WEBSITE PRIVACY AND DATA PROTECTION POLICY
EURO ECONOMICS GROUP HOLDING S.L. and subsidiaries are companies in which transparency of information is essential to establish a relationship of trust with the people who make up our project and with our suppliers and customers. The protection of the personal data of the people who trust us is of vital importance, and so we would like to inform you, by means of this Privacy and Personal Data Protection Policy, of how we collect and how we treat or use such data.
This privacy and personal data protection policy establishes the basis on which Euro Economics Group Holding S.L. and subsidiaries, with registered office at Rambla de Catalunya 25, 08007 Barcelona, Spain, with VAT number B64436553, treat the personal data voluntarily provided by our users through the website.
This Policy will always be applicable when data is provided to Euro Economics Group Holding S.L. and subsidiaries, which will be responsible for your data (Data Processing Officers), and through any of the contact or subscription forms where personal data is collected (name, email, etc.).
WHAT WE ARE COMMITTED TO
- To respect the privacy of our users and treat personal data with their consent.
- To treat the personal data that we strictly need to provide the requested service, and to treat them in a safe and confidential way, taking the necessary measures to avoid the non-authorized access and the improper use of them.
- Not to use the personal data for purposes for which we have not previously obtained consent.
- Not to give personal data to third parties or share it without their prior consent.
- To keep the personal data for the time strictly necessary for the specific purpose for which they have been provided.
WHAT PERSONAL DATA WE USE
Through our website we can collect personal data for different purposes:
– Request for information by the user
– Subscription for sending news of the sector and current affairs of the company
Depending on the purpose for which the data are provided, the strictly necessary data will be required. It is important that the user is aware of the data he or she is providing and the purpose for which he or she is doing so because at the time he or she provides the data, he or she is accepting that we collect, store and use such data for the required purpose. The user may at any time withdraw the consent provided through the appropriate channels, and the consent of the interested party is the legal basis and legitimacy for the processing of his or her personal data.
OBTAINING YOUR DATA THROUGH OTHER SOURCES
If you have not provided your personal data to this company and they have been obtained from another source, the company will inform you of this collection within a period of one month from the time of receipt of these data, in any case before the first communication, unless you have been previously informed and authorized the consent.
ACCURACY AND TRUTHFULNESS OF DATA
The user, by providing the data required on the forms is solely responsible for the accuracy of the data submitted, ensuring and responding to the accuracy, validity and authenticity of personal data provided, pledging to keep them properly updated.
WHAT RIGHTS YOU HAVE OVER THE PERSONAL DATA PROVIDED
Once the personal data has been provided, you will be entitled to:
- consult any doubts and to be informed of how we use the data and to obtain ACCESS to it.
- to have your information RECTIFIED or deleted or to impose LIMITATIONS on the processing of your information.
- CANCELLATION of the data.
- to OPPOSE the processing of your data.
- PORTABILITY of the data.
At any time, you may exercise these rights by writing and proving your identity to Euro Economics Group Holding S.L., Rambla de Catalunya 25, 08007 Barcelona, Spain, or by e-mail to: firstname.lastname@example.org
Euro Economics Group Holding S.L. and subsidiaries will not use, in any way, automated decision processes concerning your personal data that may affect you.
In addition, you may file a complaint with the supervisory authority, in this case the Spanish Data Protection Agency, if you consider that the processing of personal data violates applicable legislation.
DATA SECURITY AND STORAGE
We will keep the data for the time strictly necessary for the provision of the service requested and as long as the holder does not request its deletion, taking appropriate technical and organisational measures against unauthorised or unlawful processing and against accidental loss, destruction or damage, making every effort to protect and maintain it safely.
Security measures we apply:
- Access Control
In the event that computer equipment and removable storage media are not under surveillance, such equipment and media must be kept under lock and key to protect them from unauthorized use, extraction or theft and encrypted personal data. On portable equipment, with High Risk files archived, on fixed and removable storage media, the data must always be encrypted.
- Backup Files
Personal data will be regularly transferred to a backup. The copies are stored separately and securely so that personal data can be recovered in the event of a system disruption.
A technical system for performing system access authorization checks will determine the level of accessibility to personal data in the event that computer equipment is used by more than one person. Authorisation is limited to those who require access to the data as part of their tasks. User identification and passwords will be personal and cannot be used by anyone. It will be necessary to establish routines for the assignment of passwords.
It will be possible to track access to personal data retroactively through a mechanical log or similar system in the event that the equipment is used by more than one person. This log shall identify the person recording access, the time and what data is accessed. This record should be inspected regularly to ensure that access is properly authorized.
The communication solutions used must be appropriate to prevent unauthorised access to personal data. Personal data transferred over the Internet must be protected by encryption. For the transfer of sensitive (high-risk) data, a specific encryption solution must be used and universally recognised encryption logarithms established.
- Storage Media Destruction
When removable storage media containing personal data are no longer used for their purpose, the storage media shall be destroyed. Alternatively, the personal data will be destroyed in a way that does not allow it to be reconstructed.
- Repairs and maintenance of computer equipment
In the event that the repair and maintenance of computer equipment is to be carried out by a company other than the company responsible for the registration, a Data Protection Services Agreement will be signed with the company providing the repairs and maintenance. During the maintenance visit, storage media containing personal data must be removed. If this is not possible, maintenance will be carried out under the supervision of the person responsible for the files. Maintenance via data communication is only permitted after the maintenance person has been identified beyond doubt. Maintenance personnel are only allowed access to the system during actual maintenance. If there is a separate communication entry point for maintenance, this entry point is closed when no maintenance is being performed.
WHAT PERSONAL DATA WE SHARE WITH THIRD PARTIES
No transfer of data is envisaged except in cases where there is a legal obligation to do so. This company may exchange personal data with other companies in the Group for commercial and administrative purposes.
JOB APPLICATIONS AND SENDING CV
By submitting a job application or your CV, you expressly agree and consent to our use of the personal data you have provided or sent to us, including your CV, for our consideration, verification and evaluation in relation to our company’s employment opportunities. We and other recruitment companies may transfer and collect such personal data in connection with such purpose.
Transfers of personal data to countries that guarantee an adequate level of protection outside the EEA shall only be carried out with data processors who ensure that the principles of personal data processing laid down in European law are respected. In the event of transfers to a country that does not have an adequate level of protection, a corresponding permit will be requested from the Spanish Data Protection Agency.