Logo intraco sin claim blanco

Privacy Policy

Responsibility for treatment

The Data Controller is INTRACO S.L.U., C/ Pau Casals 24, Parque Empresarial Elche, 03203, Elche (ALICANTE).

Privacy Principles

At INTRACO S.L.U. we commit ourselves to continuously work to ensure your privacy when treating your personal data, as well as to offer you the most complete and clear information available to us at all times. We encourage you to read this section carefully before providing us with your personal data.

If you are under fourteen years of age, please do not provide us with your data without the consent of your parents.

Please do not provide us with your information without parental consent if you are under fourteen years of age. This section explains how we handle the data of people who interact with our organisation. Our principles:

– We do not ask for personal information unless we need it to provide you with the services you requested.

– We never share personal information with anyone, other than to comply with the law or when expressly authorised by you.

– We will never use your personal data for purposes other than those set out in this privacy policy.

– Your data will always be treated with a level of protection that complies with data protection legislation and shall not be subject to automated decisions.

This privacy policy has been drafted taking into account the requirements of current data protection legislation:

– Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons (GDPR).

– Organic Law 3/2018, of 5 December, on the Protection of Personal Data and Guarantee of Digital Rights (LOPD).

– Royal Decree 1720/2007, of 21 December (RLOPD).

This privacy policy was drafted on 6 December 2018.

In the event of a change in the processing criteria, it is possible that we modify this privacy policy to facilitate its understanding or to adapt it to current legislation. We shall update the date so that you may check its validity.

Processing operations we perform

SUPPLIER PROCESSING

Legal basis: GDPR: 6.1.b) Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;

GDPR: 6.1.c) Processing is necessary for compliance with a legal obligation to which the controller is subject.

Spanish Royal Legislative Decree 2/2015, of 23 October, which approves the revised text of the Workers’ Statute Law.

Law 58/2003 of 17 December 2003 on General Taxation.

Purposes of Treatment: – Acquisition of products and/or services that we need to develop our activity.

– Control of subcontractors when applicable.

Collective: – Suppliers.

– Workers of our suppliers.

Data categories: – Name and surname, DNI/NIF/ID document, address, signature and telephone number.

– Job detail data: job title. Training in occupational safety.

– Economic, financial and insurance data: Bank details.

Recipients categories: – Financial institutions. Payment of invoices)

– Spanish State Agency for Tax Administration.

International Data Transfers: No international transfer of data is foreseen.

Time limit for deletion: The data will be kept for the time necessary to fulfil the purpose for which they were collected and to determine any possible liabilities that may arise from this purpose and from the processing of such data, in accordance with Spanish Law 58/2003, of 17 December, on General Taxation.

Security measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.

CLIENT PROCESSING

Legal basis: GDPR: 6.1.a) The data subject has given consent to the processing of his or her personal data for one or more specific purposes.

GDPR: 6.1.b) Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;

GDPR: 6.1.c) Processing is necessary for compliance with a legal obligation to which the controller is subject.

GDPR: 6.1.f) Processing is necessary for the purposes of the legitimate interests pursued by the controller (…).

Spanish Royal Legislative Decree 2/2015, of 23 October, which approves the revised text of the Workers’ Statute Law.

Law 58/2003 of 17 December 2003 on General Taxation.

Purposes of Treatment: Supply of our products / services

Collective: Clients

Data categories: – Name and surname, DNI/NIF/ID document, address, signature and telephone number.

– Economic, financial and insurance data: Bank information.

Recipients categories: – Financial institutions.

– Spanish State Agency for Tax Administration.

International Data Transfers: No international transfer of data is foreseen.

Time limit for deletion: The data will be kept for the time necessary to fulfil the purpose for which they were collected and to determine any possible liabilities that may arise from this purpose and from the processing of such data, in accordance with Spanish Law 58/2003, of 17 December, on General Taxation.

Security measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.

VIDEO SURVEILLANCE PROCESSING

Legal basis: GDPR: 6.1.c) Processing is necessary for compliance with a legal obligation to which the controller is subject.

Spanish Organic Law 2/1986, of 13 March, on Security Forces and Corps.

Purposes of Treatment: Ensuring the safety of people, goods and facilities and labour control.

Collective: Workers, clients and suppliers, users.

Data categories: Image and sound.

Recipients categories: The recordings may be communicated to the law enforcement authorities upon request or in the event they serve as evidence of a legal offence.

International Data Transfers: No international transfer of data is foreseen.

Time limit for deletion: Not longer than one month.

Security measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.

CONTACT PROCESSING

Legal basis: Consent of the data subject

Purposes of Treatment: To deal with their request, send them information and follow up on the request.

Collective: Contacts, clients, suppliers

Data categories: Name and surname, telephone number, email address

Recipients categories: No transfer of data to third parties is envisaged.

International Data Transfers: No international transfer of data is foreseen.

Time limit for deletion: Contact data shall be kept for an indefinite period of time, or until the data subject requests their deletion.

Security measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.

PROCESSING OF PEOPLE’S RIGHTS (ARCO)

Legal basis: GDPR: 6.1.c) Processing is necessary for compliance with a legal obligation to which the controller is subject.

General Data Protection Regulation.

Purposes of Treatment: To deal with requests in the exercise of the rights established in the General Data Protection Regulation.

Collective: Individuals requesting it (employees, customers, suppliers, contacts).

Data categories: Name and surname, address, signature and telephone number.

Recipients categories: The data may be disclosed to the supervisory authority (Spanish Data Protection Agency) in the context of an investigation for the protection of rights initiated by the data subject.

International Data Transfers: No international transfer of data is foreseen.

Time limit for deletion: They shall be kept for a period of five years from the time of application.

Security measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.

PROCESSING OF CANDIDATES OF SELECTION PROCESSES (HR)

Legal basis: GDPR: 6.1.b) Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

Purposes of Treatment: Selection of personnel and filling of posts.

Collective: Candidates applying to procedures for the filling of posts.

Data categories: – Name and surname, DNI/CIF/ID document, personnel registration number, address, signature and telephone number.

– Data on personal characteristics: Sex, marital status, nationality, age, date and place of birth and family data.

– Academic and professional data: Qualifications, training and professional experience.

– Employment detail data.

Recipients categories: No transfer of data to third parties is envisaged.

International Data Transfers: No international transfer of data is foreseen.

Time limit for deletion: The data will be kept for the time necessary to fulfil the purpose for which they were collected and to determine any possible liabilities that may arise from this purpose and from the processing of such data.

Security measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.

EMPLOYEES PROCESSING

Legal basis: GDPR: 6.1.b) Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;

GDPR: 6.1.c) Processing is necessary for compliance with a legal obligation to which the controller is subject.

Spanish Royal Legislative Decree 2/2015, of 23 October, which approves the revised text of the Workers’ Statute Law.

Purposes of Treatment: – Management of personnel.

– Personal file. Time control. Training. Pension schemes. Prevention of occupational hazards.

– Issuance of payroll.

– Management of trade union activity.

Collective: Employees

Data categories: – Name and surname, DNI/CIF/ID document, personnel registration number, Social Security / Insurance number, address, signature and telephone number.

– Special categories of data: health data (sick leaves, occupational accidents and degree of disability, not including diagnoses), trade union membership, for the sole purpose of payment of trade union dues (if applicable), trade union representative (if applicable), own and third party proofs of attendance.

– Data on personal characteristics: Sex, marital status, nationality, age, date and place of birth and family data. Data on family circumstances: Date of registration and deregistration, licences, permits and authorisations.

– Academic and professional data: Qualifications, training and professional experience.

– Data on details of employment and administrative career. Incompatibilities.

– Time and attendance data: date/time of arrival and departure, reason for absence.

– Economic and financial data: Financial data from payroll, credits, loans, guarantees, tax deductions, leave of absence from previous job (if applicable), judicial deductions (if applicable), other deductions (if applicable). Bank information.

Recipients categories: – Entity entrusted with the management of occupational risks.

– Spanish General Treasury for Social Security.

– Trade union organisations.

– Financial institutions.

– Spanish State Agency for Tax Administration.

– Contratistas principales a los que prestemos servicios como subcontratistas.

International Data Transfers: No international transfer of data is foreseen.

Time limit for deletion: The data will be kept for the time necessary to fulfil the purpose for which they were collected and to determine any possible liabilities that may arise from this purpose and from the processing of such data.

The financial data of this processing activity will be kept in accordance with the provisions of Spanish Law 58/2003 of 17 December 2003 on General Taxation.

Security measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.

SECURITY BREACH NOTIFICATION PROCESSING

Legal basis: GDPR: 6.1.c) Processing is necessary for compliance with a legal obligation to which the controller is subject.

General Data Protection Regulation. Articles 33 and 34.

Purposes of Treatment: Management and evaluation of security breaches that may occur in our organisation.

Collective: Variable: Employees, Customers, Suppliers, Contacts (depending on the security breach).

Data categories: Variable. (Depends on the security breach).

Recipients categories: – Spanish Data Protection Agency.

– State Security Forces and Law Enforcement Agencies.

International Data Transfers: No international transfer of data is foreseen.

Time limit for deletion: The data will be kept for the time necessary to fulfil the purpose for which they were collected and to determine any possible liabilities that may arise from this purpose and from the processing of such data. The regulations on archives and documentation shall apply.

Security measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.

YOUR RIGHTS

You have the right to ask us for a copy of your personal data, to rectify inaccurate data, or to complete or delete incomplete data if it is no longer necessary for the purposes for which it was collected.

You also have the right to limit the processing of your personal data and to obtain your personal data in a structured and readable format.

You can object to the processing of your personal data in certain circumstances (in particular, where we do not need to process it in order to comply with a contractual or other legal requirement, or where the purpose of the processing is direct marketing).

You can object to the processing of your personal data in certain circumstances (in particular, where we do not need to process it in order to comply with a contractual or other legal requirement, or where the purpose of the processing is direct marketing). Once you have given us your consent, you may withdraw said consent at any time. We will then stop processing your data or, where applicable, we will stop processing your data for that particular purpose. If you decide to withdraw your consent, this will not affect any processing that has taken place while your consent was in place.

These rights may be limited; for instance, if we need to disclose information about another person in order to fulfill your request, or if you ask us to delete certain records that we are required to keep by law or for a legitimate interest, such as the exercising of defence in the event of claims. Or even in cases where the right to freedom of expression and information must prevail.

You can contact us by any of the channels listed in the Data Controller section of this privacy policy, providing a copy of a valid document proving your identity (usually your ID Card). The most convenient way to exercise your rights is by accessing our RIGHTS PORTAL: https://www.adelopd.com/portalderechos/intraco-slu.

Another of your rights is the right not to be subject to a decision based solely on automated processing, including profiling that produces legal effects or affects you.

In the event of any breach of your rights, for example, if we have not complied with your request, you have the right to lodge a complaint with the Data Protection Supervisory Authority. This can be your country’s Data Protection Agency (if you live outside Spain) or the Spanish Data Protection Agency (if you live in Spain). Links to third-party websites.

Our website may, on occasion, include links to other websites.

It is your responsibility to ensure that you read the data protection policy and legal conditions that apply to every website. It is your responsibility to ensure that you read the data protection policy and legal conditions that apply to every website.

Third-party data.

When you provide us with third party data, you are responsible for informing them in advance in accordance with Article 14 of the GDPR.