PRIVACY POLICY: DATA CONTROLLER The Data Controller is FLOR ALEGRIA, SL, Crta. Almansa Ayora, km.4 02640- ALMANSA (ALBACETE). Privacy Principles At FLOR ALEGRIA, SL, we are committed to continuously working to ensure the privacy of your personal data and to offer you the most complete and clear information possible at all times. We encourage you to carefully read this section before providing us with your personal data. If you are under fourteen years old, please do not provide us with your data without your parents' consent. In this section, we inform you about how we process the data of people related to our organization. Starting with our principles: -
We do not request personal information unless it is necessary to provide the services you require from us. -
We never share personal information with anyone, except to comply with the law, or with your express authorization. -
We will never use your personal data for purposes other than those stated in this privacy policy. -
Your data will always be treated with a level of protection appropriate to data protection legislation, and we will not subject them to automated decisions. This privacy policy has been drafted in accordance with the requirements of the current data protection legislation: -
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons (GDPR). -
Organic Law 3/2018, of 5 December, on the Protection of Personal Data and guarantee of digital rights (LOPD). -
Royal Decree 1720/2007, of 21 December (RLOPD). This privacy policy was drafted on December 6, 2018. Due to changes in processing criteria, to facilitate understanding, or to adapt it to current legal regulations, we may modify this privacy policy. We will update the date of the policy so that you can check its validity. Data Processing for Employees Legal Basis: GDPR: 6.1.b) Processing necessary for the performance of a contract to which the data subject is a party or for the application of pre-contractual measures at their request. GDPR: 6.1.c) Processing necessary for compliance with a legal obligation to which the data controller is subject. Royal Legislative Decree 2/2015, of 23 October, approving the consolidated text of the Workers' Statute Law. Purposes of the Processing: - Employee management. - Personal file. Time control. Training. Pension plans. Occupational risk prevention. - Issuance of employee payroll. - Management of union activity. Group: Employees Data Categories: - Name and surname, ID/NIF/Identification document, employee number, Social Security number, address, signature, and phone. - Special data categories: health data (sick leave, workplace accidents, and degree of disability, excluding diagnoses), union membership (if applicable), union representative (if applicable), attendance records of employees and third parties. - Personal details: Gender, marital status, nationality, age, date and place of birth, family data. - Employment and administrative career details. Incompatibilities. - Attendance control data: date/time of entry and exit, reason for absence. - Financial data: Salary details, loans, tax deductions, deductions for unpaid previous employment (if applicable), judicial withholdings (if applicable), other deductions (if applicable). Bank data. Categories of Recipients: - Entity entrusted with managing occupational risk matters. - Social Security Treasury. - Union organizations. - Financial entities. - Spanish Tax Agency. - Main contractors to whom we provide subcontracted services. International Transfers: No international data transfers are foreseen. Retention Period: The data will be kept for the time necessary to fulfill the purpose for which they were collected and to determine potential liabilities arising from that purpose and the data processing. Financial data related to this processing activity will be kept as required by Law 58/2003, of December 17, General Tax Law. Security Measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation. Processing of Contacts Legal Basis: Consent of the data subject Purposes of the Processing: Respond to your request, send you information, and follow up on the request. Group: Contacts, clients, suppliers Data Categories: Name and surname, phone, email address Categories of Recipients: No data transfers to third parties are foreseen. International Transfers: No international data transfers are foreseen. Retention Period: Contact data will be kept for an indefinite period, or until the data subject requests their deletion. Security Measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation. Processing of Data Subjects' Rights (ARCO) Legal Basis: GDPR: 6.1.c) Processing necessary for compliance with a legal obligation to which the data controller is subject. General Data Protection Regulation. Purposes of the Processing: To respond to requests for the exercise of rights established by the General Data Protection Regulation: Right of access, rectification, deletion, restriction, portability, and objection to automated decision-making. Group: Individuals who request (employees, clients, suppliers, contacts) Data Categories: Name and surname, address, signature, and phone. Categories of Recipients: Personal data may be communicated to the Supervisory Authority (Spanish Data Protection Agency) within the framework of an investigation for the protection of rights initiated by the data subject. International Transfers: No international data transfers are foreseen. Retention Period: Data will be kept for a period of five years from the date of the request. Security Measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation. Processing of Job Applicants (HR) Legal Basis: GDPR 6.1.a) The data subject has given consent for the processing of their personal data for one or more specific purposes. GDPR: 6.1.b) Processing necessary for the performance of a contract to which the data subject is a party or for the application of pre-contractual measures at their request. Purposes of the Processing: Personnel selection and job filling. Group: Candidates applying for job openings. Data Categories: - Name and surname, ID/NIF/Identification document, employee number, address, signature, and phone. - Personal details: Gender, marital status, nationality, age, date and place of birth, family data. - Academic and professional data: Degrees, training, and professional experience. - Employment details. Categories of Recipients: No data transfers to third parties are foreseen. International Transfers: No international data transfers are foreseen. Retention Period: The data will be kept for the time necessary to fulfill the purpose for which they were collected and to determine potential liabilities arising from that purpose and the data processing. Security Measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation. Processing of Suppliers Legal Basis: GDPR: 6.1.b) Processing necessary for the performance of a contract to which the data subject is a party or for the application of pre-contractual measures at their request. GDPR: 6.1.c) Processing necessary for compliance with a legal obligation to which the data controller is subject. Royal Legislative Decree 2/2015, of 23 October, approving the consolidated text of the Workers' Statute Law. Law 58/2003, of December 17, General Tax Law. Purposes of the Processing: - Acquisition of products and/or services necessary for the development of our activity. Data Categories: Name and surname, ID/NIF/Identification document, employee number, Social Security number, address, signature, and phone. Categories of Recipients: - Social Security Treasury. - Union organizations. - Financial entities. - Spanish Tax Agency. - Main contractors to whom we provide subcontracted services. International Transfers: No international data transfers are foreseen. Retention Period: The data will be kept for the time necessary to fulfill the purpose for which they were collected and to determine potential liabilities arising from that purpose and the data processing. Financial data related to this processing activity will be kept as required by Law 58/2003, of December 17, General Tax Law. Security Measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation. Users GDPR: 6.1.a) The data subject has given consent for the processing of their personal data for one or more specific purposes. GDPR: 6.1.b) Processing necessary for the performance of a contract to which the data subject is a party or for the application of pre-contractual measures at their request. Purposes of the Processing: Management of the relationship with users. Group: Website users. Data Categories: IP address, information on personal characteristics, financial data, and Social Security number. Categories of Recipients: Data transfers to third parties are foreseen. International Transfers: No international data transfers are foreseen. Retention Period: The data will be kept for the time necessary to fulfill the purpose for which they were collected and to determine potential liabilities arising from that purpose and the data processing. Security Measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation. YOUR RIGHTS You have the right to request a copy of your personal data, to rectify inaccurate data or complete it if it is incomplete, or, if applicable, to delete it when it is no longer necessary for the purposes for which it was collected. You also have the right to restrict the processing of your personal data and to obtain your personal data in a structured and readable format. You may object to the processing of your personal data in certain circumstances (particularly when we do not need to process it to comply with a contractual or legal requirement, or when the processing is for direct marketing purposes). When you have given us your consent, you may withdraw it at any time. At that point, we will stop processing your data or, if applicable, will stop processing it for that specific purpose. If you decide to withdraw your consent, this will not affect any processing that has already taken place while your consent was in effect. These rights may be limited; for example, if fulfilling your request would require revealing data about another person, or if you ask us to delete certain records we are required to maintain due to a legal obligation or legitimate interest, such as exercising defense against claims. Or in cases where the right to freedom of expression and information must prevail. You can contact us through any of the means listed in the Data Controller section of this privacy policy, providing a copy of a document that proves your identity (usually your ID). Another one of your rights is not to be subject to a decision based solely on automated processing, including profiling that produces legal effects or affects you. In the event of any violation of your rights, such as if we have not fulfilled your request, you have the right to file a complaint with the Data Protection Authority. This can be the authority of your country (if you live outside Spain) or the Spanish Data Protection Agency (if you live in Spain). Links to Third-Party Websites Our website may occasionally contain links to other websites. It is your responsibility to ensure that you read the data protection policy and legal terms that apply to each site. Third-Party Data If you provide us with third-party data, you assume the responsibility of informing them in advance as established in Article 14 of the GDPR. |
