Security and Personal Data Protection Policy
Your privacy is important to us, so in this Policy we explain what personal data we collect through our website and any interactions with you and how we use it. Before providing your personal data, please read it carefully and ensure that you have understood it property. As responsible for this website, we seek to offer the greatest legal guarantees in relation to the privacy of our users and to explain, as clearly and transparently as possible, everything has to do with the processing of personal data within this website. CEMOSA has adapted this website to the requirements of the current regulations on personal data protection, especially to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR) and other related regulations.
Responsible of Treatment
The responsible of treatment of your data is CEMOSA.
Dealing with information
In you make use of the services of the website (www.cemosa.es) that interact with you, you are providing us with personal information for which CEMOSA is responsible for its processing.
Applying our principles
At CEMOSA, taking into account the requirements of the GDPR, we apply the following principles when processing your personal data:
- Principle of lawfulness, loyalty and transparency: We will always require your consent to the processing of your personal data for one or more specific purposes, and we will inform you of this beforehand with absolute transparency.
- Principle of integrity and confidentiality: he data will be kept for no longer than necessary for the purposes of processing, depending on the purpose, we will inform you of the corresponding storage period.
- Data Minimization Principle: Your data will be treated in such a way as to guarantee adequate security and confidentiality. You should know that we take every precaution to prevent unauthorized access or misuse of my users’ data by third parties.
Purpose of Treatment
At CEMOSA we collect and process your personal data in order to administer our services effectively and provide you with the highest possible quality. In particular, we use the data you have provided to us and in accordance with the authorisations you have given us for the following purposes:
- Management and control of contact data for purposes.
- Management and control of the organisation’s contacts and deal with requests for information.
- Management and control of the relantionship with the Users.
- Management and control of personal data in selection processes.
- Management and control of the complaints and suggestions received.
- Data management for sending newsletters.
- Enviar boletines de noticias o cuando el Usuario haya dado su autorización o registrado para algún servicio concreto. En este supuesto, en el momento de la recogida de los datos se le dará al Usuario la oportunidad de negarse a que sean utilizados con dicha finalidad. Además, en cada envío se establecerá la posibilidad de darse de baja.
When personal data are collected through the form, it will be necessary that you provide, at least, those fields marked with an asterisk, because if these data are not provided, CEMOSA will not be able to manage the requested service. Furthermore, by filling in the form(s), you authorise CEMOSA to use the e-mail or telephone address as a means of communication and you guarantee that the data provided are true, exact, complete and up to date, expressly consenting to the use, processing and communication of the same for the purposes informed. In the event that data of third parties are provided, the person who has provided them guarantees that he/she has informed them of the terms set out in this section. If you also go to CEMOSA’s premises, please note that your image may be recorded and kept for one month after it has been captured. After this period, your image will be deleted.In order to carry out processing operations other than the above, it will be necessary to obtain your express consent, in which case you will be duly informed of this when necessary.
Terms of data conservation
The personal data provided will be kept for the time necessary to fulfil the purpose for which they were collected and to determine any liabilities that may arise from that purpose and the processing of the data. When they are no longer necessary for that purpose, we will keep blocked those personal data that may be necessary during the legally established periods to attend to any matter relating to their processing, upon expiry of that legal period, the data will be deleted.
Legitimation for the treatment of your data
The legal basis for the processing of data lies in your consent given, the existence of a legal obligation, the existence of a contract to which you are a party or the legitimate interest of CEMOSA. On each form where your data is collected, you will be informed of the specific legal basis.
Recipients of the data
CEMOSA may communicate your data exclusively for the purposes indicated in the “Purpose of Treatment” section when it is under a legal obligation, in particular:
- Public Administration bodies for the fulfilment of required legal obligations, such as: the Tax Agency, the General Treasury of the Social Security, Provincial Councils, in compliance with legal obligations of a labour or fiscal nature; Professional Associations to carry out occupational risk prevention services; members of European projects, as legitimate interested parties; Judicial Bodies, the Security Forces and Corps in the case of the recording of images and if they are required to do so.
Other entities outside CEMOSA, such as banks for the collection/payment of associated services, and to insurance companies and judicial bodies in the event of a claim. On each form where your data is collected, you will be informed of the recipients or categories of recipients. Likewise, we may communicate your data to our Responsible of Treatment, whose intervention is necessary for the provision of our services and who will act at all times in accordance with our instructions to ensure proper and correct processing of your data; access to your data by our responsibles will always be that which is essential for the purposes assigned to them.
Rights of the data subject
Anyone has the right to know whether or not CEMOSA processes personal data concerning them.As a data subject, you have the right to access your personal data, as well as to request the rectification of inaccurate data or, where applicable, to request its deletion when, among other reasons, the data is no longer necessary for the purposes for which it was originally collected. In certain circumstances, you may request to limit the processing of your data, in which case we will only keep it for the exercise or defense of claims. As an interested party, you may also object to the processing of your data, in which case CEMOSA will stop processing your data unless there are compelling legitimate reasons, or the exercise or defence of possible claims. Likewise, you may also withdraw your consent to the processing of your personal data at any time as easily as you gave it. In exercising your right to data portability, you have the right to have personal data transmitted directly from responsible party to responsible party where technically possible. You will not be subject to a decision based solely on automated processing, including profiling, that produces legal effects on you or significantly affects you in a similar way, unless there is some circumstance that justifies it. You may exercise your rights of access, rectification, deletion and portability of your data, of limitation and opposition to its processing, as well as the right not to be subject to decisions based solely on the automated processing of your data and revocation of consent, where appropriate, by writing to CEMOSA, Legal Department, Calle Benaque 9 – Málaga 29004 (Spain), with the reference “Protección de Datos” and a photocopy of your National Identity Card. If you do not receive a reply from us within one month, you will be entitled to effective legal protection and to lodge a complaint with the supervisory authority, in this case the Spanish Data Protection Agency (Agencia Española de Protección de datos), if you consider that the processing of personal data concerning you infringes the Regulation. CEMOSA has profiles in some of the main social networks on the Internet (LinkedIn, Instagram, Facebook, Twitter), so it is responsible for the treatment in all these cases of the data of its followers, fans, subscribers and commentators. The treatment that CEMOSA can carry out will be the one that the social network allows to the corporate profiles. CEMOSA will be able to inform its followers about its activities, services, etc. by any means that the social network allows. Under no circumstances will CEMOSA extract data from social networks.
Accuracy and veracity of data
The user guarantees that the personal data provided through the different available channels are truthful and is obliged to communicate any modification of the same.
As a user, you are solely responsible for the truthfulness and correctness of the data you send to CEMOSA and exonerates the company from any responsibility, damages or prejudices arising in this respect.
Secrecy and Security
CEMOSA is committed to the use and processing of users’ personal data in order to respect their confidentiality and to use them in accordance with the purpose for which they were collected, as well as to comply with its obligation to save them and adapt all measures to prevent alteration, loss, unauthorised processing or access, in accordance with the provisions of current data protection legislation.
With respect to the confidentiality of processing, CEMOSA will ensure that any person who is authorized to process the data of the data subject (including its staff, collaborators and providers), will be under the appropriate obligation of confidentiality (whether a contractual or legal duty).
When a security incident occurs, the data subject shall be notified as soon as reasonably possible and shall provide timely information related to the Security Incident.
CEMOSA reserves the right to modify this policy in order to adapt it to new legislation or jurisprudence, as well as to industry practices. In such cases, CEMOSA will announce on this page the changes introduced with reasonable notice prior to their implementation.
This policy was updated on 25 May 2021. The updated version of this policy is the only one valid until another replaces it.