This is the data protection policy of BOSCH.CAPDEFERRO, SCP. It refers to the data it processes in the exercise of its professional activities in compliance with the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016) and Organic Law 3/2018, of 5 December, on the Protection of Personal Data and guarantee of digital rights.
The controller of personal data is BOSCH.CAPDEFERRO, SCP (hereinafter BOSCH.CAPDEFERRO), with CIF J17816711, located at Calle de la Força, 19, 1r 2a, Girona (CP 17004), telephone 972 42 69 96, email email@example.com and website www.boschcapdeferro.com. Registered in the Commercial Register of Girona, volume 2710, book 0, folio 141, section 8, sheet Gi-47845, inscription 1a.
At BOSCH.CAPDEFERRO, we process personal data for the following purposes.
Contact. We respond to inquiries from individuals who contact us through the contact form on our website, by email, or by phone. We only use them for this purpose. Selection of personnel. We receive resumes from individuals interested in working with us and manage the personal data generated by participation in personnel selection processes, for the purpose of analysing the suitability of candidates' profiles based on vacant or newly created positions. Our policy is to keep the data of individuals who are not hired for a maximum period of ten years, in case a new vacancy or job opening arises in the short term. However, in the latter case, we immediately delete the data if the person requests it.
Services to customers. We register new customers and the additional data that may result from the contractual relationship with them. In the contracting process, essential data is requested, including bank data (account or credit/debit card number), which will be communicated to banking entities that manage the collection (they can only use it for this purpose). The provision of services entails other processing, such as incorporating data into accounting, billing, or providing information to the Tax Administration.
Information about services. With the explicit authorization of interested individuals to receive information from BOSCH.CAPDEFERRO, we use contact data to send commercial information about our professional activity, information that may be general or more specific to the interested person's characteristics and needs.
Management of our suppliers' data. We register and process the data of suppliers from whom we obtain services or goods. These may be the data of individuals who act as self-employed and also the data of representatives of legal entities. We obtain the essential data to maintain the contractual relationship, and we only use it for this purpose and for our own use.
The data processing carried out has different legal bases, depending on the nature of each processing.
In compliance with a pre-contractual relationship. This is the case with the data of potential customers or suppliers with whom we have previous relationships before the formalization of a contractual relationship, such as in the preparation or study of budgets. This is also the case with the processing of data from people who send us their resumes or who participate in staff selection processes.
In compliance with a contractual relationship. This is the case with the relationships we have with our clients and suppliers and all the actions that these relationships entail.
In compliance with legal obligations. The communication of data to the Tax Administration is established by regulations governing commercial relationships. It may be necessary to communicate data to judicial bodies or to law enforcement agencies also in compliance with legal rules that require collaboration with these public bodies.
Based on consent. When we send information about our services, we process the contact data of the recipients with their explicit authorization or consent. The navigation data that we may obtain through cookies are obtained with the consent of the person visiting our website, consent that can be revoked at any time by uninstalling these cookies.
Based on legitimate interest. Based on BOSCH.CAPDEFERRO's legitimate interest, we process data from our clients in order to offer them customer service, inform them of offers or advantages in the services offered or know the degree of satisfaction with our contractual relationship.
As a general criterion, we only communicate data to public administrations or powers and always in compliance with legal obligations. In the issuance and receipt of invoices, data may be communicated to banking entities. In justified cases, we will communicate the data to law enforcement agencies or competent judicial bodies. No data transfers are made outside the scope of the European Union (international transfer).
In another sense, for certain tasks we obtain the services of companies or people who provide us with their experience and specialization. In some cases, these external companies must access personal data under our responsibility. It is not properly a transfer of data, but a processing contract. We only contract services from companies that guarantee compliance with data protection regulations. At the time of contracting, their confidentiality obligations are formalized and their performance is monitored. This may be the case with data hosting services, IT support services, or legal, labour, accounting, or tax consulting services.
We comply with the legal obligation to limit the retention period of the data to the maximum. For this reason, they are kept only for the necessary and justified time for the purpose that motivated their collection. In certain cases, such as the data contained in accounting documentation and billing, tax regulations require that they be kept until the responsibilities in this matter prescribe. In the case of data processed based on the consent of the interested person, they are kept until the person revokes this consent.
As provided by the General Data Protection Regulation, individuals whose data we process have the following rights:
To know if their data is being processed. Any person has the right to know if we are processing their data, regardless of whether there has been a previous relationship.
To be informed at the time of collection. When personal data is obtained from the interested party, at the time of providing them, they must have clear information about the purposes for which they will be used, who will be responsible for the processing and other aspects derived from the processing.
Access. A very broad right that includes the right to know precisely what personal data is being processed, what the purpose of the processing is, the communications to other parties that will be made (if applicable), or the right to obtain a copy or to know the expected retention period.
Right to rectification. The right to rectify inaccurate data that we are processing.
Right to erasure. In certain circumstances, there is a right to request the erasure of data when, among other reasons, they are no longer necessary for the purposes for which they were collected and justified the processing.
Right to restriction of processing. Also, in certain circumstances, the right to request the restriction of data processing is recognized. In this case, they will cease to be processed and will only be kept for the exercise or defence of claims, in accordance with the General Data Protection Regulation.
Right to data portability. The right to receive personal data in a structured, commonly used, machine-readable and interoperable format, or to request that it be transferred in this way to another Data Controller. This right is recognized when the processing is based on consent or a contractual relationship.
Right to object to processing. As a general criterion, when data processing is based on the legitimate interest of the company, a person may argue reasons related to their particular situation, reasons that would require the cessation of the processing of their data to the extent that it may cause them harm, except that there are legitimate reasons for continuing to do so or that it is necessary to formulate or defend claims.
Right not to receive commercial information. We immediately respond to requests to stop sending commercial information to people who have previously authorized us to do so.
The rights we have just listed can be exercised by sending a written request to BOSCH.CAPDEFERRO, SCP, at the postal address Calle de la Força, 19, 1r 2a in Girona (CP 17004), or by sending an email to firstname.lastname@example.org, in all cases indicating "Personal data protection".
If a satisfactory response has not been obtained in the exercise of these rights, it is possible to file a complaint with the Spanish Data Protection Agency, through the forms or other channels accessible from its website www.aepd.es.