PRIVACY POLICY:
1. DATA CONTROLLER
The Data Controller is GARCIA FIESTAS S.L. (hereinafter DISFRAZZES), C/ Valladolid, N5, 03440, Ibi (ALICANTE).
2. Privacy principles
At DISFRAZZES, we're committed to working continuously to guarantee privacy in the processing of your personal data, and to offer you the most complete and clear information that we can at all times.
We encourage you to read this section carefully before providing us with your personal data.
If you're under fourteen years of age, we ask you not to provide us with your data without parental consent.
In this section, we explain how we process the data of those who have a relationship with our organisation. Starting with our principles:
- We do not request personal information, unless it is required to provide you with the services you require.
- We never share personal information with anyone, except to comply with the law, or if we have your express authorization.
- We will never use your personal data for purposes other than those expressed in this privacy policy.
- Your data will always be processed with a level of protection that complies with data protection legislation, and it will not be subject to automated decisions.
We have drafted this privacy policy taking into account the requirements of current data protection legislation:
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons (GDPR).
- Organic Law 3/2018, of 5 December, on the Protection of Personal Data and Guarantee of Digital Rights (LOPD).
- Royal Decree 1720/2007, of 21 December (RLOPD).
This privacy policy was written on 6 December 2018.
Due to the modification of processing criteria, in order to facilitate its understanding or to adapt it to current legislation, it is possible that we may modify this privacy policy. We will update the date of the same so that you can check its validity.
3. What we process
a) Processing of People's Rights to Access, Rectification, Cancellation and Opposition (ARCO)
Legal Basis: GDPR: 6.1.c) Processing is necessary for compliance with a legal obligation to which the controller is subject.
General Data Protection Regulation.
Purposes of the Processing: Responding to requests in the exercise of the rights established by the General Data Protection Regulation.
Collective: Natural persons who request it (employees, clients, suppliers, contact persons)
Data Categories: Name and surname, address, signature, and telephone number.
Categories of Recipients: They may be communicated to the Supervisory Authority (the Spanish Data Protection Agency) within the framework of an investigation into the protection of rights initiated by the data subject.
International Transfers: No international transfers of data are planned.
Erasure Period: Data will be kept for a period of five years from the moment of the request.
Security Measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.
b) Processing of the Candidate Selection Processes (HR)
Legal Basis: GDPR: 6.1.b) Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
Purposes of Processing: Personnel selection and provision of jobs.
Collective: Candidates applying for vacancy procedures.
Data Categories: - Name and surname, DNI/CIF/Identification document, personnel registration number, address, signature, and telephone number.
- Personal data: Sex, marital status, nationality, age, date and place of birth and family data.
- Academic and professional data: Degrees, training and professional experience.
- Job detail data.
Categories of Recipients: No transfers of data to third parties are planned.
International Transfers: No international transfers of data are planned.
Erasure Period: Data will be kept for the time necessary to fulfil the purpose for which it was collected and to determine the possible responsibilities that may arise from said purpose and from the processing of the data.
Security Measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.
c) Processing of the Suppliers
Legal Basis: GDPR: 6.1.b) Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
GDPR: 6.1.c) Processing necessary for the fulfilment of a legal obligation to which the controller is subject.
Royal Legislative Decree 2/2015, of October 23, which approves the revised text of the Workers' Statute Law.
Law 58/2003 of 17 December, General Tax.
Purposes of the Processing: - Acquisition of products and/or services that we need for the development of our activity.
- Control of subcontractors, if applicable.
Collective: - Suppliers.
- Employees of our suppliers.
Data Categories: - Name and surname, DNI/NIF/Identification document, address, signature, and telephone number.
- Employment detail data: job position. Training in occupational safety.
- Economic, financial and insurance details: Bank details.
Categories of Recipients: - Financial entities. (Bill payment)
- State Tax Administration Agency.
International Transfers: No international transfers of data are planned.
Erasure Period: Data will be kept for the time necessary to fulfil the purpose for which it was collected and to determine the possible responsibilities that may arise from said purpose and from the processing of the data, in accordance with Law 58/2003, of 17 December, General Tax,
Security Measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.
d) Processing of Customers.
Legal Basis: GDPR: 6.1.a) The data subject has given consent to the processing of their personal data for one or more specific purpose.
GDPR: 6.1.b) Processing necessary for the execution of a contract to which the individual concerned is party or for the application at the latter's request of pre-contractual measures.
GDPR: 6.1.c) Processing necessary for the fulfilment of a legal obligation to which the controller is subject.
GDPR: 6.1.f) Processing is necessary for the purposes of the legitimate interests of the data controller.
Royal Legislative Decree 2/2015, of 23 October, which approves the revised text of the Workers' Statute Law.
Law 58/2003 of 17 December, General Tax.
Purposes of the Processing: Supply of our products/services
Collective: Customers
Data Categories: - Name and surname, DNI/NIF/Identification document, address, signature, and telephone number.
- Economic, financial and insurance data: Bank details
Categories of Recipients: - Financial entities.
Spanish Tax Administration Agency.
International Transfers: No international transfers of data are planned.
Erasure Period: Data will be kept for the time necessary to fulfil the purpose for which it was collected and to determine the possible responsibilities that may arise from said purpose and from the processing of the data, in accordance with Law 58/2003, of 17 December, General Tax,
Security Measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.
c) Processing of the Employees
Legal Basis: GDPR: 6.1.b) Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
GDPR: 6.1.c) Processing necessary for the fulfilment of a legal obligation to which the controller is subject.
Royal Legislative Decree 2/2015, of October 23, which approves the revised text of the Workers' Statute Law.
Purposes of the Processing: - Management of hired personnel.
- Personal file. Timekeeping. Training. Pension plans. Occupational health and safety.
- Issuance of staff payroll.
- Management of union activity.
Collective: Employees
Data Categories: - Name and surname, DNI/CIF/Identification document, personnel registration number, Social Security/Mutual Insurance number, address, signature, and telephone number.
- Special categories of data: health data (sick leave, occupational accidents and degree of disability, not including diagnoses), trade union membership, for the sole purpose of payment of trade union dues (if applicable), trade union representative (if applicable), own and third party proof of attendance
- Personal data: Sex, marital status, nationality, age, date and place of birth and family data. Family circumstances data: Date of registration and deregistration, licences, permits, and authorisations.
- Academic and professional data: Degrees, training and professional experience.
- Data on employment details and administrative career. Incompatibilities.
- Presence monitoring data: date/time of entry and exit, reason for absence.
- Economic-financial data: Economic data on pay, credits, loans, guarantees, tax deductions of assets corresponding to the previous job position (if applicable), judicial retention (if applicable), other retentions (if applicable). Bank data.
Categories of Recipients: - Entity entrusted with the management of occupational risks.
- General Social Security Fund.
- Union organizations.
- Financial entities.
- Spanish Tax Administration Agency.
- Main contractors we provide services to as subcontractors.
International Transfers: No international transfers of data are planned.
Erasure Period: Data will be kept for the time necessary to fulfil the purpose for which it was collected and to determine the possible responsibilities that may arise from said purpose and from the processing of the data.
The economic data of this processing activity will be kept under the provisions of Law 58/2003, of 17 December, General Tax.
Security Measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.
f) Processing of Contacts
Legal Basis: Consent from the date subject
Purposes of the Processing: Responding to your request, sending you information, and tracking the request.
Collective: Contact persons, clients, suppliers
Data Categories: Name and surname, telephone number, email address
Categories of Recipients: Transfers of data to third parties are not planned.
International Transfers: No international transfers of data are planned.
Erasure Period: The contact data will be kept for an indefinite period, or until the date subject party requests its deletion.
Security Measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.
g) Processing of a Security Breach Notification
Legal Basis: GDPR: 6.1.c) Processing is necessary for compliance with a legal obligation to which the controller is subject.
General Data Protection Regulation. Articles 33 and 34
of the Processing: Management and evaluation of security breaches that occur in our organisation.
Collective: Variable: Employees, Clients, Suppliers, Contact Persons (it will depend on the security breach)
Data Categories: Variable. (it will depend on the security breach)
Categories of Recipients: - Spanish Data Protection Agency.
- State Security Forces and Bodies.
International Transfers: No international transfers of data are planned.
Erasure Period: Data will be kept for the time necessary to fulfil the purpose for which it was collected and to determine the possible responsibilities that may arise from said purpose and from the processing of the data. The provisions of the files and documentation regulations will apply.
Security Measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.
Legal Basis: GDPR: 6.1.c) Processing is necessary for compliance with a legal obligation to which the controller is subject.
General Data Protection Regulation.
Purposes of the Processing: Responding to requests in the exercise of the rights established by the General Data Protection Regulation.
Collective: Natural persons who request it (employees, clients, suppliers, contact persons)
Data Categories: Name and surname, address, signature, and telephone number.
Categories of Recipients: They may be communicated to the Supervisory Authority (the Spanish Data Protection Agency) within the framework of an investigation into the protection of rights initiated by the data subject.
International Transfers: No international transfers of data are planned.
Erasure Period: Data will be kept for a period of five years from the moment of the request.
Security Measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.
b) Processing of the Candidate Selection Processes (HR)
Legal Basis: GDPR: 6.1.b) Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
Purposes of Processing: Personnel selection and provision of jobs.
Collective: Candidates applying for vacancy procedures.
Data Categories: - Name and surname, DNI/CIF/Identification document, personnel registration number, address, signature, and telephone number.
- Personal data: Sex, marital status, nationality, age, date and place of birth and family data.
- Academic and professional data: Degrees, training and professional experience.
- Job detail data.
Categories of Recipients: No transfers of data to third parties are planned.
International Transfers: No international transfers of data are planned.
Erasure Period: Data will be kept for the time necessary to fulfil the purpose for which it was collected and to determine the possible responsibilities that may arise from said purpose and from the processing of the data.
Security Measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.
c) Processing of the Suppliers
Legal Basis: GDPR: 6.1.b) Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
GDPR: 6.1.c) Processing necessary for the fulfilment of a legal obligation to which the controller is subject.
Royal Legislative Decree 2/2015, of October 23, which approves the revised text of the Workers' Statute Law.
Law 58/2003 of 17 December, General Tax.
Purposes of the Processing: - Acquisition of products and/or services that we need for the development of our activity.
- Control of subcontractors, if applicable.
Collective: - Suppliers.
- Employees of our suppliers.
Data Categories: - Name and surname, DNI/NIF/Identification document, address, signature, and telephone number.
- Employment detail data: job position. Training in occupational safety.
- Economic, financial and insurance details: Bank details.
Categories of Recipients: - Financial entities. (Bill payment)
- State Tax Administration Agency.
International Transfers: No international transfers of data are planned.
Erasure Period: Data will be kept for the time necessary to fulfil the purpose for which it was collected and to determine the possible responsibilities that may arise from said purpose and from the processing of the data, in accordance with Law 58/2003, of 17 December, General Tax,
Security Measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.
d) Processing of Customers.
Legal Basis: GDPR: 6.1.a) The data subject has given consent to the processing of their personal data for one or more specific purpose.
GDPR: 6.1.b) Processing necessary for the execution of a contract to which the individual concerned is party or for the application at the latter's request of pre-contractual measures.
GDPR: 6.1.c) Processing necessary for the fulfilment of a legal obligation to which the controller is subject.
GDPR: 6.1.f) Processing is necessary for the purposes of the legitimate interests of the data controller.
Royal Legislative Decree 2/2015, of 23 October, which approves the revised text of the Workers' Statute Law.
Law 58/2003 of 17 December, General Tax.
Purposes of the Processing: Supply of our products/services
Collective: Customers
Data Categories: - Name and surname, DNI/NIF/Identification document, address, signature, and telephone number.
- Economic, financial and insurance data: Bank details
Categories of Recipients: - Financial entities.
Spanish Tax Administration Agency.
International Transfers: No international transfers of data are planned.
Erasure Period: Data will be kept for the time necessary to fulfil the purpose for which it was collected and to determine the possible responsibilities that may arise from said purpose and from the processing of the data, in accordance with Law 58/2003, of 17 December, General Tax,
Security Measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.
c) Processing of the Employees
Legal Basis: GDPR: 6.1.b) Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
GDPR: 6.1.c) Processing necessary for the fulfilment of a legal obligation to which the controller is subject.
Royal Legislative Decree 2/2015, of October 23, which approves the revised text of the Workers' Statute Law.
Purposes of the Processing: - Management of hired personnel.
- Personal file. Timekeeping. Training. Pension plans. Occupational health and safety.
- Issuance of staff payroll.
- Management of union activity.
Collective: Employees
Data Categories: - Name and surname, DNI/CIF/Identification document, personnel registration number, Social Security/Mutual Insurance number, address, signature, and telephone number.
- Special categories of data: health data (sick leave, occupational accidents and degree of disability, not including diagnoses), trade union membership, for the sole purpose of payment of trade union dues (if applicable), trade union representative (if applicable), own and third party proof of attendance
- Personal data: Sex, marital status, nationality, age, date and place of birth and family data. Family circumstances data: Date of registration and deregistration, licences, permits, and authorisations.
- Academic and professional data: Degrees, training and professional experience.
- Data on employment details and administrative career. Incompatibilities.
- Presence monitoring data: date/time of entry and exit, reason for absence.
- Economic-financial data: Economic data on pay, credits, loans, guarantees, tax deductions of assets corresponding to the previous job position (if applicable), judicial retention (if applicable), other retentions (if applicable). Bank data.
Categories of Recipients: - Entity entrusted with the management of occupational risks.
- General Social Security Fund.
- Union organizations.
- Financial entities.
- Spanish Tax Administration Agency.
- Main contractors we provide services to as subcontractors.
International Transfers: No international transfers of data are planned.
Erasure Period: Data will be kept for the time necessary to fulfil the purpose for which it was collected and to determine the possible responsibilities that may arise from said purpose and from the processing of the data.
The economic data of this processing activity will be kept under the provisions of Law 58/2003, of 17 December, General Tax.
Security Measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.
f) Processing of Contacts
Legal Basis: Consent from the date subject
Purposes of the Processing: Responding to your request, sending you information, and tracking the request.
Collective: Contact persons, clients, suppliers
Data Categories: Name and surname, telephone number, email address
Categories of Recipients: Transfers of data to third parties are not planned.
International Transfers: No international transfers of data are planned.
Erasure Period: The contact data will be kept for an indefinite period, or until the date subject party requests its deletion.
Security Measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.
g) Processing of a Security Breach Notification
Legal Basis: GDPR: 6.1.c) Processing is necessary for compliance with a legal obligation to which the controller is subject.
General Data Protection Regulation. Articles 33 and 34
of the Processing: Management and evaluation of security breaches that occur in our organisation.
Collective: Variable: Employees, Clients, Suppliers, Contact Persons (it will depend on the security breach)
Data Categories: Variable. (it will depend on the security breach)
Categories of Recipients: - Spanish Data Protection Agency.
- State Security Forces and Bodies.
International Transfers: No international transfers of data are planned.
Erasure Period: Data will be kept for the time necessary to fulfil the purpose for which it was collected and to determine the possible responsibilities that may arise from said purpose and from the processing of the data. The provisions of the files and documentation regulations will apply.
Security Measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.
4. YOUR RIGHTS
You have the right to request a copy of your personal data from us, to rectify inaccurate data or complete it if it is incomplete, or, where appropriate, delete it, when it is no longer necessary for the purposes for which it was collected.
You also have the right to limit the processing of your personal data and to obtain your personal data in a structured and readable format.
You can object to the processing of your personal data in some circumstances (in particular, where we do not need to process it to comply with a contractual or other legal requirement, or where the purpose of the processing is direct marketing).
Once you have given us your consent, you can withdraw it at any time. At that moment, we will stop processing your data or, where appropriate, stop doing so for that specific purpose. If you decide to withdraw your consent, this will not affect any processing that took place while your consent was in force.
These rights may be limited. For example, if to fulfil your request we would have to reveal data about another person, or if you ask us to delete records that we are obliged to keep due to a legal obligation or a legitimate interest, such as the exercise of defence against claims. Or even in cases where the right to freedom of expression and information must prevail.
You can contact us by any of the means indicated in the Data Controller section of this privacy policy, providing a copy of a document that proves your identity (normally your ID card).
Another of your rights is the right not to be subject to a decision based solely on automated processing, including profiling, which has legal effects or affects you.
In the event of any violation of your rights, such as, for example, if we have not responded to your request, you have the right to file a claim with the Supervisory Authority regarding data protection. This can be that of your country (if you live outside of Spain), or the Spanish Data Protection Agency (if you live in Spain).
5. Additional information
Processing of your data outside the European Economic Area.
We may use the services of the following providers outside the European Economic Area, but covered by the Privacy Shield agreement, approved by the data protection authorities of the European Union, for the processing indicated.
Amazon: Cloud services More information: https://www.privacyshield.gov/participant?id=a2zt0000000TOWQAA4
Facebook/ Instagram (FB Messenger): Social networks and communications More information: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC
Google (Drive/Mail...): Cloud services More information: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI
LinkedIn: Professional social network More information: https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0
Microsoft (Drive, Skype...): Software and cloud services More information: https://www.privacyshield.gov/participant?id=a2zt0000000KzNaAAK
Pinterest Inc.: Image sharing platform More information: https://www.privacyshield.gov/participant?id=a2zt00000008VVzAAM&status=Active
Twitter: Social network micromessages More information: https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active
Links to third party websites.
Our website may, on occasion, contain links to other websites. It is your responsibility to ensure that you read the data protection policy and legal conditions that apply to each site.
Third party data.
If you provide us with data from third parties, you assume the responsibility of informing them in advance in accordance with the provisions of Article 14 of the GDPR.
