SUMIPAR S.A. (hereinafter "SUMIPAR" or "the Entity") is a member company of the SICE Group, whose organizational and centralized management structure implies the application of a data protection policy at the Group level. In this sense, the processing of personal data of SUMIPAR will be included in the details in the data protection information of SICE Group and that the interested parties can consult here.
In all cases, SUMIPAR will operate in accordance with the commitments of responsibility and compliance with the data protection regulations implemented under the General Data Protection Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and the free movement of such data (GDPR) and the Organic Law 3/2018 on Data Protection and Guarantee of Digital Rights (LOPDGDDD). In cases where different local regulations apply, the corresponding additional requirements will be incorporated into the operations and activities of SUMIPAR.
By virtue of the foregoing, the interested parties are informed about the processing of personal data carried out within the framework of the activities of the Entity, as well as the rights of data protection and the attention mechanisms and support enabled in this matter.
The names and contact details of the Data Controller and the Data Protection Officer are as follows:
Entity: SUMIPAR S.A.
Address: c/ de Santa Creu de Calafell 47 B, 08830, Sant Boi de Llobregat, Cataluña, Spain
Telephone: +34 931 983 072
Data Protection Officer (DPO): email@example.com
SCOPE OF APPLICATION
This data protection information refers to the processing of personal data collected within the framework of the activities and operations of the SICE Group through the various contact mechanisms available and which are processed for the purposes listed in the "Purposes" section.
Below, we list the groups for which we collect and process personal data.
- Shareholders and investors
- Data of freelancers (suppliers or collaborators)
- Personnel provided by the Temporary Staffing Agencies
- Persons who come to the Entity’s offices and facilities
- Persons who communicate with the Entity for any reason
- Own legal representatives
- Legal representatives and contact persons of clients / awarded authorities
- Legal representatives and supplier contact persons
- Legal representatives and contact persons of Collaborating Entities for the execution of research projects or the provision of products and services
- Legal representatives, contact persons and staff of Collaborating Entities for the formalization and management of agreements for the Temporary Union of Companies (UTE in Spanish)
- People involved in SUMIPAR projects for the purposes of coordination and compliance with regulatory requirements and prevention of occupational hazards
- Interested parties whose intervention is necessary in the field of provision of products and services as Data Controller
- Users of the regulatory compliance mechanisms implemented by the Group
- Directly from data subjects: personal data is collected directly from the data subjects when they send an e-mail, contact us by telephone, fill-out a form, send their CV, complete a questionnaire, as well as when it is necessary to formalize an agreement of any kind, or to request assistance through the channels provided for this purpose.
- Provided by third parties: likewise, personal data may be collected when provided to us by a third party in the framework of the management and fulfillment of a contract for the provision of services and for the coordination of regulatory requirements associated with it, a Temporary Union of Companies agreement and the implementation of the project associated with it, an agreement or contract for the purposes of hiring personnel or to carry out a previously requested and / or informed management.
- Processors: may collect, access, and process personal data as Processors on account of the services provided to their clients.
This data processing will be governed by the data protection policies and information provided by the Data Controller in question.
PURPOSES OF THE PROCESSING
We will always maintain, use and disclose personal information within the limits of the data protection regulations in force and for the following purposes:
- Manage your attendance, visit and meetings in our facilities.
- Manage any type of request, suggestion, request or claim about the different products and services provided by SUMIPAR that the interested parties make to us on their own behalf or on behalf of an entity.
- Manage the relationship with our shareholders and investors.
- Manage the provision and performance of the services and products contracted or that have been awarded to us.
- Comply with the requirements of coordination and regulatory compliance, especially with regard to the prevention of occupational hazards in the framework of the provision of services and products and in health matters.
- Formalize and manage the relationship with the Entity's suppliers and collaborators.
- To form and manage the agreements of a Temporary Union of Companies (UTE in Spanish) in which we participate.
- To send informative and commercial communications with the purpose of informing recipients about upcoming events in which the Entity will participate, activities, articles on innovations related to the sector and the solutions provided, as well as general information related to our services and products that may be of interest to you.
The reception of our communications may be canceled at any time through the channel www.dataprotect-line.com/sice or by unsubscribing from them through the link provided in the communication itself.
- Manage the data provided by job candidates for selection and recruitment purposes.
- Formalize, develop, maintain and fulfill our obligations acquired by virtue of a labor or professional relationship or an agreement with a third party.
- To manage and control the operation of the internal mechanisms, policies and protocols established by the SICE Group for the purposes of regulatory compliance and preventing criminal liability, especially from the channels for complaints.
- Guarantee the security of offices, facilities and people through access controls, video surveillance systems and other access control / identification systems.
- Comply with the legal provisions that apply to the Entities and their activities.
- All those data processes that are applicable to us for due compliance with the regulations and official / sector requirements to which our activity is subject.
LEGAL BASES FOR PROCESSING
The legal bases that enable the processing of personal data within the framework of the activities and operations of the Entity are as follows:
- The consent of the interested persons for the processing and management of any request for information or consultation about our services, products and / or activities.
- The framework of contracting and/or awarding of services or products provided by SUMIPAR, as well as compliance with the legal obligations associated to them.
- The contracting framework of our suppliers.
- The legitimate interest to carry out checks for due diligence purposes and the formalization and management of agreements to establish a Temporary Union of Companies (UTE in Spanish).
- The legitimate interest to understand and analyze at the Group level and at the individual level of the Entity the development of the different lines of business, improve the products and services and enhance the corporate development of the Group.
- The legitimate interest to send informative and commercial communications related to our activity and services and products offered through e-mail or any other means.
- The legitimate interest to guarantee the security of the offices, facilities and people.
- The consent granted by the candidate when registering for our job offer(s) and the legitimate interest of the organization to include it in other selection processes of the companies of the Group as long as it fits the professional profile of the candidate.
- The fulfillment of the labor, professional contract and / or agreement formalized with training entities.
- The legitimate interest for the implementation of a regulatory compliance system, as well as to comply with security requirements and commitments to ethics and sustainability.
- The fulfillment of the requirements and obligations bequeathed to which the activity of the Entity refers.
DATA STORAGE CRITERIA
- Management of contracted / awarded solutions: the personal data included in the contracts,offers and / or service proposals, as well as those of the rest of the people whose intervention is necessary in the established contractual relationship, will be kept for as long as they are in force for the agreements for the provision of services / products. At the end of the relationship, the personal data will be kept in the cases that responsibilities may arise between the parties or in compliance with other regulatory frameworks that are applicable to it and that require their conservation.
- Curriculum Vitae Management: as a general rule we keep your Curriculum Vitae for a maximum period of one year; once this period has concluded, it will automatically proceed to its destruction, in compliance with the data quality principle.
- Management of Employment Contracts, Internship Agreements and / or contracts formalized with Temporary Employment Companies: personal data will be kept, in any case, for as long as the employment relationship is in force, the time agreed in the internship agreement or in the contract formalized with the Temporary Employment Company and, at the end of the same, in the assumptions that responsibilities may arise between the parties and when required by a regulation with the force of law
- Others: the rest of the data and information provided by the interested parties by any measure, will be kept for as long as is necessary to fulfill the purpose for which they were collected and within the framework of responsibility and regulatory compliance that they have associated.
SECURITY AND CONTROL MEASURES
SICE Group, and, therefore, the Entity, in compliance with its commitment to compliance with data protection regulations, will keep personal data in a way that allows the identification and exercise of Rights by those affected and, under the legal and organizational technical measures that we detail below:
- Appointment of a Group Data Protection Officer (DPO).
- Training and sensitization of staff on data protection and information security.
- Implementing policies and protocols of action in the field of data protection.
- Formalization of contracts for the Data Processing Manager with all third parties that have access and process data on our own.
- Implementation of access control policies to resources and systems, identification and authentication policies, as well as delegation of authorizations to users according to the functions they perform.
- Backup and backup of our information and personal data.
- Audit and periodic data protection controls by an external expert.
- Independent security certifications in order to maintain continuous approval in line with international standards for information security (ISO / IEC 270019).
SUMIPAR, whenever necessary to achieve the purposes described above, will share personal data with the following third parties:
- Companies of the SICE Group: when necessary for the correct management of a contract for providing services or products, for managing the Group on account of its centralized organizational structure, as well as to share data of candidates whose profiles may fit in vacancies of the Entities.
- Collaborating entities: when their participation is required within the framework of a contract and / or agreement for the provision of products and services established with our clients or a public entity. Likewise, personal data may be communicated within the framework of a Temporary Union of Companies agreement for the execution of a project.
- Suppliers: personal data may be communicated to different suppliers due to the provision of services by them that requires access and processing of personal data, such as, for example, providers of consulting and legal advice services, providers of advice in labor, tax and accounting matters, providers of software and maintenance services, etc.
- Attorneys: if their intervention is required due to a judicial proceeding.
- Administrations and public bodies in compliance with applicable regulations (labor, occupational risk prevention, tax, accounting, data protection, etc.)
- Courts and Tribunals and the State Security Forces and Bodies: personal data will be communicated to these entities whenever it is officially required.
Apart from the previously detailed assumptions, no personal data will be communicated to third parties, except in compliance with a legal provision.
INTERNATIONAL DATA TRANSFERS
By virtue of its international character, the Entity provides its products and services through teams located in different parts of the world, including countries where data protection laws are different from those of the European Union. When necessary for regulatory compliance requirements or for the provision of products or services offered by the Entity, personal data may be communicated to our teams or to third parties located outside the European Union.
Interested parties can request information about the international transfer of their personal data by exercising their access rights or by contacting the DPO through the specific contact mechanisms that the Group has enabled for this purpose.
Right of Access, Rectification and Deletion: interested persons have the right to obtain confirmation about whether SUMIPAR is treating personal data that concerns them, or not, as well as to request the rectification of inaccurate data or request its deletion when, among other reasons, the data is no longer necessary for the purposes for which it was collected.
Right to Limitation and Opposition: in certain circumstances, the interested parties may request the limitation of the processing of their data, in which case, we will only keep them for the exercise or defense of claims or when necessary in compliance with a law. Likewise, in some cases and for reasons related to their particular situation, the interested parties may object to the processing of their data. We will stop processing the data in this case, except for compelling legitimate reasons, or for the exercise or defense of possible claims.
Likewise, the interested parties may revoke the consent granted for the processing of data for specific purposes, such revocation not producing retroactive effects.
Interested persons may exercise their data protection rights by writing to the postal address Calle Sepúlveda, 6, P.I. Alcobendas, 28108 - Alcobendas (Madrid) or through the email www.dataprotect-line.com/sice. Likewise, if you do not receive a reply from us within a month, you may complain to the Control Authority (Spanish Agency for Data Protection: www.agpd.es).
In order to act diligently in the face of possible data protection risks, the interested parties may communicate any indication or knowledge they may have of possible security violations (breaches) and / or possible irregularities regarding the Data Protection regulations or the policies and commitments of the Entity through the channelwww.dataprotect-line.com/sice.
ATTENTION AND SUPPORT
UPDATES AND MODIFICATIONS
SUMIPAR reserves the right to modify and / or update the information on data protection, when necessary for the correct compliance with the regulations in this matter. If there is any modification, the new text will be published in this same section of the website.
In each case, the relationship with users will be governed by the rules provided at the precise momentin which the website is accessed.