In compliance with the provisions of the General Data Protection Regulation in relation to the personal data to be provided, MERYTRONIC 2012, S.L. (the COMPANY) informs the user (the USER) that the personal data provided at any time and voluntarily to the COMPANY or its employees shall be processed automatically and included in an automated personal data file created and kept under the company’s responsibility.
Who is the Data Controller?
· Holder: MERYTRONIC 2012, S.L.
· Address: Parque Empresarial Boroa Parcela 2C-1 48340 – Amorebieta – Vizcaya – Spain
· Telephone: +34 946 052 462
· Email: firstname.lastname@example.org
· Registration Details: Registered in the Mercantile Registry of Vizcaya, Volume 5324, Section 8, Folio 193, Page 61316, 1st Entry.
· Tax ID Code: B-95.704.078
For what purposes shall we process your personal data?
1. To respond to queries, requests or suggestions made through the contact form, corporate e-mail accounts or any other means of communication.
2. To manage contracting, invoicing and to guarantee the contracted services.
3. To manage posting on our blog and social media.
4. To access our private customer area.
5. To maintain the commercial relationship with the user, to improve commercial relations, to carry out statistical studies, to customise the services provided.
6. To send electronic communications about news and updates on the products and/or services provided, unless otherwise indicated by the user or unless the user opposes or revokes their consent.
7. To regularly send commercial information (newsletter), about products, services and news related to our professional activity, as long as the interested party gives us their consent to do so and while keeping the possibility of revoking said consent at their disposal.
8. To send the user promotions, offers, technical, commercial or advertising communications, events, invitations or commemorations through postal mail, email or any other channel or social media, unless otherwise indicated or unless the user opposes or revokes their consent.
9. In the event that the user sends us their CV or registers in the different job offers that we may post, we shall process their data in order to evaluate and manage the job application and, if necessary, carry out the necessary actions for the selection and recruitment of personnel, in order to offer the user positions that fit their profile. Unless otherwise indicated, providing the required data is necessary and failure to provide said data shall prevent the selection process continuing.
10. To comply with legally established obligations, as well as to verify compliance with contractual obligations, including fraud prevention.
What data categories are processed?
MERYTRONIC 2012, S.L. will process the data provided by the user, which may be special category data or data of the following categories depending on the scope of the matters entrusted or the enquiries made:
- Identifying data: name, surname, personal ID, passport or legal identification document, postal address, e-mail address, zip code, telephone number.
- Academic and professional data: training/qualifications, position, professional experience, membership in professional associations, in the case of selection processes.
- Electronic communication metadata.
- Commercial information data.
- Economic, financial, insurance and banking data.
In some cases, the personal data requested are mandatory, thus, failure to provide them shall prove impossible to carry out the requested services. These cases shall be indicated by the person in charge.
The user guarantees that the data provided are true, accurate, complete and updated, being responsible for any damage or loss, direct or indirect, that may be caused as a result of a breach of this obligation. In the event that the user provides data of third parties, they declare that they have their consent and undertake to transfer the information contained in this clause to them, holding MERYTRONIC 2012, S.L. harmless in this regard. Nevertheless, MERYTRONIC 2012, S.L. may carry out checks to verify this fact, adopting the appropriate due diligence measures, in accordance with the data protection regulation.
What is the legitimacy for data processing?
1. The legitimacy for processing data collected from queries, requests or suggestions made by any communication media lies in our own legitimate interest to respond to a potential customer and in the consent, a clear affirmative action of the user who enables us to process their data by making a query solely and exclusively for the purpose of responding to it.
2. For managing the contracting of services, payment, invoicing and corresponding shipments, legitimacy lies in the execution of the contract itself.
3. The legitimacy for managing the posting of comments on our blog and our social media lies in our own legitimate interest to know the opinions of the interested parties and in the consent, a clear affirmative action of the user who enables us to process their data by writing said comment solely and exclusively for that purpose.
4. For accessing our private customer area, legitimacy lies in the user’s consent given when creating an account for said private area and in the contractual relationship maintained with MERYTRONIC 2012, S.L.
5. For sending electronic communications about news and updates on products and/or services contracted, legitimacy of the data processing lies in the legitimate interest of MERYTRONIC 2012, S.L. to carry out such processing in accordance with current regulations.
6. For periodically sending commercial information (newsletter) about services and news related to our professional activity, legitimacy lies in the user’s consent.
7. The legitimacy for processing data in connection with the submission of CVs and registrations in professional offers that we may post is based on the consent of the user who submits their data.
8. Finally, for processing data to comply with legally established obligations, as well as to verify compliance with contractual obligations, including fraud prevention, legitimacy lies in its described purpose of fulfilling a legal obligation.
How long shall data be kept?
MERYTRONIC 2012, S.L. will keep any personal data up to five years after the last commercial relationship, communication with the user or for the time necessary to fulfil the purposes for which they were collected and as long as the consents granted are not revoked. Thereafter, the data shall be deleted. However, they may be kept for as long as any liability may arise from a legal relationship or obligation or from the execution of a contract or the application of pre-contractual measures requested by the data subject.
Data provided in connection with the job offers that the user wishes to subscribe to shall be kept for two years from the date of the last update. Once this period has elapsed without there being any updates, the data shall be deleted, unless indicated otherwise by the user.
What security measures do we implement to protect your data?
To whom shall data be sent?
MERYTRONIC 2012, S.L. has contracts with third party data processors in order to provide its services. Data shall not be disclosed to any other third parties, except for these entities. If it were necessary to communicate such data to third parties for any reason, the user shall be informed in advance and, where appropriate, consent shall be requested and the purposes of the communication and the identity of the third party to whom the data will be communicated shall be specified.
All the foregoing shall be upheld, except where it is legally required to communicate such data to a third party.
What rights does the data subject have?
Persons who provide us with their data have the following rights in relation to such data:
1. Right of access
2. Right of rectification or suppression
3. Right to limit processing
4. Right to portability
5. Right to object
6. Right to revoke consent
For further information about your rights, we suggest you visit the website of the Spanish Data Protection Agency.
The user may exercise these rights by sending a written request to the following address: MERYTRONIC 2012, S.L., Parque Empresarial Boroa Parcela 2C-1 48340 – Amorebieta – Vizcaya – Spain, or by sending an e-mail to the following address: email@example.com, with the following details: name and surname, address or e-mail for notification purposes, official identification document (personal ID, passport or similar), specific claim giving rise to the request, date and signature of the interested party.
However, in the event that the USER does not wish to receive the technical, commercial or advertising communications indicated above, they may communicate this by sending an e-mail to the following address: firstname.lastname@example.org
Additionally, we inform you that you may file a complaint before the relevant Control Authority, in this case, the Spanish Data Protection Agency, especially if your rights have not been satisfied. You may contact the Spanish Data Protection Agency at their telephone numbers +34 901 100 099 and +34 912 663 517 or by visiting them at C/ Jorge Juan, 6. 28001 – Madrid.
ORIGIN OF THE DATA
All the data collected is provided by the data subject.