Person responsible for the treatment
In terms of data protection, Instra Ingenieros, S.L. must be considered as the entity responsible for the Treatment regarding the files/treatments that are collected through this website or through any other means such as telephone, email, in-person communication, written communication using forms, legal documents, etc.
Below is the identification information of the owner of this website:
Person responsible for the treatment: Instra Ingenieros, S.L.
Postal address: Polígono Pocomaco, 4ª Avenida, nº20, parcela I-2 · 15190 · A Coruña
Electronic address: firstname.lastname@example.org
Any personal data that is eventually requested will only be the data that is strictly necessary for identifying and addressing the request made by the owner of such data, henceforth the interested party. This information will be treated in a true, lawful and transparent way regarding the interested party. Furthermore, personal information will be collected for purposes deemed explicit and legitimate, and shall not be treated later in a way that is incompatible with such purposes.
The data collected from each interested party must be adequate, pertinent and not be excessive in relation to the purposes pertaining to each case. They will be updated whenever necessary.
The owner of the personal information will be informed —prior to the collection of their information— of the general extreme cases regulated in this policy, to allow them to grant their express and unequivocal consent to the treatment of their data, in conformity with the following aspects.
Purpose of the treatment.
The precise purposes for which each one of the treatments is carried out are included in the information clauses incorporated into each of the means of data collection (website forms, paper forms, locutions or signs and information notes).
However, the personal information of the interested party will be treated with the sole purpose of providing them with an effective reply and addressing the requests made by the user, as specified next to each option, service, form or data collection system that the user may use.
As a general rule, prior to the treatment of personal information, Instra Ingenieros, S.L. obtains the express and unequivocal consent of the owner of such data by means of incorporating informed consent clauses into the different systems of data collection.
However, if the consent of the interested party is not required, the legitimizing foundation of the treatment by which Instra Ingenieros, S.L. has supported consists in the existence of a specific law or regulation authorizing or enforcing the treatment of the data of the interested party.
As a general rule, Instra Ingenieros, S.L. does not engage in the cession or communication of data to third entities, save for cases of legal requirement. However, if it were necessary, the interested party would be notified of such cessions or communications of data through informed consent clauses that are contained in the different means of personal data collection.
As a general rule, personal data are always collected directly from the interested party. However, in certain exceptions, data may be collected through third parties, entities or services other than the interested party. In this sense, this exception will be notified to the interested party through the informed consent clauses contained in the different means of data collection and within a reasonable time frame once such data has been obtained, and within one month at the latest.
The information collected from the interested party will be preserved in so far at it is needed for the purpose of complying with the ends to which such personal data were collected. Therefore, the data will be canceled once such ends are met. Such cancellation will result in the blocking of the data, which will be kept available only for the Public Administration, judges, and tribunals, for the purpose of addressing any eventual liabilities resulting from their treatment, during the prescription period thereof. Once the mentioned period is expired, the information will be destroyed.
For information purposes, below are the legal periods for preserving the information, in accordance to various subjects:
|Work-related or social security-related documents||4 years||Article 21 of Royal Legal Decree 5/2000 of 4th August approving the revised text of the Law on infractions and penalties in Social Order.|
|Accounting and fiscal documentation regarding commercial matters||6 years||Art. 30 Code of Commerce|
|Accounting and fiscal documentation regarding fiscal matters||4 years||Articles 66 to 70 General Law on Tax Collection|
|Access control to buildings||1 month||Proceedings 1/1996 of the AEPD (Spanish Data Protection Agency)|
|Video surveillance||1 month||Proceedings 1/2006 of the AEPD (Spanish Data Protection Agency)
Organic Law 4/1997
Rights of the interested parties
The regulations pursuant to data protection grants a set of rights to the interested parties or to the owners of said data, to website users or users of the social network profiles of Instra Ingenieros, S.L..
The rights granted to the interested parties are the following:
- Right to access. The right to obtain information on whether your own data are being subjected to treatment, the ends to which the treatment is being performed, the data category in question, the recipients or category of recipients, the period of preservation and the origin of such data.
- Right to rectification: the right to obtain the rectification of inaccurate or incomplete personal data.
- Right to delete data: the right to obtain the deletion of the data in the following cases:
- When the data are no longer necessary for the purpose for which they were collected
- When the owner of the data takes back their consent
- When the interested party opposes the treatment
- When the data must be deleted for the purpose of complying with a legal obligation
- When the data have been obtained by virtue of a service provided by the information society on the basis of the provisions included in art. 8, section 1 of the European Regulation on Data Protection.
- Right to opposition: the right to oppose a certain treatment based on the consent of the interested party.
- Right to limitation: the right to obtain the limitation of the treatment of data in the following cases:
- When the interested party impugns the accuracy of the personal data, during a period that will allow the company to verify the accuracy thereof.
- When the treatment is illicit and the interested party opposes the deletion thereof.
- When the company no longer needs the data for the ends to which they were collected but the interested party continues to require them for formulating, exercising or defending complaints.
- When the interested party has opposed the treatment while it is being verified whether the legitimate motives of the company prevail over those of the interested party.
The interested parties may exercise the indicated rights by contacting Instra Ingenieros, S.L., in written form at the following address: email@example.com indicating in the subject matter the right that they wish to exercise.
In this sense, Instra Ingenieros, S.L. will address your request as soon as possible while bearing in mind the deadlines indicated in the regulations pursuant to data protection.
Furthermore, it must be taken into account that the interested party or owner of the data may at any time present a complaint before the competent control authority.
The security measures adopted by Instra Ingenieros, S.L. are the measures required, as set forth in article 32 of the GDPR. In this sense, Instra Ingenieros, S.L., bearing in mind the state of technology, the costs of application and the nature, scope, context and purposes of the treatment, as well as the variable risks of probability and severity with regard to the rights and liberties of physical persons, has established the appropriate technical and organisational measures to guarantee the level of security that is required for the existing risk.
In any case, Instra Ingenieros, S.L. has implemented sufficient mechanisms to comply with the following:
- Guaranteeing the permanent confidentiality, integrity, availability and resilience of the treatment systems and services.
- Restoring the quick availability and access to personal data in the event of a physical or technical incident.
- Verifying, assessing and evaluating on a regular basis the efficacy of the technical and organizational measures that are implemented in order to guarantee the safety of the treatment.
- Storing the data under a pseudonym or in an encoded form if necessary.