The Data Controller is ENERGY SOLAR TECH, S.A., Calle José Echegaray 8. Building 1. Module 5-6. 1st Floor. 28232. Las Rozas de Madrid (Madrid)
At ENERGY SOLAR TECH, S.A., we are committed to continuously working to guarantee privacy in the processing of your personal data, and to offer you the most complete and clear information possible at all times. We encourage you to read this section carefully before providing us with your personal data.
If you are under fourteen years of age, please do not provide us with your data without the consent of your parents.
In this section, we inform you of how we process the data of people who have a relationship with our organization. Starting with our principles:
– We do not request personal information unless it is necessary to provide you with the services you require.
– We never share personal information with anyone, except to comply with the law, or with your express authorization.
– We will never use your personal data for purposes other than those expressed in this privacy policy.
– Your data will always be treated with a level of protection appropriate to the legislation on data protection, and we will not subject them to automated decisions.
We have drafted this privacy policy taking into account the requirements of current data protection legislation:
– Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons (GDPR).
– Organic Law 3/2018, of December 5, on the Protection of Personal Data and guarantee of digital rights (LOPD).
– Royal Decree 1720/2007, of December 21 (RLOPD).
This privacy policy is written as of December 6, 2018.
Due to the modification of treatment criteria, in order to facilitate its understanding or to adapt it to current legislation, it is possible that we will modify this privacy policy. We will update the date of the same, so that you can verify its validity.
Legal Basis: GDPR: 6.1.b) Processing necessary for the execution of a contract in which the interested party is a party or for the application at the request of the latter of pre-contractual measures.
GDPR: 6.1.c) Processing necessary for compliance with a legal obligation applicable to the data controller.
Royal Legislative Decree 2/2015, of October 23, which approves the consolidated text of the Workers’ Statute Law.
Purposes of the Processing:
– Management of contracted personnel.
– Personal file. Time control. Training. Pension plans. Prevention of occupational hazards.
– Issuance of personnel payroll.
– Management of union activity.
Collective: Employees
Data Categories:
– Name and surname, DNI/CIF/Identification document, personal registration number, Social Security/Mutual number, address, signature and telephone.
– Special categories of data: health data (sick leave, work accidents and degree of disability, without inclusion of diagnoses), union affiliation, for the exclusive purposes of paying union fees (where applicable), union representative (where applicable), proof of assistance of own and third parties.
– Personal characteristics data: Sex, marital status, nationality, age, date and place of birth and family data. Data on family circumstances: Date of registration and discharge, licenses, permits and authorizations.
– Academic and professional data: Qualifications, training and professional experience.
– Details of employment and administrative career. Incompatibilities.
– Presence control data: date/time of entry and exit, reason for absence.
– Economic-financial data: Payroll economic data, credits, loans, guarantees, tax deductions, cancellation of assets corresponding to the previous job (where applicable), judicial withholdings (where applicable), other withholdings (where applicable). Bank details.
Categories of Recipients:
– Entity to whom the management of occupational risks is entrusted.
– General Treasury of Social Security.
– Trade unions.
– Financial entities.
– State Tax Administration Agency.
– Main contractors to whom we provide services as subcontractors.
International Transfers: International data transfers are not foreseen.
Deletion Period: They will be kept for the time necessary to fulfill the purpose for which they were collected and to determine the possible responsibilities that could arise from said purpose and the processing of the data.
The economic data of this treatment activity will be kept under the provisions of Law 58/2003, of December 17, General Tax Law.
Security Measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.
Legal Basis: Consent of the interested party
Purposes of the Processing: Attend to your request, send you information and follow up on the request.
Collective: Contact persons, clients, suppliers
Data Categories: Name and surname, telephone, email address
Categories of Recipients: Data transfers to third parties are not contemplated.
International Transfers: International data transfers are not foreseen.
Deletion Period: Contact data will be kept for an indefinite period, or until the interested party requests its deletion.
Security Measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.
Legal Basis: GDPR: 6.1.c) Processing necessary for compliance with a legal obligation applicable to the data controller.
General Data Protection Regulation.
Purposes of the Processing: Attend to requests in the exercise of the rights established by the General Data Protection Regulation: Right of access, rectification, deletion, limitation, portability and opposition to automated decision-making.
Collective: Natural persons who request it (employees, clients, suppliers, contact persons)
Data Categories: Name and surname, address, signature and telephone.
Categories of Recipients: Personal data may be communicated to the Control Authority (Spanish Data Protection Agency) in the framework of an investigation for the protection of rights initiated by the interested party.
International Transfers: International data transfers are not foreseen.
Deletion Period: They will be kept for a period of five years from the moment of the request.
Security Measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.
Legal Basis: GDPR 6.1.a) The interested party gave their consent for the processing of their personal data for one or more specific purposes.
GDPR: 6.1.b) Processing necessary for the execution of a contract in which the interested party is a party or for the application at the request of this of pre-contractual measures.
Purposes of the Processing: Personnel selection and provision of jobs.
Collective: Candidates presented to procedures for the provision of jobs.
Data Categories:
– Name and surname, DNI/CIF/Identification document, personal registration number, address, signature and telephone.
– Personal characteristics data: Sex, marital status, nationality, age, date and place of birth and family data.
– Academic and professional data: Qualifications, training and professional experience.
– Details of employment.
Categories of Recipients: Data transfers to third parties are not foreseen.
International Transfers: International data transfers are not foreseen.
Deletion Period: They will be kept for the time necessary to fulfill the purpose for which they were collected and to determine the possible responsibilities that could arise from said purpose and the processing of the data.
Security Measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.
Legal Basis: GDPR: 6.1.b) Processing necessary for the execution of a contract in which the interested party is a party or for the application at the request of the latter of pre-contractual measures.
GDPR: 6.1.c) Processing necessary for compliance with a legal obligation applicable to the data controller.
Royal Legislative Decree 2/2015, of October 23, which approves the consolidated text of the Workers’ Statute Law.
Law 58/2003, of December 17, General Tax Law.
Purposes of the Processing:
– Acquisition of products and/or services that we need for the development of our activity.
– Control of subcontractors if applicable.
Collective:
– Suppliers.
– People who work for our suppliers.
Data Categories:
– Name and surname, DNI/NIF/Identification document, address, signature and telephone.
– Details of employment: job position. Training in occupational safety.
– Economic financial and insurance data: Bank details.
Categories of Recipients:
– Financial entities. (Payment of invoices)
– State Tax Administration Agency.
International Transfers: International data transfers are not foreseen.
Deletion Period: They will be kept for the time necessary to fulfill the purpose for which they were collected and to determine the possible responsibilities that could arise from said purpose and the processing of the data, in accordance with Law 58/2003, of December 17, General Tax Law,
Security Measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.
Legal Basis: GDPR: 6.1.a) The interested party gave their consent for the processing of their personal data for one or more specific purposes.
GDPR: 6.1.b) Processing necessary for the execution of a contract in which the interested party is a party or for the application at the request of the latter of pre-contractual measures.
GDPR: 6.1.c) Processing necessary for compliance with a legal obligation applicable to the data controller.
GDPR: 6.1.f) Processing necessary for the satisfaction of legitimate interests of the data controller.
Royal Legislative Decree 2/2015, of October 23, which approves the consolidated text of the Workers’ Statute Law.
Law 58/2003, of December 17, General Tax Law.
Purposes of the Processing: Energy marketing
Collective: Clients
Data Categories:
– Name and surname, DNI/NIF/Identification document, address, signature and telephone.
– Economic financial and insurance data: Bank details
Categories of Recipients:
– Financial entities.
– State Tax Administration Agency.
International Transfers: International data transfers are not foreseen.
Deletion Period: They will be kept for the time necessary to fulfill the purpose for which they were collected and to determine the possible responsibilities that could arise from said purpose and the processing of the data, in accordance with Law 58/2003, of December 17, General Tax Law,
Security Measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.
Legal Basis: GDPR: 6.1.c) the processing is necessary for the satisfaction of legitimate interests pursued by the data controller or by a third party.
Organic Law 2/1986, of March 13, on Security Forces and Bodies.
Purposes of the Processing: Guarantee the safety of people, goods and facilities and labor control.
Collective: Workers, clients and suppliers, users.
Data Categories: Image
Categories of Recipients: The recordings may be communicated to the Security Forces and Bodies, and to the Courts and Tribunals, in case of request from these, or in case they serve as proof of the commission of crimes or infractions.
International Transfers: International data transfers are not foreseen.
Deletion Period: No more than one month, except for communication to Security Forces and Bodies or/and Courts and Tribunals.
Security Measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.
Legal Basis: GDPR: 6.1.c) Processing necessary for compliance with a legal obligation applicable to the data controller.
General Data Protection Regulation. Articles 33 and 34
Purposes of the Processing: Management and evaluation of security breaches that occur in our organization.
Collective: Variable: Employees, Clients, Suppliers, Contact Persons (will depend on the security breach)
Data Categories: Variable. (Will depend on the security breach)
Categories of Recipients:
– Spanish Data Protection Agency.
– State Security Forces and Bodies.
International Transfers: International data transfers are not foreseen.
Deletion Period: They will be kept for the time necessary to fulfill the purpose for which they were collected and to determine the possible responsibilities that could arise from said purpose and the processing of the data. The provisions of the regulations on archives and documentation will apply.
Security Measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.
Legal Basis: GDPR: 6.1.c) Processing necessary for compliance with a legal obligation applicable to the data controller. Law 2/2023, of February 20, regulating the protection of persons who report on regulatory infringements and the fight against corruption.
Purposes of the Processing: Manage the confidential reporting of potentially irregular activities and behaviors that may constitute an infringement of the Code of Conduct and/or the possible commission of a criminal offense.
Collective: Variable: Employees (will depend on the security breach)
Data Categories: Variable: (will depend on the report)
Categories of Recipients:
– State Security Forces and Corps.
International Transfers: International transfers of data are not planned.
Deletion Period: The data processed will only be kept in the information system for the time necessary to decide whether to initiate an investigation into the reported events, without exceeding a period of ten years.
Security Measures: Adapted to the requirements of the law.
You have the right to request a copy of your personal data, to rectify inaccurate data or complete it if it is incomplete, or, where appropriate, delete it, when it is no longer necessary for the purposes for which it was collected.
You also have the right to limit the processing of your personal data and to obtain your personal data in a structured and readable format.
You may object to the processing of your personal data in some circumstances (in particular, when we do not have to process them to comply with a contractual requirement or other legal requirement, or when the purpose of the processing is direct marketing).
When you have given us your consent, you can withdraw it at any time. At that time we will stop processing your data or, where appropriate, we will stop doing so for that specific purpose. If you decide to withdraw your consent, this will not affect any treatment that has taken place while your consent was in effect.
These rights may be limited; for example, if in order to fulfill your request we had to reveal data about another person, or if you request that we delete some records that we are obliged to keep due to a legal obligation or a legitimate interest, such as the exercise of defense against claims. Or even in those cases where the right to freedom of expression and information must prevail.
You can contact us by any of the means indicated in the Data Controller section of this privacy policy, providing a copy of a document that proves your identity (usually the DNI). The most convenient way to exercise your rights is by accessing our RIGHTS PORTAL: https://clientes.protecciondatos.online/portalderechos/energy-solar-tech.
Another of your rights is not to be the subject of a decision based solely on automated processing, including profiling that produces legal effects or affects you.
Faced with any violation of your rights, such as, for example, that we have not attended to your request, you have the right to file a claim with the Control Authority for data protection. This may be that of your country (if you live outside of Spain) or the Spanish Agency for Data Protection (if you live in Spain).
Links to third-party websites.
Our website may, on occasion, contain links to other websites. It is your responsibility to ensure that you read the data protection policy and the legal conditions that apply to each site.
Third party data.
If you provide us with data from third parties, you assume the responsibility of informing them in advance as established in article 14 of the GDPR.
Shareholders.
If you are a shareholder of the company, you can consult the specific privacy policy in this link.
