Data Processing Information

Who is the Data Controller for your personal data?

GP LIMITE ANDAMUR S.L. is the Data Controller responsible for the processing of the data subject’s personal data and hereby informs you that this data will be processed in accordance with the provisions of Regulation (EU) 2016/679 of 27 April (GDPR), and Spanish Organic Law 3/2018 of 5 December (LOPDGDD), for which the following information on processing is provided:

Purpose of processing: Why do we process your personal data?

For the proper management of our ethics channel, processing the corresponding irregularities notified through it, and deciding whether an investigation should be initiated in order to detect possible crimes and prevent the imposition of liability of any kind on GP LIMITE ANDAMUR S.L., as well as to prevent any type of conduct that is contrary to the internal or external regulations of the entity.

Legal basis for data processing: For what reasons can we process your personal data?

Based on the existence of a public interest (Article 6(1)(e) of the GDPR) in preventing conduct contrary to the regulations.

Data retention criteria: For how long will we keep your personal data?

We will keep your data for a maximum period of six months after notification of the irregularity, if the facts have not been proven and as long as it is not needed for other purposes or for evidentiary purposes of due control and supervision in crime prevention. In the event that the facts are proven or with sufficient evidence, the data will be kept for as long as it is necessary for the entity to exercise its rights before the courts of justice, and when it is no longer necessary for this purpose, it will be deleted with adequate security measures to guarantee the anonymisation of the data or the total destruction of the same.

Data communication: To whom do we provide your personal data?

Except for a legal obligation, your data will only be communicated to the following categories of recipients:

  • Courts and Tribunals, as well as other possible conflict resolution bodies.
  • State Security Forces and Bodies.
  • Notaries and registrars.

With the providers that need to access your personal data for the provision of the services that we have acquired from them or that, due to the operation of our electronic services (website and emails), may have access to certain data, we have signed the confidentiality and personal data processing contracts that are necessary and required by the regulations to protect your privacy (Article 28(3) of the GDPR.

Rights: What are your rights under the GDPR?

  • Right of access, rectification, portability and erasure of your data, and the right to restrict or object to its processing.
  • Right to file a claim with the Supervisory Authority ( if you consider that the processing does not comply with current regulations.