DATA PROTECTION AND PRIVACY POLICY

Privacy and Data Protection Policy

BACHILLER is committed to due diligence and compliance with data protection regulations. The Data Protection Channel (DATAPROTECT line) has been added as the core of this duty and commitment, which includes the fundamental elements of data protection.

Detailed information is given below on the privacy and personal data protection policy in compliance with the provisions of Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016, concerning the protection of individuals with regard to the processing of personal data and the free movement of such data (General Data Protection Regulation or GDPR) and Article 11 of Organic Law 3/2018, of 5 December 2018, on the protection of personal data and the guarantee of digital rights (LOPD GDD).

Details of the data controller and contact details of the Data Protection Manager/Data Protection Officer (DPM/DPO):

Details of the data controller

  • Name: E. BACHILLER B, S.A.
  • Address/P.C.: Can Guasch 3, Pol. IND. Levante, Parets del Vallés. 08150 Barcelona (Spain).
  • Telephone: +34 93 573 07 70.
  • E-mail: [email protected]
  • DP/DPO contact details: Celso Arcas Sancho
  • Data Protection Channel: www.corporate-ethicline.com/bachiller/

Purposes of the processing

Bachiller will process the information provided to us by data subjects for the following purposes:

  • To manage customer service, visits and meetings at our facilities.
  • To manage the provision and realisation of services and products
  • To manage any kind of request, suggestion or claim made relating to our professional services.
  • Informative and commercial communications: We process your data in order to inform you about activities, articles of interest and general information related to our activity and the services/products.
  • To manage data provided by candidates for jobs through a Curriculum Vitae (CV) or other means for the purpose of selection and recruitment processes.
  • To ensure the security of offices, facilities and people through access controls, video surveillance systems and other access control/identification systems.
  • To comply with the legal provisions that apply to Bachiller and its activities in matters of health, equality and prevention of occupational risks.
  • To manage and control the functioning of the mechanisms, policies and internal protocols established by Bachiller for regulatory compliance and the management of reporting channels for this purpose.
  • All those processes that apply to us for our due compliance with regulations and official/sectoral requirements that govern our activity.

For successful results and the development of your customer service and the management of the above purposes, the processing of your data for the relevant purposes mentioned above will be carried out under the strictest compliance with data protection regulations and this policy. You can exercise your rights at any time (see specific section).

Data retention criteria

  • Management of Bachiller services/products: The personal data provided in the contracts, offers and/or proposals for services, as well as those of other persons whose intervention is required, will be kept for as long as the contracted services are in effect. At the end of the provision of the contracted service(s), the personal data will be kept in cases where liabilities could arise for Bachiller and/or in compliance with other regulatory frameworks that apply to Bachiller or any legally binding rule that requires their retention. The personal data will be kept in a way that allows the identification and exercise of the rights of those affected and, under the technical legal and organisational measures that are required to guarantee their confidentiality and integrity.
  • Curriculum vitae management: Bachiller generally keeps its curriculum vitae for a maximum period of one year. After that period, the destruction of the data will be carried out automatically, in compliance with the principle of data quality.
  • Management of employment contracts: the personal data will be kept, without exception, for as long as the employment relationship is in effect and, at the end of it, in cases where liabilities could arise between the parties and when required by a legally binding rule.
  • Others: The other data and information provided by the user by any means, will be kept for as long as is necessary to fulfil the purpose for which they were collected.

Legitimacy

The legal basis that enables Bachiller to process the personal data of users, clients and/or potential clients is by virtue of the following headings:

  • The consent of the persons concerned for the processing and management of any request for information or inquiry about our services and products.
  • The consent given by job candidates for the purpose of selection and recruitment.
  • The context of providing and/or contracting services/products with Bachiller.
  • The legitimate interest to send you informative, commercial and/or promotional offers related to the activity of Bachiller and the services/products contracted by e-mail or any other means.
  • Compliance with legal obligations and internal regulatory compliance procedures.
  • The legitimate interest to ensure the security of offices, facilities and people.

Recipients

No personal data is transferred to third parties, except for legal compliance.

Provenance

Personal data is obtained directly from data subjects and our business partners. The categories of personal data that you provide to us are:

  • Identification data.
  • Postal or electronic addresses.
  • Data provided and/or consent given for their collection by the data subjects related to and necessary for the management and realisation of the service/product requested.

Rights

Right of access, rectification and erasure: data subjects have the right to obtain confirmation as to whether or not we are processing personal data concerning them at Bachiller or not. Data subjects have the right to access their personal data, as well as to request the rectification of inaccurate data or request its erasure when, among other reasons, the data is no longer necessary for the purposes for which they were collected.

Right to restriction and opposition: In certain circumstances, data subjects may request the restriction of the processing of their data, in which case we shall only keep them for the making of or defence against claims. In certain circumstances and for reasons related to their particular situation, data subjects may object to the processing of their data. Bachiller will stop processing the data in this case, except for legitimate compelling reasons, or for the making of or defence against possible claims.

Right to revoke the consent given: data subjects have the right to withdraw their consent at any time, except in the case of the processing of personal data provided for in data protection regulations or required for the provision of the contracted service, which do not require such consent. However, this withdrawal does not have retroactive effects, so it will not affect the lawfulness of the processing based on previously granted consent.

These rights may be exercised through our Channel (see specific section).

Security and control measures

General

In compliance with data protection regulations, Bachiller will process personal data applying appropriate technical, legal, organisational and security measures, in order to guarantee the confidentiality and integrity of the information it manages in accordance with the provisions of current regulations.

Please inform the Data Protection Manager/Data Protection Officer using the contact details/channel established in this privacy policy of any security risk of which you have evidence or knowledge, that might compromise the integrity and confidentiality of personal data and/or confidential information, so that they can take the necessary measures to prevent their unauthorised processing, loss, destruction or accidental damage.

Cyber-security

As a specific and complementary addition to the above, Bachiller applies cyber-security measures to prevent and manage possible attacks and fraud by cyber criminals that threaten the privacy and protection of the data that Bachiller processes and accesses in the scope of its activities and operations.

In this sense, we would like to warn that in the event of possible risk situations due to communications whose content and/or format generate doubts of authenticity, we recommend deleting them and contacting the Data Protection Manager/Data Protection Officer through the contact details provided in this privacy policy.

In addition, any request you receive from Bachiller regarding changes in payment methods, requests for data or contact persons or confidential (non-public) information, bank and/or credit card details and/or other official data, should not be replied to without direct confirmation from Bachiller by other alternative means. We appreciate and need your cooperation for the communication and reporting of any notification in relation to this type of request and other possible risk situations of cyber attacks in which Bachiller may be used, as well as any possible security risk that you may become aware of.

Channel

Bachiller has set up a Channel, representing the highest commitment, rigour and professionalism in matters of security, experience, independence and knowledge in the processing of received communications.

The Channel, which includes its use in the scope of data protection, was implemented through an online platform, developed and managed by an independent external expert, to comply with and guarantee our commitments above.

Through the Channel, you can communicate and manage the exercise of your rights (see previous section) and notify any evidence or information you have of possible violations (breaches) of security, cyber attacks and/or possible breaches or irregularities of data protection regulations and this Bachiller policy.

The access details for the Channel are given at the beginning of this policy.

Supervisory authority

In the event of disputes with Bachiller in relation to the processing of your data, you have the right to file a claim with the corresponding data protection supervisory authority. In Spain, this authority is the Spanish Data Protection Agency (www.aepd.es).

Service and support

Data subjects may send Bachiller any questions about the processing of their personal data or interpretation of our policy, by contacting the Data Protection Manager/Data Protection Officer (DPM/DPO) at the address indicated at the beginning of this policy.