DATA PROTECTION POLICY

1. BASIC INFORMATION ON DATA PROTECTION

Controller CLECE, S.A.
Main Aim User Management and dealing with requests
Legitimacy Consent of the interested party.
Recipients Data shall be given to third parties to meet legal obligations or with prior consent.
Rights To Access, Rectify, and Delete Data and other rights as explained in the Data Protection policy – Additional Information.
Additional information Consult the Personal Data Protection Policy on the web site (Additional Information)

 

2. PERSONAL DATA PROTECTION (ADDITIONAL INFORMATION)

Updated GRPD version, 01/09/2022

 

DATA CONTROLLER

Identity: CLECE, S.A.

CIF:  A80364243

Postal Address: Salle de Quintanavides, 19 Bloque 4 – Planta 1 y 2  (28050 –Madrid)

Telephone: 917459100

Email: clece@grupoclece.com

Contact: Data Protection Officer (DPO): rgpd-clece@clece.es
 

PURPOSE

Data gathered through the web site is incorporated into files owned by the company for the following purposes:

  • Managing requests made through the web site whether using the contact facility or any other type of on line form or email request.
  • Sending newsletters and alerts through any channel, including electronic means (such as email, web notifications, SMS) and through the post regarding news, articles, activities, events, and competitions that may contain commercial information on products, services, offers and promotions relating to activities undertaken by the company.
  • In the event that you state you do not wish to receive commercial information in the future, your data (name, surname and email) shall be included in the exclusion file in order to avoid sending unwanted information.
  • Managing recruitment and selection for specific positions and maintaining the jobs pool.
  • Ethics Channel: Dealing with communications received through the various media or channels made available, such as the email address on the company’s website, telephone (24/7) and the web platform managed by the contracted data processor, with the guarantee of maintaining the sender’s absolute confidentiality and that no reprisals of any kind will be taken for acting in good faith.
  • Treatment of user data from social networks through corporate profiles.
  • Own and third party cookies based on preferences.

Replies to questions on personal data that appear in forms marked with an asterisk (*) are obligatory.
 

LEGITIMACY

  • Legitimate interest in the treatment of your data based on the response to your request, or request for, or offer of, information.
  • Consent of the interested party; sending commercial communications, communicating data to subsidiary companies, publishing data associated with the diffusion of activities (events, competitions).
  • You have the right to withdraw the consent granted at any time, without this affecting the legality of the treatment based on consent prior to its withdrawal.
  • Public interest (Ethics channel): The communications channel (Ethics channel) is based on the existence of a public interest, in the terms established in article 6.1.e) of the General Data Protection Regulation, on detecting and preventing complaints and the corresponding prevention of damages and risks of liability to CLECE and as defined in article 24 of Organic Law 3/2018.

 

DATA RETENTION

Retention periods for your data are determined in accordance with current legislation, regulations, or applicable legal provisions in force, or in any event:

  • For users that send requests and/or queries: within the time needed to attend to the same.
  • Communications concerning publicity and promotions: when the user requests deletion, except for data handled as part of commercial activities within the Exclusion Register.
  • The retention period for professional data from your curriculum that can be sent through media enabled by the web site shall be 5 years. Following this, the data will be destroyed.
  • Once the period established ends, or in those circumstances where the data is discarded during the current selection process, your data shall be stored for future recruitment purposes provided we have your consent, in which case you are responsible for maintaining and sending your updated details.
  • Ethics Channel: Will be held in the complaints reception system solely for the length of time needed to ascertain the facts reported. In any event, the information must be removed from the system three months after it was entered. However, it may be processed outside of the system to investigate the facts reported for as long as is necessary until such time as the matter is concluded. Once the investigation of the communication has concluded and any appropriate actions have been taken, the data pertaining to said complaints that have been processed will be held and duly blocked in compliance with any applicable legal obligations. If the decision is made not to take the complaint filed any further, the information may be held in said system in anonymised form.

 

RECEIPIENTS

  • Data shall be provided to competent public entities in those cases where there is a legal requirement to do so.
  • The professional information on your CV may be shared with subsidiary companies for employment purposes only, provided that we have your consent to do so.
  • Management of the web site implies service providers may access your data in order to carry out Data Processing. Access shall be subject to all security measures necessary to safeguard and protect your information as regulated in the contract. Said provision shall at no time constitute a transfer of data.

 

EXERCISING YOUR RIGHTS

Those interested in doing so have the right to obtain information on whether the company is handling their personal data.

You have the right to request:

  • Access to your personal data.
  • Rectification of incorrect data.
  • Deletion of your data, when amongst other reasons, is not necessary for the purposes for which it was gathered.
  • Limiting the treatment of your data, in which case it is solely kept for the exercise or defence of claims.
  • Challenging the treatment of your data, in specific circumstances and for reasons related to their particular situation. The company shall cease handling the data, except for  imperative legitimate reasons or in exercising or defending possible claims.
  • Portability of data.
  • You have the right to withdraw the consent granted at any time, without this affecting the legality of the treatment based on your consent prior to its withdrawal.

Rights recognised under Regulation (UE)2016/679 may be exercised directly or through a legal or voluntary representative.

Your rights may be exercised through a request sent through computer systems using the email contact for the Data Protection Officer or sending/delivering your request to the address indicated above.

To obtain information on your rights you can visit:  https://www.aepd.es/reglamento/derechos/index.html

If you do not obtain satisfaction after exercising your rights, you can present a claim to the Spanish Data Protection Agency https://www.aepd.es/agencia/en-que-podemos-ayudarte.html
 

SECURITY LEVELS

The company has implemented measures and technical means that are available to you in order to avoid improper use, alteration, loss, unauthorised access or theft of the personal data you have provided.

HTTPS (Hyper Text Transfer Protocol Secure) appears in the URL address of this web page where it is protected by an SSL certificate that guarantees the secure send of data gathered through

subscription forms…. Details of the certificate, for example the issuing entity and the corporate name of the web site owner, can be seen by clicking on the padlock symbol on the navigation bar.
 

INTERNATIONAL DATA TRANSFER

Web hosting suppliers for the web site are service providers that may access your data for Data Processing purposes. As a rule, their servers must be located within the European Economic Space. If not, we always ensure that said suppliers are located in countries with an adequate level of data protection and that offer guarantees that comply with European legislation in data protection, and in particular, the GRPD.  For transfers to the US, we always work with suppliers who adhere to the Privacy Shield EU – EEUU.
 

SOCIAL NETWORKS

Suppliers that provide their services (accommodation, platforms, software) may access your data as part of their data processing agreement. As standard, their servers must be located within the European Economic Area, and for any providers located elsewhere, we ensure that they are in countries with an appropriate level of protection or provide guarantees of compliance with European standards on matters of data protection in general, and GDPR in particular.
 

COOKIES

On our Web Site we use a technology called “cookies”. For more detailed information consult the Cookies Policy

On viewing/accessing third party content, such as Youtube, through the web site, Vimeo, RRSS, you may have accepted the cookies on these web sites. These are not under our control.