we use own cookies and thirds to offer you better service More information Accept

ma formentera houses

Privacy Policy

DATA CONTROLLER

The Data Controller is ESPALMADOR SERVEIS FINANCIERS SLNE, Calle Jaume I nº 17, 1º - 1ª puerta, 07860, Formentera (ILLES BALEARS).

Privacy principles

Here at ESPALMADOR SERVEIS FINANCIERS SLNE we are committed to working continuously to ensure that processing of your data of a personal nature is performed in strict privacy and to providing you with the fullest and most transparent information possible at all times. We encourage you to read this section carefully before providing us with your data of a personal nature.

If you are under fourteen years of age, please do not provide us with your data without your parents' consent.

This section informs you of how we process the data of the people who contact our organization. Let’s begin with our principles:

  • We do not request data of a personal nature unless it is required to provide the services you request.
  • Except to comply with the law, we never share personal information with anyone unless we have your express consent.
  • We will never use your personal data for purposes other than those set forth in this privacy policy.
  • Your data will always be treated with a level of protection in compliance with the legislation on protection of data of a personal nature and we will not subject said data to automated decisions.

This privacy policy has been drawn up taking the requirements of the current data protection-related legislation into account:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons (GDPR).
  • Organic Law 3/2018 of 5 December on the Protection of Data of a Personal Nature and Digital Rights (LOPD).
  • Royal Decree 1720/2007 of 21 December (RLOPD).

This Privacy Policy was drawn up on 6 December 2018.

This Privacy Policy may be amended at any time due to modification of the processing criteria in order to enhance understanding of the same or harmonize it with the currently applicable legislation. The drafting date will be updated to enable you to check the validity.

Processing

PROCESSING OF EMPLOYEES

Legal basis: GDPR: 6.1.b) Processing required for execution of a contract in which the interested person is a party or for application of pre-contractual measures at the latter's request. GDPR: 6.1.c) Processing required for compliance with a legal obligation applicable to the Data Controller.

Royal Legislative Decree 2/2015 of 23 October approving the revised text of the Workers' Statute Act.

Purpose of Processing:​

  • Management of contracted personnel.
  • Personnel file. Time control. Training. Pension plans. Prevention of occupational hazards.
  • Payment of wages and salaries.
  • Management of the trade union activity.

Group:​ Employees

Data category: Full name, I.D. (D.N.I)/Tax I.D (C.I.F)/other I.D document, personnel registration number, Social Security/Benefit Insurance, address, signature and telephone.

Special data categories: health (sick leave, occupational accidents and degree of disability without including diagnoses), union membership for the sole purposes of paying union dues (if applicable), union representative (if applicable), own or third-party welfare benefit vouchers.

Data of a personal nature: Gender, marital status, nationality, age, date and place of birth and family data. Family circumstances data: date of registration and cancellation, licenses, permits and authorizations.

Academic and professional data: Qualifications, training and professional experience.

Data describing employment and administrative career. Incompatibilities.

Presence control data: date/time entry and exit, reason for absence.

Financial data: Salary-related financial data, credits, loans, guaranties, tax deductions, salary deduction associated with the previous job position (if applicable), judicial withholdings (if applicable) and other withholdings (if applicable). Banking data.

Recipient categories::

  • Company entrusted with management of occupational hazard-related issues.
  • General Treasury of the Social Security.
  • Unions
  • Financial institutions.
  • State Tax Agency.
  • Main contractors to whom we provide services as subcontractors.

International Transfers:​ international transfer of data is not foreseen.

Retention period: Data will be retained for the time required to achieve the aim for which it was collected and to establish any liabilities that may arise from the purpose mentioned above and from the data processing.

The financial data involved in this processing will be retained as provided in Act 58/2003 of December 17, the General Tax Act.

Security Measures: Adapted to the requirements of Regulation (EU) 2016/679, the General Data Protection Regulation.

PROCESSING CONTACTS

Legal basis: consent of the interested party

Purpose of Processing: to address your request, send information and to monitor the request.

Group:​ contact people, customers and suppliers

Data category:​ full name: telephone, email address

Recipient categories::​ assignment of data to third parties is not foreseen.

International Transfers:​ international transfer of data is not foreseen.

Retention period: The contact data will be kept for an indefinite period or until the interested party requests its deletion

Security Measures: Adapted to the requirements of Regulation (EU) 2016/679, the General Data Protection Regulation.

PROCESSING OF DATA SUBJECT RIGHTS (ARCO RIGHTS)

Legal basis: GDPR: 6.1.c) Processing required for compliance with a legal obligation applicable to the Data Controller.

General Data Protection Regulation.

Purpose of Processing: To address the requests in exercise of the rights provided for in the General Data Protection Regulation.

Group: Natural persons who so request (employees, customers, suppliers, contact people)

Data category:​ Full name, address, telephone and signature.

Recipient categories:: Your data may be disclosed to the Control Authority (Spanish Data Protection Agency) within the framework of an inquiry for protection of rights filed by the interested party

International Transfers:​ international transfer of data is not foreseen.

Retention period: Your data will be kept for a period of five years from the time of the request.

Security Measures: Adapted to the requirements of Regulation (EU) 2016/679, the General Data Protection Regulation.

PROCESSING OF CANDIDATES IN RECRUITMENT PROCESSES (HR)

Legal basis: GDPR: 6.1.b) Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract

Purpose of Processing:​ Selection of personnel and provision of jobs.

Group:​ Candidates for jobs in the company.

Data category:

  • Full name, I.D. (D.N.I.)/Tax I.D (N.I.F.)/other I.D document, personnel registration number, address, signature and telephone.
  • Data of a personal nature: gender, marital status, nationality, age, date and place of birth and family data.
  • Academic and professional data: qualifications, training and professional experience.
  • Job description data.

Recipient categories::​ assignment of data to third parties is not foreseen.

International Transfers:​ international transfer of data is not foreseen.

Retention period: Data will be retained for the time required to achieve the aim for which it was collected and to establish any liabilities that may arise from the purpose mentioned above and from the data processing.

Security Measures: Adapted to the requirements of Regulation (EU) 2016/679, the General Data Protection Regulation.

PROCESSING OF SUPPLIERS

Legal basis: GDPR: 6.1.b) Processing required for execution of a contract in which the stakeholder is a party or for application of pre-contractual measures at the latter's request.

GDPR: 6.1.c) Processing required for compliance with a legal obligation applicable to the Data Controller.

Royal Legislative Decree 2/2015 of 23 October approving the revised text of the Workers' Statute Act.

Act 58/2003 17 of December, the General Tax Act.

Purpose of Processing:

  • Acquisition of products and/or services that we require in the course of the company’s activity.
  • Control of subcontractors (as required).

Group:

  • Suppliers.
  • Employees of our suppliers.

Data category:

  • Full name, I.D. (D.N.I.)/Tax I.D (N.I.F.)/other I.D document, address, signature and telephone.
  • Job description data: job position. Training in occupational safety.
  • Financial and insurance data: Banking data.

Recipient categories::

  • Financial institutions. (Payment of invoices)
  • State Tax Agency.

International Transfers:​ international transfer of data is not foreseen.

Retention period: Data will be retained for the time required to achieve the aim for which it was collected and to establish any liabilities that may arise from the purpose mentioned above and from the data processing in accordance with Act 58/2003 17 of December, the General Tax Act.

Security Measures: Adapted to the requirements of Regulation (EU) 2016/679, the General Data Protection Regulation.

PROCESSING OF CONSULTANCY CLIENTS

Legal basis:

  • GDPR: 6.1.a) The data subject gave his/her consent for the processing of his/her personal data for one or several specific purposes.
  • GDPR: 6.1.b) Processing required for execution of a contract in which the stakeholder is a party or for application of pre-contractual measures at the latter's request.
  • GDPR: 6.1.c) Processing required for compliance with a legal obligation applicable to the Data Controller.
  • General Tax Law (Law 58/2003). Voluntary representation: Article 46
  • Act 39/2015 of 1 October on the Common Administrative Procedure of Public Authorities. Representation: Article 5

Purpose of Processing: Provision of our taxation, accounting and labor-related consultancy services. Filling in official forms and submission of the same to the Tax Agency. Preparation of contracts, payroll, social security and submission of the same before the General Treasury of the Social Security.

Group:​ Customers

Data category:

  • Identification data: Full name, I.D. (D.N.I.)/Tax I.D (N.I.F.)/other I.D document, Social Security registration number, address, signature and telephone.
  • Financial and insurance data: banking data.
  • Professional data: employment details

Recipient categories::​

  • Social Security agencies.
  • Tax agency.
  • Companies House.
  • Local and regional government.
  • Property registration.
  • Banks and Savings Banks.

International Transfers:​ international transfer of data is not foreseen.

Retention period: Data will be retained for the time required to achieve the aim for which it was collected and to establish any liabilities that may arise from the purpose mentioned above and from the data processing in accordance with Act 58/2003 17 of December, the General Tax Act.

Security Measures: Adapted to the requirements of Regulation (EU) 2016/679, the General Data Protection Regulation.

YOUR RIGHTS

You have the right to request a copy of your personal data, to correct inaccurate information or to complete it if it is incomplete or if necessary, to delete it when it is no longer necessary for the purposes for which it was collected. You also have the right to limit the processing of your data of a personal nature and obtain your personal data in a structured and legible format.

You can object to the processing of your personal data in certain circumstances (in particular, when processing them is not needed to meet a contractual or other legal requirement or when the object of the processing is direct marketing).

You can withdraw your consent at any time after you have granted the same. We will cease to process your data at that time or, if appropriate, cease doing so for that particular purpose. Withdrawing your consent will in no way affect any processing that has already occurred while your consent was in effect.

These rights may be limited: for example, if we must disclose another person’s data to comply with your request; if you request us to delete data that we are legally bound to retain due to a legal duty or for legitimate interest such as exercise of defense in the event of claims, or even in cases where the right to freedom of speech and information should prevail.

You can contact us by any of the means indicated in the Data Controller section of this Privacy Policy, providing a copy of a document that proves your identity (usually the D.N.I. or passport).

You also have the right not to be subject to a decision based solely on automated processing including the creation of profiles that have legal effects or affect you in other ways.

In the event infringement of your rights, such as our failure to respond to your request, you may lodge a complaint with the data protection supervisory agency. You may do so in your own country (if you live outside Spain) or to the Spanish Data Protection Agency (AEPD) (if you live in Spain).

Further information

Processing of your data outside the European Economic Area.

We are entitled to use the processing services of the following providers outside the European Economic Area under the Privacy Shield agreement, approved by the data protection authorities of the European Union.

Amazon:​ Further information: ​https://www.privacyshield.gov/participant?id=a2zt0000000TOWQAA4

Apple iOS:​ Further information: ​https://www.privacyshield.gov/participant?id=a2zt0000000GnZjAAK

Dropbox:​ Further information: ​https://www.privacyshield.gov/participant?id=a2zt0000000GnCLAA0

Facebook/ Instagram (FB Messenger):​ Further information: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC

Google (Drive / Mail ...):​ Further information: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI

Linkedin:​ Further information: ​https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0

Microsoft (Drive, Skype...):​ Further information: https://www.privacyshield.gov/participant?id=a2zt0000000KzNaAAK

Twitter:​ Social network micromessages Further information: https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active

Whatsapp:​ Mobile instant messaging Further information: https://www.privacyshield.gov/participant?id=a2zt0000000TSnwAAG

Links to third-party websites

Our website may, on occasion, contain links to other websites. It is your responsibility to make sure you read the Data Protection Policy and the legal conditions that apply to each site.

Third party data

If you provide us with data from third parties you assume the responsibility of informing them in advance according to the provisions of article 14 of the GDPR.