|What is the purpose of processing your personal data? (*) The list of TEXDELTA, S.L.’s activities is available at www.texdelta.com
|· Internal use, commercial and relation management. Operations and administrative, economic and accounting management derived from relations with the supplier/collaborator.
|· Internal use, administrative, economic and accounting operations and management derived from relations with the assignor (commercial and/or contractual relations)
|· Contract management and provision of services by the organisation, as well as fulfilment of contract requirements.
|· Management of Replies to Questions, Claims or Incidents, Requests for Information, Resources and/or Activities.
|· Promotion and Information on the Organisation: The Production, Publication and Communication of Statistics, Activity Logs and Information associated with the communication and transparency of the Activity, as well as the Recording and Publication of Informational Material, Communication and Management of Campaigns, Activities, Events, Competitions and/or Recording and Publication, in the organisation’s media (including website and social media) and/or other public communication media, of videos, recordings and photos associated with the activities carried out by the organisation that may contain people in the performance of their duties “With the purpose to provide stakeholders with information on the organisation”.
|· Sending out of Newsletters, Activity Reports and Information associated with the Organisation’s Activities.
|· Quality Assurance of processes and activities, as well as the assessment of satisfaction/perception results and performance by the organisation stakeholders.
|· Management of the Selection, Certification and Hiring of Suppliers/Collaborators and verification of compliance with regulations
|· Health and safety management (occupational hazard prevention and safety monitoring) and evaluation of compliance
|· Management of submission of technical solvency in the submission of tenders and/or request, management and justification of campaigns, activities, events, tenders, projects and grants where the organisation participates.
|· Monitoring of working hours and/or presence or attendance and of performance
|· Management of Regulation Compliance (applicable regulations as well as mandatory internal regulations): Investigation, monitoring and audit of controls established to prevent crime with the possibility of establishing controls at the facilities access, information and document printing systems for all personal data that is under the responsibility of the organisation and therefore for all of the company’s information systems, as well as controls pertaining to the use of the images recorded by the video surveillance systems to investigate accidents and/or incidents that may happen, as well as breaches of labour regulations, crimes or illegal conducts.
|· Contacts/Agenda management
|· Statistical, historical or scientific purposes
|· Access control and video surveillance of the facilities, as well as safety and regulation compliance in them, to keep the people, goods and installations safe, as well as to perform duties to monitor workers as established in article 20.3 of the Workers’ Statute, investigation of possible incidents or accidents, manage associated insurance and manage warnings or penalties due to breaches of safety regulations.
|· Management and auditing of quality, environmental management and/or management of occupational safety regarding organisation processes and facilities.
|· Associated processing, including its prior communication, that may be derived from the performance of any operation for structural modification of companies or the provision or transfer of business or of a branch of corporate activity, provided that the processing is necessary to the proper completion of the operation and that it guarantees, where applicable, continuity in the provision of services.
|· Inclusion in the reporting channel systems of the data associated to the disclosure (including anonymously) of the perpetration, within the organisation or within the actions of third-parties contracting with it, of actions or conducts that may be contrary to applicable general or industry regulations.
|· Other: TEXDELTA, S.L. reserves the right to carry out regular audits at client and creditor facilities.
|How long do we keep your data?
|· The data provided will be kept as long as the legality of processing remains, until the stakeholder requests its elimination after the relation with the stakeholder has finished in writing, except for its conservation to formulate, exercise or defend claims by the data controller, or with the aim to protect the rights of other individuals or entities and/or for legally mandatory reasons.
· In any case, when the relationship is finalised, the data of the stakeholder will be duly blocked, pursuant to current data protection regulations.
· Accounting and Tax Documentation – To tax purposes: The accounting books and other mandatory logs required by the pertinent tax regulations (Withholdings, VAT, Corporate Tax, etc.) as well as the documentation proving the annotations recorded in the books (including the computer programs and files and any other proof that is relevant to taxes), must be kept at least for the time in which the Government is entitled to check and investigate and, consequently, to settle tax debts (Articles 66 to 70 of the General Tax Law). Prescription period for Tax Offences associated with verification of the tax base or fees compensated or pending compensation or of deductions applied or pending application and to Offences against the Tax Authorities and the Social Security – Art. 66 bis General Tax Law and Criminal Procedure Code, respectively. – 4 years. Prescription of offences 10 years.
· Accounting and Tax Documentation – To corporate purposes: Books, correspondence, documentation and proof concerning your business, duly organised starting from the latest inscription made in the books, unless otherwise established by general or special provisions. This commercial obligation applies both to the mandatory books (income, expenditures, investment assets and provisions), as well as the documentation and proof for the annotations recorded in the books (invoices issued and received, tickets, corrective invoices, bank documents, etc.) (Art. 30 of the Commerce Code) – 6 years.
· Occupational Hazard Prevention documentation – Documentation on information and training for employees. Files on occupational accidents or professional illnesses (Legislative RD 5/2000, dated 4 August, approving the consolidated text of the Law on Offences and Penalties in the Social Order) – 5 years.
· The images/sounds recorded by the video surveillance systems will be eliminated within a maximum period of one month from their recording, except if they have to be kept to prove the perpetration of acts that threaten the integrity of people, assets or facilities (in which case the images will be made available to the competent authorities within a maximum period of 72 hours from when the existence of the recording was known), or if they are related to serious or very serious criminal or administrative offences regarding public safety, with an ongoing police investigation or with ongoing legal or administrative proceedings (Instruction 1/2006 of 8 November, of the AEPD, on personal data processing to purposes of surveillance via camera or video camera systems and Art. 22 OLDPGDR) – 30 days.
· The data included in the automated files created to monitor access to buildings (Instruction 1/1996, of 1 March, of the AEPD, on automated files established with the purpose to monitor access to buildings) – 30 days.
· Data processed regarding the legal guarantee will be kept during the lifetime of the legal guarantee and once it expires, for the period in which there may be a legal or administrative claim pertaining to the legal guarantee.
· Solvency files: Data pertaining to regular, due and payable and non-claimed debts (Art. 20 of the OLDPGDR) – as long as the breach persists, with a maximum limit of five years from the due date of the money, financial or credit liability – 5 years.
· The data processed in order to send commercial communications will be kept until the consent given is revoked.
· The data of the person communicating a complaint and of the employees and third-parties are kept in the complaints system to decide on whether an investigation should be proceeded with on the reported facts, as well as subsequently as evidence of the operation of the model to prevent crime by the entity, according to article 24 of the OLDPGDR.
· Therefore, the data will be kept as long as the commercial relationship continues, based on the conservation timeframes established by current regulations, as well as the timeframes legally or contractually established for the implementation or prescription of any liability action due to breach of contract by the stakeholder or by the Organisation (reform of the Civil Code establishes a period of five years to take action for civil liability, which begins from the date when fulfilment of the obligation may be demanded).
|What is the legal basis for processing your data?
|· Performance of a contract: To fulfil the proposal, order and/or commercial contract.
· To fulfil a legal obligation: Regulations with the status as administrative, commercial, tax, fiscal, accounting and financial law, law on occupational hazard prevention, social security and applicable industry regulations.
· To satisfy a legitimate interest of the Controller: Data processing as part of a commercial relationship and/or contract, that is required for its maintenance or fulfilment; transfer of data within corporate groups to internal administrative purposes, fraud prevention, as well as cases of legitimate interest where the controller may be the harmed party and the data of the breaching party has to be processed and notified to third parties in order to manage regulation compliance and to defend the interests of the data controller; to purposes of video surveillance as legitimate interest of the organisation to protect its assets; as well as in cases of legitimate interest of specific processing contemplated in the OLDPGDR: Article 19. Contact data and individual employer data processing; Article 20. Credit information systems; Article 21. Processing related to the performance of certain business operations (company restructuring or business transfers) Article 22. Processing to purposes of video surveillance; Article 24 Internal complaint information systems).
· Consent of the stakeholder who has unequivocally provided it to use through formal means and/or by checking the boxes provided to said purpose in the data protection clauses contained in the basic document regulating the commercial relationship, depending on the contact channel.
|Who can your data be communicated to?
|· Organisations or individuals directly hired by the Data Controller to provide services connected to the processing purposes: Companies belonging to the Group (see list at www.armandoalvarez.com), Legal Consultancy, Management and/or Regulation Compliance Auditors, Prevention Services, third parties that are provided with subcontractor employee data for them to access the facilities.
· Public Administration organisations or agencies with competences in the matters object of the processing: AEAT (Spanish Tax Agency)
· Financial institutions: Transfer and/or management of payment instruments.
· Labour Unions, Staff Meetings/Workers’ Committee: Employee representatives: Contractors or subcontractors as established (including self-employed persons) (article 35.2 CC and article 42 ET): Tax ID, corporate name, corporate address, object of the contract, Social Security employer inscription number, place where the contract is implemented, coordination of activities from the standpoint of workplace hazards, estimated duration of the contract (initial and completion date). Number of workers who will be employed by the contractor or subcontractor at the main company’s workplace.
· Compliance Complaints Channel (Complaints on the breach of regulations and code of conduct are forwarded to the Regulation Compliance Unit): Access to the data contained in these systems will be limited exclusively to those who, integrated or not within the organisation, perform internal monitoring and compliance duties, or to the data processors that are eventually appointed to this purpose. However, access by other people, or even communication to third parties, will be legal when it is necessary in order to take disciplinary action or to follow the legal proceedings that are necessary, when applicable.
· Hazard Prevention Agents are authorised to access the information and documentation pertaining to the work conditions that are necessary to perform their duties and, particularly, that set forth in articles 18, 23 and 36 of the LPRL. The content of section 2 of article 65 of the Workers’ Statute regarding due professional secrecy on information they have access to thanks to their work with the company shall apply to the Prevention Agents. (Article 37.3 LPRL).
· Occupational Hazard Prevention Services: the processing by the occupational hazard prevention services of the medical history, due to the medical check-ups performed on the employees, shall be limited to the content of article 22.4 of the LPRL. Thus, access to the medical information obtained under the content of the LPRL by the employer or any third party is forbidden, including persons or agencies with responsibilities on prevention, other than the “medical staff and health authorities who monitor the employees’ health”, with the sole exception of the conclusions derived from said monitoring regarding the capacity of the workers to perform their job.
|Under what guarantee is your data communicated?
|Data is communicated to third parties who prove that they have a Personal Data Protection System pursuant to current legislation.
|How did we obtain your data?
|· The stakeholder themselves or their legal representative
|· Other Group Companies, as well as the organisation with which the controller has a contractual or service provision relation and to which end they must have the personal data of contact people for administrative and operational management in order to manage their access, addition to the intended project/service and/or verification of compliance with regulations under the responsibility of the organisation (e.g. data on workers who are going to perform the contracted jobs in terms of coordination of company activities associated with the prevention of occupational hazards).
|What type of data do we process?
|Trade data, of contact persons for the administrative and operational management associated with the performance of the contract/project and of workers who are going to perform the contracted jobs in terms of coordination of company activities associated with the prevention of occupational hazards; As consequence of the submission of CVs of the supplier’s staff involved in the provision of the service/work, in order to prove technical solvency in tenders; In the event of staff who will perform the contracted jobs in terms of coordination of company activities associated with the prevention of occupational hazards (The data that may be derived from possible workplace incidents or accidents by subcontract workers would be contained in the “Occupational Hazard Prevention” processing); Licenses or certifications, in the case of workers who are going to perform the contracted jobs in terms of coordination of company activities associated with the prevention of occupational hazards; Professional details and employment details as consequence of the provision of CVs of the supplier’s staff involved in the provision of the service/work, in order to prove technical solvency in tenders; Commercial information and certification data; Data on economic, financial and/or collection conditions; Goods and services provided by the affected party, Financial operations; Other type of data: Name, surnames and Tax ID of the legal representative, contact information for people in the organisation involved with or related to the project object of the contract/order.
The data structure that we process does not contain data pertaining to sentences and criminal offences, nor sensitive data, except in those cases where the holder has special conditions and has to provide documentation that contains said information in order to be accredited or to prove compliance with said condition.
|How is your personal data safely stored?
TEXDELTA, S.L. has formalised agreements to guarantee that we process your personal data correctly and pursuant to data protection legislation. These agreements contain the respective duties and responsibilities towards you, and they contemplate which entity is best positioned to fulfil your needs. These agreements between companies of the group do not affect your rights by virtue of the data protection law. Please contact us if you wish to obtain further information on these agreements.
|CONFIDENTIALITY AND INFORMATION TO THIRD PARTIES FOR WHICH YOU PROVIDE US DATA
|In compliance with the personal data protection regulations, we process the information that you provide to us (as well as the personal data of contact persons for administrative and operative management in order to manage your access, incorporation to the project/service object of the contracted service and/or verification of regulation compliance under the responsibility of the organisation, personal data of the entity’s legal representatives and/or of the people involved in the project (CV) and/or personal references from prior jobs in order to prove technical solvency and, where applicable, personal data regarding staff who will perform the work contracted in terms of corporate activity coordination associated with occupational hazard prevention) as established in the clause and additional information on data protection.
With the acceptance and/or validation of the process that is the basis for the formalisation of your relationship with TEXDELTA, S.L., you expressly consent to the data processing in accordance with the clause and additional information on data protection, as well as to informing and having the consent from third parties of those whose personal data you provide to us for said processing. Additionally, and as long as that as consequence of your relationship with TEXDELTA, S.L. you may have access to personal data and/or confidential information, you undertake to maintain absolute confidentiality and discretion on the information obtained on the activities, interested parties and organisations related to TEXDELTA, S.L., especially regarding Personal Data, even after termination of your relationship with the organisation.