Privacy Policy

PRIVACY POLICY

  1. Introduction

We have a high level of commitment to people’s privacy, so the protection of personal data is important to us.

We treat the data in accordance with the provisions of EU Regulation 2016/679 General Data Protection, Organic Law 3/2018 on the Protection of Personal Data and Guarantee of Digital Rights and other regulations in force in this regard.

This Privacy Policy has been revised in September 2023 to comply with the duties of information and transparency of the website itself and general of the person in charge, to provide any type of interested party and not only the users of the website with the general terms of the person in charge in the matter. There may be variations until your next revision.

 

  1. Who is responsible for processing your data?

Responsible: S.A.T. 9855 PRIMAFLOR

NIF/CIF: V04256954

Address: CECILIO PEREGRIN, 2. 04640 PULPÍ (ALMERIA)

Email: lopd@primaflor.com

 

  1. What is the origin and type of data we process?

The origin of the information we process can be any of the following categories:

  • Paper, electronic or digital forms.
  • Communication and messaging systems: email and messaging applications, telephone, etc.
  • Other lawful sources and origins of information.

The different categories of data that we can process depending on the type of data subject (user, customer, supplier, employee, etc.) and the nature of the activity of the person responsible and the different data processing are:

  • Identification data, for example: name and surname, image.
  • Identification codes or keys, for example: username, employee code.
  • Postal or electronic contact addresses, for example: telephone, email, profile on social networks.
  • Data on personal and professional characteristics, for example: age, date of birth, qualifications, professional experience, curriculum.
  • Economic, financial and insurance data; For example: bank details, credit card, etc.
  • Economic and non-economic payroll data and other information of a labor nature; For example: job title, payroll document, etc.
  • Transaction data, e.g. goods and services supplied and received.
  • Special category data, e.g. trade union membership, racial origin.
  • Other data and information necessary or implicit in the development of our activities, services and purpose.

MANDATORY OR OPTIONAL NATURE OF THE INFORMATION PROVIDED BY THE INTERESTED PARTY.

The interested party, by marking the corresponding boxes and entering data in the fields, marked as mandatory (for example, with an asterisk) in the contact form or presented in download forms, expressly and freely and unequivocally accept that their data are necessary to meet their request, by the person in charge,  The inclusion of data in the remaining fields is voluntary.

The interested party guarantees that the personal data provided to the person in charge are truthful and undertakes to communicate any modification of these. The data requested through the website, indicated as mandatory, are necessary for the provision of an optimal service to the interested party. In the event that all the data is not provided, it is not guaranteed that the information and services provided will be completely adjusted to your needs.

 

 

  1. For what purpose do we process your personal data?

In general, the data is processed to successfully carry out the actions implicit in the normal development and management of the activity of the person in charge. Although we can specify different purposes of treatment depending on the possible existing categories of interested parties:

  • Customers and prospects: management and maintenance of commercial, pre-contractual and contractual relationships; internal administration; economic management; Advertising and marketing, customer service.
  • Collaborators, creditors and suppliers: management and maintenance of commercial relations, internal administration and economic management.
  • Workers: management, development and maintenance of the employment relationship, human resources management, communications, training activities, prevention of occupational risks, registration of the working day and other purposes derived from legal obligations and development of labor relations.
  • Candidates: management of CVs received, management of job offers and personnel selection.
  • Web and social network users: customer service and management of communications between the parties.
  • Visitors: attention to the visitor and control of access to the facilities.
  • The existing information of any other category of interested parties processed by the person in charge will be done within the framework of its activity, strict compliance with the rules of application and under the general criteria of this Privacy Policy.

Other general purposes that the responsible can implement are:

  • Elaboration of a commercial profile, with the aim of improving your experience by personalizing offers and communications. Individualized decisions will not be made based on this profile and will act from the legitimate interest.
  • Video surveillance, for the security of goods and people, as well as the corresponding labor control based on legitimate interest.
  • Telephone switchboard, in order to record communications for security, guarantee and quality of service, based on legitimate interest.
  • Financial and/or credit management, in order to analyse certain commercial actions and control of monetary obligations. In the case of debtors with certain, overdue and payable outstanding payments, the person in charge may communicate this circumstance to credit solvency files, debtor files, and debt management or recovery services, among others, based on legitimate interest.
  • Communications: development and execution of communications through the data and means of contact available (email, instant messaging, etc.) with categories of internal stakeholders (workers) and external (customers, potentials, collaborators, suppliers, etc.). The purposes of such communications may be informative, organizational, commercial and advertising, as appropriate based on the informed consent and legitimate interest of the person responsible.
  • Promotional activities, marketing and loyalty, such as the development of sweepstakes.
  • Geolocation through systems installed for this purpose for the control, management and optimization of material and human resources.
  • Other purposes derived from the nature of the person responsible, motivated in the normal development and exercise of their activity, from a valid legitimizing basis.

 

  1. How long will we keep your data?

In general, personal data will be kept at least as long as there is a relationship with the interested party, as long as its deletion is not requested, as long as responsibilities may arise or as long as there is any legal provision for conservation.

With regard to the data of candidates and job seekers, they will be deleted immediately when they are not of interest to the person in charge.

The data controller has in its data protection plan an inventory of retention periods that it observes to manage the different applicable retention periods.

The deletion of the data will be carried out in any case ensuring the confidentiality of these.

 

  1. What is the legitimacy for the processing of your data?

The person in charge observes and applies the different existing legitimizing bases that are applicable to each purpose of treatment. These are:

  1. Informed consent of the interested party.
  2. Pre-contractual or contractual commitments.
  3. Legitimate interest of the person responsible.
  4. Applicable legal obligations.
  5. Other legally prescribed legitimizing bases.

 

  1. To which recipients will your data be communicated?

The data of the interested parties will not be communicated to any third party by default, there are several exceptions: a) categories of subsidiary companies, owned by the partners or belonging to the same group or business organization as the person responsible for the treatment; (b) banks where payments are made by direct debit; (c) undertakings with which the controller contracts credit information, risk reporting and commercial reporting services, including services managing files relating to compliance with or non-compliance with monetary obligations; (d) authorised processors and ancillary services implicit in the provision of the undertaking’s goods and services; e) other legitimate data subjects and/or third parties provided for by law; f) authorities and public administrations in the exercise of their powers.

In the case of data processors (suppliers, auxiliary services, etc.) implicit in the development of our services that are domiciled in a third country, it is carried out within the European Economic Area, there are adequate and appropriate guarantees, committing them to observe and comply with the provisions of European privacy regulations.

 

  1. What are your rights when you provide us with and/or process your data?

As an interested party, you may at any time request us to exercise any of the following rights that assist you in terms of data protection:

  • Access to the personal data of the interested party to confirm whether or not data concerning him or her are being processed and obtain more information about this treatment.
  • Rectification or deletion of personal data concerning the interested party when, among other reasons, they are inaccurate or no longer necessary for the purposes for which they were collected.
  • Limit the processing of the personal data of the interested party in certain circumstances, in which case they will only be kept for the purposes of exercising or defending claims, for the protection of the rights of another person or for reasons of public interest.
  • Receive the personal data that concern you, which you have previously provided us, and in a structured format when possible. (Portability of your data).
  • Oppose the processing of your data in certain circumstances and for reasons related to your particular situation. The company will stop processing your data, except for compelling legitimate reasons, or the exercise or defense of possible claims.
  • Revoke the consent, which may lead to the annulment or cancellation of the existing business or contractual relationship, if any. Without prejudice to the treatments carried out prior to the withdrawal of consent.

To do this, you only have to contact us through the email or postal address indicated at the beginning.

Optionally, you can also contact our  designated data protection officer, or the Data Protection Agency to learn more about your rights or request the protection of these by the supervisory authority.

 

  1. Data security.

We adopt in our information system the necessary technical and organizational measures to guarantee an adequate level of confidentiality, integrity, availability and resilience of the data in order to protect the rights and freedoms of the interested parties.

The controller complies with the provisions and principles described in the GDPR to process the data in a lawful, fair and transparent manner in relation to the data subject, and adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.

However, to the extent permitted by law, we do not assume any responsibility for damages resulting from alterations that third parties may cause to our information system. Any security breach will be conveniently and immediately communicated to the competent authority and / or security forces and bodies of the State.

 

  1. Sending communications or information.

Our policy regarding the sending of information through telematic means (email, instant messaging, etc.), is limited to sending only communications that we consider of interest to our users and interested parties, in relation to the functions and activity of the company, or that you have consented to receive.

If you prefer not to receive these messages, we will offer you through them the possibility of exercising your right of cancellation and waiver of receipt of these messages, in accordance with the provisions of Title III, article 22 of Law 34/2002 on Services for the Information Society and Electronic Commerce.

 

  1. Social networks.

The person in charge may have a presence in social networks through the corresponding profiles, being applicable this section and any legal and privacy terms present on the website for the treatment of data of users or interested parties who become followers or in some way are linked to said profiles.

The purposes of use of these profiles by the person in charge are communication, commercial development, marketing and advertising, processing queries raised to the person in charge and attention to the user, informing about actions, activities and events organized by the person in charge or in which he participates, and interacting through the official profiles.

The legitimizing bases set out in section 6 above are complemented in this case because the user or interested party may have a profile on the same social network as the person in charge and has decided to join or connect with the profile of the person in charge, thus showing interest in the information published by the person in charge. Therefore, at the time of following the profiles of the person in charge, you provide your consent for the processing of those data available in your profile.

The user can access at any time the privacy policies and terms of the corresponding social network, as well as configure the privacy features that can be carried out in their profile. The publications made by the user will be known by other users, so the user himself is primarily responsible for his privacy.

Users followers and/or participants in our profiles will abstain:

  1. To publish content or information contrary to the Law, morality, and good faith. Any use or behavior that is illicit, annoying, inappropriate, that may generate negative opinions in the profile or that violates the rights of people is not allowed.
  2. To behave in a manner contrary to the principles of legality, honesty, responsibility, protection of human dignity, protection of minors, protection of public order, protection of privacy, consumer protection and intellectual and industrial property rights.

The responsible reserves the right to remove without prior notice any content that is considered inappropriate. Likewise, it is released from any responsibility in relation to the security measures corresponding to each platform, and the user must know them together with the legal terms and conditions of use of the platform itself.

The person in charge will be expressly exonerated from any liability that may arise from the use of social networks by minors or people with special abilities. The social networks of the person in charge do not knowingly collect any personal information from minors, therefore, if the user is a minor, he should not register, nor use the social networks of the person in charge, nor provide any personal information. Particularly in Spain, the processing of the personal data of a minor may only be based on 14 years of age. On the other hand, if any rule or regulation so requires, or the user has special abilities, the intervention of the holder of his parental authority or guardianship, or of his legal representative by means of a valid document proving the representation, will be necessary.

 

  1. Employment and candidate management

Those interested in accessing job offers of the person in charge can provide their data and professional information to the person in charge through different physical and / or digital channels, including personal interviews and delivery of resumes on paper. Although preferably the employment portal or “work with us” section available on the website will be used, which will allow the interested party to register to participate in personnel selection processes.

These data will be treated in accordance with these privacy terms here in order to manage applications for possible job offers, internships and training of the responsible entity and any subsidiary companies or belonging to the same business organization, when it exists and corresponds.

The treatment will be carried out based on the informed consent of the interested party or another valid legitimizing basis.

The data provided, if they are not of professional interest to the entity or once they are no longer necessary for the purposes for which they were collected, will be eliminated ensuring their confidentiality and anonymization.

Any interested party may revoke their consent and exercise their privacy rights under the terms set out in this privacy policy.

 

Ethical Channel.

The data provided by any interested party through the procedures available in our Ethics Channel will be treated based on informed consent, legitimate interest of the person responsible and compliance with legal obligations.

The purpose of treatment will be the management and control of possible communications and complaints under the conditions established in our Ethical Channel. As well as, where appropriate, they may be used for research and development purposes of the corresponding actions by the committee or persons responsible for the communication or complaints system.

The data of any interested or affected party, who formulates the communication or complaint, of employees and third parties will be kept only for the time necessary to decide whether any investigative action is appropriate. In any case, the information provided will be deleted, ensuring its confidentiality when the legal periods of conservation or custody of the evidence have elapsed.

The data provided must be true, truthful, complete, current, in any case in a framework of good faith, not being allowed to send false, distorted or illegally obtained information.

No automated decisions will be made or profiles will be made in relation to the information and data collected.

The data may be communicated to third parties when it is necessary for the adoption of disciplinary measures or for the processing of judicial proceedings that may proceed.

Likewise, the information may be provided to the suppliers or external managers of the complaints channel system in compliance with the entrusted services who must also maintain due secrecy and confidentiality in the case at hand. They are: Marca Franca S.L., being able to expand information about this company and its privacy policy here.

Users must be aware that the information and data provided are confidential and reserved, so it is recommended to act stealthily and carefully, not revealing the information exchanged or provided by the system regarding references, user codes, access codes or other access or identification data that may exist.

Any interested party can exercise their data protection rights in the terms provided in this privacy policy.