Privacy Policy

Introduction

This Privacy Policy has been developed taking into account the provisions of Regulation 2016/679 of the European Parliament and the council of April 27, 2016, relating to the protection of natural persons with regard to the processing of personal data and the circulation of these data, hereinafter the RGPD.

The purpose of this Privacy Policy is to inform the users, whom information is being collected, the aspects relating to the processing of their data, such as the purposes of the processing, the contact data to exercise the rights, the periods of conservation and security measures among other things.

Responsible of Processing

In terms of data protection Consultora de Ingeniería, Medio Ambiente y Arquitectura, S.L. may be considered the Responsible of Processing, regarding the data which is being managed.

Responsible of Processing: Consultora de Ingeniería, Medio Ambiente y Arquitectura, S.L.

Tradename: CIMARQ

Headquarters

Address: Calle San Roque, 15-23, 1º Local 6, 15002 A Coruña

Email: administracion@cimarq.es

Phone: +34 981 90 28 51

Data processing

The personal data object of treatment by the entity not only through the website but in any of its activities, will consist of those strictly essential for the purposes for which they were collected in each case and which are later identified. That information will be treated in a fair, legal and transparent way. On the other hand, the personal data will be collected only for specific and explicit purposes and will not be processed in a manner incompatible with those purposes.

The data collected will be adequate, relevant and not excessive in relation to the corresponding purposes for each case. It will be updated whenever necessary.

The owner of the data will be informed, prior to the collection of their data, of the general aspects regulated in this policy in order to be able to give the express, precise and unambiguous consent for the processing of their data, in accordance with the following aspects:

Processing purposes.

The specific purposes of each process are included in the informative clauses incorporated in each of the data collection channels (web forms, paper forms, locutions or posters and informative notes).

However, the personal data will be treated for each of the purposes that were specified in the documents or data collection systems established by the entity, which are:

  • Clients: economic, financial and administrative management. Management of the provision of the service or product contracted.
  • Personnel: labor management, occupational risk prevention, human resources, hourly record.
  • Suppliers: economic, financial and administrative management.
  • Curricula: candidate management and development of personnel selection processes.
  • Web users: attention to requests for information, management of the commercial relationship and the potential contractual relationship.

Legitimation

In general, Consultora de Ingeniería, Medio Ambiente y Arquitectura, S.L. treats the data based on the legitimating basis of Article 6.1.b of the RGPD, as most of the data processed are necessary for the execution of a contract in which the interested party takes part.  This legitimating base is fundamentally related to the data of customers, suppliers and employees.

Regarding the data relative to the holders of curricula or the users requests through the web, the processing is based on the express and unequivocal consent agreed, through the incorporation of informed consent clauses in the different information collection systems

However, in case the consent of the interested party is not required, Consultora de Ingeniería, Medio Ambiente y Arquitectura, S.L legitimates the processing based on the existence of a specific law or norm that authorizes or demands the treatment of the interested party’s data.

Recipients

As a general rule, Consultora de Ingeniería, Medio Ambiente y Arquitectura, S.L. does not transfer nor communicate the data to third parties, except those legally required. However, if necessary, these transfers are communicated to the interested party through the clauses and consents contained in the different ways of collecting personal data. For example, in relation to workers, their data may be communicated to the client entities as a consequence of the requirements established in terms of prevention of occupational risks.

Origin

As a general rule, personal data is always collected directly from the interested party, however, in certain exceptions, the data can be collected through third parties, entities or services different from the interested party. In this sense, this end will be transferred to the interested party through the clauses and consents contained in the different ways of collecting information and within a reasonable time, at the latest within a period of one month.

Conservation deadlines

The information collected from the interested party will be kept as long as it is necessary to fulfill the purpose for which the personal data were collected, so that, once the purpose has been fulfilled, the data will be canceled. This cancellation means the blocking of the data, which will be only available to the Public Administrations, Judges and Courts, to attend to the possible responsibilities arising from the processing. Once this period has finished, the information will be destroyed.

This are the legal terms for the conservation of information in relation to different matters:

  • Documentation of labor nature or related to social security: 4 years. Legal ref: Article 21 of Royal Legislative Decree 5/2000, of August 4, approving the revised text of the Law on Infractions and Sanctions in the Social Order.
  • Accounting and fiscal documentation for commercial purposes: 6 years. Legal ref: Art. 30 Code Commerce.
  • Accounting and tax documentation for tax purposes: 4 years. Legal ref: Articles 66 to 70 General Tax Law .
  • Access control to buildings: 1 month. Legal ref: Instruction 1/1996 of the AEPD.
  • Video surveillance: 1 month. Legal ref: Instruction 1/2006 of the AEPD Organic Law 4/1997.

Rights of the interested parties.

The regulations on data protection grant a series of rights to the interested parties or holders of the data. The rights that assist the interested persons are the following:

  • Right of access: right to obtain information about whether their own data are being processed, the purpose of this process, the categories of data in question, the recipients or categories of recipients, the term of conservation and the origin of the data.
  • Right to rectification: right to obtain the correction of inaccurate or incomplete personal data.
  • Right to suppress: right to obtain deletion of data in the following cases
    • When the data is no longer necessary for the purpose for which it was collected.
    • When the owner withdraws the consent.
    • When the interested party opposes the process.
    • When they should be abolished in compliance with a legal obligation.
    • When the data has been obtained by an information society service based on the provisions of art. 8 apdo. 1 of the European Regulation on Data Protection.
  • Right of opposition: right to object to a specific treatment based on the consent of the interested party.
  • Right of limitation: right to obtain the limitation of the process of data in the case of any of the following cases:
    • When the interested party challenges the accuracy of the personal data, during a period that allows the company to verify its accuracy.
    • When the treatment is illegal and the interested party opposes the deletion of the data.
    • When the company no longer needs the data for the purposes for which they were collected, but the interested party needs them for the formulation, exercise or defense of claims.
    • When the interested party has opposed the treatment, while verifying if the legitimate reasons of the company prevail over those of the interested party.

Interested parties may exercise the indicated rights, by contacting Consultora de Ingeniería, Medio Ambiente y Arquitectura, SL, at the following email address: administracion@cimarq.es indicating in the subject line the right you wish to exercise and. In the body of the email, the name and surname of the user and other supporting information.

Consultora de Ingeniería, Medio Ambiente y Arquitectura, S.L. will respond to your request as soon as possible and taking into account the deadlines set out in the regulations on data protection.

On the other hand, it is important to bear in mind that the user may, at any time, submit a claim to the competent control authority.

Security

The security measures adopted by Consultora de Ingeniería, Medio Ambiente y Arquitectura, S.L.. are those required, in accordance with the provisions of article 32 of the RGPD. In this sense, Consultora de Ingeniería, Medio Ambiente y Arquitectura, S.L., taking into account the state of the art, the costs of application and the nature, the scope, the context and the ends of the treatment, as well as the risks of probability and variable gravity for the rights and freedoms of natural persons, has established the appropriate technical and organizational measures to guarantee the level of security appropriate to the existing risk.

In any case, Consultant of Engineering, Environment and Architecture, S.L. has enough mechanisms in place to:

  • Guarantee the confidentiality, integrity, availability and permanent resilience of the treatment systems and services.
  • Restore the availability and access to personal data quickly, in case of physical or technical incident.
  • To verify, evaluate and assess, on a regular basis, the effectiveness of the technical and organizational measures implemented to guarantee the safety of the treatment.
  • Pseudonymize and encrypt personal data, if applicable.

Cookies

A cookie is a file or device that is downloaded to a user’s terminal equipment for the purpose of storing data that can be updated and retrieved by the entity responsible for its installation. It is a file that is downloaded to your computer when accessing certain web pages.

This website is using only technical cookies, which allow or facilitate the user browsing through a website, platform or application and the use of different options or services that exist in it to help improve the quality of the website service, including storing user preferences, search results, tracking user trends, as well as identifying the session or remembering passwords.

In this sense, since analytical, advertising or behavioral advertising cookies are not used, it is not necessary to obtain the user’s informed consent or authorization.

However, if the user wants to manage the configuration of cookies, a brief presentation of how to consult and carry out the configuration of the cookie system in relation to the most common or most used browsers is carried out.

Most of the Internet browsers allow the user to obtain general information about the cookies installed on a website, specifically verify the existence of them, their duration or the system of elimination. For information purposes, a series of related links are provided:

On the other hand, the user may allow, block or eliminate the cookies installed on his equipment by modifying the configuration of his browser according to the instructions indicated. For information purposes it is indicated that usually the configuration of cookies is usually carried out in the “Preferences” or “Tools” menu of each browser, in any case, you can always go to the help of your browser solve any doubts that are generated in this regard.

It is worth bearing in mind that, if the installation of all cookies is prevented, the content of the website, as well as certain functionalities and services provided by it, may be affected.