Política de privacidad

Privacy policy

PRIVACY POLICY

DATA CONTROLLER

The Data Controller is THE FLOW LAB, SL, C/ Susana Llaneras, N 47, 03001, Alicante (ALICANTE), Spain.

Privacy Principles

THE SARAO FACTORY S.L.U. is committed to working with you continuously to guarantee the privacy in the processing of your personal data, as well as to offer you the most complete and clear information possible at all times. Please read this section carefully before providing us with your personal data.

If you are under fourteen years of age, please do not provide us with your details without parental consent.

In this section we will explain how we process the data belonging people who have a relationship with our organisation. Our principles are indicated as follows:

– We do not request personal data unless it is necessary to provide you with the services requested.

– We never share personal data with anyone, except to comply with the law or with your express consent.

– We will never use your personal data for purposes other than those stated in this Privacy Policy.

– Your data will always be treated with a level of protection compliant with data protection legislation and will not be subject to automated decisions.

This Privacy Policy has been drafted taking into account the requirements of current data protection legislation:

– Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27th April 2016, on the protection of natural persons (GDPR).

– Spanish Organic Law 3/2018, of 5th December, on the Protection of Personal Data and Guarantee of Digital Rights (LOPD).

– Spanish Royal Decree 1720/2007, of 21st December (RLOPD).

This Privacy Policy is dated 6th December 2018.

Due to the modification of processing criteria, in order to make it easier to understand or to adapt it to current legislation, we may modify this Privacy Policy. We will update the date of the same, so that you can check its validity.

Data Processing

PROCEESSING OF DATA BELONGING TO DATA SUBJECTS’ EXERCISING THEIR RIGHTS (ACCESS, RECTIFICATION, CANCELLATION AND OPPOSITION)

Legal basis: GDPR: 6.1. c) Processing is necessary for compliance with a legal obligation to which the controller is subject. General Data Protection Regulation.

Purposes of the processing: To respond to requests in the exercise of the rights established in the General Data Protection Regulation: Rights of access, rectification, erasure, limitation, portability and opposition to automated decision-making.

Group: Individuals requesting to exercise their rights (employees, customers, suppliers, contact persons)

Data categories: Name and surname(s), address, signature and telephone number.

Recipient categories: Personal data may be communicated to the supervisory authority (Spanish Data Protection Agency) in the context of an investigation for the protection of rights initiated by the data subject.

International transfers: No international data transfers are foreseen.

Erasure period: Data will be held for a period of five years from the request.

Security measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.

PROCESSING OF RECRUITMENT PROCESS CANDIDATES’ DATA (HR)

Legal basis: GDPR: 6.1. a) The data subject has given consent to the processing of his or her personal data for one or more specific purposes. GRDP: 6.1. b) Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

Purposes of the processing: Staff recruitment and job vacancies.

Group: Candidates subject to recruitment procedures for job vacancies.

Data categories: Name and surname(s), DNI (Spanish national ID number)/CIF (Spanish corporate tax ID code)/ID document, personal registration number, address, signature and telephone number. – Personal information: gender, marital status, nationality, age, date and place of birth, family information. – Academic and professional information: Degrees, training and professional experience. – Detailed employment information.

Recipient categories: No transfers to third parties are foreseen.

International transfers: No international data transfers are foreseen.

Erasure period: Data will be held for the time necessary to fulfil the purpose for which they were collected and to determine the possible responsibilities that may arise from this purpose and from the data processing.

Security measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.

PROCESSING OF SUPPLIERS’ DATA

Legal basis: GRDP: 6.1. b) Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. GDPR: 6.1. c) Processing is necessary for compliance with a legal obligation to which the controller is subject. Spanish Royal Legislative Decree 2/2015, of 23rd October, approving the consolidated text of the Spanish Workers’ Statute Law. Spanish Law 58/2003, of 17th December, on General Taxation.

Purposes of the processing:

– Acquisition of products and/or services required to carry out our activity.

– Control of sub-contractors, where applicable.

Group: 

– Suppliers.

– Our suppliers’ employees.

Data categories:

– Name and surname(s), DNI (Spanish national ID number)/NIF (Spanish corporate tax ID number)/ID document, address, signature and telephone number.

– Detailed employment information: job post. Occupational safety training.

– Economic-financial and insurance information: bank details.

Recipient categories:

– Financial entities (payment of invoices).

– State Tax Authority.

International transfers: No international data transfers are foreseen.

Erasure period: Data will be held for the time necessary to fulfil the purpose for which they were collected and to determine the possible responsibilities that may arise from this purpose and from the data processing, pursuant to Spanish Law 58/2003, of 17th December, on General Taxation.

Security measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.

PROCESSING OF CUSTOMERS’ DATA

Legal basis: GDPR: 6.1. a) The data subject has given consent to the processing of his or her personal data for one or more specific purposes. GRDP: 6.1. b) Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. GDPR: 6.1. c) Processing is necessary for compliance with a legal obligation to which the controller is subject. GDPR: 6.1.f) Processing is necessary for the purposes of the legitimate interests pursued by the controller.

Spanish Royal Legislative Decree 2/2015, of 23rd October, approving the consolidated text of the Spanish Workers’ Statute Law. Spanish Law 58/2003, of 17th December, on General Taxation.

Purposes of the processing: Supply of our products/services.

Group: Customers.

Data categories:

– Name and surname(s), DNI (Spanish national ID number)/NIF (Spanish corporate tax ID number)/ID document, address, signature and telephone number.

– Economic-financial and insurance information: bank details.

Recipient categories:

– Financial entities.

– State Tax Authority.

International transfers: No international data transfers are foreseen.

Erasure period: Data will be held for the time necessary to fulfil the purpose for which they were collected and to determine the possible responsibilities that may arise from this purpose and from the data processing, pursuant to Spanish Law 58/2003, of 17th December, on General Taxation.

Security measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.

PROCESSING OF EMPLOYEES’ DATA

Legal basis: GDPR: 6.1. b) Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. GDPR: 6.1. c) Processing is necessary for compliance with a legal obligation to which the controller is subject. Spanish Royal Legislative Decree 2/2015, of 23rd October, approving the consolidated text of the Spanish Workers’ Statute Law.

Purposes of the processing:

– Management of staff recruited.

– Personal file. Time control. Training. Pension plans. Occupational hazard prevention.

– Issuance of employee pay slip.

– Management of trade union activity.

Group: Employees.

Data categories:

– Name and surname(s), DNI (Spanish national ID number)/CIF (Spanish corporate tax ID code)/ID document, personal registration number, Social Security/Mutual Insurance number, address, signature and telephone number.

– Special data categories: health data (health data (sick leave, occupational accidents and degree of disability, not including diagnoses), trade union membership, for the sole purpose of payment of trade union fees (where applicable), trade union representative (where applicable), own and third-party attendance records.

– Personal characteristic information: gender, marital status, nationality, age, date and place of birth, family information. Family circumstances: Date of registration and withdrawal, licences, permits and authorisations.

– Academic and professional information: Degrees, training and professional experience.

– Employment and administrative career information. Incompatibilities.

– Time and attendance information: date/time of arrival and departure, reason for absence.

– Financial information: Pay slip, credits, loans, guarantees, tax deductions, leave of absence from previous job (if applicable), judicial deductions (if applicable), other deductions (if applicable). Bank details.

Recipient categories:

– Entity entrusted with the management of occupational hazards.

– General Treasury of Social Security.

– Trade unions.

– Spanish State Tax Authority.

– Prime contractors to whom we provide services as sub-contractors.

International transfers: No international data transfers are foreseen.

Erasure period: Data will be held for the time necessary to fulfil the purpose for which they were collected and to determine the possible responsibilities that may arise from this purpose and from the data processing. The financial data of this processing activity will be held pursuant to the provisions of Law 58/2003, of 17th December, on General Taxation.

Security measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.

PROCESSING OF CONTACTS’ DATA

Legal basis: Data subject’s consent.

Purposes of the processing: To respond to requests, send information and monitor requests.

Group: Contact persons, customers, suppliers.

Data categories: Name and surname(s), telephone number, email address.

Recipient categories: No transfers to third parties are foreseen.

International transfers: No international data transfers are foreseen.

Erasure period: Contact details will be held indefinitely, or until the data subject requests the erasure of such data.

Security measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.

PROCESSING OF NOTIFICATIONS OF SECURITY BREACHES

Legal basis: GDPR: 6.1.c) Processing is necessary for compliance with a legal obligation to which the controller is subject. General Data Protection Regulation. Articles 33 and 34.

Purposes of the processing: Management and evaluation of security breaches that occur in our organisation.

Group: May vary: Employees, Customers, Suppliers, Contact Persons (depends on the security breach)

Recipient categories: Spanish Data Protection Agency – Spanish State Security Forces and Corps.

International transfers: No international data transfers are foreseen.

Erasure period: Data will be held for the time necessary to fulfil the purpose for which they were collected and to determine the possible responsibilities that may arise from this purpose and from the data processing. The provisions of the archive and documentation regulations will apply.

Security measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.

YOUR RIGHTS

You have the right to request a copy of your personal data from us, to rectify inaccurate data or to complete, if incomplete, or delete data if it is no longer necessary for the purposes for which it was collected.

You also have the right to limit the processing of your personal data and to obtain your personal data in a structured and readable format.

You can object to the processing of your personal data in certain circumstances (in particular, where we do not need to process it in order to comply with a contractual or other legal requirement, or where the purpose of the processing is direct marketing).

Once you have given us your consent, you may withdraw your consent at any time. We will then stop processing your data or, where applicable, we will stop processing it for that particular purpose. If you decide to withdraw your consent, this will not affect any processing that has taken place while your consent was in place.

These rights may be limited, for example, if in order to comply with your request we have to disclose information about another person, or if you ask us to delete certain records that we are required to keep by law or for a legitimate interest, such as the exercise of a defence to a claim. Or even in cases in which the right to freedom of expression and information must prevail.

You can contact us by any of the means indicated in the Data Controller section of this Privacy Policy, providing a copy of a document that proves your identity (normally your Spanish DNI, national ID card). The easiest way to exercise your rights is by accessing our RIGHTS PORTAL.

You also have the right to refuse to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or affects you.

In the event of any breach of your rights, for example, if we have not complied with your request, you have the right to file a complaint before the Data Protection Supervisory Authority. This may be the one in your country (if you live outside Spain) or the Spanish Data Protection Agency (if you live in Spain).

Links to third-party websites.

Our website may sometimes contain links to other websites. It is your responsibility to ensure that you read the data protection policy and legal terms and conditions applicable to each website.

Third-party data.

If you provide us with data belonging to third parties, you must inform them in advance in accordance with Article 14 of the GDPR.

HELLO, HOW CAN WE HELP YOU?

THE SARAO FACTORY

WILL YOU JOIN THE SARAO?

Legal notice | Cookies Policy | Privacy Policy | Data protection | Chain of custody policy | Quality policy
©2024, THE SARAO FACTORY. ALL RIGHTS RESERVED.

HELLO, HOW CAN WE HELP YOU?

THE SARAO FACTORY

WILL YOU JOIN THE SARAO?

Take it easy, send your CV to:
talento@thesaraofactory.com
Linkedin

Legal notice | Cookies Policy | Privacy Policy | Data protection | Chain of custody policy | Quality policy
©2024, THE SARAO FACTORY. ALL RIGHTS RESERVED.

THE SARAO FACTORY SL ha sido beneficiaria de Fondos Europeos, cuyo objetivo es el refuerzo del crecimiento sostenible y la competitividad de las PYMES, y gracias al cual ha puesto en marcha un Plan de Acción con el objetivo de mejorar su competitividad mediante la transformación digital, la promoción online y el comercio electrónico en mercados internacionales durante el año 2024. Para ello ha contado con el apoyo del Programa Xpande Digital de la Cámara de Comercio de Alicante. #EuropaSeSiente