Data processing policy

As of May 25, 2018 the General Data Protection Regulation (hereinafter, "GDPR") is applicable and in the companies that make up GRUPO ESPIRAL[1] we value and care about your privacy and the protection of your data.

In this Data Processing Policy we explain what personal data we collect and how we use it. We have tried to write it in a clear and simple way, to make it easy to understand so that you can freely and voluntarily decide whether you wish to provide your personal data or that of members of your organization to ESPIRAL.

 

PERSON IN CHARGE OF THE TREATMENT

Identity of the responsible: ESPIRAL MICROSISTEMAS S.L.U.

NIF/CIF: B33848789

Address: Espacio Tecnológico de El Molinón - Estadio de El Molinón, 100 - C.P. 33203 Gijón (Asturias)

Telephone: 985 099 215

If you have any questions regarding the processing of your personal data, please write to : dpo@espiralms.com

 

DATA WE COLLECT

We collect, store and process personal data necessary for the provision of our services, ensuring that it is adequate, relevant and not excessive for the legitimate purpose of the processing. In particular, the information we collect is:

  • Information about our necessary to provide them with the services contracted with us, including identification and contact information, business, financial and banking data. Although most of this information is of a business nature, personal data may be included, mainly referring to the contact personnel of our client companies.
  • Information about our suppliers, including identifying and contact information, financial and banking data, necessary to manage the services they provide to us. Although most of this information is of a business nature, personal data may be included, mainly concerning the contact personnel of our suppliers.
  • Information of our Partners or external collaborators necessary for the management of the projects that we carry out together, including identification and contact information, professional, economic and banking data. Although most of this information is of a business nature, personal data may be included, mainly concerning the contact personnel of our business partners.
  • Internally, Espiral collects, stores and processes the personal data of our employees, among which we include all the information necessary to manage the employment relationship that unites us and comply with legal obligations in this area. This information includes, but is not limited to, employees' identification, contact, banking or training data.
  • The information of the users of our training services, necessary to provide them with training services, including identification and contact information, academic and professional, financial and banking data, necessary to provide our services and for our operational and business purposes.

In all cases, the interested parties guarantee and are responsible, in any case, for the truthfulness, accuracy, validity and authenticity of the Personal Data provided, and undertake to keep them duly updated.

 

ACCESS TO PERSONAL DATA

For the proper development of the services we provide, the personnel of the GRUPO ESPIRAL may have access to information and certain personal data, mainly contact information, contained in the files. In these cases,  ESPIRAL undertakes that both the company and its staff will maintain the confidentiality and security of such data, for which it will adhere to the necessary confidentiality commitments and external processing contracts.

 

PURPOSE OF TREATMENT

The processing of the personal data we collect is for the following purposes:

  • to manage the provision of the requested and/or contracted service
  • manage the employment relationship that binds us
  • manage commercial communications, by mail or electronic means, in cases where the user has the option to unsubscribe, about new products and/or services offered by ESPIRAL.
  • Manage the subscription to the newsletter and subsequent sending of the same.
  • Invitations to participate in our events, webinars and presentations
  • manage contact requests with ESPIRAL through the channels provided for this purpose on our corporate or product website or through our apps.

 

SPIRAL COMMITMENTS:

  • We only request personal information that is really necessary to provide you with the services you require.
  • We never share personal information about our users with anyone, except to provide you with the best service, to comply with the law or if we have your express authorization.

We will never use your personal data for any purpose other than that expressed in this privacy policy.

 

LEGITIMACY

The legal basis for the processing of your personal data is the consent given at the beginning of the business, employment or professional relationship or the execution of the contract that binds us. The user's consent to the processing and transfer of their data may be revoked at any time by sending a request to the following address  dpo@espiralms.com

In relation to the purpose of keeping you informed of news related to us or our services, the legal basis that allows us to perform such treatment is based on your express consent, which you gave us at the time you started your relationship with ESPIRAL.

 

WHEN DO YOU PROVIDE US WITH YOUR PERSONAL DATA?

  • When we enter into a contractual relationship.
  • When you use our Proactivanet tool.
  • Attending or subscribing to one of the courses we offer.
  • Participating in a promotion, event, fair, seminar or congress.
  • By submitting your CV in paper format or by electronic means.
  • Filled out the contact form on our website.
  • By subscribing to our newsletter.
  • Through our Social Networks[2].

 

RIGHTS

You have the right:

- from access to your personal data

- to request the rectification of inaccurate data

- to request its deletion when, among other reasons, the data is no longer necessary for the purposes for which it was collected.

- In certain circumstances, you may request the limitation of the processing of your data, in which case we will only keep them for the exercise or defense of claims.

- Also, and under certain circumstances and for reasons related to your particular situation, the interested parties may oppose to the processing of your data. In this case ESPIRAL will stop processing the data, except for compelling legitimate reasons, or the exercise or defense of possible claims.

- As a data subject, you have the right to  dataportability , and you have the right to have personal data transmitted directly from data controller to data controller where technically feasible.

 

WITH WHICH THIRD PARTIES DO WE SHARE YOUR DATA?

In order to offer you the best service, we could only share your data with the ESPIRAL GROUP companies that geographically can carry out the contractual obligations that bind us in a more efficient and effective way. The treatment that the ESPIRAL Group companies give to the personal data provided is absolutely confidential, since they will apply the same security measures that apply to all group companies, and will be carried out according to the purposes indicated above.

We will never sell or transfer your data to third parties unless you expressly authorize us to do so or we are required to do so by law or judicial authority.

As indicated above, in some situations we work with partners or collaborators who provide part of our services. These providers may only use your information to provide the corresponding services. Therefore, they may not use such information for their own purposes or pass it on to third parties.

 

WHERE IS YOUR DATA STORED?

We use various applications to process certain data. To ensure your privacy, these applications are subject to strict regulations, with most data being stored within the European Union. With respect to data that is sent to non-EU countries, we only use companies that offer sufficient protection in accordance with European legislation. In some cases we rely on suppliers that have Binding Corporate Rules, or have adhered to "Privacy Shield". Also, in order to send data to other countries and third parties, we use Standard Contractual Clauses and Binding Corporate Rules.

 

SECURITY AND CONFIDENTIALITY OF YOUR DATA

In ESPIRAL we have a high commitment with the security of the information that we handle, and with the fulfillment of the legal requirements that are applicable to us. 

In this sense, to ensure the confidentiality, availability and integrity of the information we handle (and, in particular, of personal data), as well as the systems, networks, applications and databases used for its treatment, in ESPIRAL:

  • We periodically carry out risk assessments of information security and personal data protection risks, analyzing our risk situation and defining action plans accordingly.
  • We have ISO 27000 certification issued by AENOR.
  • An Information Security Policy has been defined and we have internal Data Protection procedures that must be complied with by the different parties involved in the processing of information.
  • Awareness-raising and training actions have been developed for the organization's internal personnel, necessary to ensure compliance with these policies and procedures.

In the event that, as a user or affected party, you detect any incident or security violation, or any vulnerability that may be affected, ESPIRAL makes available to those affected the address: dpo@espiralms.com, through which you can make the communications that are considered appropriate or necessary for the improvement of the security of our information and systems.

 

HOW LONG DO WE KEEP YOUR DATA?

The user's data will be kept for the time necessary to fulfill each purpose, the applicable laws, contractual obligations and the expectations and requirements of our customers or until the user requests ESPIRAL to unsubscribe, opposes or revokes his/her consent.

 

CHANGES TO OUR PRIVACY POLICY

In the event that our data protection policy should vary as a result of legislative changes or criteria emanating from the Spanish Data Protection Agency, you will be duly informed of any variation that may be necessary to comply with the law.

 

[1] You can access the identity of the group's companies on the website www.espiralms.com or on the website www.proactivanet.com.

[2] If you wish to control the information we automatically obtain from social networks, you can do so through your profile options in each of the social networks where you have an account. To do this, you must log in to the social network and manage from your user profile the information that you allow the network to make public and who you allow to access it.