PRINCIPLES OF THE REGULATION (EU) 2016/679 (GENERAL DATA PROTECTION REGULATION)
The General Data Protection Regulation sets out the following principles in connection with the processing of personal data:
Lawfulness, fairness, and transparency: Personal data shall be processed lawfully, fairly, and transparently in relation to the data subject.
Purpose limitation: Personal data shall be collected for specified, explicit, and legitimate purposes and shall not be further processed in a way incompatible with those purposes.
Data minimisation: Personal data shall be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.
Accuracy: Personal data shall be accurate and, where necessary, kept up to date, and reasonable steps shall be taken to ensure that inaccurate personal data are erased or rectified without delay.
Retention time limitation: Personal data shall be retained allowing the identification of the Data subject only for as long as necessary. Personal data may be kept for a longer period subject to public interest, or for scientific, historical, or statistical research purposes.
Integrity and confidentiality: Personal data will be treated securely and protected against unauthorized or unlawful processing and against accidental loss, destruction or damage by technical or organizational measures.
The Data controller must be able to demonstrate that it complies with these principles (proactive Liability), and must verify that:
Only the personal data necessary for the purposes included in the information texts are processed (i.e. no excessive data are processed); and
The purposes outlined in the information texts shall be those necessary for the Data Controller to retain the data. When data processing is no longer necessary for any purpose, the data must be destroyed and kept in a blocked state for the legally mandated retention periods.
- FIRST LEVEL TEXTS
Last update: 06/10/2023
- TEXT 1 – CONTACT FORM ON THE WEBSITE
☐ I consent to receive commercial communications about promotions and news from Cafosa.
- TEXT 2 – CV FORM
☐ I consent to the processing of my personal data, and I consent to my data being retained for future job offers from Cafosa, for one year from the date of collection.
The following settings and checks must be carried out:
- Checkboxes should not be pre-checked.
- Check that the link included in the first level works correctly, and that it refers to the correct text.
- SECOND LEVEL TEXT
Last update: 09/10/2023
- Data controller
CAFOSA GUM S.A., (hereinafter, “Cafosa“) with NIF A08503278, telephone number 937291729 and registered office at C/ Altimira, 7 A 17. 08210, Barbera del Vallès, Barcelona, Spain, is the Data controller of your personal data for the purposes described here.
Cafosa will process the personal data collected on this website, as well as on the platforms that Cafosa may make available, Cafosa’s profiles on social networks and other domains owned by Cafosa (hereinafter referred to as “Site” or “Website”).
You can contact our Data Protection Officer at the above postal address, or by email at firstname.lastname@example.org.
- How we obtain your personal data
The personal data processed will be those that you provide to us through the various channels made available by Cafosa, for instance, through the available forms.
- What personal data do we process, why and for what purpose?
Below, these purposes are listed, indicating which data will be processed (data typology) and for what reason or on what legal basis we rely on for this (legal basis). The treatments listed below are applicable to all categories of data subjects affected by them unless otherwise specified. Likewise, we may also process any additional data that you provide to us or that is generated during your relationship with Cafosa for the purposes stated above.
|REQUESTS, QUERIES, COMPLAINTS|
|Address requests, inquiries, or complaints through the sections and contact forms on the Website, or through other channels such as the general information email about the Website.|
|Those requested in each personal data collection form and at least the following: Identification data: name, surname, user.Contact details: e-mail.Data related to the request or application provided by the user.|
|Where complaint forms are used, this shall be based on the legal obligation in accordance with consumer and user protection regulations. |
In the case of other requests or complaints, this is based on the contractual or pre-contractual relationship between the user and Cafosa when offering the consultation service.
|Compliance with our legal obligations in civil, commercial, fiscal, accounting, and personal data protection regulations, among others that may apply.|
|Personal data that you provide to us and that is generated in the course of the relationship.|
|Compliance with a legal obligation.|
|CAFOSA CORPORATE CONTACTS|
|Maintaining relations of any nature with the company, entity or organization for which you work or collaborate, or with you in case you are an independent professional, that you contact through the Website or through any form, communication channel or e-mail box. Even through the delivery of business cards to Cafosa’s personnel.|
|Identification data: name, surname, first name.Contact details: email, telephone number.Data related to the relationship established with Cafosa.|
|Cafosa’s legitimate interest derived from contact with Data Subjects for corporate purposes, which is expressly recognised by privacy regulations. In particular, by the Organic Law on the Protection of Personal Data and Guarantee of Digital Rights.|
|JOB APPLICATION MANAGEMENT|
|Deal with the entry of job applications through the Website and to carry out the relevant actions to manage the application as a candidate for a current or future vacancy in Cafosa, in order to be able to assess your profile and your possible incorporation with respect to the candidates offered by Cafosa.|
|Those deposited by the Data subject in the entry channel of the Website, as well as others that are made available to him/her. and at least:|
Identification data: name, surname, ID card number, address.Contact details: e-mail, telephone.Information resulting from interviews: aptitude reports, results of the selection process.Professional data: CV, references from other jobs, professional experience, motivation to change jobs.
The data generated during the selection processes in which you participate will also be processed, which implies the possibility of carrying out an analysis of your personal profile to assess your suitability with respect to the corresponding vacancy. Such additional data may include data published on social networks whose privacy settings are not restricted to third parties and/or data published on the Internet.
|The processing of your personal data is justified if it is necessary for the implementation of pre-contractual measures at the request of the applicant or if it is intended to conclude a contract.|
|WEBSITE SEGMENTATION AND PERSONALISATION THROUGH COOKIES|
|Navigation dataTechnical dataIP address|
|The processing of your personal data is legitimised by the express consent you give us through the cookie banner made available to you by Cafosa.|
However, Cafosa may process information obtained through cookies or similar technologies without your consent subject to your anonymised or aggregated information that does not contain any directly or indirectly identifiable information.
|Carrying out statistical studies on the use of the Website, and the reception of Cafosa’s products and services.|
|Navigation data.Technical data.IP address.|
|Cafosa’s legitimate interest in improving its functionalities and the service provided.|
Cafosa has conducted the analyses required by privacy regulations, confirming that Cafosa’s interest prevails over the privacy rights of its customers and users. If you wish to access these reports, you can request them at the following email addresses.
- Data disclosures to third parties
Personal data may be disclosed to the following parties, for the reasons explained below:
|THIRD PARTY||PURPOSE||LEGAL BASIS|
|Public Administrations;Courts and tribunals;Law enforcement agencies||For compliance with the legal obligations to which Cafosa is subject due to the development of its activity, and in the cases foreseen in the Law, including the obtaining of subsidies and public aid.||Fulfilling a legal obligation.|
|Accounting audit firms||For compliance with the statutory auditing obligations to which Cafosa is subject as a result of its activity.||Fulfilling a legal obligation.|
|Other companies to which Cafosa belongs (RB Group)||We may disclose the data to GrupoRB, to which Cafosa belongs, for internal organisational purposes.||Compliance with Cafosa’s legitimate interest as recognised by the applicable data protection regulations.|
|Suppliers with access to personal data||Third-parties acting as service providers, these providers may have access to your personal data in order to provide the services and/or comply with the obligations arising from the legal relationships maintained between the aforementioned Third-parties and Cafosa, within the framework of the provision of contracted services. In any case, Cafosa has signed with such providers the corresponding contracts of confidentiality and data protection, in full compliance with the provisions of current legislation on data protection.||Execution of the contractual relationship between suppliers and Cafosa.|
From Cafosa we will not share your data with other third-parties without obtaining your prior consent, except in those cases where it is necessary for compliance with legal or contractual obligations to which Cafosa is subject at any time by its nature and activity.
If in the future Cafosa will make further communications of personal data, it will inform you accordingly.
- International data transfers
Due to the international nature of Cafosa, your personal data may be transferred and shared with the RB Group, a company to which Cafosa belongs, and whose offices are located outside the European Union. Cafosa protects such transfers in accordance with the terms of the international data transfer agreements adopted, which incorporate the Standard contractual clauses on data protection (Standard contractual clauses) adopted by the European Commission. To obtain a copy of the Standard Contractual Clauses applicable in the EU adopted by Cafosa, please contact the Data Controller indicated at the beginning of this document.
With third parties
CAFOSA may contract the services of suppliers located in countries outside the European Economic Area, based on decisions of adequacy of the European Commission. In this case, it is considered that the country has equivalent regulations to the European one. In the event that CAFOSA needs to contract services from suppliers located in countries that do not have regulations equivalent to the European one, its contracting will include all the warranties and safeguards required by the regulations to preserve its privacy, after verifying the legislation of the destination country.
These safeguards may include the application of contractual clauses and additional safeguards in accordance with the regulations of each destination country, or binding corporate rules approved by data protection authorities. We also inform you that we are permitted by law to send your data to such countries if this is necessary for compliance with our obligations arising from the service you request from us.
- Automated Decisions and Profiling
Cafosa does not carry out any data processing involving automated decision-making.
In connection with our recruitment processes, Cafosa carries out processing of your basic identification data, your competency-based assessment, to assess your suitability for published job offers. To carry out this processing, it is necessary to create a profile based on the above-mentioned personal data. The profile drawn up is of a low level of detail and is only carried out to analyse aspects relating to your suitability for the job in question as it is necessary for the execution of the employment agreement offered to you with Cafosa.
- Period of retention of your data.
We will only keep your personal data for as long as we need it, for the purposes for which we collect it and to comply with legal, financial, business or reporting requirements. In some circumstances, we may anonymise personal data so that they are no longer identifiable and we can continue to use it. When we no longer need the personal data, we will securely delete or destroy it.
Cafosa will retain the collected data for the stated purposes during the duration of your relationship with Cafosa and, even after, until any potential legal liabilities arising from them expire.
In the event that you submit your application, your data will be retained for a period of one year from the date they were collected. Once this period has elapsed, your data will be deleted or alternatively anonymized, unless you provide explicit consent for their continued retention, in which case, personal data will be kept until you withdraw your consent.
- Exercise of rights.
You may exercise your rights of access, rectification, deletion and portability, limitation and/or opposition to processing, through the postal and e-mail addresses indicated at the beginning of this document.
In addition, if you believe that the processing of your personal data violates the law or your privacy rights, you can lodge a complaint:
- Via the postal and e-mail addresses indicated above, or
- Before the Spanish Data Protection Agency, through its electronic headquarters, or its postal address.