DATA CONTROLLER
The Data Controller is HILADOS BENISAIDO, SL, Avda. Francisco Vitoria Laporta, 4, 03830, Muro de Alcoy (ALICANTE).
Privacy Principles From HILADOS BENISAIDO, SL we are committed to working with you continuously to ensure privacy in the processing of your personal data, and to offer you at all times the most complete and clear information we can. We encourage you to read this section carefully before providing us with your personal data.
If you are under fourteen years of age, please do not provide us with your data without your parents’ consent. In this section we inform you about how we handle the data of people who have a relationship with our organisation. Starting with our principles:
- We do not ask for personal information, unless it is necessary to provide you with the services you request from us.
- We never share personal information with anyone, except to comply with the law, or with your express permission.
- We will never use your personal information for purposes other than those stated in this privacy policy.
- Your data will always be treated with a level of protection appropriate to the legislation on data protection, and will not be subject to automated decisions.
We have drafted this privacy policy taking into account the requirements of current data protection legislation current data protection legislation:
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals (GDPR).
on the protection of natural persons (GDPR). - Organic Law 3/2018, of 5 December, on the Protection of Personal Data and Guarantee of Digital Rights (LOPD).
of Digital Rights (LOPD). - Royal Decree 1720/2007, of 21 December (RLOPD).
This privacy policy is dated 6 December 2018.
On the occasion of the modification of processing criteria, in order to make it easier to understand or to adapt it to current legislation, we may modify this privacy policy. We will update the date of the same, so that you can check its validity.
Treatments we carry out
TREATMENT OF EMPLOYEES
Legal Basis: GDPR: 6.1.b) Processing necessary for the performance of a contract to which the data subject is party or for the data subject is a party to or for the implementation of pre-contractual measures at his or her request.
RGPD: 6.1.c) Processing necessary for compliance with a legal obligation applicable to the data controller.
Royal Legislative Decree 2/2015, of 23 October, approving the consolidated text of the Law on the Workers’ Statute.
Purposes of processing:
- Management of contracted personnel.
- Personal file. Time and attendance. Training. Pension plans. Prevention of occupational risks at work.
- Issuance of personnel payroll.
- Management of trade union activity.
Collective: Employees
Data categories: Name and surname, DNI/CIF/identifying document, personnel register number, Social Security/Mutuality number, address, signature and telephone number.
Special categories of data: health data (sick leave, occupational accidents and degree of disability, not including diagnoses), trade union membership, for the sole purpose of payment of trade union dues (if applicable), trade union representative (if applicable), own and third party proof of attendance.
Data on personal characteristics: Sex, marital status, nationality, age, date and place of birth and family data.
Data on family circumstances: Date of registration and leave, licences, permits and authorisations.
Academic and professional data: Qualifications, training and professional experience.
Details of employment and administrative career. Incompatibilities.
Time and attendance data: date/time of arrival and departure, reason for absence.
Economic-financial data: economic data of payroll, credits, loans, guarantees, tax deductions, cancellation of credits corresponding to the previous job (if applicable), judicial deductions (if applicable), other deductions (if applicable). Bank details. Categories of Recipients:
– Entity entrusted with the management of occupational risks.
– General Treasury of the Social Security.
– Trade union organisations.
– Financial institutions.
– State Tax Administration Agency.
– Main contractors to whom we provide services as subcontractors.
- International Transfers: No international transfers of the data are foreseen.
- Period of Deletion: Data will be kept for the time necessary to comply with the purpose for which they were for which they were collected and to determine any possible liabilities that may arise from this purpose and the processing of the data. said purpose and the processing of the data.
The financial data of this processing activity will be kept in accordance with the provisions of Law 58/2003 of 17 December 2003 on General Taxation.
Security Measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.
General Data Protection Regulation.
CONTACT TREATMENT
Legal Basis: Consent of the data subject
Purpose of Processing: To process your request, send you information and follow up on your request.
request.
Group: Contact persons, customers, suppliers.
Data categories: Name and surname, phone number, email address
Categories of recipients: No transfer of data to third parties is envisaged.
International Transfers: No international transfers of data are foreseen.
Period of deletion: Contact data will be kept for an indefinite period of time, or until the data subject requests its deletion.
Security measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.
CARE TREATMENT RIGHTS OF PERSONS (ARCO)
Legal basis: GDPR: 6.1.c) Processing necessary for compliance with a legal obligation applicable to the controller.
General Data Protection Regulation.
Purposes of the Processing: To deal with requests in the exercise of the rights established in the General Data Protection Regulation: Right of access, recification, deletion, limitation, portability and opposition to automated decision-making.
Group: Individuals who request it (employees, customers, suppliers, contact persons).
Data categories: Name and surname, address, signature and telephone number.
Categories of recipients: Personal data may be communicated to the Supervisory Authority (Spanish Data Protection Agency) in the context of an investigation for the protection of rights initiated by the data subject.
International Transfers: No international transfers of the data are foreseen.
Deletion period: Data will be kept for a period of five years from the time of the request.
Security measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.
SUPPLIER PROCESSING
Legal basis: GDPR: 6.1.b) Processing necessary for the performance of a contract to which the data subject is party or for the implementation at the data subject’s request of pre-contractual measures.
GDPR: 6.1.c) Processing necessary for compliance with a legal obligation applicable to the controller.
Royal Legislative Decree 2/2015, of 23 October, approving the revised text of the Workers’ Statute Law.
Law 58/2003, of 17 December, General Taxation.
Purposes of processing: Acquisition of products and/or services that we need for the development of our activity.
of our activity.
Control of subcontractors, if applicable.
Collective::
– Suppliers.
– People who work for our suppliers.
Data categories:
– Name and surname, ID card, address, signature and telephone number.
telephone number.
– Details of employment: job position. Training in occupational safety.
– Financial and insurance details: Bank details.
Categories of Recipients:
– Financial institutions (payment of invoices).
– State Tax Administration Agency.
International Transfers: No international transfers of data are foreseen.
Deletion period: They will be kept for the time necessary to comply with the purpose for which they were collected and to determine the possible liabilities that may arise from this purpose and from the processing of the data, in accordance with Law 58/2003, of 17 December, General Taxation.
Security measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.
CUSTOMER TREATMENT.
Legal basis: GDPR: 6.1.a) The data subject consented to the processing of his or her personal data for one or more specific purposes.
GDPR: 6.1.b) Processing necessary for the performance of a contract to which the data subject is party or for the implementation at the data subject’s request of pre-contractual measures.
GDPR: 6.1.c) Processing necessary for compliance with a legal obligation applicable to the controller.
GDPR: 6.1.f) Processing necessary for the purposes of the legitimate interests of the controller.
Royal Legislative Decree 2/2015, of 23 October, approving the revised text of the Workers’ Statute Law.
Law 58/2003, of 17 December, General Taxation.
Purpose of processing: Supply of our products / services.
Target group: Customers
Categories of data:
– Name and surname, DNI/NIF/ID card/identifying document, address, signature and telephone number.
– Economic, financial and insurance data: Bank details.
Target Categories:
– Financial institutions.
– State Tax Administration Agency.
International Transfers: No international transfers of the data are foreseen.
Period of Deletion: They will be kept for the time necessary to comply with the purpose for which they were collected and to determine the possible liabilities that may arise from this purpose and from the processing of the data, in accordance with Law 58/2003, of 17 December, General Taxation.
Security measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection General Data Protection Regulation.
SECURITY BREACH NOTIFICATION PROCESSING
Legal Basis: GDPR: 6.1.c) Processing necessary for compliance with a legal obligation
applicable to the data controller.
General Data Protection Regulation. Articles 33 and 34
Purposes of Processing: Management and evaluation of security breaches that occur in our organisation.
our organisation.
Collective: Variable: Employees, Customers, Suppliers, Contact Persons (depending on the security breach).
Data Categories: Variable (will depend on the security breach).
Categories of Recipients:
– Spanish Data Protection Agency.
– State Security Forces and Corps.
International Transfers: No international transfers of data are foreseen.
Period of Deletion: They will be kept for the time necessary to fulfil the purpose for which they were collected and to determine the possible responsibilities that may arise from this purpose and from the processing of the data. The provisions of the regulations on archives and documentation shall be applicable. archives and documentation.
Security measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.
VIDEO SURVEILLANCE PROCESSING
Legal Basis: GDPR: 6.1.c) the processing is necessary for the purposes of the legitimate interests
pursued by the controller or by a third party.
Organic Law 2/1986 of 13 March 1986 on Security Forces and Corps.
Purposes of the processing: To ensure the security of persons, goods and facilities and labour control.
control.
Collective: Workers, customers and suppliers, users.
Categories of data: Image
Categories of recipients: The recordings may be communicated to the Security Forces and Corps, and to the Courts and Tribunals, in the event of a request from these, or in the event that they serve as evidence of the commission of crimes or infractions.
International Transfers: No international transfers of data are foreseen.
Time limit for deletion: No more than one month, except in the case of notification to the Security Forces and Corps or/and Courts and
Security Forces and/or Courts and Tribunals.
Security measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.
YOUR RIGHTS
- You have the right to ask us for a copy of your personal data, to rectify inaccurate data or to complete if incomplete, or, if necessary, to delete it, when it is no longer necessary for the purposes for which it was collected.
You also have the right to limit the processing of your personal data and to obtain your personal data in a structured and readable format. - You can object to the processing of your personal data in certain circumstances (in particular, where we do not need to process it in order to comply with a contractual or other legal requirement, or where the purpose of the processing is direct marketing).
- Where you have given us your consent, you may withdraw your consent at any time. We will then stop processing your data or, as the case may be, we will stop processing it for that particular purpose. If you decide to withdraw your consent, this will not affect any processing that has taken place while your consent was in place.
- These rights may be limited, for example, if we need to disclose information about another person in order to fulfill your request, or if you ask us to delete certain records that we are required to keep because of a legal obligation or a legitimate interest, such as to defend against a claim. Or even in cases where the right to freedom of expression and information must prevail.
- You can contact us by any of the means indicated in the Data Controller section of this privacy policy, providing a copy of a document that proves your identity (usually your National Identity Card).
- Another of your rights is the right not to be subject to a decision based solely on automated processing, including profiling that produces legal effects or affects you.
- In the event of any breach of your rights, for example, if we do not comply with your request, you have the right to lodge a complaint with the data protection supervisory authority. This may be the one in your country (if you live outside Spain) or the Spanish Data Protection Agency (if you live in Spain).
Links to third party websites.
Our website may, from time to time, contain links to other websites. It is your responsibility to ensure that you read the data protection policy and legal terms and conditions that apply to each site.
Data of third parties.
If you provide us with data of third parties, you are responsible for informing them in advance in accordance with Article 14 of the GDPR.