Privacy And Data Protection Policy
The personal data provided via the following website located at the URL https://www.hexaingenieros.com/(hereinafter, the “Website”) are going to be treated and processed as described in the following sections:
Who is actually the responsible controller of the processing?
In accordance to the Law No. 34/2002 of July 11, on Information Society Services and Electronic Commerce (hereinafter, LSSI) and in accordance to the General Data Protection Regulation (EU) 2016/679 (hereinafter, GRPD) and the Organic Law 3/2018 on the Protection of Personal Data and the guarantee of digital rights (hereinafter, LOPDGgdd), we hereby inform you that the personal data facilitated in completing and sending the published web form will be included in the database that forms the records of processing activities of HEXA Ingenieros, S.A.with V.A.T.: A-82892886 and social domicile in Calle Sierra de Cazorla, 1 – 28290 Las Rozas, Madrid
Which kind of user data will be required and treated?
HEXA INGENIEROSwill process the following categories of personal data of the User:
- Identifying data: name and surnames.
- Personal or professional contact data: postal address, e-mail address, phone number.
- Other data: every additional information provided by the data subjects to fostering trade relations and mutual interests.
Under which purpose and legal basis do we process your data?
- Management of the contact requests and information provided via the e-mail address or web form. Legitimacy: Data subjects consent given to the processing and interests pursued (Art. 6.1 a) and f) GDPR).
- Management of the contractual relationship established among the User and HEXA INGENIEROS and perform the binding agreement between the Parties. Legitimacy: Performance of a contract (Art. 6.1 b) GDPR).
- To comply HEXA INGENIEROSwith mandatory obligations stated by law. Legitimacy: Legal compliance (Art. 6.1 c) GDPR).
- Management the existent commercial relationship between the User, as professional contact and representative of a legal entity, and HEXA INGENIEROS, including the sending of commercial information, relevant news, events, expos and fairs and further information concerning similar services to the signed up. Legitimacy: Legitimate interests pursued (Art. 6.1 f) GDPR).
- Management of the Newsletter, corporate magazine and other information bulletins for subscribers of these. Legitimacy: Data subjects consent given to the processing and interests pursued (Art. 6.1 a) GDPR).
- Processing of the employment applications and the recruitment and hiring processes. Treatment of the CV’s, academic and professional information and other relevant documentation. Legitimacy: Legitimate interests pursued by the Parties in establishing an initial professional contact (Art. 6.1 f) GDPR).
To whom do we disclose personal data?
HEXA INGENIEROSwill only transfer personal data to:
- Those thirds, public bodies and institutions of the General State Administration, as well as autonomous and local administrations, including judicial courts and tribunals, being legally compelled to disclose the information required.
- Partner companies of HEXA INGENIEROSin order to properly manage and perform the contractual relationship with you.
- To service suppliers and providers contractually tied to HEXA INGENIEROS, in order to treat the data as Processors for the sole purpose of the processing described, in accordance to the instructions given by HEXA INGENIEROSand with the necessary guarantees and safeguards.
How much time will be the data retained and treated?
The personal data provided to comply with the obligations arising out of the commercial relationship between
the User and HEXA INGENIEROSshall be retained for the same term of the binding agreement; and after the end of the commercial and contractual relationship, the data will still be maintained for the time limit stated for prosecution that might arise from the relations with the User.
Nevertheless, if you as data subject have facilitated the information in order to commercial prospecting purposes based on legitimate mutual interests pursued, the data shall be necessary stored till the moment you decide to revoke the consent given.
Which security measures are implemented to protect your personal data?
The data processing will be adapted to technical and organisational measures required to prevent and avoid loss of information, misuse, alteration and unauthorized use of the received data, bearing in mind the state of the technology, the nature of the information and the results of the risk analysis performed.
How can I exercise my data subject’s rights?
To revoke all consents given, as well as exercise the rights to access, rectification, erasure, restriction of processing, portability, object and not to be subject to a decision based on automated processing, including profiling, you may always communicate in writing to the following address:Calle Sierra de Cazorla, 1 – 28290 Las Rozas, Madridor via mail at firstname.lastname@example.org
The request shall be submitted including: name and surnames of the data subject; copy of the identity card, passport or any other valid identification document of the person concerned and, where applicable, his legal authorised representative, providing power of attorney; address for notification purposes and specification of the subject of the request.
If the person concerned considers that his rights have gone unheeded in accordance to the legislation in force, the data subject may submit the related complaint to the Spanish Data Protection Agency, as supervisory authority.