Privacy Policy

PRIVACY AND DATA PROTECTION POLICY

Pedro Clavería Garcia [hereinafter, Datos y Personas] reserves the right to modify this Policy in order to adapt it to new legislation, jurisprudential criteria, industry practices, or the interests of Datos y Personas. Any modification to the same will be announced with due notice, so that you are fully aware of its contents.

In order to provide you with certain services, it is necessary to manage your personal data. For these purposes, the same, will be incorporated into the corresponding processing activities of Data and Persons and will be processed for the specific purpose of each processing, in accordance, mainly, with the regulation established by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) and Organic Law 3/2018, of December 5, on the Protection of Personal Data and Guarantee of Digital Rights (LOPD-GDD).

  1. GENERAL INFORMATION

In the following, Datos y Personas informs, in general, about the privacy and personal data protection safeguards applied to the processing activities it carries out on the Portal and e-Office, as well as by other means:

  • Who is responsible for the processing of your personal data?

Data and People, is the Data Controller, with registered office for these purposes at
C/ María de Maeztu, 39, 28420, Parquelagos, Madrid.

Contact email info@datosypersonas.com

  • Why do we process your personal data?

The purpose of the collection and processing of personal data, through the different forms owned by Datos y Personas and made available to the Users, is to manage and respond to requests for information, doubts, complaints, compliments or suggestions regarding publications or any services or activities, acts or events provided, offered, sponsored and/or sponsored by Datos y Personas, as the case may be.

  • What is the legal basis that legitimizes the processing of your personal data? That is to say, what is the legal basis for us to process your personal data?

The legal basis that legitimates us to process your personal data are the following; (i) the consent given by you by signing or accepting the relevant forms, for one or more specific purposes (II) and, if applicable, the execution of a contract to which you are a party, as a contractor or successful bidder.

  • How long do we keep your personal data?

Your personal data will be kept by us for the corresponding period of time in order to maintain a record of attention and manage our services efficiently and the person concerned does not request its deletion. Even if deletion is requested, they will be kept blocked for the necessary time, and limiting their processing, only for one of the following reasons: to comply with legal/contractual obligations of any kind to which we are subject and/or during the legal periods provided for the prescription of any liabilities on our part and/or the exercise or defense of claims arising from the relationship maintained with the owner of the data.

  • Who should keep the data up to date?

On the other hand, in order that the data contained in our files, computer and/or paper, always correspond to reality, we will try to keep them updated. So that, for this purpose, the User must make the changes, directly, when so enabled or by communicating, by reliable means, to the corresponding area or department of Data and People.

  • Who may be assignees or recipients of your personal data?

Personal data will not be transferred or communicated to third parties, except in the cases necessary for the development, control and fulfillment of the purpose/s expressed, in the cases provided by law.

  • Personal data security

Data and People will adopt the appropriate technical and organizational measures in its information system, complying with the principle of proactive responsibility, in order to guarantee the security and confidentiality of the data stored, thus avoiding its alteration, loss, unauthorized processing or access; taking into account the state of the art, the costs of application, and the nature, scope, context and purposes of the processing, as well as risks of variable probability and severity associated with each of the processing.

  • What are your data protection rights and how can you exercise them?

You may exercise your rights of access, rectification, suppression, limitation, portability or, where appropriate, opposition. To this end, you must submit a written request to Datos y Personas C/ Maria de Maetzu, 39, 28420 - Madrid, or via this email: info@datosypersonas.com.

In the letter must specify which of these rights is requested to be satisfied and, in turn, must show or, in case of mailing, accompany the photocopy of the ID card or equivalent identification document. In case of acting through a representative, legal or voluntary, must also provide a document proving the representation and identification document of the same. Likewise, if you consider that your right to personal data protection has been violated, you may file a complaint with the Spanish Data Protection Agency (www.aepd.es).

More information about exercising your data protection rights is provided below:

  1. What are my rights?
  2. Who can exercise these rights against Datos y Personas?
  3. How and where can I exercise these rights?
  4. Additional information

What are my rights?

Data protection regulations allow you to exercise before the data controller, Datos y Personas, the rights of access, rectification, opposition, portability, erasure ("right to be forgotten"), limitation of processing and not to be subject to individualized decisions, in accordance with Regulation (EU) 2016/679, of the European Parliament and of the Council, of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter "GDPR") and Organic Law 3/2018, of 5 December, on the Protection of Personal Data and guarantee of digital rights (LOPD-GDD):

Right of access

You have the right to know:

  • Whether or not we are processing personal data concerning you.
  • The origin of your data, if not provided by you.
  • The purposes of the processing of your data.
  • The categories of data involved.
  • The recipients or categories of recipients to whom the personal data were or will be disclosed.
  • If possible, the expected retention period of the personal data (or, if not possible, the criteria used to determine this period).
  • The right to file a complaint with a supervisory authority.
  • If we make automated decisions - including profiling - using your personal data.

Right of rectification

  • You have the right to have your personal data rectified:
  • Completing them, if they are incomplete.
  • Updating or rectifying them, if for any reason they are no longer in accordance with the current reality or are inaccurate.
  • By exercising your right to rectification, we will ensure that all your personal data is accurate and complete.

Right to suppression

  • You have the right to have your personal data deleted when any of the following conditions apply:
  • Such data are no longer necessary for the purposes for which they were collected or processed.
  • You withdraw the consent on which we base the processing of your data and it cannot be based on any other basis of legitimacy.
  • You have successfully exercised your right to object to the processing of your data.
  • Personal data have been processed unlawfully.

 Right to limitation of processing

  • You have the right to obtain the limitation of the processing of your personal data (i.e. that we keep it without using it for the intended purposes).

Right of opposition

  • You will have the right to ask us to stop using your personal data, for example, where you believe that the personal data we hold about you may be incorrect or you believe that we no longer need to use it.

Right of portability

  • When the processing of your data is based on consent or is necessary for the performance of a contract or pre-contract and is carried out by automated means, you have the right to data portability, i.e. to have your data delivered to you in a structured, commonly used and machine-readable format, including forwarding it to a new controller, which is why Datos y Personas will facilitate the portability of your data to the new controller.

Who can exercise these rights against Datos y Personas?

You, as the data subject or holder of the personal data, acting on your own behalf and in your own right.

Through another person acting, duly accredited, as legal representative (e.g. when the holders of parental authority or guardianship act on behalf of a person under 14 years of age or when acting as legal representative of a person with functional diversity) or volunteer (person that you have freely and voluntarily granted powers of attorney for this purpose).

How and where can I exercise these rights?

By Postal Mail

You can send your letter to the following postal address: C/ Maria Maetzu, 39 - 28420 Parquelagos, Madrid.

By internet

You can submit the letter by sending an e-mail to the following address info@datosypersonas.com.

In both cases, you must:

  • Provide sufficient data and information to meet the request. For this purpose, you can use the model forms available from the Spanish Data Protection Agency https://www.aepd.es/es/derechos-y-deberes/conoce-tus-derechos
  • Sign the form by handwriting or, if applicable, and if you have a recognized digital certificate, sign it electronically.
  • Attach a photocopy of ID card, passport, NIE or other equivalent identification document. In case of acting on behalf of a third party, a copy of your ID card or equivalent identification document must also be included, as well as the document proving the representation of the interested party.
  • Send the form and documents proving your identity by any of the above-mentioned means.

Additional information

Data and Persons will analyze whether or not the petition is in accordance with the law. It will inform the petitioner of the decision adopted, proceeding accordingly: if it is upheld, it will adopt the appropriate measures according to the right exercised; if it is rejected, it will indicate the system of appeals provided for by law. In the event that the requests are manifestly unfounded or excessive (e.g., repetitive nature) Datos y Personas may: (i) Charge a fee proportional to the administrative costs incurred (ii) Refuse to act.

For further information or clarification about your rights regarding the protection of personal data, please send a letter to the following e-mail address info@datosypersonas.com.

  1. ADDITIONAL INFORMATION DATA PROTECTION 
  • Video surveillance in buildings and facilities

In order to guarantee the security of goods, facilities and premises, as well as of the people who work in or access them, Datos y Personas informs that it has installed surveillance cameras or video cameras. This is a measure of anticipation and prevention against possible risks, dangers or infractions affecting people, goods and facilities.

The images captured by video surveillance systems are processed by Datos y Personas as the data controller.

The lawfulness of the processing is based on Article 6(1)(F) of the GDPR: the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, provided that such interests are not overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the data subject is a child.

The images (personal data) will be kept for a maximum period of one month, unless they must be blocked to be made available to the competent public authorities, in case of having captured illicit or irregular facts.

Thus, the images may be transferred, if necessary, to Security Forces and Corps, as well as to Courts or Tribunals.

  • Candidates - CV

Your data is processed by Datos y Personas as the data controller.

The purpose of the processing of your curricular data is to carry out the personnel selection processes in our organization.

The lawfulness of the processing is based on Article 6.1.a) of the GDPR: the data subject consented to the processing of his or her personal data for one or more specific purposes.

The Curriculum Vitae will be kept for a maximum period of one year, as long as the applicant has not revoked the consent given.

Your data will not be disclosed or communicated to third parties.

  • Customers

Your data is processed by Datos y Personas as the data controller.

Your personal data will be used for the purpose of maintaining relations of any kind with our customers as a result of the contractual relationship that we maintain, especially with regard to economic, administrative and fiscal management, quality, and personalized attention necessary to comply with the contractual relationship.

The lawfulness of the processing is based on Article 6.1.b) of the GDPR: the processing is necessary for the performance of a contract to which the data subject is party or for the implementation at the request of the data subject of pre-contractual measures and 6.1c) the processing is necessary for compliance with a legal obligation applicable to the controller.

Your personal data will be kept for the duration of the established relationship and once it has ended, it will be kept in accordance with the legal retention periods for economic and fiscal matters, which, depending on the type of document, can range from a minimum of 4 years to a maximum of 10 years.

  • Suppliers

The personal data of the signatory of the contract, as well as of the persons who participate or are in contact on the occasion of the provision of the service, will be processed by Datos y Personas, in its capacity as Data Controller.

The legal basis that legitimizes the processing of data is the contractual relationship, for the formalization and execution of the same.

The purpose of the treatment is to maintain the contractual relationship, in the economic and technical aspects derived, as well as the development and control of the contracted service/s and, where appropriate, remission of information on incidents related to them.

The data will not be disclosed to third parties, unless they are communicated to public or private entities, to which it is necessary or mandatory to transfer them in order to manage the contractual relationship, as well as in the cases provided for by law.

The data will be kept for the time necessary to fulfill the purpose for which they were collected and to determine the possible responsibilities that may arise from that purpose and the processing of the data and may be required by the competent public authorities (Tax Agency, Courts or Tribunals).

  • Social networks

Datos y Personas has different profiles in social networks to publicize its activities and interact with users. The users of said social networks who voluntarily decide to follow or become friends of Datos y Personas, express their consent to the processing of their personal data related to their profile in order to interact in the social network. Datos y Personas does not collect data from social networks for purposes other than those mentioned above. The use of social networks involves an international transfer of data for the provision of the service. This communication is made on the basis of the adoption by the social network of standard contractual clauses, in accordance with Decision 2010/87 of the European Commission. You can stop following or being a friend of Datos y Personas at any time.

The user must respect the rights of third parties, especially the rights of privacy and data protection, as well as intellectual and industrial property regulations, in all information published on the Datos y Personas website. It is forbidden to publish information that in any way violates morality, public order, fundamental rights, public freedoms, with special attention to the honor, privacy or image of third parties and, in general, human rights. The user shall be solely responsible for the information he/she publishes.

We recommend you review the privacy settings of the social network and attach a link to the different privacy policies:

Twitter: https://twitter.com/es/privacy

Facebook: https://es-es.facebook.com/privacy/explanation

  • E-mail address

The personal data that we process as a result of the reception and/or exchange of e-mails, will be processed in order to attend and respond to your request for information or consultation, to maintain commercial or professional contacts and relationships that occur as a result of the same, or for the maintenance of a contractual relationship, if any.

We also inform you that this company uses devices to track the activity of the recipients, in order to monitor the opening of emails and clicking on the links contained in the emails and collect information such as IP address, browser, type of email client and similar details, in order to prepare with the information collected campaign tracking reports, as well as to improve the effectiveness of Mailchimp and Sendinblue services. For more information you can consult the Mailchimp Policy: https://mailchimp.com/legal/privacy/

2023 - Data and People