In Gestora de Subproductos de Galicia, S.L. We ensure the security and confidentiality of the information and, more specifically, of the personal data, not only of the users of the website, but of all those people who maintain a link or relationship with the entity in any of its fields, whether , customers, suppliers, staff, etc.
In this regard, in compliance with the provisions on data protection regulations, this is EU Regulation 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons in regard to The processing of personal data and the circulation of this data (GDPR) and Organic Law 3/2018 on Protection of personal data and guarantee of digital rights (LOPDGDD), proceed to the elaboration of this policy, where we offer the information relating to the processing of personal data managed by the entity.
1. Responsible for the Treatment
In terms of data protection Gestora de Subproductos de Galicia, S.L. It must be considered Responsible for the Treatment, in relation to the files / treatments it manages.
The identification details of the owner of this website are indicated below:
Postal address: Areosa s/n – Queixas – Cerceda – 15186 – La Coruña
Electronic address: firstname.lastname@example.org
2. Purposes and legal bases
By completing the basic information on data protection that is provided through each of the data collection channels, below, additional information is provided regarding the purposes, legitimizing bases of the following files or treatments:
The data will be processed for the following main purposes, being the legal basis that legitimizes these treatments the execution of a contract of which the interested party is a party (art. 6.1.b) GDPR), as well as the fulfillment of legal obligations (art. 6.1 .c) GDPR):
- Management and provision of the requested or contracted service.
- Administrative management, which entails, billing management, payment default management, insurance processing.
The data will be treated with the purpose of managing all the services related to the field of human resources, which entails, fiscal and administrative accounting management, payroll management, training management and occupational risk prevention management, time control, control of route or positioning through GPS, among others.
The legal basis that legitimizes the treatment is, in general, the execution of a contract of which the interested party is a party (art. 6.1.b) GDPR), as well as the fulfillment of legal obligations (art. 6.1.c) GDPR)
The data will be treated in order to manage the contractual relationship, which involves accounting, tax and administrative management and payment management of services, among others. The legal basis that legitimizes this treatment is the execution of a contract of which the interested party is a party (art. 6.1.b) GDPR), as well as compliance with legal obligations (art. 6.1.c) GDPR).
Through the website personal data is collected for various purposes, among others:
- Contact section to ask questions, complaints, suggestions or claims
- Analysis of browsing habits through analytical cookies (see Cookies Policy published on the website).
The legal basis that legitimizes the treatment is the consent of the interested party through electronic forms with an automated consent system.
The images captured through the video surveillance systems installed at the headquarters of the entity will be treated in order to ensure the safety of the goods, facilities and people who access them. The legal basis that legitimizes the treatment is that they are installed for the fulfillment of a mission carried out in the public interest (art. 6.1. E. GDPR).
Likewise, the chambers are installed for another additional purpose, that is, to control the quality and labor performance of the workers, as well as to verify the fulfillment of the labor obligations and duties, being the legitimizing basis of the treatment article 20.3 of the Statute from the workers.
The entity receives curricula through various channels, mainly in person or through the general corporate accounts, so that they, if they are curricula that can fit into any of our applications, are treated in order to carry carry out the necessary selection processes. However, if the curriculum does not fit or may fit into any of the entity’s posts, it will be eliminated or destroyed.
The legitimizing basis of the treatment is the express consent of the interested party.
3. Assignments or data communications
For the management of certain services offered by the entity, it is necessary to allow access to certain data to third-party service providers contracted for this purpose, in this sense, the entity proceeds to the subscription of the respective necessary treatment manager contracts, and has given the precise instructions to the different service providers or those in charge of processing, to ensure the security and integrity of the data to which they have access due to the provision of the contracted service.
Outside the previous cases, your personal data will not be transferred to third parties, except in the cases indicated below:
Partners and Users, staff and suppliers
The data may be communicated to the following groups of recipients:
- Insurance company: for the management of the insurance contracted (Agroseguro or the corresponding one in each case).
- Public administrations: in case it is required by virtue of a rule, for example, the State Agency of the Tax Administration, and the other competent tax or other authorities, in order to comply with the obligations imposed by the current legislation.
- Banking entities: for the management of the collection and payment of services..
The data may be communicated to the security forces and bodies and judicial bodies, upon request.
4. Term of data retention
By completing the basic information on data protection that is provided through each of the data collection channels, the following information is provided regarding the purposes, legitimizing bases of the following files or treatments:
- Partners and Users: The data will be kept until the end of the contractual relationship and will be kept, duly blocked, during the limitation periods of the responsibilities that may be required.
- Employees: The data will be kept until the end of the contractual relationship and will be kept, duly blocked, during the limitation periods of the responsibilities that may be required. For example, in the case of the hourly record, the data will be kept for a period of 4 years.
- ProveedoresSuppliers: The data will be kept until the end of the contractual relationship and will be kept, duly blocked, during the limitation periods of the responsibilities that may be required.
- Web Users: The data will be kept as long as they are necessary to meet the stated purposes.
- Video surveillance: They will be kept for a month.
- Currículos: The data will be kept as long as the curriculum profile can fit into one of our applications, making filters and cleaning documents.
5. Revocation of consent
In those cases in which the processing of personal data is based on consent, interested Parties are informed of the right to withdraw their consent at any time, in a simple and free way, by writing to the address of the person responsible for the processing or through the following email address email@example.com, attaching a copy of your ID or equivalent document. The revocation of consent will not affect the legality of the treatment based on the consent prior to its withdrawal.
6. Rights of the interested parties.
The data protection regulations grant a series of rights to the interested parties or owners of the data, users of the website or users of the profiles of the social networks of the Gestora de Subproductos de Galicia, S.L.
These rights that assist interested persons are the following:
- Right of access: right to obtain information on whether your own data is being processed, the purpose of the treatment being carried out, the categories of data in question, the recipients or categories of recipients, the term of conservation and the Origin of such data.
- Right of rectification: right to obtain the rectification of inaccurate or incomplete personal data.
- Right of deletion: right to obtain the deletion of the data in the following cases:
- When the data is no longer necessary for the purpose for which it was collected
- When the holder of the same withdraws the consent
- When the interested party opposes the treatment
- When they must be abolished in compliance with a legal obligation
- When the data has been obtained by virtue of an information society service based on the provisions of art. 8 sec. 1 of the European Regulation on Data Protection.
- Right to object: right to object to a specific treatment based on the consent of the interested party.
- Right of limitation: right to obtain the limitation of data processing when any of the following assumptions occurs:
- When the interested party challenges the accuracy of the personal data, during a period that allows the company to verify the accuracy of the same.
- When the treatment is illegal and the interested party opposes the deletion of the data
- When the company no longer needs the data for the purposes for which they were collected, but the interested party needs them for the formulation, exercise or defense of claims.
- When the interested party has opposed the processing while verifying if the legitimate motives of the company prevail over those of the interested party.
Those interested may exercise the indicated rights, by writing to the Gestora de Subproductos de Galicia, S.L., in writing, sent to the following address: firstname.lastname@example.org indicating in the Subject line the right that you wish to exercise.
In this sense, Gestora de Subproductos de Galicia, S.L. will respond to your request as soon as possible and taking into account the deadlines established in the data protection regulations.
On the other hand, it should be borne in mind that the interested party or owner of the data may at any time file a claim with the competent control authority.
The security measures adopted by the Gestora de Subproductos de Galicia, S.L. are those required, in accordance with the provisions of article 32 of the GDPR. In this sense, Gestora de Subproductos de Galicia, SL, taking into account the state of the art, the application costs and the nature, scope, context and purposes of the treatment, as well as the risks of variable probability and severity for The rights and freedoms of natural persons have the appropriate technical and organizational measures in place to guarantee the level of security appropriate to the existing risk.
In any case, the Gestora de Subproductos de Galicia, S.L. It has enough mechanisms in place to:
- Ensure the permanent confidentiality, integrity, availability and resilience of treatment systems and services.
- Restore availability and access to personal data quickly, in case of physical or technical incident.
- Verify, evaluate and assess, on a regular basis, the effectiveness of the technical and organizational measures implemented to guarantee the safety of the treatment
- Pseudonymize and encrypt personal data, if applicable.