DATA PROTECTION POLICY
This is the data protection policy of Huurre Ibérica SA. It refers to the data that it treats in the exercise of its productive and commercial activities complying with the General Regulation of Data Protection (Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016).
Who is responsible for the processing of personal data?
For what purpose do we treat the data?
In HUURRE we treat personal data for the following purposes:
- Contact: Serve the consultations of the people who contact us through the contact forms on our website. We use them only for this purpose.
- Telephone support: Contact the people who come in contact with us through this route by phone. To offer more quality in the service, conversations can be recorded by warning the person with whom we communicate beforehand.
- Selection of staff: Receiving curricula sent to us by people interested in working with us and managing the personal data generated by participation in the personnel selection processes, in order to analyze the suitability of the profile of the candidates based on the vacancies or newly created job positions. Our criterion is to keep the data of people who do not finish being hired, for a maximum term of one year, in case there is a new vacancy or new job position in the short term. However, in the latter case, we immediately eliminate the data if the interested party asks us to do so.
- Services to clients: Register the new clients and the additional data that can be generated as a result of the commercial relationship or provision of services with the clients. In the contracting process, the necessary information is requested, including bank details (current account number or credit card number) that will be communicated to banks that manage the collection (they can only be used for this purpose). The business relationship involves other treatments, such as incorporating data into accounting, billing, or information to the tax administration..
- Information on our products and services: While there is a contractual relationship with its clients, Huurre uses their contact information to communicate information about this relationship, information that may, in principle, include references to our products and services, whether of a general nature or referring more specifically to the characteristics and needs of the client.
- Other information about products and services: CWith the explicit authorization of the customers, once the contractual relationship is terminated, the contact information is preserved to send advertising related to our services or products, information of a general or specific nature based on the characteristics of the client. This information is sent to anyone who, despite not being a client, asks us or accepts it by filling out our forms.
- Advertising of products and services of companies of our group: Always with the previous and explicit authorization of the people indicated in the previous section, the contact information serves to send advertising, both general and adapted to the characteristics of the person, information of products or services of the companies of our group. Likewise, with the explicit consent of the person interested, contact information may be communicated to these companies so that they can send their products or services directly.
- Management of the data of our suppliers: We record and treat the data of the providers from whom we obtain services or goods. They can be the data of people who act as autonomous, as well as data of representatives of legal entities. We obtain the necessary data to maintain the business relationship. Destining them only for this purpose and doing with them the proper use of this kind of relationship.
- Other channels for obtaining data: We also obtain data through face-to-face relationships and other channels such as the reception of emails, through our profiles in social networks. In all cases, the data is used only for the explicit purposes that justify the collection and treatment.
- Video surveillance: At the access point to our facilities we inform, if necessary, of the existence of video surveillance cameras, through the approved signs. The cameras record images only of the points in which it is justified in order to guarantee the security of the goods and the people, and the images are only used for this purpose.
What is the legal legitimacy for the treatment of data?
The data treatments we carry out have different legal fundamentals, depending on the nature of each treatment:
- In compliance with a pre-contractual relationship: This is the case of the data of possible clients or suppliers with whom we have previous relations to the formalization of a contractual relationship, such as the preparation or study of budgets. It is also the case of the data treatment of people who have sent us their resumes or who participate in selection processes.
- In compliance with a contractual relationship: Case of the relationships with our customers and suppliers and all the actions and uses that these relationships entail.
- In compliance with legal obligations: The data communications to the tax administration are established by regulatory norms of commercial relations. The case may be that you have to communicate data to judicial organs or to security forces also in compliance with legal regulations that oblige you to collaborate with these public entities.
- Based on consent: When we send information about our products or services, we treat the contact data of the recipients with their explicit authorisation or consent. The navigation data that we can obtain through cookies we obtain with the consent of the person who visits our website, consent that can be revoked at any time by uninstalling these cookies. It is also with the prior consent of each person that we communicate their data to other companies in our group.
- By legitimate interest: The images we obtain with the video surveillance cameras are treated by the legitimate interest of our company to preserve its assets and facilities. Our legitimate interest also justifies the treatment of data we obtain from the contact forms.
To whom do we communicate the data?
As a general criterion, we only communicate data to public administrations or powers and always in compliance with legal obligations. In the issuance of invoices to customers the data can be communicated to banking entities. In justified cases we will communicate the data to the security forces and bodies or the competent judicial bodies. On the other hand, in the event that the consent has been given, the data may be communicated to other companies in our group for the purposes indicated above. Data transfers are not made outside the scope of the European Union (international transfer).
In another sense, for certain tasks we obtain the services of companies or people who provide us with their experience and specialization. Sometimes these external companies must access personal data of our responsibility. It is not really a data transfer but a treatment assignment. Only services of companies that guarantee compliance with the data protection regulations are contracted. At the time of contracting, their obligations of confidentiality are formalized and their action is monitored. It may be the case of data hosting services, computer support services or legal, accounting or fiscal advisers.
How long do we keep the data?
We comply with the legal obligation to limit the maximum term of data conservation. For this reason, we keep them only the necessary and justified time for the purpose that motivated the obtaining of it. In certain cases, such as the information contained in the accounting documentation and the billing, the tax regulations compel us to keep them until they prescribe the responsibilities in this matter. In the case of the data that is dealt with based on the consent of the interested party, they are kept until the person does not revoke this consent. Images obtained by our CCTV cameras are kep a maximum of one month. However, in case of incidents that may justify it, they will be kept for as long as needed to facilitate the works of the security agencies or judicial organs involved.
What rights do people have in relation to the data we are dealing with?
TAs provided by the General Regulation on Data Protection, the persons for whom we treat data have the following rights:
- To know wether they are treated. CAnyone has, in the first place, the right to know if we treat their data, regardless of whether there has been a previous relationship.
- To be informed in the collection. When personal data are obtained from the interested party, at the time of providing them, they must have clear information about the purposes for which data will be assigned, who will be responsible for the treatment and the other aspects derived from this treatment.
- To know if they are treated. Anyone has, first of all, the right to know if we treat your data, regardless of whether there has been a prior relationship.
- To access their data. In a very broad way that includes knowing precisely what personal data are the subject of treatment, what is the purpose for which they are treated, the communications that will be made to them to other people (if applicable) or the right to obtain a copy or knowing the expected period of conservation.
- To ask for rectification. It is the right to rectify the inaccurate data that are subject to treatment on our part.
- To ask for deletion. In certain circumstances there is the right to request the deletion of the data when, among other reasons, they are no longer necessary for the purposes for which they were collected and justified their treatment.
- Request limitation of treatment.Also in certain circumstances, the right to request the limitation of the processing of the data is recognized. In this case they will no longer be dealt with and will only be preserved for the exercise or defense of claims, in accordance with the General Regulation for Data Protection.
- To portability. In the cases provided in the regulations, the right to obtain personal data in a structured format commonly readable by machine is recognized and transmitted to another person responsible for the treatment if the interested party so decides.
- To oppose treatment. A person can adduce reasons related to their particular situation, which will mean that their data will not be processed in the degree or extent that could be harmful, except for legitimate reasons or the exercise or defense against claims.
- To not receiving commercial information. We will respond promptly to the requests not to continue sending commercial information to the people who previously authorized us.
How can you exercise or defend your rights?
If no satisfactory response has been obtained in the exercise of one’s rights, it is possible to file a complaint with the Spanish Data Protection Agency, through the forms or other channels accessible from its website (www.agpd.es).