that we have violated any of your rights, such as, for example, that we have not fulfilled your legitimate request, you have the right to lodge a complaint with a supervisory authority. You can address your complaint to your national data protection supervisory authority (if you live outside of Spain) or to the Spanish Data Protection Agency (Agencia Española de Protección de Datos)

Links to third party websites.
Our website may contain links to other websites. It is your responsibility to make sure you read the data protection policy and the terms and conditions that apply to each site.

Third parties personal data.
If you provide us with data from third parties, you assume the responsibility of providing them with enough information as established in article 14 of the GPDR.