Privacy and data protection policy

In compliance with the principle of transparency and duty of information established by current Spanish and European law on data protection, FRACTALIA REMOTE ESPAÑA SL hereby informs any data subjects about the circumstances and conditions under which their data is processed and their rights in this area.

Who is the Data Processing Manager?
Identity: FRACTALIA REMOTE SYSTEMS SL
CIF: B82513425
Address: 2ª Planta C/Ronda de Poniente 2, Edif 8, Polígono Empresarial Euronova, – 28760 Tres Cantos (MADRID)
Telephone: +34 917 994 070
Email: gdpr@fractalia.es

Why is your personal data processed?

FRACTALIA processes the data provided by its users and clients to:

• Answer queries that are sent via its contact form.
• Provide the contracted services and manage and maintain relationships with its clients and suppliers. Send out communications containing administrative information related to the contracted services.
• Mail out communications with offers of services, events and news related to its professional activity, when it is legally permitted to do so.
• Manage job vacancies and candidate relationships. CVs will only be accepted when they are sent via official channels, and will be rejected if they are sent by any other means.
• Guarantee the safety of people, assets and facilities.

How long do we keep your data for?

Any personal data that are provided are only kept for the length of time that is strictly necessary to fulfil the purposes for which they were gathered, provided that the data subject does not request their erasure beforehand. After this period of time, the data will be blocked and solely kept to address any liabilities that may arise from their processing, and only for the limitation period of these liabilities. Once these time periods have ended, the personal data will be deleted.

What type of data do we gather?

Bearing in the mind the purposes stated in the sections above, the following data categories will be subject to processing: Identification data (Name and surname, telephone, address, email address and ID number); Economic, financial or banking data (e.g.: business activity, type of business, trade licence, bank account). Academic data: Training and qualifications. Professional data: Professional experience, membership of professional associations and schools. Business information data: Business activity, type of business and trade licences.

Strictly protected data are not generally processed. If it is necessary to process special data categories, it will be to ensure that the processing manager or data subject complies with obligations and exercises specific rights in the area of employment law and safety and social protection, or to make or defend claims.

What is the legal basis for processing your data?

The legal basis for processing your personal data is related to the purpose for which the data were gathered. This means that processing your personal data is legitimised by the following conditions:

• When you provide personal data via our contact form, the processing of your personal data is legitimised by your consent.

Accepting the privacy policy, via the established opt-in procedure, will be understood for all purposes to mean the USER gives their free, specific, informed and unequivocal consent ‒ in virtue of article 4 of the General Data Protection Regulation ‒ to the processing of their personal data under the terms stated in this document.

• Processing your data to send you communications with offers of services, events and news related to our professional activity will be legitimised by your consent or the legitimate interest of FRACTALIA.
• When the purpose of processing your personal data is to provide contracted services and manage an existing relationship, it will be legitimised by performing the service contract.
• Processing personal data to manage job vacancies will be legitimised by the consent granted by candidates when they complete the contact form.
• Public interest will legitimise the processing of security camera images for the purpose of ensuring the security of people, assets and facilities.
• Furthermore, your personal data will be processed when there is a legal requirement to do so.

Who will your data be sent to?

Your data will not generally be transferred to third parties unless there is a legal obligation to do so.
To meet the aims stated in this policy, we collaborate with service providers that have access to your personal data. FRACTALIA has signed a corresponding data processing contract with these providers under which they are prescribed the following obligations: apply appropriate technical and organisational measures; process personal data for the agreed purposes and solely in line with instructions provided by FRACTALIA.

What are your rights when you provide us with your data?

Everyone has the right to obtain confirmation about whether or not FRACTALIA is processing their personal data.

Interested parties have the right to access their personal data, request that any incorrect data is rectified and request that they are deleted when they are no longer needed for the purpose for which they were gathered, as applicable. In these situations, FRACTALIA will notify any recipients who have been sent your personal data.

Under specific circumstances, data subjects will be able to request that limits are placed on the processing of their data and, in this event, the data will only be kept to make or defend any possible claims.

Under specific circumstances, and on grounds related to their particular situation, data subjects may object to the processing of their data. FRACTALIA will stop processing their data, unless there are compelling legitimate grounds to continue, or to make or defend any possible claims.

Interested parties will also have the right to receive the relevant personal data that they have provided to FRACTALIA in a structured, commonly used and machine readable format.

To exercise the rights stated in the section above, users can write to FRACTALIA’s business address or email the email addresses given in the heading of this data protection policy, providing their correct identification details. If there are any doubts regarding their identity, the processing manager will request additional information.

Mandatory or optional nature of the information provided

By checking the corresponding boxes and entering data in fields marked with an asterisk (*) or in the contact form, data subjects expressly, freely and unequivocally accept that their data are needed by FRACTALIA to answer their requests, and that entering data in the remaining fields is voluntary. The user guarantees that the personal data provided to FRACTALIA are true and is responsible for notifying FRACTALIA of any changes to the data. FRACTALIA informs users that all data requested via its website are mandatory because they are needed to provide users with the best possible service. If all the data are not provided, it cannot guarantee that the information and services provided will fully meet your needs.

What security measures are in place?

FRACTALIA informs users that it implements the technical and organisational measures needed to guarantee the security of all personal data and to prevent its amendment, loss, and unauthorised processing and/or access. Furthermore, FRACTALIA has established measures to strengthen confidentiality and data integrity in its organisation, continuously supervising, checking and assessing the processes used to ensure respect for data privacy.

Certifications in data security:

UNE–EN ISO 27001:2013 Information Security Management Systems

UNE–EN ISO 20000-1: 2011 Information Technology Service Management System.

UNE-EN ISO 22301: 2012 Business Continuity Management Systems.

NSF: Certification of conformity with the National Security Framework.