PRIVACY POLICY

 

  1. Introduction

We are highly committed to people’s privacy, which is why the protection of personal data is important to us.

We process data in accordance with the provisions of the EU General Data Protection Regulation 2016/679, Spanish Organic Law 3/2018 on the Protection of Personal Data and Guarantee of Digital Rights and other applicable legislation.

This Privacy Policy was revised in June 2022 in order to comply with the duties of information and transparency of the website itself and the data controller in general, in order to provide data subjects of all kinds and not only users of the website with the general terms and conditions of the data controller in this regard. Modifications may occur prior to the next revision.

  1. Who is the data controller?

Controller: GP LIMITE ANDAMUR S.L.

NIF/CIF (Spanish Tax ID/VAT No.): B30424162

Address: POL. IND. SAPRELORCA, CENTRO DE NEGOCIOS ANDAMUR. 30817 LORCA (MURCIA)

Email address: info@andamur.com

  1. What is the source and type of data we process?

The source of the information we process may fit any of the following categories:

  • Paper, electronic or digital forms.
  • Communication and messaging systems: e-mail and messaging applications, telephone, etc.
  • Other lawful origins and sources of information.

The different categories of data that we may process depending on the type of data subject (user, customer, supplier, employee, etc.) and the nature of the data controller’s business and the different data processing operations are:

  • Identification data, e.g., name and surname, image.
  • Identification codes or passwords, e.g., username, employee code.
  • Postal or electronic contact addresses, e.g., telephone, email, social media profile.
  • Data concerning personal and professional characteristics, e.g., age, date of birth, qualifications, professional experience, CV.
  • Economic, financial and insurance data, e.g., bank details, credit card details, etc.
  • Financial and non-financial payroll data and other information relating to employment, e.g., job title, payroll document, etc.
  • Transaction data, e.g., goods and services supplied and received.
  • Special category data, e.g., health, trade union membership, racial background.
  • Other data and information necessary or implicit in the performance of our business activities, services and objectives.
  1. For what purpose do we process your personal data?

In general, the data are processed in order to successfully carry out the actions implicit in the normal execution and management of the controller’s business. However, we may specify different processing purposes depending on the different categories of data subjects:

  • Customers and prospects: management and maintenance of commercial, pre-contractual and contractual relations; internal administration; financial management; advertising and marketing, customer service.
  • Partners, creditors and suppliers: management and maintenance of commercial relations, internal administration and economic management.
  • Employees: management, development and maintenance of the employment relationship, human resources management, communications, training activities, occupational risk prevention, recording daily working hours and other purposes resulting from legal obligations and the management of employment relationships.
  • Candidates: management of CVs received, management of job offers and recruitment.
  • Web and social media users: user service and management of communications between the parties.
  • Visitors: visitor services and controlling access to the facilities.
  • The information relating to any other category of data subject processed by the data controller will be processed within the framework of their business activity, in strict compliance with the applicable regulations and according to the general criteria of this Privacy Policy.

Other general purposes for which the data controller may process the data are:

  • Creation of a commercial profile, with the aim of improving your experience by personalising offers and communications. No individualised decisions will be taken on the basis of such a profile and action will be taken on the basis of legitimate interest.
  • Video surveillance, for the security of property and persons, as well as the appropriate monitoring of work on the basis of legitimate interest.
  • Telephone switchboard, in order to record communications for security, guarantee and quality of service, based on legitimate interest.
  • Financial risk analysis and overseeing monetary obligations. In order to be able to analyse a specific service requested. In the case of debtors with certain, due and enforceable payments pending, the data controller may communicate this circumstance to credit rating lists, debtors’ lists, and debt management or collection services, among others, based on legitimate interest.
  • Communications and marketing: development and execution of communications through the available data and means of contact (email, instant messaging, etc.) with categories of internal (employees) and external (customers, prospects, partners, suppliers, etc.) data subjects. The purposes of such communications may be informational, organisational, commercial and advertising, as appropriate, on the basis of informed consent and the legitimate interest of the data controller. Other marketing actions may be carried out in order to disseminate the activities of the data controller as well as to increase the loyalty of data subjects, for example through prize draws, promotions, etc.

Data may be processed by means and applications provided to users for the purposes of improving the quality of services, maintaining business relationships and marketing actions. Such processing may also include some of the purposes listed here.

  • Geolocation through systems contracted for this purpose for reasons of security, monitoring and optimisation of human and material resources.
  • Other purposes derived from the nature of the data controller’s business, motivated by the normal performance and execution of their duties, with a valid legal basis.
  1. For how long will we store your data?

In general, personal data will be stored for at least as long as there is a relationship with the data subject, as long as their erasure is not requested, as long as liabilities may arise or as long as there is a legal provision for their storage.

As regards the data of candidates and job seekers, they will be immediately deleted when they are no longer of interest to the data controller. On the contrary, if they are of interest to the company, they will be stored in a secure and protected manner and processed only during the periods when recruitment procedures are in progress.

In the case of customers with whom the business relationship has ceased, they may be stored for the purpose of offering them conditions or services where this has a genuine legal basis.

Data captured by video surveillance systems will be stored for a period of up to thirty (30) days from their capture. With the exception of the cases provided for by law, which allow the files to be stored securely until the corresponding decision is taken.

Visitor registration, access control and other processing data for private security purposes shall also be stored for up to thirty (30) days or longer if a liability arises for which it must be stored for a longer period, during which time the information shall be stored securely and made available to the competent authorities.

The controller’s data protection plan contains an inventory of storage periods which the controller observes in order to manage the different applicable storage periods.

The erasure of the data will be carried out in any case ensuring the confidentiality of the data.

  1. What is the legal basis for the processing of your data?

The controller observes and applies the various legal bases that apply to each processing purpose. These are:

  1. Informed consent of the data subject.
  2. Pre-contractual or contractual commitments.
  3. Legitimate interest of the controller or a third party.
  4. Applicable legal obligations.
  5. Other legally prescribed legal bases.
  1. With which recipients will your data be shared?

Data subjects’ data will not be shared with any third party by default, with several exceptions: (a) categories of affiliated companies, owned by the partners or belonging to the same business group as the data controller; (b) banking institutions where direct debit payments are made; (c) companies from which the data controller contracts credit information services, risk reports and commercial reports, including services that manage files relating to the fulfilment or non-fulfilment of monetary obligations; d) authorised data processors and ancillary services implicit in the provision of the company’s goods and services; e) other legitimate data subjects and/or legally stipulated third parties; f) public authorities and administrations in the exercise of their powers.

In the case of processors (suppliers, auxiliary services, etc.) involved in the rendering of our services who are domiciled in a third country, this is carried out within the European Economic Area, with adequate and appropriate guarantees, and they undertake to observe and comply with the provisions of the European privacy regulations.

  1. What are your rights when you provide us with and/or we process your data?

As a data subject, you may at any time ask us to exercise any of the following data protection rights:

  • Access to the data subject’s personal data in order to confirm whether or not data concerning him/her are being processed and to obtain further information about this processing.
  • Rectification or erasure of personal data concerning the data subject when, among other reasons, they are inaccurate or no longer necessary for the purposes for which they were collected.
  • To restrict the processing of the data subject’s personal data in certain circumstances, in which case it will only be stored for the purposes of the exercise or defence of claims, for the protection of the rights of another person or for reasons of public interest.
  • To receive the personal data concerning you, which you have previously provided to us, and in a structured format where possible (portability of your data).
  • To object to the processing of your data in certain circumstances and for reasons relating to your particular situation. The company will stop processing your data, except when there are compelling legitimate reasons, or for the exercise or defence of potential claims.
  • To revoke consent, which may entail the annulment or cancellation of the existing business or contractual relationship, if any, without prejudice to the processing carried out prior to the withdrawal of consent.

To do so, all you have to do is contact us at the email or postal address included at the beginning of this page.

Alternatively, you can also contact our appointed data protection officer or the Data Protection Agency to find out more about your rights or to request the supervisory authority to enforce your rights.

  1. Data security

We adopt the necessary technical and organisational measures in our information system to guarantee an appropriate level of confidentiality, integrity, availability and resilience of the data.

However, to the extent permitted by law, we do not assume any liability for damages caused by alterations that third parties may cause to our information system. Any breach of security will be immediately and appropriately reported to the competent authorities and/or law enforcement agencies.

  1. Sending communications or information

Our policy regarding the sending of information by telematic means (e-mail, instant messaging, etc.) is limited to sending only communications that we consider to be of interest to our users and data subjects, in connection with the company’s functions and business, or which you have consented to receive.

If you prefer not to receive these messages, we will give you the option of exercising your right to unsubscribe and opt out of receiving these messages, in accordance with the provisions of Title III, Article 22 of Spanish Law 34/2002 on Information Society and Electronic Commerce Services.

  1. Social networks

The data controller may have a presence on social networks via the corresponding profiles, and this section and any legal and privacy terms present on the website shall apply to the processing of data of users who become followers or in any way link to said profiles.

The purposes of use of these profiles by the data controller are communication, business development, marketing and advertising.

Users who are followers and/or participants in our profiles will refrain from:

  1. Publishing content or information in breach of the law, ethical principles and public decency. Any use or behaviour that is unlawful, disruptive, inappropriate, that may generate negative opinions on the profile or that violates the rights of individuals is not permitted.
  2. Behaving in a manner contrary to the principles of legality, honesty, responsibility, protection of human dignity, protection of minors, protection of public order, protection of privacy, consumer protection and intellectual and industrial property rights.

The data controller reserves the right to remove any content deemed inappropriate without prior notice. Likewise, it disclaims any responsibility in relation to the security measures corresponding to each platform, and the user must be aware of these together with the legal terms and conditions of use of the platform itself.

  1. Controller Channel

The data provided by any data subject through the procedures available on our Controller Channel will be processed on the basis of informed consent, legitimate interest of the data controller and compliance with legal obligations.

The purpose of processing will be the management and monitoring of potential communications and complaints under the conditions set out for the operation of the Controller Channel.

The data of any data subject, the person making the report or complaint, employees and third parties shall only be stored for the time necessary to decide whether any investigative action is necessary. In any case, the information provided shall be erased, ensuring its confidentiality when the legal periods for retention or custody of the evidence have elapsed.

No automated decisions will be made, and no profiling will be carried out in relation to the information and data collected.

The data may be disclosed to third parties where this is necessary for disciplinary measures or legal proceedings.

Any data subject may exercise their data protection rights in accordance with the terms set out in this Privacy Policy.

Users must be aware that the information and data provided are confidential and private.

  1. Work with us

Those interested in accessing job offers from the data controller can provide their details and professional information through various channels, but preferably via the “Work with us” section.

This data will be processed in accordance with these terms of privacy herewith for the purpose of managing applications for prospective employment offers from the controller entity and any affiliated companies or companies belonging to the same business organisation.

The processing will be carried out on the basis of the data subject’s informed consent or another valid legal basis.

The data provided, if they are not of professional interest to the entity or once they are no longer necessary for the purposes for which they were collected, will be deleted, ensuring their confidentiality.

Any data subject may revoke their consent and exercise their privacy rights under the terms set out in this privacy policy.