Privacy Policy
1.- Responsible for the Treatment
- Company Name: IPSUM MONTAJES S.L.
- Registered Office: Avda. Nostián, Nº38, Nave 4. Meicende, 15008, A Coruña
- TAX ID: B70501895
- Telephone: 881 12 32 34
- Email: oficina@ipsummontajes.com
- Entity registered in the Mercantile Registry of A Coruña, Sheet C-55261, Volume 3601, Folio 24, Inscription 1ª.
2. Purposes and legal basis
In addition to the basic information on data protection provided through each of the data collection channels, additional information is provided below on the purposes, legal bases and other information on the following files or processing:
Clients
Personal data will be processed for the purpose of accounting, tax, administrative and collection management. Maintenance of the commercial relationship.
The legitimate basis is the execution of a contract to which the data subject is a party, as well as compliance with legal obligations (art. 6.1.c) RGPD).
Potential customers
The purpose of the data collection is the Study and remission of offer according to the customer’s needs. The legitimate basis is the application of pre-contractual measures.
Human Resources
The data will be processed for the purpose of managing the relationship with the staff, which involves fiscal and administrative accounting management, payroll management, training management; management of occupational risk prevention and time control, among others.
The legal basis that legitimizes the processing is the execution of a contract to which the data subject is a party (art. 6.1.b) RGPD), as well as compliance with legal obligations (art. 6.1.c) RGPD).
Curriculum Vitae Management
The data will be collected for the purpose of managing selection processes. The legitimate basis is the application of pre-contractual measures if the selection process is convened by the company, or consent if the delivery of the CV is voluntary and without prior notice.
Suppliers
The data will be processed for the purpose of managing the contractual relationship, which involves accounting, tax and administrative management and management of payment of services, among others. The legal basis that legitimizes this processing is the execution of a contract to which the data subject is a party (art. 6.1.b) RGPD), as well as compliance with legal obligations (art. 6.1.c) RGPD).
Professional contact data
Personal data will be processed for the Management and Development of commercial relations. The legitimizing basis is the legitimate interest of the Responsible.
Web users
Personal data will be processed for the purpose of managing contact requests, complaints, suggestions, claims. The legitimate basis is the consent of the person concerned.
Video surveillance
Personal data will be processed for the purpose of ensuring the security of property and persons. The legitimate basis is the public interest.
3. Transfer or communication of data
For the management of certain services offered by the entity, it is necessary to allow access to certain data to third party service providers contracted for this purpose. In this sense, the entity proceeds to the subscription of the respective contracts of processing manager necessary, and has given the necessary instructions to the various service providers or processors, to ensure the security and integrity of the data to which they have access on the occasion of the provision of the contracted service.
Apart from the above cases, your personal data will not be disclosed to third parties, except in the cases provided for by law, for example:
Customers, staff and suppliers.
The data may be communicated to the following groups of recipients:
- Public administrations: in case it is required by virtue of a regulation, for example,
- State Agency of Tax Administration, and other tax or other competent authorities, in order to comply with the obligations imposed by the legislation in force.
- Banking entities: for the management of the collection and payment of services.
4. Data retention period
In addition to the basic information on data protection provided through each of the data collection channels, additional information on the purposes and legitimate bases of the following files or processing is provided below:
-
Customers: the data will be kept until the end of the contractual relationship and will be kept, duly blocked, during the prescription periods of the responsibilities that may be enforceable (6 years).
-
Potential customers: the data will be kept for 1 year.
-
Personal: the data will be kept until the end of the contractual relationship and will be kept, duly blocked, for the period of limitation of any liabilities that may be due (5 years).
-
Curriculum Vitae: the data will be kept for 1 year.
-
Suppliers: the data will be kept until the end of the contractual relationship and will be kept, duly blocked, during the prescription periods of the responsibilities that may be enforceable (6 years).
-
Web users: data will be kept for as long as your request is processed (contact).
-
Professional contacts: the data will be kept for as long as the interested parties continue to work for the company with which they maintain commercial relations.
-
Video surveillance: the data will be kept for a period of 30 days, subject to the requirements of the competent authority.
5. Profiling and International Data Transfers
No profiling or international data transfers will take place.
6. Withdrawal of consent
In those cases where the processing of personal data is based on consent, the Parties concerned are informed of the right to withdraw their consent at any time, simply and free of charge, by writing to the address of the data controller or via the following e-mail address: oficina@ipsummontajes.com. The withdrawal of consent shall not affect the lawfulness of the processing based on the consent prior to its withdrawal.
7. Rights of data subjects
The data protection regulations grant a series of rights to the interested parties or data owners, these rights that assist the interested parties are the following:
Right of access: the right to obtain information on whether their own data is being processed, the purpose of the processing being carried out, the categories of data being processed, the recipients or categories of recipients, the retention period and the origin of such data.
Right of rectification: the right to obtain the rectification of inaccurate or incomplete personal data.
Right of deletion: the right to obtain the deletion of data in the following cases:
- When the data is no longer necessary for the purpose for which it was collected.
- When the owner of the data withdraws consent
- When the data subject objects to the processing
- When the data must be deleted in compliance with a legal obligation.
- When the data have been obtained by virtue of an information society service on the basis of the provisions of art. 8 para. 1 of the European Data Protection Regulation.
Right to object: the right to object to a specific processing operation based on the data subject’s consent.
Right of limitation: the right to obtain the limitation of data processing in the following cases:
- When the company no longer needs the data for the purposes for which they were collected, but the data subject needs them for the formulation, exercise or defense of claims.
- When the data subject has objected to the processing while it is being verified whether the legitimate reasons of the company prevail over those of the data subject.
Interested parties may exercise the rights indicated above by writing to the company at the following address: oficina@ipsummontajes.com, indicating in the subject line the right you wish to exercise, or if you prefer, send your request to the postal address of the company you are interested in.
In this regard, the entity will respond to your request as soon as possible and taking into account the deadlines set forth in the regulations on data protection. On the other hand, it should be noted that the data subject or owner of the data may at any time file a complaint with the Spanish Data Protection Agency www.aepd.es.
8. Security
The security measures adopted by the entity are those required in accordance with the provisions of Article 32 of the GDPR. In this sense, the entity, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing, as well as the risks of varying likelihood and severity to the rights and freedoms of natural persons, has established the appropriate technical and organizational measures to ensure the level of security appropriate to the existing risk.
In any case, the entity has implemented sufficient mechanisms to:
a) Guarantee the permanent confidentiality, integrity, availability and resilience of the processing systems and services.
b) Restore availability and access to personal data quickly in the event of a physical or technical incident.
c) Verify, evaluate and assess, on a regular basis, the effectiveness of the technical and organizational measures implemented to ensure the security of the processing.
d) Pseudonymize and encrypt personal data, if necessary.
9. Cookies
A cookie is a file or device that is downloaded to a user’s terminal equipment in order to store data that can be updated and retrieved by the entity responsible for its installation. In other words, it is a file that is downloaded to your computer when you access certain websites. For more information, see our Cookies Policy.