Menu

Privacy policy

DATA CONTROL

Data controller is Data controller is TECNICA ALCOYANA E INDUSTRIAL ASOCIADA SL, C/ Filá Navarros, N 14, 03801, Alcoy (ALICANTE).

Privacy principles

We are committed to working continuously to guarantee your privacy in all our processing activities, and to offer you the most complete and clear information we can provide. We encourage you to read this section carefully before providing us with your personal data.
If you are under fourteen years of age, please do not provide us with your data without the consent of your parents.
In this section, we inform you on how we process the personal data of people involved with our organization. Starting with our privacy principles:
– We do not request any personal data, unless it is needed to fulfill services you require from us.
– We never share your personal data with third parties unless we are forced to by law, or you have granted us your express consent.
– We will never use your personal data for purposes other than those stated in this privacy policy.
– We will always process your personal data in keeping with data privacy regulations, and we will not execute automated decision-making.
We have written this privacy policy taking into account the requirements of current data protection regulations:
– Regulation (EU) 2016/679 of the European Parliament and of The Council of 27 April 2016 on the protection of the individual (General Data Protection Regulation) (GPDR).
– Spanish organic law Ley Orgánica 3/2018, de 5 de diciembre, de Protección de Datos de Carácter Personal y garantía de los derechos digitales (LOPD).
– Spanish Royal Decree Real Decreto 1720/2007, de 21 de diciembre (RLOPD).
This privacy policy was drawn up on December 6, 2018.
We may modify this privacy policy in the future in order to facilitate understanding or to adapt it to changes in legislation, or changes in our processing activities. We will update its date, so that you can check its validity.

PROCESSING ACTIVITIES

EMPLOYEE PROCESSING
Legal basis for processing: GPDR: 6.1.b) processing is necessary for the implementation of a contract to which the person concerned is party or in order to take steps at the request of that person prior to entering into a contract.
GPDR: 6.1.c) processing necessary for compliance with a legal obligation to which the controller is subject.
Spanish work regulation: Real Decreto Legislativo 2/2015, de 23 de octubre, por el que se aprueba el texto refundido de la Ley del Estatuto de los Trabajadores.
Purposes of processing: – Management of staff recruited.
– Personal file. Time control. Training. Pension plans. Prevention of occupational hazards.
– Issuing of staff payroll.
– Management of union activity.
Categories of individuals: Employees
Categories of personal data: – Name and surname, DNI / CIF / Identification document, personnel registration number, Social Security / Mutuality number, address, signature and telephone number.
– Special categories of data: health data (sick leave, work-related accidents and degree of disability, excluding diagnoses), union membership, for the exclusive purposes of paying union dues (where appropriate), union representative (where appropriate), employee and third party proof of attendance.
– Data of a personal nature: Sex, marital status, nationality, age, date and place of birth and family data. Data on family circumstances: Starting and finishing dates, leaves of absence, permits and authorizations.
– Academic and professional data: Qualifications, training and professional experience.
– Details of employment and administrative career. Incompatibilities.
–Attendance control data: date / starting and finishing times, reason for absence.
– Economic-financial data: Payroll economic data, credits, loans, guarantees, tax deductions, loss of assets corresponding to previous job (if applicable), judicial deductions (if applicable), other deductions (if applicable). Bank details.
Categories of recipients: – Organization in charge of management of health and safety at work.
– Spanish Social Security (Tesorería General de la Seguridad Social.)
– Trade union organizations.
– Financial entities.
– Spanish Tax Administration Agency.
– Main contractors that we provide services to as subcontractors.
International transfers: No international transfer of personal data is planned.
Data deletion times: Your personal data will be kept for the time necessary to fulfill the purpose for which it was collected and to determine the possible responsibilities that may arise.
Security measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.

CONTACT PROCESSING
Legal basis: Consent of person concerned.
Purposes of the processing: To manage your request, send you information and follow up on your request.
Categories of individuals: Persons who contact us, customers and suppliers
Categories of personal data: Name and surname, phone number, email.
Categories of recipients: Your personal data will not be disclosed to third parties without your express consent.
International transfers: No international transfer of your personal data is planned.
Data deletion times: Your personal data will be kept for an indefinite period, or until you request its removal.
Security measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.
PROCESSING ATTENTION TO INDIVIDUAL’S DATA RIGHTS (ARCO)
Legal basis for processing: GPDR: 6.1.c) processing necessary for compliance with a legal obligation to which the controller is subject.
Purposes of processing: To facilitate rights under GPDR: Right of access, rectification and deletion, restriction of processing, portability and objection to automated decision-making.
Groups: Whoever requests it (employees, clients, suppliers, contacts)
Categories of personal data: Full name, address, signature and phone.
Categories of recipients: Personal data may be disclosed to the Supervisory Authority (In Spain: Agencia Española de Protección de Datos) if an investigation is initiated by the individual.
International transfers : No international transfer of data is planned.
Data deletion times: Your personal data will be kept for a period of five years
Security measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.

SUPPLIER PROCESSING
Legal basis for processing: GPDR: 6.1.b) processing necessary for the execution of a contract to which the person concerned is party or in order to take steps at the request of the person prior to entering into a contract.
GPDR: 6.1.c) processing necessary for compliance with a legal obligation to which the controller is subject.Real Decreto Legislativo 2/2015, de 23 de octubre, (por el que se aprueba el texto refundido de la Ley del Estatuto de los Trabajadores).
Ley 58/2003, de 17 de diciembre, General Tributaria.
Purposes of processing: – Acquisition of products and / or services that we need for the development of our activity.
– Control of subcontractors if applicable.
Categories of individuals: – Suppliers.
– Individuals who work for our suppliers.
Categories of personal data: – Full name, proof of identity, address, signature and telephone.
– Employee data: job position. Health and safety training.
Categories of recipients: – Financial entities. (Invoice Payment)
– Spanish Tax Administration Agency. (Agencia Estatal de Administración Tributaria)
International transfers: No international transfer of personal data is planned.
Data deletion times: Personal data will be kept for the time necessary to fulfill the purpose for which it was collected and to determine the possible responsibilities that may arise, according to Spanish tax law (Ley 58/2003, de 17 de diciembre, General Tributaria)
Security measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation

CUSTOMER PROCESSING
Lawful basis for processing: GPDR: 6.1.a) Consent of the person concerned to the processing of his or her personal data for one or more specific purposes
GPDR: 6.1.b) processing necessary for the execution of a contract to which the person concerned is party or in order to take steps at the request of the person prior to entering into a contract.
GPDR: 6.1.c) processing necessary for compliance with a legal obligation to which the controller is subject.
GPDR: 6.1.f) processing necessary for the purposes of the legitimate interests pursued by the controller.
Purposes of processing: Supply of our products / services
Categories of individuals: Customers
Categories of personal data: – Name and surname, DNI / NIF / Identification document, address, signature and telephone number.
– Economic, financial-insurance data: Bank details
Categories of recipients: – Financial entities.
– Spanish Tax Agency (Agencia Estatal de Administración Tributaria).
Internaional transfers: No international transfer of personal data is planned.
Data deletion times: Data will be kept for the time necessary to fulfill the purpose for which it was collected and to determine the possible responsibilities that may arise in keeping with Ley 58/2003, de 17 de diciembre, General Tributaria.
Security measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.

VIDEO SURVEILLANCE PROCESSING
Legal basis for processing: GPDR: 6.1.f) processing necessary for the purposes of the legitimate interests pursued by the controller or a third party.
Ley Orgánica 2/1986, de 13 de marzo, de Fuerzas y Cuerpos de Seguridad.
Purposes of processing: To guarantee the safety of people, goods and facilities and work-related management.
Categories of individuals: Employees, customers, suppliers, other users.
Categories of personal data: Sound and image
Categories of recipients: Recordings may be disclosed to Spanish Police or Spanish Courts and Tribunals if requested, or if they can be used as proof of a crime having been committed.
International transfers: No international transfer of personal data is planned.
Data deletion times: Data kept for a period not exceeding one month, unless required by Police or Courts.
Security measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.

DATA BREACH MANAGEMENT PROCESSING
Legal basis for processing: GPDR: 6.1.c) processing necessary for compliance with a legal obligation to which the controller is subject.
Regulation (EU) 2016/679, General Data Protection Regulation, articles 33 and 34.
Purposes of processing: To manage and assess Data Breaches that may occur in our organization.
Categories of individuals: Variable: Employees, Clients, Suppliers, Contacts (depending on the security breach)
Categories of personal data: Variable: depending on the security breach
Categories of recipients: – Spanish Data Protection Agency: Agencia Española de Protección de Datos.
– Spanish Police.
International transfers: No international transfer of personal data is planned.
Data deletion times: Personal data will be kept for the time necessary to fulfill the purpose for which it was collected and to determine the possible responsibilities that may arise and in keeping with the rules laid down for Archives and Documentation.
Security measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.

YOUR RIGHTS

You have the right to ask us for a copy of your personal data, to rectify inaccurate data or complete it if it is incomplete, or if applicable, to ask for your data to be deleted, when it is no longer necessary for the purposes for which it was collected.

You also have the right to limit the processing of your personal data and to obtain your personal data in a structured and legible format.

You have the right to object to the processing of your personal data under some circumstances (in particular, when we do not have to process it to fulfill a contract or other legal requirement, or when the object of the processing is direct marketing).

When you have given us your consent, you can withdraw it at any time. The withdrawal of your consent will not affect processing based on consent before its withdrawal.

These rights may be limited. For example, if to fulfill your request we had to disclose data about another person, or if you ask us to delete some records that we are obliged to keep by law or to pursue our legitimate interest, such as the exercise of defense against claims. Or in those cases where the right to freedom of expression and information must prevail.
You can contact us by any of the means indicated in this privacy policy, providing a copy of a document that proves your identity.
You have also the right of not being subjected to processing based solely on automated decision-making, including profiling that may have legal effects or might affect you.

If you consider that we have violated any of your rights, such as, for example, that we have not responded to your request, you have the right to lodge a complaint with a supervisory authority. You can address your complaint to your national data protection supervisory authority (if you live outside of Spain) or to the Spanish Data Protection Agency (Agencia Española de Protección de Datos)
Links to third party websites.

Our website may contain links to other websites. It is your responsibility to make sure you read the data protection policy and the terms and conditions that apply to each site.
Third party personal data.

If you provide us with data from third parties, you assume the responsibility of informing them in advance as established in article 14 of the GPDR.