The Client or Candidate (hereinafter the “User”), by providing to SUMINISTROS, IMPORTACIONES Y MANTENIMIENTOS ELECTRÓNICOS, S.A. U. (hereinafter SERMICRO or SERMICRO GROUP) its personal data through the electronic forms of the Web or section of contacts and, in its case, through the marking of the corresponding box of acceptance, expressly consents that SERMICRO GROUP can treat those data in the terms of this clause of Policy of Privacy and Protection of Data and for the ends here expressed.
SERMICRO GROUP is aware of the importance of personal data, so it assures all users that we ensure the proper treatment and privacy of them, strictly complying with the provisions of the Legal Order, and in the terms explained below:
In compliance with the General Data Protection Regulation (EU) 2016/679, of 25 May 2016, regarding the protection of individuals with regard to the processing of personal data and the free circulation of these data, we inform you that there is an automated processing of personal activities, with the sole purpose of facilitating the management of the activity of this Website, the management of the services offered through it and, where appropriate, the management, development and fulfillment of the contractual relationship that the User establishes with SERMICRO GROUP. Equally, SERMICRO GROUP will treat the facilitated data to manage the consultations, that are realized through the Web site, being able to be included in the files, manual or automated for such use.
SERMICRO GROUP is, to the effects of the arranged thing in the Law, the Person in charge of the Treatment of Activities.
The processing activities are registered in the Company’s Data Protection Policy and have the legally established security measures (technical and organisational measures that prevent the alteration, loss, processing or unauthorised access to the data, as appropriate).
All personal data you provide will be incorporated into our register of activities mentioned above.
The Management of GRUPO SERMICRO is responsible for formulating the strategy and approving the Company’s corporate policies, as well as organizing the internal control systems. In the exercise of these responsibilities, and in order to establish the general principles that should govern the processing of personal data.
1. Purpose: The Personal Data Protection Policy establishes the principles and common guidelines of action that must govern SERMICRO GROUP in matters of personal data protection, guaranteeing, in any case, compliance with applicable legislation. In particular, the Personal Data Protection Policy aims to guarantee the right to the protection of their data of all natural persons who relate to society, ensuring respect for the right to honor and privacy in the processing of different types of personal data, from different sources and for different purposes depending on their business activity.
2. Evaluation The Security Officer shall evaluate, at least once a year, the compliance and effectiveness of this Personal Data Protection Policy and report the result to the management assuming such functions at all times. This 3. Personal Data Protection Policy was initially approved by the Administrator on May 15, 2018.
4. By accepting this Privacy and Data Protection Policy, the User guarantees the accuracy, validity and authenticity of the personal data provided, and undertakes to keep them duly updated.
The User exonerates SERMICRO GROUP of responsibility for any damage or injury that may suffer as a result of errors, defects or omissions in the information provided to SERMICRO GROUP.
SERMICRO GROUP undertakes to comply with its obligation of professional secrecy with respect to personal data received through the Website and its treatment with confidentiality.
The User, accepts expressly that SERMICRO GROUP can yield personal data since, in occasions, we make use of other companies to lend certain of our services. To do so, they need access to personal data of our Users. SERMICRO GROUP will be able to provide the information facilitated by means of the Web, to third related or dependent of him or to suppliers of services, for the attainment of such services, for the purposes and with application of the measures of security foreseen in the RGPD.
5. Principles for the processing of personal data The principles governing the Personal Data Protection Policy are as follows:
a) General principles: SERMICRO GROUP will fully comply with the legislation of its jurisdiction in matters of data protection, which is applicable depending on the processing of personal data that is carried out and which is determined in accordance with binding rules or agreements adopted within the company. SERMICRO GROUP will promote that the principles contained in this Policy for the protection of personal data are taken into account.
(i) en el diseño e implementación de todos los procedimientos que impliquen el tratamiento de datos personales,
(ii) en los productos y servicios ofrecidos por esta,
(iii) en todos los contratos y obligaciones que formalicen con personas físicas y
(iv) en la implantación de cuantos sistemas y plataformas permitan el acceso por parte de empleados o de terceros a datos personales y/o la recogida o tratamiento de dichos datos.
b) Principles relating to the processing of personal data:
(i) Principles of legitimacy, lawfulness and fairness in the processing of personal data. The treatment of personal data will be loyal, legitimate and lawful according to the applicable legislation. In this respect, personal data must be collected for one or more specific and legitimate purposes in accordance with the applicable legislation. Where this is mandatory under applicable law, the consent of the data subjects must be obtained before their data are collected. Likewise, when required by law, the purposes of the processing of personal data will be explicit and determined at the time of collection.
In particular, SERMICRO GROUP will not collect or process personal data relating to ethnic or racial origin, political ideology, beliefs, religious or philosophical convictions, life or sexual orientation, union membership, health, or genetic or biometric data aimed at univocally identifying a person, unless the collection of such data is necessary, legitimate and required or permitted by applicable law, in which case they will be collected and processed in accordance with the provisions of that law.
(ii) Minimisation principle. Only those personal data that are strictly necessary for the purpose for which they are collected or processed and suitable for that purpose will be processed.
(iii) Principle of accuracy. Personal data must be accurate and up to date. Otherwise, they must be deleted or rectified.
(iv) Principle of limitation of the conservation period. Personal data will not be kept beyond the period necessary to achieve the purpose for which they are processed, except in the cases provided for by law.
(v) Principles of integrity and confidentiality. Personal data protection policy. In the processing of personal data, adequate security must be guaranteed, by means of technical or organisational measures, to protect them from unauthorised or unlawful processing and to prevent their loss, destruction and accidental damage. The personal data collected and processed by SERMICRO GROUP must be kept with the utmost confidentiality and secrecy, and may not be used for purposes other than those that justified and allowed its collection and without being communicated or transferred to third parties outside the cases permitted by applicable law.
(vi) Principle of proactive responsibility (accountability). SERMICRO GROUP will be responsible for complying with the principles stipulated in this Policy for the protection of personal data and those required by applicable legislation and must be able to prove it, when required by applicable law. SERMICRO GROUP will have to make an evaluation of the risk of the treatments that make, with the purpose of determining the measures to apply to guarantee that the personal data are treated according to the legal requirements. Where required by law, the risks that new products, services or information systems may entail for the protection of personal data shall be assessed beforehand and the necessary measures shall be taken to eliminate or mitigate them. SERMICRO GROUP must keep a register of activities describing the processing of personal data carried out within the framework of its activities. In the event of an incident that causes the accidental or unlawful destruction, loss or alteration of personal data, or the unauthorised communication of or access to such data, the internal protocols established for this purpose by the Security Officer and those established by the applicable legislation must be followed. Such incidents should be documented and measures should be taken to address and mitigate any negative effects on those concerned. In the cases provided for by law, data protection delegates will be appointed in order to ensure compliance with data protection regulations in the company.
(vii) Principles of transparency and information. The processing of personal data shall be transparent in relation to the data subject, providing him/her with information on the processing of his/her data in a comprehensible and accessible manner, where required by applicable law. In order to ensure fair and transparent processing, SERMICRO GROUP responsible for processing must inform those affected or interested whose data is sought to collect the circumstances relating to the processing under applicable law.
(viii) Acquisition or collection of personal data. It is forbidden to acquire or obtain personal data from illegitimate sources, from sources that do not sufficiently guarantee their legitimate origin or from sources whose data have been collected or transferred in contravention of the law.
(ix) Recruitment of processors. Prior to the hiring of any service provider who accesses personal data that are the responsibility of SERMICRO GROUP, as well as during the term of the contractual relationship, they must take the necessary measures to ensure and, when legally required, demonstrate that the processing of data by the person in charge is carried out in accordance with applicable law.
(x) International data transfers. Any processing of personal data subject to European Union law involving a transfer of data outside the European Economic Area must be carried out in strict compliance with the requirements set out in the applicable law in the jurisdiction of origin. In addition, business partners or subsidiaries located outside the European Union must comply with the requirements for international transfers of personal data that may be applicable in their jurisdiction.
(xi) Rights of data subjects. SERMICRO GROUP must allow interested parties to exercise the rights of access, rectification, deletion, limitation of treatment, portability and opposition that are applicable in each jurisdiction, establishing, to that effect, the internal procedures that are necessary to meet, at least, the legal requirements applicable in each case.
6. Implementation In accordance with the provisions of this Personal Data Protection Policy, the Corporate Security Department, together with the Company’s Legal Services, will develop and keep up to date the internal regulations on global data protection management, which will be implemented by the Security Officer and will be binding on all the Company’s executives and employees. Likewise, the Head of the Department shall establish internal procedures that develop the principles contained in this document.
7. Control It is the responsibility of the Security Officer to supervise the Company’s compliance with the provisions of this Personal Data Protection Policy In order to verify compliance with this Personal Data Protection Policy, periodic audits will be carried out with internal or external auditors.
Any User will be able to exercise the rights of access, rectification, cancellation, opposition and request the suppression of the data through postal mail to SERMICRO GROUP located in Calle Pradillo 48-50, Spain, or sending an e-mail to firstname.lastname@example.org with the reference in the subject: “Data Protection”, including next to the request a copy of its DNI or official document accrediting the identity.
On the basis of all the above, below you will find schematically information about the general aspects of the Protection of your personal data carried out by SERMICRO GROUP:
|Basic Information||Additional Information|
|Responsible||SERMICRO||Calle de Pradillo, 50, 28002 Madrid, España e-mail: email@example.com tel. 917 44 86 00|
|Main purposes||Attention of consultations||To attend the consultations of the Users who get in touch with us through the sections of Contact or enabled Forms.|
|Legitimation and conservation||Legal basis of the treatment||
The basis for the processing of the data is the consent given by the User with the marking, where appropriate, of the corresponding acceptance box.If you do not provide the necessary data for these purposes it will be impossible to provide our services. The data will be kept as long as the relationship is maintained and its deletion is not requested and in any case in compliance with the legal statute of limitations that apply to it.
|Additional purposes||Sending information||The User’s email contact details may be used to send advertisements and other commercial communications about our products and/or services, provided that you have expressly authorised this, where appropriate, by ticking the corresponding acceptance box.|
|Statistical and other purposes||User information may be used, subject to anonymization, for statistical purposes in order to analyze the behavior and trends of Users and analyze how to improve the services we provide to Users.|
|Legitimation and conservation||Legal basis of the treatment||The use of your e-mail in the terms indicated above will be with your consent if you tick the appropriate box. The data will be kept as long as the relationship is maintained and its deletion is not requested and in any case in compliance with the legal statute of limitations that apply to it.|
|Recipients of transfers||The following data transfers are planned:||The data may be transferred to other companies in the Group in order to resolve the query that we have raised when it refers to activities developed by any of our companies. The list of companies in the group can be consulted at: http://www.imesapi.com/quienes-somos/nuestras-empresas|
|Rights of data subjects||Ejercicio de derechos||Interested parties may exercise their rights of access, rectification, deletion, portability and limitation or opposition by writing to SERMICRO GROUP, indicating “exercise rights data protection” or through the following email address: firstname.lastname@example.org|
|Those concerned have the right to withdraw their consent.|
|Los interesados tienen derecho a reclamar ante la Autoridad de Control (Agencia Española de Protección de Datos www.agpd.es).|
© SERMICRO 2019.