Mobile applications

CIRCONTROL, S.A. (hereinafter the Entity) is committed to due diligence and compliance with the Data Protection regulations.

Below is detailed information on the confidentiality and personal data protection policy in compliance with the provisions of article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and the free movement of such data (General Data Protection Regulation or GDPR) and article 11 of the Organic Law 3/2018, on the Protection of Personal Data and Guarantee of Digital Rights (LOPD GDD).

Data Controller and contact details of the Data Controller (DPD):

Identity: CIRCONTROL, S.A.

Address / Zip Code: C/Innovació 3. VILADECAVALLS (08232).
Telephone: 93.736.29.40
E-mail: jhuguet@circontrol.com
Contact details of the DPO/DPD: Jordi Huguet
Data Protection Channel: https://corporate-line.com/cnormativo-comellas-cabeza

Purposes of processing

The Entity will process the information provided to us by interested parties for the following purposes:

Manage your attention, visit and meeting at our facilities.
Manage the provision and execution of the contracted services and products.
Manage any type of request, suggestion or petition about our professional services that interested parties make to us.
Informative and commercial communications: processing of your data for the purpose of informing you about activities, articles of interest and general information related to our activity and the contracted services / products.

Manage data provided by job candidates through their Curriculum Vitae (CV) or other means for the purpose of the selection and recruitment process.
Provide training to interested third parties, such as clients or employees, through e-learning platforms and/or in person.
Manage the platform chosen for communication of incidents by clients regarding the Entity’s products.
Formalize and manage the relationship with the Entities’ suppliers and collaborators.
Guarantee the security of offices, facilities and people through access controls, video surveillance systems and other access control/identification systems.
Comply with the legal provisions that apply to the Entity and its activities in matters of health, equality and prevention of occupational risks.
Manage and respond to communications submitted by informants through the Internal Information System, in accordance with Law 2/2023, of February 20, regulating the protection of persons who report regulatory violations and the fight against corruption.

Manage and control the operation of the internal mechanisms, policies and protocols established by the Entity for the purposes of regulatory compliance and management of reporting channels for this purpose.

All those treatments that are applicable to us for due compliance with the official/sectoral regulations and requirements to which our activity is subject.

For the successful completion and development of your care and management of the above purposes, the processing of your data for the purposes corresponding to those mentioned above will be carried out in strict compliance with the Data Protection regulations and the Policy that we are detailing for you. You may exercise your rights at any time (see specific section).

Data retention criteria

Management of services / products contracted with the Entity: the personal data provided in the contracts, offers and / or service proposals, as well as those of the other people whose intervention is necessary, will be kept for as long as the contracted services are in force. At the end of the provision of the contracted service / s, the personal data will be kept in cases where responsibilities may arise with the Entity and / or in compliance with other regulatory frameworks that are applicable to the Entity or a rule with the rank of law that requires the conservation of these. Personal data will be kept in a way that allows the identification and exercise of the rights of those affected and, under the technical, legal and organizational measures that are necessary to guarantee the confidentiality and integrity of these.

Curriculum Vitae Management: The Entity, as a rule, keeps your Curriculum Vitae for a maximum period of one year; once this period has elapsed, it will be automatically destroyed, in compliance with the principle of data quality.
Employment Contract Management: Personal data will be kept, in any case, for the duration of the employment relationship and, at the end of it, in the cases in which responsibilities may arise between the parties and when required by a law.
Others: the rest of the data and information provided by the user by any means will be kept for as long as necessary to fulfill the purpose for which they were collected.

Legitimation

The legal basis that enables the Entity to process the personal data of users, clients, and potential clients under the following headings:

The consent of the interested parties for the processing and management of any request for information or consultation about our services and products.
The consent given by job candidates for selection and recruitment purposes.
The consent of the persons interested in carrying out the training provided by the Entity.
The framework for the provision and/or contracting of services/products with the Entity.
The legitimate interest in sending you informative, commercial communications and/or promotional offers related to the activity of the Entity and the contracted services/products via email or any other means.
Compliance with legal obligations and internal regulatory compliance procedures.
The legitimate interest in ensuring the safety of the offices, facilities and people.

Recipients

No personal data is transferred to third parties, except under legal provisions.

Origin

Personal data is obtained directly from the interested parties and from our collaborators. The categories of personal data that they provide us are the following:

Identification data.
Postal or electronic addresses.
Data provided and/or consented to by the interested parties themselves related and necessary for the management and execution of the requested service/product.

Rights

Right of Access, Rectification and Deletion: interested parties have the right to obtain confirmation as to whether or not the Entity is processing personal data that concerns them. Interested parties have the right to access their personal data, as well as to request the rectification of inaccurate data or request its deletion when, among other reasons, the data is no longer necessary for the purposes for which it was collected.

Right to Limitation and Opposition: in certain circumstances, interested parties may request the limitation of the processing of their data, in which case we will only retain them for the exercise or defense of claims. In certain circumstances and for reasons related to their particular situation, interested parties may object to the processing of their data. The Entity will stop processing the data in this case, except for compelling legitimate reasons, or for the exercise or defense of possible claims.

Right to revoke the consent given: interested parties have the right to withdraw their consent at any time, except in the case of processing of personal data provided for in the Data Protection regulations or necessary for the provision of the contracted service, which do not require such consent. However, this withdrawal does not have retroactive effects, so it will not affect the legality of the processing based on a previously granted consent.

These rights may be exercised through our Data Protection Channel, whose access details are detailed at the beginning of this Policy.

Security and Control Measures

General

In compliance with data protection regulations, the Entity will process personal data by applying the appropriate technical, legal, organizational and security measures, in order to guarantee the confidentiality and integrity of the information it manages in accordance with the provisions of current regulations.

We appreciate that you inform the Data Protection Officer, using the contact details / Channel established in this Privacy Policy, of any security risk, of which you have indications or knowledge, that may compromise the integrity and confidentiality of personal data and / or confidential information, in order to be able to adopt the necessary measures to prevent unauthorized processing, loss, destruction or accidental damage.

Cybersecurity

As a specific and complementary concept to the above, the Entity applies cybersecurity measures to prevent and manage possible attacks and frauds by cybercriminals that violate the privacy and protection of the data that our Entity processes and accesses within the scope of its activities and operations.

In this sense, we want to warn that in the event of possible risk situations due to communications whose content and/or format raise doubts about authenticity, we recommend that you ignore them and contact the Data Protection Officer through the contact information indicated in this Privacy Policy.

Likewise, any request you receive from our Entity regarding changes in payment methods, requests for data or contact persons or confidential (non-public) information, bank and/or credit card data and/or other official data, must not be attended to without direct confirmation from our Entity by another alternative means. We appreciate and need your collaboration in communicating and reporting any notification regarding this type of request and other possible situations of risk of cyberattacks in which our Entity may be used, as well as for any possible security risk that you may be aware of.

Internal Information System

The Entity has implemented an Internal Information System (SIIF), which is configured as a fundamental axis for supervision, control and prevention in the area of regulatory compliance, considering the highest commitment, rigor and professionalism in terms of security, confidentiality, data protection, experience, independence and knowledge in the treatment of communications received.

The internal information channels integrated into the System have been implemented through technical tools, which contemplate all the necessary requirements to provide and guarantee our previous commitments. Likewise, the SIIF guarantees the basic principles of anonymity, adequate registration, conservation and non-alteration, prevention of conflicts of interest, protection of the informant and prevention of retaliation.

Through this System, all informants must report in good faith any indication, suspicion or evidence of possible regulatory non-compliance, crimes, unethical behavior and, in general, non-compliance with the Entity’s protocols, standards and codes of conduct.

Access to the SIIF has been enabled in a separate section of our website.

Supervisory authority

In the event of any disagreement with the Entity regarding the processing of your data, you have the right to lodge a complaint with the corresponding Data Protection Supervisory Authority. In Spain, this Authority is the Spanish Data Protection Agency (www.aepd.es).

Attention and support

Interested persons may communicate to the Entity any questions regarding the processing of their personal data or the interpretation of our Policy, by contacting the Controller (DPO) at the address indicated at the beginning of this Policy.