DATA CONTROLLER
The Data Controller is GUISVAL, S.A., located at C/Zamora, 7, 03440, Ibi (ALICANTE).
Privacy Principles At GUISVAL, S.A., we are committed to ensuring the privacy of your personal data processing, and to providing you with the most complete and transparent information at all times. We encourage you to read this section carefully before providing us with any personal data.
If you are under fourteen years of age, please do not provide us with your data without your parents’ consent.
Here we explain how we process data related to individuals who interact with our organization. Starting with our principles:
- We do not request personal information unless necessary to provide the requested services.
- We do not share personal information with third parties, except to comply with the law or with your express consent.
- We will never use your personal data for purposes other than those specified in this privacy policy.
- Your data will always be handled with an adequate level of protection, as per data protection laws, and we will not subject it to automated decisions.
This privacy policy was drafted in compliance with current data protection regulations:
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR).
- Organic Law 3/2018 of 5 December on Personal Data Protection and the Guarantee of Digital Rights (LOPD).
- Royal Decree 1720/2007 of 21 December (RLOPD).
This privacy policy was drafted on December 6, 2018. In the event of changes to processing criteria, to facilitate understanding, or to ensure compliance with current legislation, we may modify this privacy policy. We will update the date so you can verify its validity.
RIGHTS REQUEST PROCESSING (ARCO)
Legal Basis: GDPR: 6.1.c) Processing necessary to comply with a legal obligation applicable to the data controller. Purpose: Address requests regarding rights granted by the GDPR: Right of access, rectification, erasure, restriction, data portability, and objection to automated decision-making. Data Subject Group: Individuals requesting it (employees, clients, suppliers, contacts). Data Categories: Name, surname, address, signature, and phone number. Data Recipients: Data may be shared with the Control Authority (Spanish Data Protection Agency) during an investigation initiated by the individual. International Transfers: No international data transfers are anticipated. Retention Period: Data will be retained for five years from the request date. Security Measures: Adapted to the GDPR requirements.
PROCESSING OF CANDIDATES FOR SELECTION PROCESSES (HR)
Legal Basis: GDPR 6.1.a) Consent provided by the individual for one or more specific purposes. GDPR: 6.1.b) Processing necessary for the performance of a contract or pre-contractual measures at the individual’s request. Purpose: Staff recruitment and job provision. Data Subject Group: Candidates applying for job positions. Data Categories: – Name, surname, ID number, registration number, address, signature, and phone number. – Personal details: Gender, marital status, nationality, age, date and place of birth, family data. – Academic and professional details: Education, training, professional experience. – Employment details. Recipients: No planned third-party data transfers. International Transfers: No international data transfers are anticipated. Retention Period: Data will be retained for the necessary time to meet the collection purpose and determine possible related responsibilities. Security Measures: GDPR-compliant.
SUPPLIER PROCESSING
Legal Basis: GDPR 6.1.b) Processing necessary for contract execution or pre-contractual measures at the data subject’s request. GDPR: 6.1.c) Processing necessary to comply with a legal obligation. Royal Decree-Law 2/2015, October 23 (Statute of Workers); Law 58/2003, December 17 (General Tax Law). Purpose: – Acquisition of products and services essential for our business activities. – Subcontractor control, when applicable. Data Subject Group: – Suppliers. – Individuals working for our suppliers. Data Categories: – Name, surname, ID/NIF (tax ID) number, address, signature, and phone number. – Employment details: Job position, occupational safety training. – Financial and insurance information: Bank details. Data Recipients: – Financial entities (for invoice payments). – Spanish Tax Agency. International Transfers: No international data transfers are anticipated. Retention Period: Data will be retained as long as necessary to fulfill the purpose for which it was collected and to determine any related responsibilities, as required by Law 58/2003, December 17 (General Tax Law). Security Measures: Adapted to GDPR requirements.
CLIENT DATA PROCESSING
Legal Basis: GDPR: 6.1.a) Consent given by the data subject for one or more specific purposes. GDPR: 6.1.b) Processing necessary for contract execution or pre-contractual measures at the request of the data subject. GDPR: 6.1.c) Processing necessary to comply with a legal obligation applicable to the data controller. GDPR: 6.1.f) Processing necessary to fulfill the legitimate interests of the data controller. Royal Decree-Law 2/2015, October 23 (Statute of Workers); Law 58/2003, December 17 (General Tax Law). Purpose: Delivery of our products and services. Data Subject Group: Clients. Data Categories: – Name, surname, ID/NIF number, address, signature, and phone number. – Financial and insurance data: Bank details. Data Recipients: – Financial entities. – Spanish Tax Agency. International Transfers: No international data transfers are anticipated. Retention Period: Data will be retained as necessary to fulfill the purpose for which it was collected and to determine any related responsibilities, as stipulated by Law 58/2003, December 17 (General Tax Law). Security Measures: Adapted to GDPR requirements.
EMPLOYEE DATA PROCESSING
Legal Basis: GDPR: 6.1.b) Processing necessary for contract execution or pre-contractual measures at the data subject’s request. GDPR: 6.1.c) Processing necessary to comply with a legal obligation applicable to the data controller. Royal Decree-Law 2/2015, October 23 (Statute of Workers). Purpose: – Management of employed personnel. – Employee records, time tracking, training, pension plans, occupational risk prevention. – Payroll processing. – Union activity management. Data Subject Group: Employees. Data Categories: – Name, surname, ID/CIF number, employee registration number, Social Security/Mutual Fund number, address, signature, and phone number. – Special categories: Health data (sick leaves, work accidents, degree of disability, excluding diagnoses), union affiliation for dues payment (if applicable), union representative status (if applicable), attendance records. – Personal details: Gender, marital status, nationality, age, date and place of birth, family data. Family circumstances: Employment dates, licenses, permits, authorizations. – Academic and professional details: Education, training, professional experience. – Employment details and administrative career records, including incompatibilities. – Attendance control: Date/time of entry and exit, reason for absence. – Financial details: Salary data, loans, deductions, judicial withholdings (if applicable), other deductions (if applicable). Banking information. Data Recipients: – Entities responsible for occupational risk management. – Social Security Treasury. – Labor unions. – Financial entities. – Spanish Tax Agency. – Main contractors when we act as subcontractors. International Transfers: No international data transfers are anticipated. Retention Period: Data will be retained as necessary to fulfill the purpose for which it was collected and to determine any related responsibilities, in line with Law 58/2003, December 17 (General Tax Law). Economic data from this activity will be retained under the requirements of the General Tax Law. Security Measures: Adapted to GDPR requirements.
CONTACT DATA PROCESSING
Legal Basis: Consent of the data subject. Purpose: Responding to requests, providing information, and following up on inquiries. Data Subject Group: Contacts, clients, suppliers. Data Categories: Name, surname, phone number, email address. Data Recipients: No planned data transfers to third parties. International Transfers: No international data transfers are anticipated. Retention Period: Contact data will be retained indefinitely or until the data subject requests deletion. Security Measures: Adapted to GDPR requirements.
SECURITY BREACH NOTIFICATION PROCESSING
Legal Basis: GDPR: 6.1.c) Processing necessary to comply with a legal obligation applicable to the data controller. GDPR Articles 33 and 34. Purpose: Management and evaluation of security breaches within our organization. Data Subject Group: Variable (Employees, Clients, Suppliers, Contacts), depending on the security breach. Data Categories: Variable, depending on the security breach. Data Recipients: – Spanish Data Protection Agency. – Law enforcement agencies. International Transfers: No international data transfers are anticipated. Retention Period: Data will be retained as necessary to fulfill the purpose for which it was collected and to determine any related responsibilities, following archive and documentation regulations. Security Measures: Adapted to GDPR requirements.
YOUR RIGHTS
You have the right to request a copy of your personal data, to correct inaccurate or incomplete data, or to delete it when it is no longer needed for the purposes for which it was collected.
You also have the right to restrict the processing of your personal data and to obtain your data in a structured and readable format. You may object to the processing of your personal data in certain situations, especially if the processing is not required for a contractual or legal purpose, or if it involves direct marketing.
When you have given consent, you may withdraw it at any time. At that point, we will cease processing your data or, if applicable, will stop using it for that specific purpose. Withdrawing your consent will not affect any processing that took place while your consent was valid.
These rights may be subject to limitations, such as if complying with your request would require disclosing information about another person, if you request the deletion of records that we must retain for legal reasons or legitimate interests, such as defending against claims, or if freedom of expression and information rights must prevail.
You can contact us using any of the means specified in the Data Controller section of this privacy policy, providing a copy of an identity document (usually a National ID). The most convenient way to exercise your rights is through our RIGHTS PORTAL: https://www.adelopd.com/portalderechos/guisval-sa.
Another of your rights is not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects or significantly affects you.
If you believe your rights have been violated, such as if we did not respond to your request, you have the right to file a complaint with the Data Protection Authority. This may be the authority in your country (if you live outside Spain) or the Spanish Data Protection Agency (if you live in Spain).
Additional Information
Processing of your data outside the European Economic Area: For the indicated processing purposes, we may use services from the following providers located outside the EEA, but participating in the Privacy Shield agreement, approved by the EU Data Protection Authorities:
- Facebook/Instagram (FB Messenger): Social media and communications. More information: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC
- Whatsapp: Mobile instant messaging. More information: https://www.privacyshield.gov/participant?id=a2zt0000000TSnwAAG
Links to Third-Party Websites Our website may occasionally contain links to other websites. It is your responsibility to read the data protection policy and legal conditions applicable to each site.
Third-Party Data If you provide us with third-party data, you are responsible for informing them in advance, as required by Article 14 of the GDPR.
