OQOTECHTECH & QUALITY

Privacy Policy

DATA CONTROLLER

The Data Controller is TECH & PROCESS SL, POLÍGONO 10, PARTIDA EL CASTILLO 47, 03109, TIBI (ALICANTE).

Privacy Principles

At TECH & PROCESS SL, we are committed to working continuously to ensure the privacy of your personal data and to providing you with the most comprehensive and clear information possible at all times. We encourage you to read this section carefully before providing us with your personal data. If you are under the age of fourteen, please do not provide us with your data without your parents’ consent. In this section, we explain how we process the data of individuals associated with our organisation. Starting with our principles:

  • We do not request personal information unless it is necessary to provide you with the services you require.
  • We never share personal information with anyone, except to comply with the law or where we have your express authorisation.
  • We will never use your personal data for purposes other than those set out in this privacy policy.
  • Your data will always be processed with a level of protection in line with data protection legislation, and we will not subject it to automated decision-making.

We have drafted this privacy policy in accordance with the requirements of current data protection legislation:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons (GDPR).
  • Organic Law 3/2018 of 5 December on the Protection of Personal Data and the Guarantee of Digital Rights (LOPD).
  • Royal Decree 1720/2007 of 21 December (RLOPD).

We may amend this privacy policy in the event of changes to processing criteria, in order to make it easier to understand or to bring it into line with current legislation. We recommend that you review it regularly.

Processing activities we carry out

Employee Data Processing Legal Basis: GDPR: 6.1.b) Processing necessary for the performance of a contract to which the data subject is party or for the implementation of pre-contractual measures at the data subject’s request. GDPR: 6.1.c) Processing necessary for compliance with a legal obligation to which the controller is subject. Royal Legislative Decree 2/2015 of 23 October, approving the consolidated text of the Workers’ Statute Act. Purposes of Processing: - Management of contracted staff.

  • Personnel files. Time and attendance records. Training. Pension schemes. Occupational health and safety.
  • Issuing staff payslips.
  • Management of trade union activities. Data Subject Group: Employees Data Categories: - First name and surname, National Identity Card/Tax Identification Number/Identification document, staff registration number, National Insurance/Mutual Insurance number, address, signature and telephone number.
  • Special categories of data: health data (sick leave, workplace accidents and degree of disability, excluding diagnoses), trade union membership, solely for the purposes of paying trade union dues (where applicable), trade union representative (where applicable), proof of attendance for employees and third parties.
  • Personal characteristics data: Gender, marital status, nationality, age, date and place of birth, and family details. Family circumstances data: Date of joining and leaving, leave, permits and authorisations.
  • Academic and professional data: Qualifications, training and professional experience.
  • Employment and administrative career details. Incompatibilities.
  • Attendance data: date/time of arrival and departure, reason for absence.
  • Financial data: Payroll data, credits, loans, guarantees, tax deductions, termination of employment benefits relating to previous employment (where applicable), court-ordered deductions (where applicable), other deductions (where applicable). Bank details. Categories of Recipients: - Entity entrusted with the management of occupational risks.
  • General Treasury of the Social Security.
  • Trade unions.
  • Financial institutions.
  • State Tax Administration Agency.
  • Main contractors to whom we provide services as subcontractors. International Transfers: No international transfers of data are planned. Retention Period: Data will be retained for as long as necessary to fulfil the purpose for which it was collected and to determine any potential liabilities that may arise from that purpose and the processing of the data. Financial data relating to this processing activity will be retained in accordance with the provisions of Law 58/2003 of 17 December, the General Tax Law. Security Measures: Adapted to the requirements of Regulation (EU) 2016/679, the General Data Protection Regulation.

Contact Processing Legal Basis: Consent of the data subject Purposes of Processing: To respond to your enquiry, send you information and follow up on your enquiry. Data Subjects: Contact persons, customers, suppliers Data Categories: First name and surname, telephone number, email address Categories of Recipients: No data transfers to third parties are envisaged. International Transfers: No international transfers of data are envisaged. Retention Period: Contact details will be retained for as long as necessary to fulfil the purpose for which they were collected or until the data subject withdraws their consent. Security Measures: Adapted to the requirements of Regulation (EU) 2016/679, the General Data Protection Regulation.

Processing relating to the exercise of data subjects’ rights (ARCO) Legal Basis: GDPR: 6.1.c) Processing necessary for compliance with a legal obligation to which the controller is subject. General Data Protection Regulation. Purposes of Processing: To respond to requests regarding the exercise of the rights established by the General Data Protection Regulation: Right of access, rectification, erasure, restriction, portability and objection to automated decision-making. Data Subjects: Natural persons who make such requests (employees, customers, suppliers, contacts) Categories of Data: First name and surname, address, signature and telephone number. Categories of Recipients: Personal data may be disclosed to the Supervisory Authority (Spanish Data Protection Agency) in the context of an investigation into the protection of rights initiated by the data subject. International Transfers: No international transfers of data are envisaged. Retention Period: Data will be retained for a period of five years from the date of the request. Security Measures: Adapted to the requirements of Regulation (EU) 2016/679, the General Data Protection Regulation.

Processing of Candidates in recruitment processes (HR) Legal Basis: GDPR 6.1.a) The data subject has given consent to the processing of their personal data for one or more specific purposes. GDPR: 6.1.b) Processing necessary for the performance of a contract to which the data subject is party or for the implementation of pre-contractual measures at the data subject’s request. Purposes of Processing: Recruitment and filling of vacancies. Data Subject Group: Candidates applying for job vacancies. Categories of Data: - First name and surname, National ID/Tax ID/Identification document, staff registration number, address, signature and telephone number.

  • Personal characteristics: Gender, marital status, nationality, age, date and place of birth, and family details.
  • Academic and professional details: Qualifications, training and professional experience.
  • Employment details. Categories of Recipients: No transfers of data to third parties are envisaged. International Transfers: No international transfers of data are envisaged. Retention Period: Data will be retained for as long as necessary to fulfil the purpose for which it was collected and to determine any potential liabilities that may arise from that purpose and from the processing of the data. Security Measures: Adapted to the requirements of Regulation (EU) 2016/679, the General Data Protection Regulation.

Processing of Suppliers Legal Basis: GDPR: 6.1.b) Processing necessary for the performance of a contract to which the data subject is party or for the implementation of pre-contractual measures at the data subject’s request. GDPR: 6.1.c) Processing necessary for compliance with a legal obligation to which the controller is subject. Royal Legislative Decree 2/2015 of 23 October, approving the consolidated text of the Workers’ Statute Act. Law 58/2003 of 17 December, General Tax Law. Purposes of Processing: - Procurement of products and/or services required for the conduct of our business.

  • Monitoring of subcontractors where applicable. Data Subjects: - Suppliers.
  • Individuals working for our suppliers. Data Categories: - Full name, National Identity Number (NIN)/Tax Identification Number (TIN)/Identification document, address, signature and telephone number.
  • Employment details: job title. Health and safety training.
  • Financial and insurance data: Bank details. Categories of Recipients: - Financial institutions. (Payment of invoices)
  • Spanish Tax Agency. International Transfers: No international transfers of data are planned. Retention Period: Data will be retained for as long as necessary to fulfil the purpose for which it was collected and to determine any potential liabilities that may arise from that purpose and the processing of the data, in accordance with Law 58/2003 of 17 December, the General Tax Law, Security Measures: Adapted to the requirements of Regulation (EU) 2016/679, the General Data Protection Regulation.

Processing of Customer Data. Legal Basis: GDPR: 6.1.a) The data subject has given consent to the processing of their personal data for one or more specific purposes. GDPR: 6.1.b) Processing necessary for the performance of a contract to which the data subject is party or in order to take steps at the data subject’s request prior to entering into a contract. GDPR: 6.1.c) Processing necessary for compliance with a legal obligation to which the controller is subject. GDPR: 6.1.f) Processing necessary for the purposes of the legitimate interests pursued by the controller.

Royal Legislative Decree 2/2015 of 23 October, approving the consolidated text of the Workers’ Statute Act. Law 58/2003 of 17 December, General Tax Law. Purposes of Processing: Provision of our products/services Data Subject Group: Customers Data Categories: - First name and surname, National Identity Number (NIF)/Tax Identification Number (NIF)/Identification document, address, signature and telephone number.

  • Financial and insurance data: Bank details Categories of Recipients: - Financial institutions.
  • State Tax Administration Agency. International Transfers: No international transfers of data are envisaged. Retention Period: Data will be retained for as long as necessary to fulfil the purpose for which it was collected and to determine any potential liabilities that may arise from that purpose and from the processing of the data, in accordance with Law 58/2003 of 17 December, General Tax Law, Security Measures: Adapted to the requirements of Regulation (EU) 2016/679, the General Data Protection Regulation.

Handling of Security Breach Notifications Legal Basis: GDPR: 6.1.c) Processing necessary for compliance with a legal obligation to which the controller is subject. General Data Protection Regulation. Articles 33 and 34 Purposes of Processing: Management and assessment of any security breaches occurring within our organisation. Data Subjects: Variable: Employees, Customers, Suppliers, Contact Persons (depending on the security breach) Data Categories: Variable. (Depending on the security breach) Categories of Recipients: - Spanish Data Protection Agency.

  • State Security Forces and Bodies. International Transfers: No international transfers of data are envisaged. Retention Period: Data will be retained for as long as necessary to fulfil the purpose for which it was collected and to determine any potential liabilities that may arise from that purpose and the processing of the data. The provisions of the regulations on archives and documentation shall apply. Security Measures: Adapted to the requirements of Regulation (EU) 2016/679, the General Data Protection Regulation.

YOUR RIGHTS

You have the right to request a copy of your personal data from us, to rectify inaccurate data or complete it if it is incomplete, or, where applicable, to have it erased when it is no longer necessary for the purposes for which it was collected.

You also have the right to restrict the processing of your personal data and to receive your personal data in a structured and machine-readable format.

You may object to the processing of your personal data in certain circumstances (in particular, where we do not need to process it to fulfil a contractual or other legal obligation, or where the purpose of the processing is direct marketing).

Where you have given us your consent, you may withdraw it at any time. We will then cease processing your data or, where applicable, cease doing so for that specific purpose. If you decide to withdraw your consent, this will not affect any processing that took place whilst your consent was in force.

These rights may be subject to limitations; for example, if fulfilling your request would require us to disclose data about another person, or if you ask us to delete certain records that we are obliged to retain due to a legal obligation or a legitimate interest, such as defending ourselves against claims. Or even in cases where the right to freedom of expression and information must take precedence.

You may contact us via any of the methods listed in the ‘Data Controller’ section of this privacy policy, providing a copy of a document proving your identity (usually your ID card).

Another of your rights is not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or significantly affects you.

In the event of any breach of your rights, such as, for example, if we have not responded to your request, you have the right to lodge a complaint with the Data Protection Supervisory Authority. This may be the authority in your country (if you live outside Spain) or the Spanish Data Protection Agency (if you live in Spain).

Additional information

Links to third-party websites. Our website may, on occasion, contain links to other websites. It is your responsibility to ensure you read the data protection policy and legal terms applicable to each site.

Third-party data. If you provide us with third-party data, you assume responsibility for informing them in advance in accordance with Article 14 of the GDPR.GDPR.

Privacy Policy | Oqotech