BASIC INFORMATION ON DATA PROTECTION | |
---|---|
Data Controller | EMAYOR SYNERSIGHT TECHNOLOGIES, S.L. NIF: B47545736 EMAIL: rgpd@synersight.es CALLE PROPANO, 1, 47012 (VALLADOLID) PHONE: +34 983 217 507 WEB: https://www.synersight.es |
Purpose | Management of selection processes for vacant positions held by Synersight. Send advertising or commercial information related to the sector and/or activity of the organisation and events that may be of interest to you, offered by Emayor Synersight Technologies, S.L. if you have given us your consent in this regard. You may freely object to receiving these commercial communications without affecting any contractual, commercial, or professional relationship you may have with Emayor Synersight Technologies, S.L. Likewise, you may revoke your consent at any time. Maintaining the commercial relationship relating to remote control systems in areas such as: personnel control, access control, dispenser control, security rounds, the development of the activity outside the office, air conditioning, industrial and mobile machinery. |
Legitimation | Express and informed consent. Consent to manage your data for selection processes for vacancies generated by the company. Consent to send commercial communications. |
Recipients | No communication of data is envisaged, except for those established by law where applicable. We will only be able to send you commercial information about products in the Group companies’ sector if you give us your consent. There are no plans of international data transfers. Data processors within the EU. |
Rights | Access, rectify and delete data; the right to limit processing, as well as other rights. |
INTRODUCTION
This Privacy Policy has been developed taking into account the provisions of the Organic Law on the Protection of Personal Data in force, as well as Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and the movement of such data, hereinafter the GDPR.
This Privacy Policy has been updated on 28 July 2022 and Synersight reserves the right to modify it in the event of a change in current legislation, jurisprudential doctrine, or business criteria. If any changes are made to this Policy, the updated text will be published on this website.
DATA TREATMENT
In terms of data protection Emayor Synersight Technologies, S.L., must be considered Data Controller, in relation to the files/processes identified in this Policy.
The user may contact us by e-mail at rgpd@synersight.es if he/she has any doubts or needs regarding the protection of personal data.
Contact details of the Security manager: informatica@synersight.es.
Registers: Emayor Synersight Technologies, S.L. registered in the Mercantile Register of Valladolid. Volume 1135, page 110, sheet VA-16495, inscription 1st.
Website: https://www.synersight.es.
The personal data requested, where applicable, will consist only of those data that are strictly necessary to identify and deal with the request made by the owner of the data, hereinafter referred to as the interested party. Such information shall be processed in a fair, lawful and transparent manner in relation to the interested party. On the other hand, personal data will be collected for specific, explicit and legitimate purposes, and will not be further processed for such purposes.
The data collected from each interested party will be adequate, relevant and not excessive in relation to the corresponding purposes for each case and will be updated whenever necessary.
The data subject will be informed, prior to the collection of his/her data, of the general points regulated in this Policy, so that he/she can provide express, precise and unequivocal consent for the processing of his/her data, in accordance with the following aspects:
- Possibility of withdrawing consent: in the event that consent has been granted for any specific purpose, the data subject has the right to withdraw consent at any time, without affecting the lawfulness of the processing based on the consent prior to its withdrawal.
- Possibility of complaining to the Supervisory Authority, the Spanish Data Protection Agency (AEPD): if a user considers that there is a problem with the way in which Emayor Synersight Technologies, S.L. is handling his/her data, we will be happy to deal with his/her complaints via email to rgpd@synersight.es. Our Security Officer will contact the user, leaving open the possibility that, in the event that his/her request is not resolved, he/she may appeal to the Spanish Data Protection Agency as the highest Data Protection authority in Spain.
PURPOSES OF PROCESSING
As a general rule, personal data are always collected directly from the data subject, however, in certain exceptions, data may be collected through third parties, entities or services other than the data subject. In certain cases, an e-mail and/or telephone number may be obtained from a profile created directly by the data subject on a professional social network or business card on which the data subject has freely made these contact details public.
This point will be communicated to the data subject through the consent clauses contained in the different information collection channels and within a reasonable period of time, once the data has been obtained, and within the first month of obtaining the data at the latest.
The explicit purposes for which each of the processing operations are carried out, are included in the informative clauses included in each of the data collection methods (web forms, paper forms, announcements or posters and informative notes).
However, the personal data of the interested party will be processed for the sole purpose of providing them with an effective response and attending to the requests made by the user specified next to the option: service, form or data collection system used by the owner.
The main purpose is to maintain the commercial relationship relating to remote control systems in areas such as: personnel control, access control, dispenser control, security rounds, work outside the office, air conditioning, industrial and mobile machinery.
There are also other purposes for which Synersight collects data, such as: informing the user by any means, including sending commercial communications, electronic or otherwise, to the e-mail address provided by the user, concerning Emayor Synersight Technologies, S.L. products and services similar to those purchased by the user.
Synersight does not create profiles, nor is it expected to make automated decisions based on the personal information for which Emayor Synersight Technologies, S.L. is the Data Controller.
EMAIL, CONTACT FORMS AND COMMUNICATION MEDIA
The https://www.synersight.es de Emayor Synersight Technologies, S.L. site contains SSL/TLS encryption that allows users to send their personal data securely through standard contact forms.
Data collected through the website:
The personal data collected through the website will be automatically processed and incorporated into the corresponding files, which Emayor Synersight Technologies, S.L. owns
When a user visits the Synersight website, or requests information about its products and/or services, Synersight collects information automatically using tracking technologies, such as cookies or forms where certain information is expressly requested. This information collection occurs in order to provide the information the user requests, to learn more about the people who are interested in Synersight’s products and/or services, and to improve the user’s experience on the website.
Information collected automatically
When you visit Synersight’s website, Synersight or its service providers, acting on its behalf, automatically collect certain information using tracking technologies, such as cookies, weblinks and similar technologies.
Synersight uses this information to understand how users visit its website and to learn which parts or content of the website are most popular. This makes it easier to understand how to improve the website and to measure the effectiveness of Synersight’s advertising. In addition, tracking technologies are used to improve the browsing experience on the website; for more details on the use of cookies, please refer to the Cookie Policy document.
You may share your personal information, like contact information, with Synersight staff members when you contact them. For proper tracking purposes, Synersight logs that interaction, including contact details or other information that may be provided during the communication. Synersight stores this information to maintain a registry of communications with users. Synersight recommends that you do not provide personal or sensitive information that is not necessary for its staff to fulfil your requests. Synersight may use third party products and/or services to process the information shared with its staff, in such case Synersight will have the legally required agreements with these providers to that effect.
The personal data collected through the website will be automatically processed and incorporated into the corresponding files owned by Emayor Synersight Technologies, S.L.
With regard to instant messaging such as WhatsApp, Facebook, Telegram, Messenger, Kakao Talk or Line, Synersight may occasionally receive a message from a person concerned through an application of this type and reply to it through this same channel, without attaching personal information in any case by such means or creating groups that allow the display of data between members.
Form for sending CV’s:
Emayor Synersight Technologies, S.L. will only take into account the applications for employment or internships (work or otherwise) that the candidate submits through the forms provided for this purpose on the website https://www.synersight.es, or other means used for specific offers (such as employment search portals or websites of the universities or training centres from which the candidate comes, in accordance with an agreement established for this purpose).
All applications received by other means, including printed CVs, will be rejected.
The purpose of the processing will be the management and effectiveness of the job or internship application. The recipients of this data will be the Correspondents or Data Processors, within the European Union, in charge of the selection of personnel by Emayor Synersight Technologies, S.L.
In the case of self-candidatures, CVs will be kept for consideration for future vacancies indefinitely or until the candidate exercises his/her right of cancellation. If the interested party wishes to be considered for other vacancies, he/she should attach his/her CV in the Job Opportunities section of the website https://www.synersight.es.
Emayor Synersight Technologies, S.L. reserves the right to eliminate CVs that are more than two years old.
As part of the process, candidates will be contacted by telephone in order to verify that they meet the minimum requirements of the vacancy to be filled, with the aim of being called for a selection interview or not; for this purpose, the express consent of the job applicant is requested. Conversations will not be recorded.
Once the person to fill the vacancy has been selected, Synersight will endeavour to inform all applicants of the completion of the process.
Information requested and formats accepted:
In the web forms created for this purpose, Emayor Synersight Technologies, S.L. asks each applicant for the corresponding authorisation to consult the content, directly accessible, through search engines and/or their profiles on social networks. In order to assess the suitability of the candidate through the analysis of the information gathered from these sources, as well as the CV provided by the applicant, the results obtained in the entrance tests and the information provided in the selection interview.
If you do not receive express authorisation for such processing, Emayor Synersight Technologies, S.L. reserves the right to reject your application.
As indicated in the online forms at https://www.synersight.es, candidates shall refrain from including sensitive data not required by the company for the assessment of their application, nor for their subsequent job performance in the event of being selected, such as: political, religious, ideological affiliation or any other data not related to their professional value, preparation for their duties in the company and, of course, their contact details.
In accordance with current data protection regulations, all CVs that do not comply with this recommendation will be destroyed and the applications will be rejected. Furthermore, the only format allowed for attaching CVs to https://www.synersight.es is pdf.
LEGITIMATION
As a general rule, before processing personal data, Emayor Synersight Technologies, S.L. signs a contract or acceptance of an order form, communicating this privacy policy. Alternatively, it obtains the express and unequivocal consent of the owner of the data by including informed consent clauses in the different information collection systems or in the service provision contract itself.
However, when the consent of the data subject is not required, the legitimate basis for the processing on which Emayor Synersight Technologies, S.L. is based, is the existence of a law or specific regulation, which authorises or requires the processing of the data subject’s data.
RECIPIENTS
As a general rule, Emayor Synersight Technologies, S.L. does not transfer or communicate data to third parties, except those legally required or outsourced for the normal operation of the company. However, if necessary, the interested party is informed of these data transfers or communications through the informed consent clauses contained in the different personal data collection channels.
For all personnel selection and human resources processing, Emayor Synersight Technologies, S.L. is jointly responsible for Grupo Mardom Technologies, S.L. with CIF B47779368. In this case, the data that Synersight transfers for outsourced services are:
Payroll and human resources data:
It will be transferred to Grupo Mardom Technologies, S.L. as the entity co-responsible for the integral management of the company’s human resources. Data will also be transferred to training companies for the documentation required for the registration, accreditation, evaluation and, if applicable, subsidy of training actions programmed by the company. Data will also be transferred to the mutual insurance company in charge of the prevention of occupational risks and to the entity in charge of monitoring the health of the company’s employees. Data will be transferred to the company in charge of the implementation and/or quality audits for the elaboration of the documents of the employees who participate in them. They will be transferred to the company in charge of data protection for the elaboration of clauses, contracts and relevant documentation.
In some cases, they may be assigned if necessary to a lawyer for the resolution of a mediation process or labour litigation.
Customer contact details:
They may be transferred to a commercial person contracted to follow up the commercial relationship, to companies specialised in marketing and communication, for the elaboration of bulletins, communiqués or newsletters or the organisation of events relating to subjects related to the services and products contracted with Synersight.
The data concerning invoicing may be transferred to the accountant and tax person, to collection companies in the event that it is impossible for a customer to settle a debt by his own means and after having repeatedly requested payment of the debt without reaching an agreement.
RETENTION PERIODS
Emayor Synersight Technologies, S.L. will keep users’ data during the contractual relationship with the user and, in any case, for a maximum period of six years from the last time the user interacted with Emayor Synersight Technologies, S.L.; without prejudice to any retention that may be necessary for the formulation, exercise or defence of potential claims or whenever permitted by applicable legislation. Once the aforementioned period has expired, Emayor Synersight Technologies, S.L. undertakes to cease processing all your data, as well as to duly block them in the corresponding Emayor Synersight Technologies, S.L. databases.
Customer data:
The information collected from the person concerned will be kept for as long as necessary to fulfil the purpose for which the personal data were collected, so that, once the purpose has been fulfilled, the data will be cancelled. This cancellation will give rise to the blocking of the data, which will only be kept at the disposal of the Authorities, Courts and Tribunals, in order to attend to any possible liabilities arising from the processing, during the period of limitation of these. Once the aforementioned period has expired, the information will be destroyed.
Legal periods for the retention of personal data for which Emayor Synersight Technologies, S.L. is the Data Controller:
The legal deadlines for the retention of information in relation to different subjects are set out below:
DOCUMENT | PERIOD OF TIME | LEGAL REF. |
---|---|---|
Documentation of a labour or Social Security nature. | 4 years | Art. 21 of Royal Legislative Decree 5/2000, of 4 August, approving the revised text of the Law on Infractions and Penalties in the Social Order. |
Accounting and tax documentation for business purposes. | 6 years | Art. 30 of the Royal Decree of 22 August 1885, publishing the Commercial Code. |
Accounting and tax documentation for tax purposes. | 4 years | Art. 66-70 of the Law 58/2003, of 17 December, General Taxation Law. |
Documentation related to subsidised training. | 4 years | Law 30/2015 of 9 September, which regulates the Vocational Training System for Employment in the working area, and article 14.3 of Royal Decree 694/2017, of 3 July, which develops the aforementioned law. |
Access control to buildings | 1 month | Instruction 1/1996 of the AEPD. |
Video surveillance | 1 month | Instruction 1/2006 of the AEPD Organic Law 4/1997. |
Period of time for retention:
OTHER DOCUMENTS | PERIOD OF TIME |
---|---|
Data on subscribers to newsletters and bulletins from EMAYOR SYNERSIGHT TECHNOLOGIES, S.L. | From the moment the user subscribes until cancellation. |
CVs in response to a specific vacancy, published by EMAYOR SYNERSIGHT TECHNOLOGIES, S.L. | From the receipt of the CV by the means provided by Emayor Synersight Technologies, S.L. until the final selection of the person to fill the vacancy, moment in which the rest of the CVs received will be eliminated and the selected one will be filed during the time that the new employee provides services in the company. |
CVs uploaded to the Emayor Synersight Technologies, S.L. website through the self-candidature form. | Indefinitely, from the date on which the CV is voluntarily entered by the candidate for future vacancies or until the candidate exercises his/her cancellation rights, as set out in this Policy, through the channels provided by Emayor Synersight Technologies, S.L. The company reserves the right to delete CVs that are more than two years old. |
Data collected by Emayor Synersight Technologies, S.L. from profiles published personally by their owners in professional social networks. | From the time the user grants their informed consent (in the first communication and always within 30 days of the data being obtained), until they exercise their right of cancellation or limitation of processing; or until the legal time limits are met in the event that they are included in the customer database. |
BROWSING DATA
In relation to the browsing data that may be processed through the website, in the event that data subject to regulations is collected, it is recommended that you consult the Cookies Policy published on our website.
Rights of data subjects
Data protection regulations grant a series of rights to interested parties or data subjects, users of the website or users of the social network profiles of Emayor Synersight Technologies, S.L.; these are as follows:
- Right of access: the right to obtain information on whether their own data is being processed, the purpose of the processing being carried out, the categories of data being processed, the recipients or categories thereof, the retention period and the origin of such data.
- Right of rectification: the right to obtain the rectification of inaccurate or incomplete personal data.
- Right of erasure: the right to obtain the erasure of data in the following cases
- When the data are no longer necessary for the purpose for which they were collected.
- When the data subject revokes consent.
- When the data subject objects to the processing.
- When the data must be deleted in order to comply with a legal obligation.
- Where the data have been obtained by virtue of an information society service on the basis of Article 8 section 1 of the European Data Protection Regulation.
- Right to opposition: the right to object to a specific processing operation based on the consent of the data subject.
- Right of restriction: the right to obtain the restriction of the processing of data in the following cases:
- When the data subject contests the accuracy of the personal data, during the period of time that allows the company to verify the accuracy of the data.
- When the processing is unlawful, and the data subject objects to the erasure of the data.
- When the company no longer needs the data for the purposes for which they were collected, but the data subject needs them for the formulation, exercise, or defence of claims.
- When the data subject has objected to the processing while it is being verified whether the legitimate reasons of the company prevail over those of the data subjects.
- Right to portability: the right to obtain the data in a structured, commonly used and machine-readable format and to transmit them to another data controller when:
- The processing is based on consent.
- The processing is carried out by automated means.
- The right to submit a complaint to the competent supervisory authority.
Interested parties may exercise the aforementioned rights by sending a formal letter, duly signed, clearly stating their contact details to the headquarters of Emayor Synersight Technologies, S.L.; located at Calle Etileno, 4 (47012) Valladolid; or by e-mail to the address rgpd@synersight.es, specifying the right they wish to exercise in the subject line. In both cases, it will be necessary to prove your identity by attaching a copy of your DNI/NIE. In this regard, Emayor Synersight Technologies, S.L. will deal with your request as soon as possible and taking into account the time periods provided for in the Data Protection regulations. If you would like to know more about your rights as a citizen with regard to Personal Data Protection, you can consult the AEPD’s Citizen’s Guide.
SAFETY
The security measures adopted by Emayor Synersight Technologies, S.L. are those required in accordance with the provisions of Article 32 of the GDPR. Taking into account the variables for the rights and freedoms of natural persons, such as the state of the art, the costs of implementation and its nature, the scope, context and purposes of the processing, as well as the probability and severity risks; Emayor Synersight Technologies, S.L. has established the appropriate technical and organisational measures to ensure the level of adequate security for the existing risk.
In any case, Emayor Synersight Technologies, S.L. has implemented sufficient mechanisms to:
- Guarantee the permanent confidentiality, integrity, availability and resilience of the processing systems and services.
- Restore availability and access to personal data quickly in the event of a physical or technical incident.
- Regularly verify, evaluate, and assess the effectiveness of the technical and organisational measures implemented to ensure the secure processing.
- Pseudonymisation and encryption processing of sensitive personal data. Specifically, Emayor Synersight Technologies, S.L. has adopted the following measures:
- Appointment of a person responsible for data protection, who must ensure continuous compliance with the applicable regulations.
- Establishment of functions and responsibilities of the personnel who process personal data.
- Communication among staff of the defined functions and responsibilities associated with compliance with data protection regulations.
- Definition of roles and profiles for users of the applications and systems where such data are processed in accordance with the established functions and responsibilities, so as to prevent access to data or resources other than those authorised. This access control system guarantees adequate user identification and authentication mechanisms, through the use of passwords that are renewed at least every six months and the automatic blocking of users in the event of successive failed access attempts, etc.
- Automated measures that limit access to information for unauthorised users or outside of the determined retention period, by means of data erasure or pseudonymisation techniques.
- Procedures that limit physical access to facilities where information systems or physical media are located. Paper files are kept in locked cabinets to which only the security officer has access.
- Procedures for the recovery of personal data in the event of possible destruction, loss or alteration, under the supervision and approval of the Data Protection Officer.
- Procedures for the detection, assessment and notification, if necessary, of security incidents that may affect the rights and freedoms of data subjects.
- Execution of periodic compliance reviews and the definition and execution of action plans for the mitigation of the risks detected.
- Measures that make it possible to have a log of access to particularly sensitive data in which the user and date of access can be identified.
- Encryption, data encoding or similar measures on physical media and portable devices containing particularly sensitive data and which are sent or used outside the company’s premises.
- Encryption or encoding measures on the transmission of particularly sensitive data over electronic networks.
- Measures that prevent access to particularly sensitive data on the physical carrier (e.g. documentation) during its transfer from the company’s premises to its storage location, which should have appropriate access control measures.