Main purposes for data processing:
MAIN LEGAL GROUNDS FOR PROCESSING
ORIGIN OF DATA
WHO IS RESPONSIBLE FOR PROCESSING YOUR PERSONAL DATA?
The Data Controller responsible for processing your personal data is “NEXE THE WAY OF CHANGE GROUP” (“NEXE THE WAY OF CHANGE, S.L.”; “NEXE THE WAY OF CHANGE IBERIA, S.L.”; “NEXE KNOWLEDGE & CHANGE, S.L.”; “ARISE CULTURE AND LEADERSHIP, S.L.”; and “MOSTAZA COMUNICACIÓN, S.L.”) (hereinafter referred to as the “Data Controller”).
- Address: Avenida Diagonal número 440, planta 5ª, código postal número 08037, Barcelona (Spain).
- Telephone: +34 93 467 71 31
- E-Mail: firstname.lastname@example.org
WHAT CATEGORY OF PERSONAL DATA DO WE PROCESS?
The Data Controller shall request, solely and exclusively, such information as is appropriate, relevant and strictly necessary in relation to the purposes for which they are processed.
The categories of data being processed are as follows:
- Identifying data: Name and surname, identification document, address (postal and electronic), photograph, signature and phone number.
- Special categories of data: health data (sick leave, accidents at work and degree of disability, not including diagnoses) and biometric data.
- Personal characteristics data: Sex, marital status, nationality and age.
- Academic and professional data: Qualifications, training and professional experience.
- Attendance data: date/time of entry and exit, reason for absence.
- Economic and financial data: Economic data related to payroll, tax deductions of income corresponding to the previous workplace (if applicable), other deductions (if applicable). Bank details.
All information provided will be presumed to be true, accurate and correct. In order to keep your personal data properly updated, you will need to inform us of any changes to them. Otherwise, we cannot be held responsible for the veracity of the information.
When data is requested to process your requests, you will be informed of the necessary nature of the data considered essential. If this mandatory data is not provided, it will not be possible to process the request made.
FOR WHAT PURPOSES DO WE PROCESS YOUR PERSONAL DATA?
The Data Controller will process your data, in a lawful, loyal and transparent manner, whether by automated procedures or not, for the following determined and explicit purposes:
- To manage any type of enquiry, claim, question or need for information raised through the website and/or social networks.
- To manage the purchase of products and/or services.
- To provide general consultancy services for companies and other natural and legal persons. To carry out the invoicing of the services rendered and manage the payment of the same.
- To carry out satisfaction surveys on the services provided.
- To extend invitations to meetings, conferences and commercial and corporate events.
- To send newsletters with commercial and corporate news.
- To manage all the legal and administrative procedures involved with the company's staff, formalize contracts, process payrolls, social insurance,
- occupational risk prevention, health surveillance and training.
- To respond to requests to participate in our selection processes and job offers.
- To ensure network and information security.
- To ensure the safety of people, goods and facilities.
- To maintain appropriate technical and organizational measures to prevent security breaches.
WHAT IS THE LEGAL BASIS FOR THE PROCESSING OF YOUR PERSONAL DATA?
The Data Controller will process your data in accordance with the following legal bases:
- Execution of a contract for commercial relations with collaborators, clients and suppliers, and for the working relationship with workers (HR management, preparation of labour contracts and payrolls, company control, training, etc.).
- Application of pre-contractual measures for commercial relations with potential clients.
- Compliance with legal obligations to address occupational risk prevention and health surveillance, daily recording of working hours, security breaches and ARCO+ rights.
- Express consent for the selection process of candidates for a position in the company, sending satisfaction surveys, newsletters and invitations to meetings, conferences and commercial and corporate events.
- Express and explicit consent for the use of the worker and/or collaborators' fingerprint access control system.
- Legitimate interest in attending to queries made through the forms on the website and/or social networks and guaranteeing the security of the network and the information.
- Public interest to ensure the safety of people, goods and facilities of the Company.
HOW LONG DO WE KEEP YOUR PERSONAL DATA?
In accordance with the principle of minimization and limitation of the retention period, the personal data provided will be kept for a period of time that is reasonably necessary to fulfil the specific purpose and/or purposes for which they are collected and for as long as the commercial relationship is maintained.
Once the relationship has ended, the data will be kept for the period of time that is appropriate in order to comply with the statute of limitations for possible infringements of data protection, as well as the statute of limitations provided for in other regulations that may apply, but duly blocked before destruction.
Any CVs that are received will be destroyed if they do not fit the profiles required by the Data Controller, or will be kept for as long as they may be considered useful for future selection processes for the company or a client. If this were to occur, the corresponding person would be informed and their consent asked at the appropriate time.
TO WHOM DO WE GIVE YOUR PERSONAL DATA?
Your personal data may be transferred/communicated to the following recipients:
- Possible clients or customers who are interested in the people who will provide certain services (candidates, internal and external team of the Company).
- Competent public bodies, Tax and Social Security Administrations, Courts and Tribunals when so required by tax, accounting, financial, commercial-corporate, labour, social security or other applicable regulations.
- Companies in charge of data processing, such as suppliers that provide services to the Data Controller (payroll companies, occupational risk prevention companies, etc.).
IS YOUR PERSONAL DATA TRANSFERRED INTERNATIONALLY?
No international transfers of any kind will be made at this time. The servers of our website are located in Spain and appropriate security measures are taken to ensure its integrity, confidentiality and availability.
If the Data Controller has to carry out international data transfers, these will be carried out either to countries with an adequate level of protection according to the European Commission (a list of these countries is available at - Link 1 - and - Link 2 - ) or to countries in which the Company has implemented sufficient guarantees to ensure the privacy of the information (for this purpose, one of the contractual models of data transfer approved by the European Commission is used, which can be found in Link 1 and Link 2). In any case, third parties with whom certain personal data is shared must provide prior evidence of having adopted the appropriate technical and organisational measures for the proper protection of such data.
WHAT RIGHTS ARE YOU ENTITLED TO IN TERMS OF PERSONAL DATA PROCESSING?
You are entitled to the rights set out in Article 7 and 13 to 22 of the GDPR, and Articles 6 and 11 to 18 of the LOGPDGDD:
- The right to obtain information about the processing of your personal data.
- The right to request access to your personal data.
- The right to request the rectification of your personal data.
- The right to request the erasure of your personal data.
- The right to request the limitation of the processing of your personal data.
- The right to request the portability of your personal data.
- The right to request to oppose the processing of your personal data.
- The right to request not to be subject to a decision based solely on the automated processing of your personal data.
- The right to withdraw consent.
You may exercise these rights at any time and free of charge either by sending a written communication to “NEXE THE WAY OF CHANGE GROUP”, with registered office in Barcelona, Avenida Diagonal, número 440, planta 5ª, código postal número 08037 or by contacting us at email@example.com.
SPANISH DATA PROTECTION AGENCY
You can use the documents and forms related to the rights referred to in the previous section by going to the official website of the Spanish Data Protection Agency (AGPD).
Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing, as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the Data Controller shall implement appropriate technical and organisational measures in order to ensure and be able to demonstrate that the processing is in accordance with the GDPR and the LOPDGDD, and to prevent any breach of security resulting in the accidental or unlawful destruction, loss or alteration of personal data transmitted, stored or otherwise processed, or the unauthorised communication of or access to such data.
However, you are warned and informed that technical measures are not infallible or impregnable, which is why the Data Controller cannot be held responsible for such practices or their consequences, especially the presence of viruses or other elements or damage that may result from the presence of viruses, the connection or downloading of content from the website that cause alterations in computer systems (hardware and software).
MODIFICATION OF SECURITY MEASURES
© 2019 “NEXE THE WAY OF CHANGE GROUP” Total or partial reproduction is prohibited. All rights reserved.