Privacy Policy

Responsible for the treatment

The person in charge of the treatment is The Flow Lab, sl., B42600320, C/ Susana Llaneras, 47,03001, Alicante (Alicante).

Privacy Principles 

From The Flow Lab, SL. We are committed to you to work continuously to guarantee privacy in the processing of your personal data, and to offer you at all times the most complete and clear information we can. We encourage you to read this section carefully before facilitating your personal data.

If you are under fourteen, we beg you not to facilitate your data without consent from your parents.

In this section we inform you of how we treat the data of the people who are related to our organization. Starting with our principles:

- We do not request personal information, unless it is necessary to provide the services that you require.

- We never share personal information with anyone, except to comply with the law, or we have your express authorization.

- We will never use your personal data for purposes other than those expressed in this Privacy Policy.

- Your data will always be treated with a level of protection appropriate to legislation on data protection, and we will not submit them to automated decisions.

We have written this privacy policy taking into account the demands of the current data protection legislation:

- Regulation (EU) 2016/679 of the European Parliament and the Council of April 27, 2016 regarding the protection of natural persons (GDPR).

- Organic Law 3/2018, of December 5, on the Protection of Personal Data and guarantee of digital rights (LOPD).

- Royal Decree 1720/2007, of December 21 (RLOPD).

This privacy policy is written on December 6, 2018.

On the occasion of the modification of treatment criteria, in order to facilitate its understanding or adapt it to current legality, we may modify this Privacy Policy. We will update the date of it, so you can check its validity.

Treatments we perform

ATTENTION TREATMENT PEOPLE RIGHTS (ARC)

Legal Base: RGPD: 6.1.c) Treatment necessary for the fulfillment of a legal obligation applicable to the person responsible for the treatment. General Data Protection Regulation.

Treatment purposes: Attending the requests in the exercise of the rights established by the General Data Protection Regulation: Right of Access, Rectification, Deletion, Limitation, Portability and Opposition to Automated Decision Making.

Collective: natural persons who request it (employees, customers, suppliers, contact people)

Data categories: Name and surname, address, signature and telephone.

Categories of recipients: Personal data may be communicated to the Control Authority (Spanish Data Protection Agency) in the framework of a rights guardianship investigation initiated by the interested party.

International transfers: international data transfers are not planned.

Deletion period: They will be kept for a period of five years from the moment of the application.

Security measures: adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.

 

Candidates Treatment Selection processes (HR)

Legal Base: RGPD 6.1.A) The interested party gave his consent for the processing of his personal data for one or more specific purposes. RGPD: 6.1.b) Treatment necessary for the execution of a contract in which the interested party is part or for the application at the request of this pre -contractual measures.

Treatment purposes: Personnel selection and provision of jobs.

Collective: candidates presented to procedures for provision of jobs.

Data categories: - Name and surname, DNI/CIF/Identifying document, personnel registration, address, signature and telephone. - Data of personal characteristics: sex, marital status, nationality, age, date and place of birth and family data. - Academic and Professional data: degrees, training and professional experience. - Job detail data.

Categories of recipients: data assignments to third parties are not planned.

International transfers: international data transfers are not planned.

Suppression period: they will be kept during the time necessary to comply with the purpose for which they were collected and to determine the possible responsibilities that could be derived from said purpose and data processing.

Security measures: adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.

 

Supplier treatment

Legal Base: RGPD: 6.1.b) Treatment necessary for the execution of a contract in which the interested party is part or for the application at the request of the pre -contractual measures. RGPD: 6.1.c) Treatment necessary for the fulfillment of a legal obligation applicable to the person responsible for the treatment. Royal Legislative Decree 2/2015, of October 23, which approves the consolidated text of the Law of the Workers' Statute. Law 58/2003, of December 17, General Tax.

Treatment purposes:

- Acquisition of products and/or services that we need for the development of our activity.

- Control of subcontractors if appropriate.

Collective:

- Suppliers.

- People who work for our suppliers.

Data categories:

- Name and surname, DNI/NIF/Identifying document, address, signature and telephone.

- Employment detail data: job position. Training in occupational security.

- Economic-financial and insurance data: bank data.

Recipients categories:

- Financial entities. (Bill Payment)

- State Tax Administration Agency.

International transfers: international data transfers are not planned.

Deletion period: They will be kept during the time necessary to comply with the purpose for which they were collected and to determine the possible responsibilities that could be derived from said purpose and data processing, in accordance with Law 58/2003, of 17 December, General Tax.

Security measures: adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.

 

Customer treatment.

Legal Base: RGPD: 6.1.a) The interested party gave his consent for the processing of his personal data for one or more specific purposes. RGPD: 6.1.b) Treatment necessary for the execution of a contract in which the interested party is part or for the application at the request of the pre -contractual measures. RGPD: 6.1.c) Treatment necessary for the fulfillment of a legal obligation applicable to the person responsible for the treatment. RGPD: 6.1.f) Treatment necessary for the satisfaction of legitimate interests of the person responsible for the treatment.

Royal Legislative Decree 2/2015, of October 23, which approves the consolidated text of the Law of the Workers' Statute. Law 58/2003, of December 17, General Tax.

Treatment purposes: supply of our products / services

Collective: Customers.

Data categories:

- Name and surname, DNI/NIF/Identifying document, address, signature and telephone.

- Economic-financial and insurance data: bank data

Recipients categories:

- Financial entities.

- State Tax Administration Agency.

International transfers: international data transfers are not planned.

Deletion period: They will be kept during the time necessary to comply with the purpose for which they were collected and to determine the possible responsibilities that could be derived from said purpose and data processing, in accordance with Law 58/2003, of 17 December, General Tax.

Security measures: adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.

 

Employee treatment

Legal Base: RGPD: 6.1.b) Treatment necessary for the execution of a contract in which the interested party is part or for the application at the request of the pre -contractual measures. RGPD: 6.1.c) Treatment necessary for the fulfillment of a legal obligation applicable to the person responsible for the treatment. Royal Legislative Decree 2/2015, of October 23, which approves the consolidated text of the Law of the Workers' Statute.

Treatment purposes:

- Hired personnel management.

- Personal file. SCHEDULE CONTROL. Training. Pension plans. Prevention of occupational hazards.

- Issuance of the payroll.

- Management of union activity.

Collective: Employees

Data categories:

- Name and surname, DNI/CIF/Identifying document, personnel registration, social security number/mutuality, address, signature and telephone.

- Special Data Categories: Health data (Low -of disease, occupational accidents and disability degree, without diagnostic inclusion), union affiliation, to the exclusive effects of the payment of union fees (if applicable), union representative (in their case), proof of assistance of their own and third parties.

- Data of personal characteristics: sex, marital status, nationality, age, date and place of birth and family data. Family circumstances data: Date of discharge, licenses, permits and authorizations.

- Academic and Professional data: degrees, training and professional experience.

- Employment detail data and administrative career. Incompatibilities

- Presence control data: Date/time entry and exit, reason for absence.

- Economic-financial data: payroll economic data, loans, loans, guarantees, tax deductions, low beans corresponding to the previous job (if applicable), judicial retentions (if applicable), other retentions (if applicable) . Bank data.

Recipients categories:

- Entity to whom labor risk management is entrusted.

- General Treasury of Social Security.

- Trade union organizations.

- Financial entities.

- State Tax Administration Agency.

- Main contractors to which we provide services as subcontractors.

International transfers: international data transfers are not planned.

Suppression period: they will be kept during the time necessary to comply with the purpose for which they were collected and to determine the possible responsibilities that could be derived from said purpose and data processing. The economic data of this treatment activity will be kept under the provisions of Law 58/2003, of December 17, Tax General.

Security measures: adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.

 

Contact treatment

Legal Base: Consent of the interested party

Treatment purposes: Attend your application, send information and monitor the application.

Collective: contact people, customers, suppliers

Data categories: name and surname, telephone, email address

Categories of recipients: No transfer of data to third parties are contemplated.

International transfers: international data transfers are not planned.

Suppression period: contact data will be kept for an indefinite period, or until the interested party requests his suppression.

Security measures: adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.

 

Notification treatment of safety gaps

Legal Base: RGPD: 6.1.c) Treatment necessary for the fulfillment of a legal obligation applicable to the person responsible for the treatment. General Data Protection Regulation. Articles 33 and 34

Treatment purposes: management and evaluation of the security gaps that occur in our organization.

Collective: Variable: employees, customers, suppliers, contact people (will depend on the security gap)

Data categories: variable. (It will depend on the security gap)

Recipient categories: - Spanish Agency for Data Protection. - State security forces and bodies.

International transfers: international data transfers are not planned.

Suppression period: they will be kept during the time necessary to comply with the purpose for which they were collected and to determine the possible responsibilities that could be derived from said purpose and data processing. The provisions of file and documentation regulations will apply.

Security measures: adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.

 

YOUR RIGHTS

You have the right to request a copy of your personal data, to rectify the inaccurate data or complete them if they are incomplete, or in their case, when they are no longer necessary for the purposes for which they were collected.

You also have the right to limit the processing of your personal data and obtain your personal data in a structured and readable format.

You can oppose the processing of your personal data in some circumstances (in particular, when we do not have to process them to meet a contractual requirement or other legal requirement, or when the object of the treatment is direct marketing).

When you have granted us your consent, you can withdraw it at any time. At that time we will stop treating your data or, where appropriate, we will stop doing so for that specific purpose. If you decide to withdraw your consent, this will not affect any treatment that took place while your consent was in force.

These rights may be limited; For example, if to fulfill your application we had to reveal data on another person, or if you ask us to eliminate some records that we are obliged to maintain for a legal obligation or by a legitimate interest, such as the exercise of defense against claims. Or even in those cases where the right to freedom of expression and information should prevail.

You can contact us by any of the means indicated in the section responsible for the treatment of this privacy policy, providing a copy of a document that proves your identity (normally the ID). The most comfortable way to exercise their rights is to access our rights portal.

Another of your rights is not to be the object of a decision based solely on an automated treatment, including the elaboration of profiles that produces legal effects or affects you.

Faced with any violation of your rights, such as, for example, that we have not met your request, you have the right to file a claim before the Data Protection Control Authority. This may be that of your country (if you live outside of Spain) or the Spanish Agency for Data Protection (if you live in Spain).

Links to third -party websites.

Our website can, on some occasions, contain links to other websites. It is your responsibility to make you read the data protection policy and the legal conditions that are applied to each site.

Third party data.

If you provide us with third parties, you assume the responsibility of informing them previously as established in article 14 of the RGPD.