Privacy policy

DATA CONTROLLER

Data con­troller is IGRID, S.L., C/ MARIE CURIE, 8–14, 08042, BARCELONA (BARCELONA).

Pri­va­cy principles

We are com­mit­ed to work con­tin­u­osly to guar­an­tee your pri­va­cy in all our pro­cess­ing activ­i­ties, and to offer you the most com­plete and clear infor­ma­tion we can pro­vide. We encour­age you to read this sec­tion care­ful­ly before pro­vid­ing us with your per­son­al data.
If you are under four­teen years of age, please do not pro­vide us with your data with­out the con­sent of your par­ents.
In this sec­tion, we inform you on how we process per­son­al data of peo­ple involved with our orga­ni­za­tion. Start­ing with our pri­va­cy prin­ci­ples:
- We do not request any per­son­al data, unless is need­ed to ful­fill any ser­vice you require from us.
- We nev­er share your per­son­al data with third par­ties unless we are forced by law, or you have grant­ed us your express con­sent.
- We will nev­er use your per­son­al data for oth­er pur­pos­es than those stat­ed in this pri­va­cy pol­i­cy.
- We will process your per­son­al data always with an appropi­ate lev­el of pro­tec­tion, accord­ing with data pri­va­cy reg­u­la­tions, and we will not exe­cute auto­mat­ed deci­sion-mak­ing with­out your express consent.

We have writ­ten this pri­va­cy pol­i­cy tak­ing into account the require­ments of cur­rent data pro­tec­tion reg­u­la­tions:
- REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the pro­tec­tion of nat­ur­al per­sons with regard to the pro­cess­ing of per­son­al data and on the free move­ment of such data, and repeal­ing Direc­tive 95/46/EC (Gen­er­al Data Pro­tec­tion Reg­u­la­tion) (GPDR).
- Span­ish Ley Orgáni­ca 3/2018, de 5 de diciem­bre, de Pro­tec­ción de Datos de Carác­ter Per­son­al y garan­tía de los dere­chos dig­i­tales (LOPD).
- Span­ish Real Decre­to 1720/2007, de 21 de diciem­bre (RLOPD).

This pri­va­cy pol­i­cy is writ­ten on Decem­ber 6, 2018.
We may mod­i­fy this pri­va­cy pol­i­cy in the future in order to facil­i­tate its under­stand­ing or to adapt it to changes in leg­is­la­tion, or changes in our pro­cess­ing activ­i­ties. We will update its date, so that you can check its validity.

PROCESSING ACTIVITIES

DATA SUBJECT RIGHT EXERCISING PROCESSING
Law­ful basis for pro­cess­ing: GPDR: 6.1.c) pro­cess­ing is nec­es­sary for com­pli­ance with a legal oblig­a­tion to which the con­troller is sub­ject.
Pur­pos­es of the pro­cess­ing: Facil­i­tate your rights under GPDR: Right of access, rec­ti­fi­ca­tion and era­sure, restric­tion of pro­cess­ing, porta­bil­i­ty, and object to auto­mat­ed indi­vid­ual deci­sion-mak­ing.
Cat­e­gories of indi­vid­u­als: Indi­vid­u­als who request to exert their rights (employ­ees, clients, sup­pli­ers, con­tact per­sons)
Cat­e­gories of per­son­al data: Full name, address, sig­na­ture and phone.
Cat­e­gories of recip­i­ents: Your per­son­al data may be dis­closed to the Super­vi­so­ry Author­i­ty (In Spain: Agen­cia Españo­la de Pro­tec­ción de Datos) if you lodge a com­plaint.
Third coun­tries or inter­na­tion­al orga­ni­za­tions that per­son­al data are trans­ferred to: No inter­na­tion­al trans­fer of your per­son­al data is planned.
Reten­tion sched­ule: Your per­son­al data will be kept for a peri­od of five years
Secu­ri­ty mea­sures: Adapt­ed to the require­ments of Reg­u­la­tion (EU) 2016/679, Gen­er­al Data Pro­tec­tion Regulation.

PERSONAL DATA BREACH MANAGEMENT PROCESSING
Law­ful basis for pro­cess­ing: GPDR: 6.1.c) pro­cess­ing is nec­es­sary for com­pli­ance with a legal oblig­a­tion to which the con­troller is sub­ject.
Reg­u­la­tion (EU) 2016/679, Gen­er­al Data Pro­tec­tion Reg­u­la­tion, arti­cles 33 and 34
Pur­pos­es of the pro­cess­ing: Man­age Per­son­al Data Breach­es that may occur in our orga­ni­za­tion.
Cat­e­gories of indi­vid­u­als: Vari­able: Employ­ees, Clients, Sup­pli­ers, Con­tact Per­sons (it will depend on the secu­ri­ty breach)
Cat­e­gories of per­son­al data: Vari­able: (it will depend on the secu­ri­ty breach)
Cat­e­gories of recip­i­ents: — Span­ish Super­vi­so­ry Agency: Agen­cia Españo­la de Pro­tec­ción de Datos.
- Span­ish Police.
Third coun­tries or inter­na­tion­al orga­ni­za­tions that per­son­al data are trans­ferred to: No inter­na­tion­al trans­fer of your per­son­al data is planned.
Reten­tion sched­ule: Your per­son­al data will be kept for the time nec­es­sary to ful­fill the pur­pose for which they were col­lect­ed and to deter­mine the pos­si­ble respon­si­bil­i­ties that may arise.
Secu­ri­ty mea­sures: Adapt­ed to the require­ments of Reg­u­la­tion (EU) 2016/679, Gen­er­al Data Pro­tec­tion Regulation.

EMPLOYEES PROCESSING
Law­ful basis for pro­cess­ing: GPDR: 6.1.b) pro­cess­ing is nec­es­sary for the per­for­mance of a con­tract to which the data sub­ject is par­ty or in order to take steps at the request of the data sub­ject pri­or to enter­ing into a con­tract.
GPDR: 6.1.c) pro­cess­ing is nec­es­sary for com­pli­ance with a legal oblig­a­tion to which the con­troller is sub­ject.
Span­ish job reg­u­la­tion: Real Decre­to Leg­isla­ti­vo 2/2015, de 23 de octubre, por el que se aprue­ba el tex­to refun­di­do de la Ley del Estatu­to de los Tra­ba­jadores.
Pur­pos­es of the pro­cess­ing: — Man­age­ment of con­tract­ed per­son­nel.
- Per­son­al file. Time con­trol. Train­ing. Pen­sion plans. Pre­ven­tion of occu­pa­tion­al haz­ards.
- Issuance of staff pay­roll.
- Man­age­ment of union activ­i­ty.
Cat­e­gories of indi­vid­u­als: Employ­ees
Cat­e­gories of per­son­al data: — Name and sur­name, DNI / CIF / Iden­ti­fi­ca­tion doc­u­ment, per­son­nel reg­is­tra­tion num­ber, Social Secu­ri­ty / Mutu­al­i­ty num­ber, address, sig­na­ture and tele­phone num­ber.
- Spe­cial cat­e­gories of data: health data (sick leave, work-relat­ed acci­dents and degree of dis­abil­i­ty, exclud­ing diag­noses), union mem­ber­ship, for the exclu­sive pur­pos­es of pay­ing union dues (where appro­pri­ate), union rep­re­sen­ta­tive (where appro­pri­ate). case), proof of atten­dance from own and third par­ties.
- Per­son­al char­ac­ter­is­tics data: Sex, mar­i­tal sta­tus, nation­al­i­ty, age, date and place of birth and fam­i­ly data. Data on fam­i­ly cir­cum­stances: Date of reg­is­tra­tion and can­cel­la­tion, licens­es, per­mits and autho­riza­tions.
- Aca­d­e­m­ic and pro­fes­sion­al data: Qual­i­fi­ca­tions, train­ing and pro­fes­sion­al expe­ri­ence.
- Details of employ­ment and admin­is­tra­tive career. Incom­pat­i­bil­i­ties.
- Pres­ence con­trol data: date / time of entry and exit, rea­son for absence.
- Eco­nom­ic-finan­cial data: Eco­nom­ic data of pay­roll, cred­its, loans, guar­an­tees, tax deduc­tions, loss of assets cor­re­spond­ing to the pre­vi­ous job (if applic­a­ble), judi­cial with­hold­ings (if applic­a­ble), oth­er with­hold­ings (if applic­a­ble) . Bank data.
Cat­e­gories of recip­i­ents: — Enti­ty to which we entrust the man­age­ment of occu­pa­tion­al risks.
- Span­ish Job Agency (Tesor­ería Gen­er­al de la Seguri­dad Social.)
- Trade union orga­ni­za­tions.
- Finan­cial enti­ties.
- Span­ish Tax Admin­is­tra­tion Agency.
- Main con­trac­tors that we pro­vide ser­vices to as sub­con­trac­tors.
Third coun­tries or inter­na­tion­al orga­ni­za­tions that per­son­al data are trans­ferred to: No inter­na­tion­al trans­fer of your per­son­al data is planned.
Reten­tion sched­ule: Your per­son­al data will be kept for the time nec­es­sary to ful­fill the pur­pose for which they were col­lect­ed and to deter­mine the pos­si­ble respon­si­bil­i­ties that may arise.
Secu­ri­ty mea­sures: Adapt­ed to the require­ments of Reg­u­la­tion (EU) 2016/679, Gen­er­al Data Pro­tec­tion Regulation.

CONTACTS PROCESSING
Law­ful basis for pro­cess­ing: This pro­cess­ing is law­ful because you have giv­en us your con­sent.
Pur­pos­es of the pro­cess­ing: Man­age your request, send you infor­ma­tion and fol­low up on your request.
Cat­e­gories of indi­vid­u­als: Per­sons who con­tact us, cus­tomers and sup­pli­ers
Cat­e­gories of per­son­al data: Name and sur­name, phone, email.
Cat­e­gories of recip­i­ents: Your per­son­al data will not be dis­closed to third par­ties with­out your express con­sent.
Third coun­tries or inter­na­tion­al orga­ni­za­tions that per­son­al data are trans­ferred to: No inter­na­tion­al trans­fer of your per­son­al data is planned.
Reten­tion sched­ule: Your per­son­al data data will be kept for an indef­i­nite peri­od, or until you requests its era­sure.
Secu­ri­ty mea­sures: Adapt­ed to the require­ments of Reg­u­la­tion (EU) 2016/679, Gen­er­al Data Pro­tec­tion Regulation.

CANDIDATES FOR SELECTION PROCESSES (WORK WITH US) PROCESSING
Law­ful basis for pro­cess­ing: GPDR: 6.1.a) the data sub­ject has giv­en con­sent to the pro­cess­ing of his or her per­son­al data for one or more spe­cif­ic pur­pos­es
GPDR: 6.1.b) pro­cess­ing is nec­es­sary for the per­for­mance of a con­tract to which the data sub­ject is par­ty or in order to take steps at the request of the data sub­ject pri­or to enter­ing into a con­tract.
Pur­pos­es of the pro­cess­ing: Selec­tion of per­son­nel and pro­vi­sion of jobs.
Cat­e­gories of indi­vid­u­als: Job appli­cants.
Cat­e­gories of per­son­al data: — Name and sur­name, ID / CIF / Iden­ti­fi­ca­tion doc­u­ment, per­son­nel reg­is­tra­tion num­ber, address, sig­na­ture and tele­phone num­ber.
- Per­son­al char­ac­ter­is­tics data: Sex, mar­i­tal sta­tus, nation­al­i­ty, age, date and place of birth and fam­i­ly data.
- Aca­d­e­m­ic and pro­fes­sion­al data: Qual­i­fi­ca­tions, train­ing and pro­fes­sion­al expe­ri­ence.
- Job detail data.
Cat­e­gories of recip­i­ents: Your per­son­al data will not be dis­closed to third par­ties with­out your express con­sent.
Third coun­tries or inter­na­tion­al orga­ni­za­tions that per­son­al data are trans­ferred to: No inter­na­tion­al trans­fer of your per­son­al data is planned.
Reten­tion sched­ule: Your per­son­al data will be kept for the time nec­es­sary to ful­fill the pur­pose for which they were col­lect­ed and to deter­mine the pos­si­ble respon­si­bil­i­ties that may arise.
Secu­ri­ty mea­sures: Adapt­ed to the require­ments of Reg­u­la­tion (EU) 2016/679, Gen­er­al Data Pro­tec­tion Regulation.

SUPPLIERS PROCESSING
Law­ful basis for pro­cess­ing: GPDR: 6.1.b) pro­cess­ing is nec­es­sary for the per­for­mance of a con­tract to which the data sub­ject is par­ty or in order to take steps at the request of the data sub­ject pri­or to enter­ing into a con­tract.
GPDR: 6.1.c) pro­cess­ing is nec­es­sary for com­pli­ance with a legal oblig­a­tion to which the con­troller is sub­ject.
Pur­pos­es of the pro­cess­ing: — Acqui­si­tion of prod­ucts and / or ser­vices that we need for the devel­op­ment of our activ­i­ty.
- Con­trol of sub­con­trac­tors if applic­a­ble.
Cat­e­gories of indi­vid­u­als: — Sup­pli­ers.
- Indi­vid­u­als who work for our sup­pli­ers.
Cat­e­gories of per­son­al data: — Full name, Proof of iden­ti­ty, address, sig­na­ture and tele­phone.
- Employ­ee data: job posi­tion. pre­ven­tion of occu­pa­tion­al haz­ards train­ing.
Cat­e­gories of recip­i­ents: — Finan­cial enti­ties. (Invoice Pay­ment)
- Span­ish Tax Admin­is­tra­tion Agency. (Agen­cia Estatal de Admin­is­tración Trib­u­taria)
Third coun­tries or inter­na­tion­al orga­ni­za­tions that per­son­al data are trans­ferred to: No inter­na­tion­al trans­fer of your per­son­al data is planned.
Reten­tion sched­ule: Your per­son­al data will be kept for the time nec­es­sary to ful­fill the pur­pose for which they were col­lect­ed and to deter­mine the pos­si­ble respon­si­bil­i­ties that may arise, accord­ing to span­ish tax law (Ley 58/2003, de 17 de diciem­bre, Gen­er­al Trib­u­taria)
Secu­ri­ty mea­sures: Adapt­ed to the require­ments of Reg­u­la­tion (EU) 2016/679, Gen­er­al Data Pro­tec­tion Regulation.

CUSTOMERS (SALES) PROCESSING
Law­ful basis for pro­cess­ing: GPDR: 6.1.a) the data sub­ject has giv­en con­sent to the pro­cess­ing of his or her per­son­al data for one or more spe­cif­ic pur­pos­es
GPDR: 6.1.b) pro­cess­ing is nec­es­sary for the per­for­mance of a con­tract to which the data sub­ject is par­ty or in order to take steps at the request of the data sub­ject pri­or to enter­ing into a con­tract.
GPDR: 6.1.c) pro­cess­ing is nec­es­sary for com­pli­ance with a legal oblig­a­tion to which the con­troller is sub­ject.
GPDR: 6.1.f)processing is nec­es­sary for the pur­pos­es of the legit­i­mate inter­ests pur­sued by the con­troller.
Pur­pos­es of the pro­cess­ing: Sup­ply of our prod­ucts / ser­vices
Cat­e­gories of indi­vid­u­als: Cus­tomers
Cat­e­gories of per­son­al data: — Name and sur­name, DNI / NIF / Iden­ti­fi­ca­tion doc­u­ment, address, sig­na­ture and tele­phone.
- Eco­nom­ic, finan­cial and insur­ance data: Bank details
Cat­e­gories of recip­i­ents: — Finan­cial enti­ties.
- Span­ish Tax Agency (Agen­cia Estatal de Admin­is­tración Trib­u­taria).
Third coun­tries or inter­na­tion­al orga­ni­za­tions that per­son­al data are trans­ferred to: No inter­na­tion­al trans­fer of your per­son­al data is planned.
Reten­tion sched­ule: Your per­son­al data will be kept for the time nec­es­sary to ful­fill the pur­pose for which they were col­lect­ed and to deter­mine the pos­si­ble respon­si­bil­i­ties that may arise.
Secu­ri­ty mea­sures: Adapt­ed to the require­ments of Reg­u­la­tion (EU) 2016/679, Gen­er­al Data Pro­tec­tion Regulation.

 

YOUR RIGHTS

You have the right to ask us for a copy of your per­son­al data, to rec­ti­fy inac­cu­rate data or com­plete it is incom­plete, or if applic­a­ble, ask for your data era­sure, when it is no longer nec­es­sary for the pur­pos­es for which we col­lect­ed them.

You also have the right to lim­it the pro­cess­ing of your per­son­al data and to obtain your per­son­al data in a struc­tured and leg­i­ble format.

You have the right to object to the pro­cess­ing of your per­son­al data under some circunstances(in par­tic­u­lar, when we do not have to process them to ful­fill a con­tract or oth­er legal require­ment, or when the object of the pro­cess­ing is direct marketing)

If we are pro­cess­ing your per­son­al data because you have giv­en us your con­sent, you can with­draw your con­sent at any time. The with­draw­al of your con­sent shall not affect the law­ful­ness of pro­cess­ing based on con­sent before its withdrawal.

These rights may be lim­it­ed. For exam­ple, if to ful­fill your request we had to dis­close data about anoth­er per­son, or if you ask us to delete some records that we are oblig­ed to keep by law or to pur­sue our legit­i­mate inter­est, such as the exer­cise of defense against claims. Or even in those cas­es where the right to free­dom of expres­sion and infor­ma­tion must prevail.

You can con­tact us by any of the means indi­cat­ed in this pri­va­cy pol­i­cy, pro­vid­ing a copy of a doc­u­ment that proves your identity.

You have also the right of not being sub­ject of pro­cess­ing based sole­ly on auto­mat­ed deci­sion-mak­ing, includ­ing pro­fil­ing that pro­duces legal effects or affects you.

If you con­sid­er that we have vio­lat­ed any of your rights, such as, for exam­ple, that we have not ful­filled your legit­i­mate request, you have the right to lodge a com­plaint with a super­vi­so­ry author­i­ty. You can address your com­plaint to your nation­al data pro­tec­tion super­vi­so­ry author­i­ty (if you live out­side of Spain) or to the Span­ish Data Pro­tec­tion Agency (Agen­cia Españo­la de Pro­tec­ción de Datos)

Addi­tion­al Info

Data pro­cess­ing out­side Euro­pean Eco­nom­ic Area.

Links to third par­ty web­sites.
Our web­site may con­tain links to oth­er web­sites. It is your respon­si­bil­i­ty to make sure you read the data pro­tec­tion pol­i­cy and the terms and con­di­tions that apply to each site.

Third par­ties per­son­al data.
If you pro­vide us with data from third par­ties, you assume the respon­si­bil­i­ty of pro­vid­ing them with enough infor­ma­tion as estab­lished in arti­cle 14 of the GPDR.