Data protection policy
This is SOCIEDAD ESPAÑOLA DE BOMBAS DE HORMIGÓN, SA data protection policy. Referring to the personal data that it processes while exercising its commercial activities, in compliance with the Regulation (EU) 2016/679 of the European Parliament and of the Council, of April 27th, 2016 (General Data Protection Regulation or GDPR) and Organic Law 3/2018, of December 5th, Protection of Personal Data and guarantee of digital rights.
Who is responsible for the processing of personal data?
The responsible for the processing of personal data is SOCIEDAD ESPAÑOLA DE BOMBAS DE HORMIGÓN, SA, with CIF (Tax number) A-17020132, address at Avenida de Francia, no. 121-123, 17480 - Sarrià de Ter (Girona), telephone 972 17 03 52 and email firstname.lastname@example.org. registered in the Mercantile Registry of Girona, volume 28, page 144, section 8, sheet GI494, entry 28.
For what purpose do we process the data?
IN SEBHSA we process personal data for the following purposes:
To Contact. We answer the queries of people who contact us through the contact forms on our website, by email or via the phone. We use them solely for this purpose.
Recruiting. The Reception of resumé or cover letters sent to us by people interested in working with us and the management of personal data generated by the participation in personnel selection processes, in order to analyse the adequacy of the candidate profile based on the vacant or newly created jobs. Our criteria is to keep this data for a maximum period of one year, besides the data of the people who do not end up being hired, in case a vacancy or a new job occurs in the short term. However, in the latter case, we immediately delete the data if the person concerned requests it.
Customer Services. We register new customers and additional data that may be generated as a result of the business relationship with them. In the contracting process, essential data is requested, which may include bank details (bank account number or credit/debit card number) that will be communicated to banking entities that manage the payment collection (they can only be used for this purpose). The commercial relationship entails other treatments, such as incorporating the data into accounting, billing or information to the Tax Administration.
Information about our products and services. While there is a contractual relationship with our clients, we use their contact information to communicate information related to this relationship, information that may circumstantially include references to our products or services, whether of a general nature or more specifically referring to the characteristics and needs of the client.
Other product and service information. With the explicit authorisation of the clients, once the contractual relationship has ended, the contact details are kept to send publicity related to our services or products, information of a general or specific nature according to the interests of the client. This information is sent to anyone who requests it or accepts it by filling out our forms, even if they have not been a customer.
Management of the data of our suppliers. We register and process the data of the suppliers from whom we obtain services or goods. This data can be of people who act as freelancers, self employed and also of representatives of legal entities. We obtain the essential data to maintain the commercial relationship, we use it solely for this purpose and only olso for this kind of relationship.
What is the legal legitimacy for data processing?
The data processing that we carry out has different legal grounds, depending on the processing nature.
In compliance with a pre-contractual relationship. This is the case of the data of possible clients or suppliers with whom we had prior interaction in order to formalise a contractual relationship, such as the preparation or study of budgets. It is also the case of the processing of data of people who sent us their curriculum vitae or who participated in our recruitment processes.
In compliance with a contractual relationship. This is the case of relationships with our customers and suppliers and all the actions and uses that these relationships entail.
In compliance with legal obligations. Data communication to the Tax Administration are established by regulations governing commercial relations. It may be the case of having to communicate data to judicial entities or to security forces and bodies, also in compliance with legal regulations that require collaboration with these public bodies.
Based on consent. When we send information about our products or services, we process the contact details of the recipients with their authorisation or explicit consent. The browsing data that we can get through cookies is obtained with the consent of the person visiting the website, consent that can be revoked at any time by uninstalling these cookies.
Per legitimate interest. Based on the legitimate interest of our company, we process data from our clients in order to offer them customer service, inform them about offers or advantages in the services offered or products delivered, or to know the degree of satisfaction with our commercial relationship.
To whom are the data communicated?
As a general criterion, we only communicate data to administrations or public authorities and always in compliance with legal obligations. When issuing or receiving invoices, the data may be communicated to banking entities. In justified cases, we communicate data to the security forces or to competent judicial entities. No data transfers are made outside the European Union (international transfer).
In another sense, for certain tasks we obtain the services of companies or people who provide us with their experience and specialisation. On some occasions these external companies must access personal data that is our responsibility. It is not exactly a transfer of data, but a processing order. Services are only contracted from companies that guarantee compliance with data protection regulations. At the time of contracting, their confidentiality obligations are formalised and their performance is monitored. This may be the case of data hosting services, computer support services or legal, labor, accounting or tax advice.
How long do we keep the data?
We comply with the legal obligation to limit the data retention period to the maximum. For these reasons, they are kept only for the time necessary and justified for the purpose for which they were obtained. In certain cases, such as the data that appears in the accounting documentation and billing, the tax regulations oblige to keep them until the responsibilities in this matter prescribe. In the case of the data that we process based on the consent of the person concerned, they are kept until the person revokes this consent.
What rights do people have in relation to the data we process?
As provided in the General Data Protection Regulation, the people whose data we process have the following rights:
To know if they are processed. Anyone has the right to know if we process their data, regardless of whether there has been a previous relationship.
To be informed at the collection. When the personal data is obtained from the interested party, at the time of providing them, they must have clear information on the purposes for which they will be used, who will be responsible for the processing and the rest of the aspects derived from this processing.
To access. A right that includes to know precisely what personal data is processed, what is the purpose for which it is processed, the communication to other people that will be made (if applicable) or the right to obtain a copy or to know the expected period of conservation.
To ask for rectification. It is the right to rectify inaccurate data that is processed by us.
To request the deletion. In certain circumstances, there is the right to request the deletion of the data when, among other reasons, they are no longer necessary for the purposes for which they were collected and justified the processing.
Request the limitation of treatment. Also, in certain circumstances, the right to request the limitation of data processing is recognised. In this case, they will cease to be processed and will only be kept for the exercise or defence of claims, in accordance with the General Data Protection Regulations.
To portability. It is the right to receive personal data in a structured, commonly used, machine-readable and interoperable format, or to request that it be transferred in this way to another Data Controller. This right is recognised when the processing is based on consent or a contractual relationship.
To oppose the processing. As a general criterion, when the data processing is based on the legitimate interest of the company, a person can allege reasons related to their particular situation, reasons that would force them to stop processing their data to the degree or extent that may cause them harm. unless there are legitimate reasons to continue doing so or it is necessary to formulate or defend against claims.
Not to receive commercial information. We immediately respond to requests not to continue sending commercial information to people who have previously authorised it.
How can rights be exercised or defended?
The rights just listed can be exercised by sending a written request to SOCIEDAD ESPAÑOLA DE BOMBAS DE HORMIGÓN SA at the postal address Avenida de Francia, núm. 121-123, 17480 - Sarrià de Ter (Girona), or through the contact form on our website, or by sending an email to email@example.com, indicating in all cases "Personal data protection".
If a satisfactory response has not been obtained in the exercise of rights, it is possible to file a claim with the Spanish Agency for Data Protection, through the forms or other accessible channels from its website www.aepd.es.