DATA CONTROLLER
The Data Controller is IT INFOTEC ROBOTICS, S.L., C/ Nicolás Copérnico 5, 03203, Elche (ALICANTE).
Privacy Principles
At IT INFOTEC ROBOTICS, S.L., we are committed to continuously working to ensure privacy in the processing of your personal data and to provide you with the most comprehensive and clear information possible at all times. We encourage you to read this section carefully before providing us with your personal data.
If you are under fourteen years old, please do not provide us with your data without your parents’ consent.
In this section, we inform you about how we process the data of individuals who have a relationship with our organization. Starting with our principles:
– We do not ask for personal information unless it is necessary to provide the services you require.
– We never share personal information with anyone, except to comply with the law, when necessary to provide the service, or with your express authorization.
– We will never use your personal data for purposes other than those expressed in this privacy policy.
– Your data will always be treated with a level of protection appropriate to the data protection legislation, and we will not subject them to automated decisions without expressly informing you.
This privacy policy has been drafted considering the requirements of the current data protection legislation:
– Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons (GDPR).
– Organic Law 3/2018, of 5 December, on the Protection of Personal Data and guarantee of digital rights (LOPD).
– Royal Decree 1720/2007, of 21 December (RLOPD).
This privacy policy is dated 6 December 2018.
Due to changes in processing criteria, to facilitate understanding, or to adapt to current legislation, we may modify this privacy policy. We will update its date so you can check its validity.
Treatments We Perform
Processing of Employees
Legal Basis: GDPR: 6.1.b) Processing necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering into a contract.
GDPR: 6.1.c) Processing necessary for compliance with a legal obligation to which the controller is subject.
Royal Legislative Decree 2/2015, of 23 October, approving the revised text of the Workers’ Statute Law.
Processing Purposes: – Management of hired personnel.
– Personal file. Time control. Training. Pension plans. Occupational risk prevention.
– Issuance of the payroll.
– Management of trade union activity.
Group: Employees
Categories of Data: – Name and surname, DNI/CIF/Identification document, personnel registration number, Social Security/Mutual number, address, signature, and phone number.
– Special categories of data: health data (sick leave, work accidents, and disability degree, without including diagnoses), trade union membership, for the sole purpose of paying union dues (if applicable), union representative (if applicable), attendance records of own and third parties.
– Personal characteristics data: Gender, marital status, nationality, age, date and place of birth, and family data. Family circumstances data: Date of joining and leaving, licenses, permits, and authorizations.
– Academic and professional data: Qualifications, training, and professional experience.
– Employment and administrative career details. Incompatibilities.
– Attendance control data: entry and exit date/time, reason for absence.
– Economic-financial data: payroll data, credits, loans, guarantees, tax deductions, salary reductions corresponding to the previous job (if applicable), judicial withholdings (if applicable), other withholdings (if applicable). Bank data.
Categories of Recipients: – Entity entrusted with the management of occupational risks.
– General Treasury of the Social Security.
– Trade union organizations.
– Financial entities.
– State Tax Administration Agency.
– Main contractors to whom we provide services as subcontractors.
International Transfers: No international data transfers are foreseen.
Deletion Period: They will be kept for the necessary time to fulfill the purpose for which they were collected and to determine possible responsibilities that may arise from that purpose and the processing of the data.
The economic data of this processing activity will be kept under the provisions of Law 58/2003, of 17 December, General Taxation.
Security Measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.
Processing of Contacts
Legal Basis: Data subject’s consent
Processing Purposes: Attend to your request, send you information, and follow up on the request.
Group: Contact persons, customers, suppliers
Categories of Data: Name and surname, phone number, email address
Categories of Recipients: No data transfers to third parties are contemplated.
International Transfers: No international data transfers are foreseen.
Deletion Period: Contact data will be kept indefinitely or until the data subject requests its deletion.
Security Measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.
Processing of Data Subject Rights (ARCO)
Legal Basis: GDPR: 6.1.c) Processing necessary for compliance with a legal obligation to which the controller is subject.
General Data Protection Regulation.
Processing Purposes: Attend to requests in the exercise of the rights established by the General Data Protection Regulation: Right of access, rectification, deletion, limitation, portability, and opposition to automated decision-making.
Group: Natural persons who request it (employees, customers, suppliers, contact persons)
Categories of Data: Name and surname, address, signature, and phone number.
Categories of Recipients: Personal data may be communicated to the Supervisory Authority (Spanish Data Protection Agency) within the framework of a rights protection investigation initiated by the data subject.
International Transfers: No international data transfers are foreseen.
Deletion Period: They will be kept for five years from the time of the request.
Security Measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.
Processing of Job Applicants (HR)
Legal Basis: GDPR 6.1.a) The data subject has given consent to the processing of their personal data for one or more specific purposes.
GDPR: 6.1.b) Processing necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering into a contract.
Processing Purposes: Personnel selection and job provision.
Group: Applicants presented for job provision procedures.
Categories of Data: – Name and surname, DNI/CIF/Identification document, personnel registration number, address, signature, and phone number.
– Personal characteristics data: Gender, marital status, nationality, age, date and place of birth, and family data.
– Academic and professional data: Qualifications, training, and professional experience.
– Employment details.
Categories of Recipients: No data transfers to third parties are foreseen.
International Transfers: No international data transfers are foreseen.
Deletion Period: They will be kept for the necessary time to fulfill the purpose for which they were collected and to determine possible responsibilities that may arise from that purpose and the processing of the data.
Security Measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.
Processing of Suppliers
Legal Basis: GDPR: 6.1.b) Processing necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering into a contract.
GDPR: 6.1.c) Processing necessary for compliance with a legal obligation to which the controller is subject.
Royal Legislative Decree 2/2015, of 23 October, approving the revised text of the Workers’ Statute Law.
Law 58/2003, of 17 December, General Taxation.
Processing Purposes: –
Acquisition of products and/or services necessary for our activity.
– Control of subcontractors if applicable.
Group: – Suppliers.
– People working for our suppliers.
Categories of Data: – Name and surname, DNI/NIF/Identification document, address, signature, and phone number.
– Employment details: job position. Occupational safety training.
– Economic and insurance data: Bank data.
Categories of Recipients: – Financial entities. (Invoice payment)
– State Tax Administration Agency.
International Transfers: No international data transfers are foreseen.
Deletion Period: They will be kept for the necessary time to fulfill the purpose for which they were collected and to determine possible responsibilities that may arise from that purpose and the processing of the data, in accordance with Law 58/2003, of 17 December, General Taxation.
Security Measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.
Processing of Customers.
Legal Basis: GDPR: 6.1.a) The data subject has given consent to the processing of their personal data for one or more specific purposes.
GDPR: 6.1.b) Processing necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering into a contract.
GDPR: 6.1.c) Processing necessary for compliance with a legal obligation to which the controller is subject.
GDPR: 6.1.f) Processing necessary for the purposes of the legitimate interests pursued by the controller.
Royal Legislative Decree 2/2015, of 23 October, approving the revised text of the Workers’ Statute Law.
Law 58/2003, of 17 December, General Taxation.
Processing Purposes: Specialized Services of Industrial Robot Integration.
Group: Customers
Categories of Data: – Name and surname, DNI/NIF/Identification document, address, signature, and phone number.
– Economic and insurance data: Bank data
Categories of Recipients: – Financial entities.
– State Tax Administration Agency.
International Transfers: No international data transfers are foreseen.
Deletion Period: They will be kept for the necessary time to fulfill the purpose for which they were collected and to determine possible responsibilities that may arise from that purpose and the processing of the data, in accordance with Law 58/2003, of 17 December, General Taxation.
Security Measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.
Processing of Video Surveillance
Legal Basis: GDPR: 6.1.c) the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party.
Organic Law 2/1986, of 13 March, on the Security Forces and Bodies.
Processing Purposes: Ensure the security of people, property, and facilities and labor control.
Group: Workers, customers, suppliers, users.
Categories of Data: Image
Categories of Recipients: Recordings may be communicated to the Security Forces and Bodies and to the Courts, in case of their request, or if they serve as evidence of the commission of crimes or infringements.
International Transfers: No international data transfers are foreseen.
Deletion Period: Not exceeding one month, unless communicated to Security Forces and Bodies and/or Courts.
Security Measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.
Processing of Security Breach Notifications
Legal Basis: GDPR: 6.1.c) Processing necessary for compliance with a legal obligation to which the controller is subject.
General Data Protection Regulation. Articles 33 and 34
Processing Purposes: Management and evaluation of security breaches that occur in our organization.
Group: Variable: Employees, Customers, Suppliers, Contact Persons (depending on the security breach)
Categories of Data: Variable. (Depending on the security breach)
Categories of Recipients: – Spanish Data Protection Agency.
– State Security Forces and Bodies.
International Transfers: No international data transfers are foreseen.
Deletion Period: They will be kept for the necessary time to fulfill the purpose for which they were collected and to determine possible responsibilities that may arise from that purpose and the processing of the data. The provisions of the archiving and documentation regulations will apply.
Security Measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.
Processing of Trainings
Legal Basis: GDPR: 6.1.a) The data subject has given consent to the processing of their personal data for one or more specific purposes.
GDPR: 6.1.b) Processing necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering into a contract.
GDPR: 6.1.c) Processing necessary for compliance with a legal obligation to which the controller is subject.
GDPR: 6.1.f) Processing necessary for the purposes of the legitimate interests pursued by the controller.
Royal Legislative Decree 2/2015, of 23 October, approving the revised text of the Workers’ Statute Law.
Law 58/2003, of 17 December, General Taxation.
Processing Purposes: Manage registrations and participation in programming courses.
Group: Customers
Categories of Data: – Name and surname, DNI/NIF/Identification document, address, signature, and phone number.
– Job position and company to which the student belongs (if applicable).
– Economic and insurance data: Bank data
Categories of Recipients: – Financial entities.
– State Tax Administration Agency.
International Transfers: No international data transfers are foreseen.
Deletion Period: They will be kept for the necessary time to fulfill the purpose for which they were collected and to determine possible responsibilities that may arise from that purpose and the processing of the data, in accordance with Law 58/2003, of 17 December, General Taxation.
Security Measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.
YOUR RIGHTS
You have the right to request a copy of your personal data, to rectify inaccurate data or complete it if it is incomplete, or to delete it if it is no longer necessary for the purposes for which it was collected.
You also have the right to limit the processing of your personal data and to obtain your personal data in a structured and readable format.
You may object to the processing of your personal data in certain circumstances (in particular, when we do not have to process them to comply with a contractual or legal requirement, or when the purpose of the processing is direct marketing).
When you have given us your consent, you may withdraw it at any time. At that point, we will stop processing your data or, if applicable, we will stop doing so for that specific purpose. If you decide to withdraw your consent, this will not affect any processing that has taken place while your consent was in effect.
These rights may be limited; for example, if to fulfill your request, we would have to disclose data about another person, or if you ask us to delete some records that we are required to keep due to a legal obligation or legitimate interest, such as the exercise of defense against claims. Or even in those cases where the right to freedom of expression and information must prevail.
You can contact us by any of the means indicated in the Data Controller section of this privacy policy, providing a copy of a document that proves your identity (usually the DNI). The most convenient way to exercise your rights is by accessing our RIGHTS PORTAL: https://www.adelopd.com/portalderechos/it-robotics.
Another of your rights is not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects or affects you.
In the event of any violation of your rights,
such as if we have not addressed your request, you have the right to file a complaint with the Supervisory Authority in data protection matters. This may be the authority in your country (if you live outside Spain) or the Spanish Data Protection Agency (if you live in Spain).
Additional Information
Processing of your data outside the European Economic Area.
Links to third-party websites.
Our website may occasionally contain links to other websites. It is your responsibility to ensure that you read the data protection policy and legal conditions that apply to each site.
Third-party data.
If you provide us with third-party data, you assume the responsibility of informing them beforehand as established in Article 14 of the GDPR.