At Grupos Diferenciales, S.A. we are concerned about the personal data we process and the exact compliance with current regulations on personal data protection, among others, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and the free movement of such data and repealing Directive 95/46/EC, as well as Organic Law 3/2018, of 5 December, on the Protection of Personal Data and guarantee of digital rights.

Accordingly, we inform you of the following issues relating to the processing of personal data that we perform in Grupos Diferenciales, S.A.:

Who is responsible for the processing of your personal data?

Identity: Grupos Diferenciales, S.A.
TAX ID: A01002195
Postal address: Portal de Bergara, nº 32
01013 Vitoria (Álava)
Telephone: 945 260 100
E-mail: dataprotection@gruposdiferenciales.es
Registration details: Grupos Diferenciales, S.A. is registered in the Companies Register of Álava, Volume 56, Book 7 of the public limited company section, Folio 132, Page VI-127, 1st entry.

Principles relating to processing

The principles required by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter, GDPR) are respected in the processing of personal data:

• Principle of lawfulness, fairness and transparency: the data we collect are processed lawfully, fairly and transparently, with the prior consent of the data subjects where necessary or, where applicable, for the performance of a contract to which the data subject is a party or for the implementation at the request of the data subject of pre-contractual measures, or if the processing is necessary for compliance with an applicable legal obligation, or for the fulfilment of legitimate interests pursued by the controller or by a third party, provided that such interests are not overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the data subject is a child.
• Purpose limitation principle: the personal data we process are used for the purposes indicated in the section ‘For which purposes do we use your personal data’.
• Principle of data minimisation: in accordance with this principle, the only personal data we collect from users are those strictly necessary to manage contractual relations and to be able to deal with the queries and/or requests they make to us.
• Principle of accuracy: the personal data we request will be kept accurate and, if necessary, updated. To this end, in the event of any change in personal data, the user must inform us so that we can carry out the appropriate update.
• Principle of limitation of the storage period: the personal data we process will be kept for the periods indicated in the section ‘How long will we keep your personal data’.
• Principle of integrity and confidentiality: to respect this principle, personal data will be processed in a way that ensures adequate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, by applying appropriate technical and organisational measures.

What categories of personal data do we process?

The categories of data that we process through the website www.gruposdiferenciales.es are:

• Data collected through the contact form: name; telephone; e-mail address; message.

We do not process data that the General Data Protection Regulation qualifies as “special categories of data ’ (health data, biometric data, trade union membership, etc.) or personal data relating to criminal convictions or offences.

All personal data requested in the contact form, marked as ‘obligatory field’, are those necessary to manage the queries or requests made by users, so that it is obligatory to provide them and, if they are not provided, we will not be able to deal with them.

How have we obtained your personal data?

All personal data that we process in Grupos Diferenciales, S.A. are provided to us by the interested parties or their legal representatives.

The personal data we request through this website have been collected through the contact form or through the email address provided to contact us.

The personal data we request are the minimum necessary to attend to and comply with the corresponding purposes so that, if they are not provided, we will not be able to attend to them.

For what purposes do we use your personal data?

Customer data: we use your personal data for the proper maintenance, development, fulfilment and control of the contractual relationship and the provision of the services you request, your invoicing, as well as for sending information about our products and services and other matters relating to our company and our professional field.

Suppliers’ data: we use your personal data for the proper maintenance, development, fulfilment and control of the contractual relationship with our suppliers and the services they provide us with.

Likewise, in relation to the personal data provided to us by some suppliers in relation to their employees, they will be used for the coordination of business activities in order to comply with Law 31/1995, of 8 November, on the Prevention of Occupational Risks, in relation to the coordination of business activities and Royal Decree 171/2004, of 30 January, which develops article 24 of the same.

Personnel data: for the appropriate maintenance, development, fulfilment and control of the contractual relationship with our employees, as well as compliance with the applicable regulations in force on labour, Social Security and Occupational Risk Prevention matters.

Candidate data: to manage the participation of interested parties in the personnel selection processes that we carry out.

Data collected through the contact form: the personal data provided by users are used to manage and respond to the queries or requests they make.

Data from users of our profiles on social networks: to interact with our users, mainly by responding to comments they make to the publications we make on the profiles we have on different social networks.

What is the legal basis for the processing of your personal data?

Customer data: the legal basis that legitimises the processing of personal data is their necessity for the performance of a contract to which they are party and, where appropriate, for the satisfaction of a legitimate interest, as provided for in article 19.1 of Organic Law 3/2018, of 5 December, on the Protection of Personal Data and the guarantee of digital rights. With regard to the communications of your personal data contained in the following section, the legal basis that legitimises such processing is the need to comply with the legal obligations applicable to us.

Suppliers’ data: the legal basis that legitimises the processing of personal data is their necessity for the performance of the contract to which they are a party and, where appropriate, for the satisfaction of a legitimate interest, as provided for in article 19.1 of Organic Law 3/2018, of 5 December, on the Protection of Personal Data and the guarantee of digital rights. With respect to the communications of your personal data contained in the following section, the legal basis that legitimises such processing is the need to comply with the legal obligations applicable to us.

With regard to the personal data of the employees of certain suppliers, the legal basis for the processing of your personal data is that it is necessary for compliance with the obligations arising from Law 31/1995, of 8 November, on the Prevention of Occupational Risks, on the coordination of business activities and Royal Decree 171/2004, of 30 January, which implements article 24 of the same.

Personnel data: the legal basis that legitimises the processing of personal data is their necessity for the execution of the contract to which they are party.

Candidate data: the legal basis for the processing of your personal data is the need for the implementation of pre-contractual measures at the request of the data subject.

Data collected through the contact form: the legal basis that legitimises the processing of the personal data provided by the interested parties is their need for the execution of the legal relationship that arises when contacting us and, therefore, to manage the queries or requests they make to us.

Data of users of our profiles on social networks: the legal basis for the processing of your personal data is the consent given when following us on our social networks, such processing therefore being necessary to interact with users (e.g. to respond to comments).

To which recipients will your personal data be disclosed?

The personal identification and billing data of customers and suppliers will be communicated, where appropriate, to the tax authorities for the fulfilment of legal and tax obligations, as well as to the financial institution through which the company manages the collection of its products and services or the payment of invoices received.

In other cases, we will only communicate your personal data in the event that it is necessary for the execution of the contract or compliance with legal obligations, as is the case with account auditors, in accordance with the provisions of Royal Legislative Decree 1/2010, of 2 July, which approves the revised text of the Capital Companies Act.

In the rest of the processing, data will not be communicated to third parties unless it is necessary for the execution of a contract or for the fulfilment of legal obligations.

Likewise, for certain other matters we use the services of third parties, who act as data processors, with whom we have signed the corresponding data processing contract in accordance with the provisions of article 28.3 of the General Data Protection Regulation.

International data transfers

We do not carry out international data transfers, without prejudice to the provisions to this effect in relation to the cookies used by this website, which you can consult in the corresponding section of our Cookies Policy.

How long do we keep your personal data?

Customer, supplier and employee data: personal data will be retained for the duration of the relevant contractual relationship and, after the end of the contractual relationship, for as long as necessary to comply with legal obligations.

However, we retain the personal data of subcontractors and their employees for the duration of each Business Activity Coordination and, after its termination, for the duration of the statute of limitations.

Candidate data: personal data of candidates will be retained for a maximum period of two years.

Data collected through the contact form: the personal data provided by users, if any, will be kept only during the management of the queries or requests they make to us and, subsequently, for the periods necessary to comply with legal obligations.

Data of users of our profiles on social networks: the retention periods of the personal data of our followers on social networks depend on the policies of each social network, although we will only process them until they stop following us.

What are your rights when you provide us with your personal data?

• Right to request access to your personal data: in order to know and verify the lawfulness of the processing, you may ask us at any time to confirm whether Grupos Diferenciales, S.A. is processing your personal data and, if so, we will inform you, among other things, about what data we are processing, its purpose, origin of the data, expected period of data retention and, where appropriate, recipients or categories of recipients.
• Right to request rectification: You may ask us to rectify personal data that is inaccurate or to supplement incomplete personal data, including by means of a supplementary declaration. In this case, you must indicate in your request which data you are requesting and the correction to be made and, if necessary, provide us with documentary evidence of the inaccuracy or incompleteness of the data undergoing processing.
• Right to request deletion (‘right to be forgotten’): you may request that your personal data be deleted and no longer processed if they are no longer necessary for the purposes for which they were collected or otherwise processed, you withdraw your consent, they have been unlawfully processed or they must be deleted in order to comply with a legal obligation.
• Right to request the limitation of the processing of your personal data: in this case Grupos Diferenciales, S.A. will only keep your personal data for the formulation, exercise or defence of claims, or for the protection of the rights of another natural or legal person or for reasons of important public interest.
• Right to portability of your personal data: you can ask us to provide your personal data to you or to another controller that you specify, in a structured, commonly used and machine-readable format.
• Right to object to the processing: Grupos Diferenciales, S.A. will stop processing your personal data in the manner you indicate, unless we have to continue processing them for compelling legitimate reasons or for the formulation, exercise or defence of possible claims.

How to exercise your data protection rights: to exercise your rights, you must send us a written request addressed to Grupos Diferenciales, S.A., at Portal de Bergara, nº 32, C.P. 01013 de Vitoria (Álava), or by sending an e-mail to dataprotection@gruposdiferenciales.es. We may request a copy of your ID card if necessary to prove your identity.

Grupos Diferenciales, S.A. will respond to all requests within the terms and conditions required by current legislation on personal data protection.

How to file a complaint with the Spanish Data Protection Agency: if you believe that we have not properly treated your personal data or that we have not properly attended to the exercise of your data protection rights, you can file a complaint with the Spanish Data Protection Agency, either through its electronic headquarters or at its address, calle Jorge Juan, nº 6, C.P. 28001, Madrid.

More information on data protection rights and complaints to the supervisory authority can be found at www.aepd.es.

Security

In accordance with the provisions of Article 32 of the General Data Protection Regulation, Grupos Diferenciales, S.A. has adopted appropriate technical and organisational measures to ensure a level of security appropriate to the risk.

In order to assess the adequacy of the level of security, particular account has been taken of the risks presented by the processing of data, in particular as a result of the accidental or unlawful destruction, loss or alteration of personal data transmitted, stored or otherwise processed, or the unauthorised communication of or access to such data.

Duty of secrecy

Grupos Diferenciales, S.A. has adopted measures to ensure that any person acting under their respective authority who has access to the personal data provided by users can only process them on the instructions of the company, and must also keep the corresponding professional secrecy about them, which will last indefinitely.

To this end, our employees have signed a document of confidentiality and duty of secrecy regarding the information and personal data that they process as part of their working relationship with the company.

Use of the website by minors

We kindly ask users to read the policies on the use of the website by minors that we have published in the ‘Legal Notice’ on our website.

Social Networking

Profiles on social networks: Grupos Diferenciales, S.A. has profiles on some of the main social networks that exist today, so that there may be a processing of personal data of our followers, people who appear in the publications we make (for example, photographs) and people who send us private messages.

Data processing and purpose: the data processing that Grupos Diferenciales, S.A. will carry out is limited and conditioned to the policies and functionalities of each social network.

When a user becomes a follower of ours on a social network, they authorise us to use their personal data only within the scope of the corresponding social network for the management of our page or profile and the two-way communications that we maintain with our followers through chat, messages or other means of communication that the Social Network currently and in the future allows. This implies that we will have access to the information of your profile that appears in the comment, for example and without limitation, your user name, image (in the event that the user has put a picture on your profile), and comments made.

We also wish to inform you that, when a user becomes a follower of ours, the news that we publish may also appear on their wall and that, if they make comments on our wall, their comments as well as the name of their profile and, if applicable, the photograph they have on their profile, will be accessible to other followers. In any case, the user is responsible for the use they make of the Social Network.

We will not use the personal data of users for purposes other than those indicated in previous paragraphs or to send them information through an environment other than the social network.

Unless the interested party gives their consent or requests us to do so in order to deal with a request they make, we will not extract their personal data from the social network environment.

Legitimisation of the processing: the legal basis that legitimises the processing of the personal data of our followers is the consent they give when they follow us.

Recipients of the data: we will not communicate to third parties or make international transfers of the personal data of our followers unless it is necessary to comply with any legal obligation. This is without prejudice to the fact that the public comments made on our social networks by followers and our responses will be seen by the rest of the followers.

Data retention period: the retention periods for the personal data of our followers on social networks depend on the policies of each social network, although we will only process them until they stop following us.

Data protection rights: with regard to the rights of access, rectification or deletion, limitation of processing, opposition and portability of your personal data, we can only act in accordance with the possibilities that each social network allows for this purpose. Grupos Diferenciales, S.A. will provide all possible assistance to the interested party to exercise these rights.

Any follower of ours may unsubscribe from our page or profile at any time so that we would no longer have access to their personal data, although the social network may keep the comments previously made on our wall.

In any case, it is the responsibility of the user to use the Social Network, so Grupos Diferenciales, S.A. assumes no responsibility in this regard.

You can consult below the privacy policy of the social network where Grupos Diferenciales, S.A. has a page or profile:

• LinkedIn: Privacy Policy

Cookies

Cookies are small text files that are stored on the hard disk or in the memory of the computer that accesses or visits the pages of certain websites, so that the user’s preferences can be known on reconnecting. Cookies stored on the user’s hard drive cannot read the data contained therein, access personal information or read cookies created by other providers.

See information on the cookies used on this website in the ‘Cookies policy’ section.

Text dated: 14 June 2024