Privacy Policy

• Formalization and maintenance of the employment relationship.
• Management of payroll, contracts, and administrative obligations.
• Work organization and task planning.
• Compliance with tax, labor, and Social Security obligations.
• Working time recording and compliance with labor regulations.
• Making information available to the Labor Inspectorate where required.
• Management of job applications and recruitment processes.
• Assessment of professional profiles.
• Management of internship agreements and training contracts.
• Organization and management of training activities.
• Processing of training subsidies where applicable.
• Compliance with occupational health and safety obligations.
• Management of medical examinations and workplace accidents.

• Performance of the employment contractual relationship.
• Compliance with legal obligations in labor, tax, and Social Security matters.
• Compliance with occupational risk prevention obligations.
• Legitimate interest in internal organization and management.
• Where applicable, the data subject’s consent when required.
• Where health data are processed, such processing is carried out under the applicable labor and social security regulations.

• Identification data (name, ID number, address, telephone, email).
• Professional and academic data.
• Financial and banking data.
• Working time data.
• Health data strictly necessary in the employment context (medical leave, workplace accidents, fitness for work, excluding diagnoses).

• Directly from the data subject.
• From legal representatives or authorized persons.
• Where applicable, from sources derived from the contractual or administrative relationship, or from files related to the request or claim.

• Tax Administration.
• Social Security authorities.
• Labor Inspectorate.
• Financial institutions.
• Mutual insurance entities and insurers.
• External entities providing services as processors, such as labor advisory firms or software providers.

As a general rule, no international transfers of personal data outside the European Economic Area are carried out. Should this occur, compliance with the safeguards required under the GDPR will be ensured.

Data will be retained for as long as necessary to fulfill the purposes described above and, subsequently, for the legally required periods under labor, tax, and Social Security regulations.

Recruitment data will be retained for a maximum period of one year, unless updated earlier by the data subject.

• Supplier and procurement management: orders, contracting, service provision, invoicing, payments, communications, and related administrative management.
• Customer management and service delivery: provision of services or products, invoicing, collections, communications, and related support.
• Administrative, accounting, and tax management: payments, collections, bookkeeping, tax obligations, and management of subsidies or economic relations where applicable.
• Handling requests, complaints, suggestions, and claims: management and response through in-person or electronic channels.
• Exercise of data protection rights: processing and response to requests under the GDPR, including access, rectification, erasure, objection, restriction, and portability where applicable.
• Claims and proceedings: management of liability claims, administrative and judicial proceedings, and legal defense where applicable.

• Performance of a contract or pre-contractual relationship.
• Compliance with legal obligations.
• Legitimate interest in the ordinary management of relationships with contact persons at suppliers or clients, and in handling and responding to requests or claims.
• Consent where necessary.
• Defense of claims and proceedings.

• Identification and contact data (name, surname, ID / Tax ID, address, telephone, email, signature).
• Professional data (position, company, professional contact details).
• Financial and banking data (banking details, invoicing, transactions).
• Data necessary for the management of requests, complaints, or claims.
• Where applicable, information associated with a file or claim.

• Directly from the data subject.
• From legal representatives or authorized persons.
• Where applicable, from sources derived from the contractual or administrative relationship, or from files related to the request or claim.

• Competent public authorities, including the Tax Administration, consumer authorities, or other bodies with jurisdiction.
• Financial institutions.
• The Ombudsman and the Spanish Data Protection Agency (AEPD), where applicable.
• Courts, Tribunals, Law Enforcement authorities, and relevant professionals in the context of proceedings or claims.
• Service providers acting as processors under a GDPR-compliant data processing agreement.

We will retain the data for as long as necessary to fulfill the purpose for which they were collected and, subsequently, for the periods required by applicable accounting, tax, administrative, and limitation regulations.

• Performance of the contractual relationship, in the case of employees or authorized staff.
• Legitimate interest in protecting premises and controlling access.

• Name and surname.
• Identification document, where applicable.
• Access logs (date and time).

• Law Enforcement authorities.
• Courts and Tribunals.

• IT support and incident management: management and resolution of incidents, root cause analysis, ticket tracking, documentation of corrective actions, and improvement of the security and quality of systems.
• Website management: handling web form inquiries, user registrations, navigation administration, user experience improvements, and site security.
• Social media management: administration of corporate profiles, publication of content, interaction with users, and dissemination of institutional or commercial information.
• Communications (WhatsApp or other channels): handling inquiries and requests, and providing information related to contracted or requested services.
• Security incident and breach management: detection, analysis, and documentation of incidents, risk assessment, and compliance with notification obligations to authorities.
• Equality and diversity: prevention, detection, and investigation of harassment situations; ensuring equality, non-discrimination, and regulatory compliance.

• Performance of a contract or pre-contractual relationship.
• Compliance with legal obligations.
• Legitimate interest in ensuring security, the operation of systems, and internal organization.
• Consent where necessary, for example for the use of image or commercial communications.

• Identification data (name, email address, telephone number).
• IP address and browsing data.
• Data included in tickets or support requests.
• Image and/or voice, where express authorization has been given.
• Information related to security incidents.
• Data necessary for internal equality management protocols.

• Directly from the data subject.
• Through web forms.
• Through electronic communications.
• Derived from incident analysis or the use of systems.

• Relevant internal departments.
• Technology providers acting as processors.
• Social media platforms.
• WhatsApp as a messaging service provider.
• Competent authorities, the AEPD, and Law Enforcement authorities where there is a legal obligation.

• For as long as necessary for the purpose for which the data were collected.
• For the limitation periods applicable to potential liabilities.
• In the case of technical incidents, up to a maximum of 5 years in blocked form.
• On social media, while the content remains published, until its removal is requested, or according to the agreement signed between the parties.