Privacy policy

We collect your personal information through different means, but you will always be informed at the time of collection through informative clauses about the data controller, the purpose and legal basis thereof, the recipients of the data and the period of conservation of your information, as well as how you can exercise the rights that assist you in terms of data protection.

In general, the personal information we process is limited to identification data (name and surname, date of birth, address, ID number, telephone and email), contracted services and payment and billing data.

We obtain data from our potential customers/users regarding identification data (name, surname, NIF, postal address, telephone, email), professional data (position, workplace, sector of activity) directly from them when they request information and consultations.

In cases of personnel management and selection, we collect academic and professional data in order to comply with the obligations derived from maintaining the employment relationship or, where appropriate, to join our staff.

We use social networks and this is another way to reach you. The information collected through the messages and communications you publish may contain personal information that is available online and accessible to the public. These social networks have their own privacy policies that explain how they use and share your information, so we recommend that you consult them before using them to confirm that you agree with how your information is collected, processed and shared.

Through our website we collect personal information related to your browsing through the use of cookies. To know clearly and precisely the cookies we use, what their purposes are and how you can configure or disable them, please consult our Cookie Policy.

In addition, our facilities have a video surveillance system whose function is to guarantee the security of people and property, so your image may be recorded simply by accessing them. These images are kept for a maximum period of 1 month from their capture and would only be communicated to the State Security Forces and Corps if necessary.

We only keep your information for the period of time necessary to fulfil the purpose for which it was collected, to comply with the legal obligations imposed on us and to address any possible responsibilities that may arise from the fulfilment of the purpose for which the data was collected.

If you wish to join our staff and apply for one of our jobs, the data provided will become part of our job bank and will be kept for the duration of the selection process and for a maximum of two years or until you exercise your right of deletion.

If at any time we have collected your data to contact you as a potential user of our services or to respond to a request for information made by you, said data will be kept for a maximum of two years from its collection, being deleted after this period if a contractual relationship has not been formalised or when you request us to do so.

In any case, and as a general rule, we will keep your personal information as long as there is a contractual relationship that binds us or you do not exercise your right of deletion and/or limitation of processing, in which case, the information will be blocked without further use beyond its conservation, as long as it may be necessary for the exercise or defence of claims or any type of liability that may have to be addressed.

In general, we do not share your personal information, except for those transfers that we must make based on imposed legal obligations.

However, on some occasions and to develop and provide you with the requested service, we may communicate your data to other collaborating companies.

You can communicate your opposition to the transfer of your data, although in that case, it would not be possible to provide you with the requested service. Although it is not a data transfer, to provide you with the requested service, third-party companies, acting as our suppliers, may access your information to carry out the service we have contracted from them. These processors access your data following our instructions and without being able to use them for a different purpose, maintaining the strictest confidentiality. If necessary as a result of an incident recorded by our security cameras, your images could be communicated to the State Security Forces and Corps, by virtue of the provisions of the Law.

Likewise, your personal information will be available to Public Administrations, Judges and Courts, to address any possible responsibilities arising from the processing.

There are no international transfers of your data to countries outside the European Economic Area (EEA).

With our suppliers we have agreed that, for the provision of the contracted service, they use servers located in the EEA and if, in the future, we need to use servers located outside EU territory, appropriate measures will be adopted, which will be incorporated into this Privacy Policy, guaranteeing that said suppliers are under the Privacy Shield agreement or that there are other adequate guarantees.

Data protection regulations allow you to exercise your rights of access, rectification, deletion and data portability and opposition and limitation to their processing, as well as not to be subject to decisions based solely on the automated processing of your data, where applicable.

These rights are characterised by the following:

• Their exercise is free, except in the case of manifestly unfounded or excessive requests (e.g., repetitive in nature), in which case we may charge a fee proportional to the administrative costs incurred or refuse to act.
• You can exercise the rights directly or through your legal or voluntary representative.
• We must respond to your request within one month, although, considering the complexity and number of requests, the deadline may be extended by a further two months.
• We are obliged to inform you about the means to exercise these rights, which must be accessible and we cannot deny you the exercise of the right solely because you choose another means. If the request is submitted by electronic means, the information will be provided by these means when possible, unless you request otherwise.
• If we do not comply with the request, we will inform you, no later than one month, of the reasons for our non-action and the possibility of complaining to a Supervisory Authority.

We are committed to protecting your personal information.

We use reasonable, reliable and effective physical, organisational and technological measures, controls and procedures, aimed at preserving the integrity and security of your data and guaranteeing your privacy. Furthermore, all personnel with access to personal data have been trained and are aware of their obligations regarding the processing of your personal data.

In the case of contracts signed with our suppliers, we include clauses requiring them to maintain the duty of secrecy regarding the personal data to which they have had access by virtue of the assignment, as well as to implement the necessary technical and organisational security measures to guarantee the permanent confidentiality, integrity, availability and resilience of the systems and services for processing personal data.

All these security measures are periodically reviewed to ensure their adequacy and effectiveness. However, absolute security cannot be guaranteed and there is no security system that is impenetrable, so in the event that any information being processed and under our control is compromised as a result of a security breach, we will take appropriate measures to investigate the incident, notify the Supervisory Authority and, where appropriate, those users who may have been affected so that they can take appropriate measures.