1. Data Controllers

RESPONSIBLE FOR THE TREATMENT: COOPERATIVA DE CAMIONES BASCULANTES
CIF: F-15.080.377
Address: Muelle de Oza, Dock 72. A Coruña
E-mail for the exercise of rights: codebas@codebas.com

2. Purposes and legal bases

Completing the basic information on data protection that is provided through each of the data collection channels, then additional information is provided regarding the purposes, legitimizing bases and other information of the following files or treatments:

Customers

Personal data will be processed for the purpose of carrying out accounting, fiscal, administrative and collection management and for the maintenance of the commercial relationship.

The legitimizing basis is the Execution of a contract to which the interested party is a party, as well as compliance with legal obligations (art. 6.1.c) GDPR).

Human Resources

The data will be processed for the purpose of managing the relationship with the staff, which entails accounting, fiscal and administrative management; payroll management, training management; occupational risk prevention management and time control, among others.

The legal basis that legitimizes the treatment is the execution of a contract to which the interested party is a party (art. 6.1.b) GDPR), as well as compliance with legal obligations (art. 6.1.c) GDPR).

Curriculum Vitae Management

The data will be collected for the purpose of managing selection processes. The legitimizing basis is the application of pre-contractual measures, if the selection process is called by the company, or the consent if the delivery of the CV is voluntary and without a prior call.

Suppliers

The data will be processed for the purpose of managing the contractual relationship, which involves accounting, fiscal and administrative management and payment management for services, among others. The legal basis that legitimizes this treatment is the execution of a contract to which the interested party is a party (art. 6.1.b) GDPR), as well as compliance with legal obligations (art. 6.1.c) GDPR).

web users

Personal data will be processed for the purpose of managing contact requests, complaints, suggestions, claims. The legal basis is the consent of the interested party.

Video surveillance

Personal data will be processed in order to ensure the safety of goods and people. The legal basis is Art. 6.1. e) the treatment is necessary for the fulfillment of a mission carried out in the public interest or in the exercise of public powers conferred on the controller.

3. Transfers or data communications

For the management of certain treatments, it may be necessary to allow access to certain data to third-party service providers contracted for this purpose. In this sense, the entity proceeds to sign the respective necessary treatment manager contracts, and has given the precise instructions to the different service providers or treatment managers, to ensure the security and integrity of the data to which they have access due to the provision of the contracted service.

Outside of the above cases, your personal data will not be transferred to third parties, except in the cases provided by law, for example:

Clients, staff and suppliers

The data may be communicated to the following groups of recipients:

Public administrations: in the event that it is required by virtue of a regulation, for example, the State Tax Administration Agency, and the rest of the competent fiscal or other authorities, in order to comply with the obligations imposed by the legislation. current.

Banking entities: for the management of the collection and payment of services.

Video surveillance

The data may be communicated to the State Security Forces and Bodies and Courts of Justice.

4. Data retention period

Completing the basic information on data protection that is provided through each of the data collection channels, then additional information is provided regarding the purposes, legitimizing bases of the following files or treatments:

  • Clients: the data will be kept until the end of the contractual relationship and will be kept, duly blocked, during the limitation periods of the responsibilities that may be required (6 years).
  • Personal: the data will be kept until the end of the contractual relationship and will be kept, duly blocked, during the limitation periods of the responsibilities that may be required (6 years).
  • Curriculum Vitae: the data will be kept for 1 year.
    Suppliers: the data will be kept until the end of the contractual relationship and will be kept, duly blocked, during the limitation periods of the responsibilities that may be required (6 years).
  • Web users: they will be kept while your request (contact) is being processed.
  • Video surveillance: the data will be kept for a period of 30 days, without prejudice to the requirements of the competent authority.

5. Profiles and international data transfers

No profiles or international data transfers will be made.

6. Revocation of consent

In those cases in which the processing of personal data is based on consent, the interested Parties are informed of the right to withdraw their consent at any time, simply and free of charge, by writing to the address of the data controller or to through the following email address: codebas@codebas.com. The revocation of consent will not affect the legality of the treatment based on the consent prior to its withdrawal.

7. Rights of the interested parties

The regulations on data protection grant a series of rights to the interested parties or owners of the data, these rights that assist the interested persons are the following:

  • Right of access: right to obtain information about whether your own data is being processed, the purpose of the treatment being carried out, the categories of data in question, the recipients or categories of recipients, the conservation period and the origin of said data.
  • Right of rectification: right to obtain the rectification of inaccurate or incomplete personal data.
  • Right of deletion: right to obtain the deletion of the data in the following cases:
    • When the data is no longer necessary for the purpose for which it was collected.
    • When the owner of the same withdraws the consent.
    • When the interested party opposes the treatment.
    • When they must be deleted in compliance with a legal obligation.
    • When the data has been obtained by virtue of an information society service based on the provisions of art. 8 sec. 1 of the European Regulation on Data Protection.
  • Right of opposition: right to oppose a certain treatment based on the consent of the interested party.
  • Right of limitation: right to obtain the limitation of data processing when any of the following cases occurs:
    • When the interested party challenges the accuracy of the personal data, during a period that allows the company to verify their accuracy.
    • When the treatment is illegal and the interested party opposes the deletion of the data.
    • When the company no longer needs the data for the purposes for which they were collected, but the interested party needs them for the formulation, exercise or defense of claims.
    • When the interested party has opposed the treatment while it is verified if the legitimate reasons of the company prevail over those of the interested party.

Interested parties may exercise the indicated rights, by contacting the entity, by writing, sent to the following address: codebas@codebas.com indicating in the subject line the right they wish to exercise, or if they prefer, send their request to the postal address of the company You can access the application forms (https://www.aepd.es/es/derechos-y-deberes/conoce-tus-derechos) of the Spanish Agency for Data Protection.

In this sense, the entity will respond to your request as soon as possible and taking into account the deadlines established in the regulations on data protection. On the other hand, it should be taken into account that the interested party or owner of the data may at any time file a claim with the Spanish Agency for Data Protection www.aepd.es.

8. Security

The security measures adopted by the entity are those required in accordance with the provisions of article 32 of the GDPR. In this sense, taking into account the state of the art, the costs of application and the nature, scope, context and purposes of the treatment, as well as the risks of variable probability and severity for the rights and freedoms of individuals physical, has established the appropriate technical and organizational measures to guarantee the level of security appropriate to the existing risk.

In any case, the entity has implemented sufficient mechanisms to:

1. Guarantee the confidentiality, integrity, availability and permanent resilience of treatment systems and services.
2. Restore availability and access to personal data quickly, in the event of a physical or technical incident.
3. Verify, evaluate and value, on a regular basis, the effectiveness of the technical and organizational measures implemented to guarantee the safety of the treatment.
4. Pseudonymize and encrypt personal data, if applicable.

9. Cookies

A cookie is a file or device that is downloaded to a user’s terminal equipment in order to store data that can be updated and retrieved by the entity responsible for its installation. In other words, it is a file that is downloaded to your computer when you access certain websites. For more information, see our Cookies Policy