Privacy policy

DATA CONTROLLER

The Data Controller is EUROPOUND EXCHANGE SAU, CENTRO COMERCIAL ARABI PLAZA, LOCAL 44A, 03580, ALFAZ DEL PI (ALICANTE).
Privacy Principles
At EUROPOUND EXCHANGE SAU we are committed to working with you continuously to guarantee privacy in the treatment of your personal data, and to offer you at all times the most complete and clear information that we can. We encourage you to read this section carefully before providing us with your personal data.
If you are under fourteen years of age, please do not provide us with your details without parental consent.

In this section we inform you about how we handle the data of people who have a relationship with our organisation. Starting with our principles:
– We do not ask for personal information, unless it is necessary to provide you with the services you require.
– We never share personal information with anyone, except to comply with the law, or with your express permission.
– We will never use your personal information for purposes other than those stated in this privacy policy.
– Your data will always be treated with a level of protection that complies with data protection legislation and will not be subject to automated decisions.
We have drafted this privacy policy taking into account the requirements of current data protection legislation:
– Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons (GDPR).
– Organic Law 3/2018, of 5 December, on the Protection of Personal Data and Guarantee of Digital Rights (LOPD).
– Royal Decree 1720/2007, of 21 December (RLOPD).

Esta política de privacidad está redactada con fecha 6 de diciembre de 2018.
Con motivo de la modificación de criterios de tratamiento, en aras de facilitar su comprensión o de adaptarla a la legalidad vigente, es posible que modifiquemos la presente política de privacidad. Actualizaremos la fecha de la misma, para que puedas comprobar su vigencia.

Treatments we carry out

TREATMENT OF EMPLOYEES

Legal basis: GDPR: 6.1.b) Processing necessary for the performance of a contract to which the data subject is party or for the implementation at the data subject’s request of pre-contractual measures.
GDPR: 6.1.c) Processing necessary for compliance with a legal obligation applicable to the controller.
Royal Legislative Decree 2/2015, of 23 October, approving the revised text of the Workers’ Statute Law.
Purposes of processing: – Management of contracted personnel.

– Personal file. Time and attendance. Training. Pension plans. Prevention of occupational risks.
– Issuance of personnel payroll.
– Management of trade union activity.
Collective: Employees
Data categories: – Name and surname, DNI/CIF/identifying document, personnel register number, Social Security/Mutuality number, address, signature and telephone number.
– Special categories of data: health data (sick leave, occupational accidents and degree of disability, not including diagnoses), trade union membership, for the sole purpose of payment of trade union dues (if applicable), trade union representative (if applicable), own and third party proof of attendance.
– Data on personal characteristics: Sex, marital status, nationality, age, date and place of birth and family data. Data on family circumstances: Date of registration and leave, licences, permits and authorisations.- Academic and professional data: Qualifications, training and professional experience.
– Details of employment and administrative career. Incompatibilities.
– Attendance control data: date/time of arrival and departure, reason for absence.
– Economic-financial data: Payroll economic data, credits, loans, guarantees, tax deductions, cancellation of credits corresponding to the previous job (if applicable), judicial withholdings (if applicable), other withholdings (if applicable). Bank details. Categories of Recipients: – Entity entrusted with the management of occupational risks.
– General Treasury of the Social Security.
– Trade union organisations.
– Financial institutions.
– State Tax Administration Agency

– Prime contractors to whom we provide services as subcontractors.
International Transfers: No international transfers of the data are foreseen. Period of Deletion: They will be kept for the time necessary to fulfil the purpose for which they were collected and to determine any possible liabilities that may arise from this purpose and from the processing of the data.
The financial data of this processing activity will be kept in accordance with the provisions of Law 58/2003, of 17 December, General Taxation.
Security measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.

CONTACT TREATMENT

Legal Basis: Consent of the data subject.
Purpose of processing: To deal with your request, send you information and follow up the request.
Group: Contact persons, customers, suppliers.
Data categories: Name and surname, telephone number, email address.
Categories of recipients: No transfer of data to third parties is envisaged.
International Transfers: No international transfers of data are foreseen. Period of Deletion: The contact details will be kept for an indefinite period of time, or until the interested party requests their deletion.
Security measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.

CARE TREATMENT RIGHTS OF PERSONS (ARCO)

Legal basis: GDPR: 6.1.c) Processing necessary for compliance with a legal obligation applicable to the controller.
General Data Protection Regulation.
Purposes of the Processing: To deal with requests in the exercise of the rights established in the General Data Protection Regulation: Right of access, recification, deletion, limitation, portability and opposition to automated decision-making.
Group: Individuals who request it (employees, customers, suppliers, contact persons).
Data categories: Name and surname, address, signature and telephone number.
Categories of recipients: Personal data may be communicated to the Supervisory Authority (Spanish Data Protection Agency) in the framework of an investigation for the protection of rights initiated by the data subject.
International Transfers: No international transfers of the data are foreseen. Deletion period: Data will be kept for a period of five years from the time of the request.
Security measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.

SUPPLIER PROCESSING

Legal basis: GDPR: 6.1.b) Processing necessary for the performance of a contract to which the data subject is party or for the implementation at the data subject’s request of pre-contractual measures.
GDPR: 6.1.c) Processing necessary for compliance with a legal obligation applicable to the controller.
Royal Legislative Decree 2/2015, of 23 October, approving the revised text of the Workers’ Statute Law.
Law 58/2003, of 17 December, General Taxation.
Purposes of Processing: – Acquisition of products and/or services that we need for the development of our activity.
– Control of subcontractors, if applicable.
Collective: – Suppliers.
– People who work for our suppliers.
Categories of data: – Name and surname, DNI/NIF/identifying document, address, signature and telephone number.

– Job details: job title. Training in occupational safety.
– Economic, financial and insurance data: Bank details.
Categories of recipients: – Financial institutions (payment of invoices).
– State Tax Administration Agency.
International Transfers: No international transfers of data are foreseen. Period of Deletion: Data will be kept for the time necessary to comply with the purpose for which they were collected and to determine any possible liabilities that may arise from this purpose and from the processing of the data, in accordance with Law 58/2003, of 17 December, General Taxation,
Security measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation

TREATMENT OF CUSTOMERS.

Legal basis: GDPR: 6.1.a) The data subject consented to the processing of his or her personal data for one or more specific purposes.
GDPR: 6.1.b) Processing necessary for the performance of a contract to which the data subject is party or for the implementation at the request of the data subject of pre-contractual measures.
GDPR: 6.1.c) Processing necessary for compliance with a legal obligation applicable to the controller.

GDPR: 6.1.f) Processing necessary for the satisfaction of the legitimate interests of the data controller. Royal Legislative Decree 2/2015, of October 23, approving the consolidated text of the Workers’ Statute Law. Law 58/2003, of December 17, General Taxation Law. Purposes of Processing: Provision of our products/services Data Subject: Customers Categories of Data:

  • Name and surname, ID/NIF/Identification document, address, signature, and telephone.
  • Economic, financial, and insurance data: Banking information Categories of Recipients:
  • Financial entities.
  • State Tax Administration Agency. International Transfers: No international transfers of data are foreseen. Deletion Period: They will be kept for as long as necessary to fulfill the purpose for which they were collected and to determine the possible responsibilities that may arise from said purpose and data processing, in accordance with Law 58/2003, of December 17, General Taxation Law. Security Measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation. SECURITY BREACH NOTIFICATION PROCESSING Legal Basis: GDPR: 6.1.c) Processing necessary for compliance with a legal obligation applicable to the data controller. General Data Protection Regulation. Articles 33 and 34 Purposes of Processing: Management and assessment of security breaches that occur within our organization. Data Subject: Variable: Employees, Customers, Suppliers, Contact Persons (depending on the security breach) Categories of Data: Variable. (Dependent on the security breach) Categories of Recipients:
  • Spanish Data Protection Agency.
  • State Security Forces and Corps. International Transfers: No international transfers of data are foreseen. Deletion Period: They will be kept for as long as necessary to fulfill the purpose for which they were collected and to determine the possible responsibilities that may arise from said purpose and data processing. The provisions of the archives and documentation regulations shall apply. Security Measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation. VIDEO SURVEILLANCE PROCESSING Legal Basis: GDPR: 6.1.c) Processing is necessary for the satisfaction of legitimate interests pursued by the data controller or a third party. Organic Law 2/1986, of March 13, on Security Forces and Corps. Purposes of Processing: Ensure the security of individuals, property, facilities, and labor control. Data Subject: Workers, customers, suppliers, users. Categories of Data: Image Categories of Recipients: Recordings may be disclosed to the Security Forces and Corps, and to the Courts, in the event of a request from them, or if they serve as evidence of the commission of crimes or offenses. International Transfers: No international transfers of data are foreseen. Deletion Period: Not exceeding one month, unless communicated to the Security Forces and Corps and/or Courts and Tribunals.

Security Measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.
YOUR RIGHTS
You have the right to request a copy of your personal data from us, to rectify inaccurate data, or complete them if they are incomplete, or, if applicable, to delete them when they are no longer necessary for the purposes for which they were collected.
You also have the right to restrict the processing of your personal data and to obtain your personal data in a structured, commonly used, and machine-readable format.
You may object to the processing of your personal data in certain circumstances (particularly when we do not need to process them to comply with a contractual or legal requirement, or when the purpose of the processing is direct marketing).
If you have given us your consent, you can withdraw it at any time. At that point, we will cease processing your data, or, if applicable, cease processing them for that specific purpose. If you decide to withdraw your consent, this will not affect any processing that took place while your consent was valid.
These rights may be limited; for example, if fulfilling your request would require us to reveal information about another person, or if you ask us to delete some records that we are obliged to keep due to a legal obligation or legitimate interest, such as exercising defense against claims. Or even in cases where the right to freedom of expression and information must prevail.
You can contact us through any of the means indicated in the Data Controller section of this privacy policy, providing a copy of a document that verifies your identity (usually your ID card).
Another of your rights is not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects concerning you or significantly affects you.
In the event of any violation of your rights, such as if we have not addressed your request, you have the right to lodge a complaint with the Data Protection Authority. This may be in your country (if you live outside Spain) or the Spanish Data Protection Agency (if you live in Spain).
Links to third-party websites.
Our website may, on occasion, contain links to other websites. It is your responsibility to ensure that you read the data protection policy and the legal terms that apply to each site.
Third-party data.
If you provide us with third-party data, you are responsible for informing them beforehand as established in Article 14 of the GDPR