Privacy Policy
Introduction
This Privacy Policy has been developed considering the provisions of the Organic Law on Protection of Personal Data in force, as well as by Regulation 2016/679 of the European Parliament and the council of April 27, 2016 relating to the Protection of natural persons about the processing of personal data and the circulation of these data, hereinafter the RGPD.
This Privacy Policy is intended to inform the owners of personal data, for which information is being collected, specific aspects relating to the processing of their data, among other things, the purposes of the treatments, contact information to exercise the rights that assist him, the terms of conservation of information and security measures among other things.
Responsible for the Treatment
In terms of data protection, MSTECH EMEA, S.L.U., must be considered as Responsible for the Treatment, in relation to the files / treatments identified in this policy, specifically in the Data Treatments section.
Following are the identifying details of the owner of this website:
Responsible for the Treatment: MSTECH EMEA, S.L.U.
Address: Ctra. BV-2116, Km. 2,5 Clariana 08729
Castellet i la Gornal – Barcelona ( SPAIN)
Email: [email protected]
Data Treatment
The personal data that are requested, if any, must consist only of those strictly necessary to identify and address the request made by the holder thereof, hereinafter concerned. This information will be treated in a fair, lawful and transparent manner in relation to the interested party. Moreover, the personal data will be collected for purposes determined explicit and legitimate, not being treated subsequently so with incompatible with those purposes.
The data collected from each stakeholder will be adequate, relevant and not excessive in relation to the corresponding purposes for each case and will be updated whenever necessary.
The owner of the data will be informed, prior to the collection of their data, of the general ends regulated in this policy to be able to give the express, precise and unequivocal consent for the processing of their data, in accordance with the following aspects.
Purposes of the treatment
The explicit purposes for which each of the treatments are carried out are included in the informative clauses included in each of the data collection channels (web forms, paper forms, locutions or posters and informative notes).
However, personal data of the interested party will be treated with the sole purpose of providing an effective response and meet the requests made by the user, specified next to the option, service, form or data collection system that the owner uses.
Legitimation
As a general rule, prior to the processing of personal data, MSTECH EMEA, S.L.U. obtains express and unequivocal consent from the owner thereof, through the incorporation of informed consent clauses in the different information collection systems.
However, in case the consent of the interested party is not required, the legitimizing basis of the treatment in which MSTECH EMEA, S.L.U. it is the existence of a specific law or norm that authorizes or demands the treatment of the data of the interested party.
Recipients
As a general rule, MSTECH EMEA, S.L.U. it does not proceed to the cession or communication of the data to third parties, except those legally required, however, if necessary, such cessions or data communications are informed to the interested party through the informed consent clauses contained in the different ways of collecting personal data.
Origin
As a general rule, personal data are always collected directly from the interested party, however, in certain exceptions, the data may be collected through third parties, entities or services different from the interested party. In this sense, this end will be transferred to the interested party through the clauses of informed consent contained in the different ways of collecting information and within a reasonable time, once the data have been obtained, and at the latest within a month.
Conservation deadlines
The information collected from the interested party will be kept as long as it is necessary to fulfill the purpose for which the personal data were collected, so that, once the purpose has been fulfilled, the data will be canceled.
Mentioned cancellation will result in the blocking of the data being kept only available to the Public Administrations, Judges and Courts, to attend to the possible responsibilities arising from the treatment, during the limitation period of these, once the period has elapsed, the information will be destroyed.
For information purposes, the following are the legal terms for the conservation of information in relation to different matters:
Documentation of labor nature or related to social security
DEADLINE
4 years
LEGAL REF.
Artículo 21 del Real Decreto Legislativo 5/2000, de 4 de agosto, por el que se aprueba el texto refundido de la Ley sobre Infracciones y Sanciones en el Orden Social
Accounting and tax documentation for commercial purposes
6 years
Art. 30 Commerce Code
Access Control to building
Instruction 1/1996 de la AEPD
Instruction 1/2006 de la AEPD
1 Month
Organic Low 4/1997
Navigation data
In relation to the navigation data that can be processed through the website, in case of data collected subject to the regulations, it is recommended to consult the Cookies Policy published on our website.
Rights of the interested parties
The regulations on data protection grant a series of rights to the data subjects or holders, users of the website or users of the social network profiles of MSTECH EMEA, S.L.U.
These rights that assist the interested persons are the following:
- Access Right: right to obtain information about whether their own data is being processed, the purpose of the treatment being carried out, the categories of data in question, the recipients or categories of recipients, the term of conservation and the origin of said data
- Rectification Right: right to obtain the correction of inaccurate or incomplete personal data.
- Suppression right: the right to delete data on the following assumptions:
- When the data is no longer necessary for the purpose for which they were collected
- When the owner of the same withdraws the consent
- When the interested party opposes the treatment
- When they should be abolished in compliance with a legal obligation
- When the data has been obtained by an information society service based on the provisions of art. 8 point 1 of the European Regulation on Data Protection.
- Opposition right: the right to object to a treatment based on the consent of the person concerned.
- Limitation right: the right to obtain the limitation of data processing when any of the following cases:
- When the interested party challenges the accuracy of the personal data, during a period that allows the company to verify the accuracy of the same.
- When the treatment is illegal, and the interested party opposes the deletion of the data.
- When the company no longer needs the data for the purposes for which they were collected, but the interested party needs them for the formulation, exercise or defense of claims.
- When the interested party has opposed the treatment while it is verified if the legitimate reasons of the company prevail over those of the interested party.
- Right to portability: the right to obtain data in a structured format, commonly used and machine readable, and to transmit them to another controller when:
- Treatment is based on consent
- The treatment is carried out by automated means
- Right to file a claim with the competent control authority.
Interested parties may exercise the indicated rights, by contacting MSTECH EMEA, S.L.U., by writing, sent to the following address: Ctra. BV-2116, Km. 2,5 Clariana 08729 Castellet i la Gornal – Barcelona (SPAIN) indicating in the subject line the right you want to exercise. In this sense MSTECH EMEA, S.L.U. will respond to your request as soon as possible and considering the deadlines provided in the regulations on data protection.
Security
The security measures adopted by MSTECH EMEA, S.L.U. are those required, in accordance with the provisions of article 32 of the RGPD. In this sense, MSTECH EMEA, S.L.U., considering the state and the costs of application and the nature, scope, context and purposes of the treatment, as well as the risks of probability and variable severity for the rights and freedoms of natural persons, has established the appropriate technical and organizational measures to ensure the level of security appropriate to the existing risk.
In any case, MSTECH EMEA, S.L.U. has enough mechanisms in place to:
- Guarantee the permanent confidentiality, integrity, availability and resilience of the treatment systems and services.
- Restore the availability and access to personal data quickly, in case of physical or technical incident.
- To verify, evaluate and evaluate, on a regular basis, the effectiveness of the technical and organizational measures implemented to guarantee the safety of the treatment.
- Pseudonymize and encrypt personal data, if applicable.
