DATA PROTECTION POLICY

 

1. BASIC INFORMATION ON DATA PROTECTION

Controller CLECE, S.A.
Main Aim User Management and dealing with requests
Legitimacy Consent of the interested party.
Recipients Data shall be given to third parties to meet legal obligations or with prior consent.
Rights To Access, Rectify, and Delete Data and other rights as explained in the Data Protection policy – Additional Information.
Additional information Consult the Personal Data Protection Policy on the web site (Additional Information)

 

2. PERSONAL DATA PROTECTION (ADDITIONAL INFORMATION)

Updated GRPD version, 12/07/2018

 

DATA CONTROLLER

Identity: CLECE, S.A.

CIF:        A80364243

Postal Address: Salle de Quintanavides, 19 Bloque 4 – Planta 1 y 2  (28050 –Madrid)

Telephone: 917459100

Email: clece@grupoclece.com

Contact: Data Protection Officer (DPO): rgpd-clece@clece.es

 

PURPOSE

Data gathered through the web site is incorporated into files owned by the company for the following purposes:

  • Managing requests made through the web site whether using the contact facility or any other type of on line form or email request.
  • Sending newsletters and alerts through any channel, including electronic means (such as email, web notifications, SMS) and through the post regarding news, articles, activities, events, and competitions that may contain commercial information on products, services, offers and promotions relating to activities undertaken by the company.

In the event that you state you do not wish to receive commercial information in the future, your data (name, surname and email) shall be included in the exclusion file in order to avoid sending unwanted information.

  • Managing recruitment and selection for specific positions and maintaining the jobs pool.
  • Dealing with notifications received through Complaints Channel The security measures necessary to guarantee absolute confidentiality have been implemented.
  • Treatment of user data from social networks through corporate profiles.
  • Own and third party cookies based on preferences.

Replies to questions on personal data that appear in forms marked with an asterisk (*) are obligatory.

 

LEGITIMACY

  • Legitimate interest in the treatment of your data based on the response to your request, or request for, or offer of, information.
  • Consent of the interested party; sending commercial communications, communicating data to subsidiary companies, publishing data associated with the diffusion of activities (events, competitions).
  • You have the right to withdraw the consent granted at any time, without this affecting the legality of the treatment based on consent prior to its withdrawal.

 

DATA RETENTION

Retention periods for your data are determined in accordance with current legislation, regulations, or applicable legal provisions in force, or in any event:

  • For users that send requests and/or queries: within the time needed to attend to the same.
  • Communications concerning publicity and promotions: when the user requests deletion, except for data handled as part of commercial activities within the Exclusion Register.
  • The retention period for professional data from your curriculum that can be sent through media enabled by the web site shall be 5 years. Following this, the data will be destroyed.

Once the period established ends, or in those circumstances where the data is discarded during the current selection process, your data shall be stored for future recruitment purposes provided we have your consent, in which case you are responsible for maintaining and sending your updated details.

 

RECEIPIENTS

  • Data shall be provided to competent public entities in those cases where there is a legal requirement to do so.
  • Professional data from your curriculum may be communicated to subsidiary companies for the sole purpose of employment, provided we have your consent.
  • Management of the web site implies service providers may access your data in order to carry out Data Processing. Access shall be subject to all security measures necessary to safeguard and protect your information as regulated in the contract. Said provision shall at no time constitute a transfer of data.

 

EXERCISING YOUR RIGHTS

Those interested in doing so have the right to obtain information on whether the company is handling their personal data.

You have the right to request:

  • Access to your personal data.
  • Rectification of incorrect data.
  • Deletion of your data, when amongst other reasons, is not necessary for the purposes for which it was gathered.
  • Limiting the treatment of your data, in which case it is solely kept for the exercise or defence of claims.
  • Challenging the treatment of your data, in specific circumstances and for reasons related to their particular situation. The company shall cease handling the data, except for  imperative legitimate reasons or in exercising or defending possible claims.
  • Portability of data.
  • You have the right to withdraw the consent granted at any time, without this affecting the legality of the treatment based on your consent prior to its withdrawal.

Rights recognised under Regulation (UE)2016/679 may be exercised directly or through a legal or voluntary representative.

Your rights may be exercised through a request sent through computer systems using the email contact for the Data Protection Officer or sending/delivering your request to the address indicated above.

To obtain information on your rights you can visit:  https://www.aepd.es/reglamento/derechos/index.html

If you do not obtain satisfaction after exercising your rights, you can present a claim to the Spanish Data Protection Agency https://www.aepd.es/agencia/en-que-podemos-ayudarte.html

 

SECURITY LEVELS

The company has implemented measures and technical means that are available to you in order to avoid improper use, alteration, loss, unauthorised access or theft of the personal data you have provided.

HTTPS (Hyper Text Transfer Protocol Secure) appears in the URL address of this web page where it is protected by an SSL certificate that guarantees the secure send of data gathered through

subscription forms…. Details of the certificate, for example the issuing entity and the corporate name of the web site owner, can be seen by clicking on the padlock symbol on the navigation bar.

 

INTERNATIONAL DATA TRANSFER

Web hosting suppliers for the web site are service providers that may access your data for Data Processing purposes. As a rule, their servers must be located within the European Economic Space. If not, we always ensure that said suppliers are located in countries with an adequate level of data protection and that offer guarantees that comply with European legislation in data protection, and in particular, the GRPD.  For transfers to the US, we always work with suppliers who adhere to the Privacy Shield EU – EEUU.

 

SOCIAL NETWORKS

Our company has a presence across different media and social networks, such as: Facebook, Twitter, YouTube, Instagram, Linkedin. The possible treatment of social network user data that the controller undertakes shall as a maximum be the data handling the social network allows corporate profiles.

The company reminds you that you must understand the privacy policies of said media or social networks with which you are registered in order to avoid sharing information you do not wish to share.

Privacy configurations are available for managing accounts on social networks in order to manage privacy preferences, identity, publicity and other  contrary effects.

 

COOKIES

On our Web Site we use a technology called “cookies”. For more detailed information consult the Cookies Policy.

On viewing/accessing third party content, such as Youtube, through the web site, Vimeo, RRSS, you may have accepted the cookies on these web sites. These are not under our control.