PRIVACY POLICY

  1. Introduction

We are highly committed to individual privacy, and the protection of personal data is of great importance to us.

We process personal data in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR), Organic Law 3/2018 on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD), and all other applicable regulations.

This Privacy Policy was last reviewed in December 2024, in order to fulfill the duties of information and transparency applicable to this website and the data controller in general, and to make available to any data subject, not only website users, the general terms regarding data processing. This policy may be subject to changes until its next review.

  • Who is the data controller responsible for processing your data?

Controller: INDESPRO FABRICADOS S.L.U.

TAX ID (CIF/NIF): B73781700

Address: P.I. EL SALADAR, C/ EL AVELLANO, UNITS 2–4, 30850 TOTANA (MURCIA), Spain

Email: info@indespro.es

  • What is the origin and type of data we process?

The information we process may come from any of the following sources:

  • Paper-based, electronic, or digital forms.
  • Communication and messaging systems: email, messaging apps, telephone, etc.
  • Other lawful sources of information.

Depending on the category of the data subject (user, client, supplier, employee, etc.), the nature of the controller’s activities, and the specific processing purposes, we may process the following types of data:

  • Identifying data, e.g., name, surname, image.
  • Identification codes or credentials, e.g., username, employee code.
  • Contact details (postal or electronic), e.g., phone number, email address, social media profile.
  • Personal and professional characteristics, e.g., age, date of birth, academic qualifications, professional experience, résumé.
  • Financial, economic, and insurance data, e.g., bank account, credit card.
  • Payroll and employment-related data, e.g., job title, payslips.
  • Transactional data, e.g., goods and services supplied or received.
  • Special category data, e.g., health, union membership, racial origin.
  • Other data and information necessary or implicit in the course of our services, activities, and corporate purpose.

MANDATORY OR OPTIONAL NATURE OF THE INFORMATION PROVIDED BY THE DATA SUBJECT.

By checking the relevant boxes and entering data into required fields (marked, for example, with an asterisk) on contact forms or data collection forms, the data subject expressly, freely, and unequivocally consents to the processing of such data by the controller as necessary to fulfill the requested service. The inclusion of data in optional fields is voluntary.

The data subject guarantees that the personal data provided is true and agrees to notify the controller of any changes. Requested data marked as required is essential to providing an optimal service. Failure to provide such data may result in services or information that do not fully meet the data subject’s needs.

  • For what purposes do we process your personal data?

In general, data is processed to ensure the proper execution of activities related to the controller’s business operations. Specific purposes vary depending on the category of the data subject:

  • Clients and prospects: Management and maintenance of commercial, pre-contractual, and contractual relationships; internal administration; financial management; advertising and marketing; customer support.
  • Collaborators, creditors, and suppliers: Relationship management; internal administration; financial management.
  • Employees: Employment management, HR development, training, occupational risk prevention, time tracking, and compliance with legal obligations.
  • Job applicants: Résumé processing; recruitment management.
  • Website and social media users: User support and communication management.
  • Visitors: Visitor support and facility access control.
  • Other categories of data subjects will be processed in accordance with the company’s activity, legal obligations, and the general terms of this Privacy Policy.

Additional general purposes include:

  • Creation of commercial profiles to personalize offers and communications (without automated decision-making) under legitimate interest.
  • Video surveillance for the security of property and persons, including workplace control, under legitimate interest.
  • Call recording for security and quality purposes, under legitimate interest.
  • Financial risk analysis and debt management. In the case of delinquent accounts, data may be reported to credit rating agencies or debt collection services, under legitimate interest.
  • Communications: the development and execution of communications using the available contact data and channels (email, instant messaging, etc.) with categories of internal data subjects (employees) and external data subjects (clients, prospects, collaborators, suppliers, etc.). The purposes of such communications may include informational, organizational, commercial, and advertising content, as appropriate, based on the data controller’s legitimate interest and the informed consent of the data subject.
  • Other purposes arising from the nature of the data controller, carried out in the normal course and exercise of its business activity, based on a valid legal basis.
  • How long do we retain your data?

In general, personal data will be retained for at least as long as a relationship with the data subject exists, unless its deletion is requested, potential liabilities may arise, or there is a legal obligation to retain the data.

With regard to data of job applicants or employment seekers, such data will be deleted immediately if they are not of interest to the data controller.

The data controller has included in its data protection plan an inventory of retention periods used to manage the various applicable data retention terms.

Data deletion will always be carried out in a manner that ensures their confidentiality.

  • What is the legal basis for processing your data?

The data controller observes and applies the various legal bases for processing that apply to each purpose of processing. These are:

  1. Informed consent of the data subject.
  2. Pre-contractual or contractual obligations.
  3. Legitimate interest of the data controller.
  4. Applicable legal obligations.
  5. Other legally established lawful bases.
  • To whom will your data be disclosed?

Data provided by data subjects will not be disclosed to third parties by default, except in the following cases: a) auxiliary services, authorized data processors, or other third parties required for the proper provision of goods and services; b) competent public authorities and administrative bodies acting in the exercise of their duties; c) other legitimate stakeholders and legally provided third parties.

  • What are your rights when you provide or we process your data?

As a data subject, you may at any time request to exercise the following data protection rights:

  • Access: To confirm whether or not personal data concerning you is being processed and to obtain more information about such processing.
  • Rectification or Deletion: To correct inaccurate personal data or to request the deletion of data that is no longer necessary for the purposes for which it was collected.
  • Restriction of Processing: To limit the processing of your personal data in certain cases, in which case the data will be stored solely for the exercise or defense of legal claims, to protect the rights of another person, or for reasons of public interest.
  • Data Portability: To receive your personal data, which you have provided to us, in a structured, commonly used, and machine-readable format, where feasible.
  • Objection: To object to the processing of your data under certain circumstances and for reasons related to your personal situation. The company will cease processing unless compelling legitimate grounds exist or the processing is necessary for the establishment, exercise, or defense of legal claims.
  • Withdrawal of Consent: To withdraw previously granted consent, which may result in the termination of any existing business or contractual relationship, if applicable. This does not affect any processing conducted before the withdrawal of consent.

To exercise these rights, you may contact us at the email or postal address listed at the beginning of this policy.

Optionally, you may also contact our appointed Data Protection Officer or the Data Protection Authority to learn more about your rights or request official protection of such rights.

  • Data Security

We implement the technical and organizational measures necessary in our information systems to ensure an appropriate level of confidentiality, integrity, availability, and resilience of the data in order to protect the rights and freedoms of data subjects.

The controller complies with the provisions and principles of the GDPR by processing data lawfully, fairly, and transparently in relation to the data subject, and in a manner that is adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed.

However, to the extent permitted by law, we accept no liability for damages or harm caused by third-party alterations to our information system. Any security breaches will be promptly reported to the competent authority and/or law enforcement agencies.

  1. Sending of Communications or Information

Our policy regarding the sending of information via electronic means (email, instant messaging, etc.) is limited to sending communications we consider of interest to our users and stakeholders in relation to the company’s operations or which you have consented to receive.

If you prefer not to receive such messages, we will offer you the option to cancel and opt-out of future communications, in accordance with Title III, Article 22 of Law 34/2002 on Services of the Information Society and Electronic Commerce.

  1. Social Media

The data controller may maintain a presence on social media platforms through official profiles, to which this section and all applicable privacy and legal terms of the website shall apply when processing the data of users or individuals who follow or connect with such profiles.

The purposes of these profiles include communication, business development, marketing and advertising, responding to inquiries, customer service, sharing information about the company’s activities or events, and engaging via official accounts.

The legal bases outlined in Section 6 above are further supported in this context by the fact that the user or data subject may hold an account on the same social media platform as the data controller and has voluntarily chosen to follow or connect with the controller’s profile, thereby demonstrating interest in the content published by the controller. Accordingly, by following the controller’s profiles, the user gives consent for the processing of any data accessible through their own profile.

The user may, at any time, review the applicable privacy policies and terms of use of the corresponding social media platform and adjust their profile’s privacy settings as they see fit. Posts made by users are visible to others, and users are therefore primarily responsible for their own privacy.

Followers or participants in our profiles must refrain from:

  1. Posting content or information contrary to law, morality, or good faith. Unlawful, offensive, inappropriate, or harmful conduct is not permitted.
  2. Behaving in a manner inconsistent with principles of legality, honesty, responsibility, protection of human dignity, child protection, public order, privacy, consumer rights, or intellectual and industrial property rights.

The data controller reserves the right to remove any content deemed inappropriate without prior notice. We also disclaim any responsibility regarding the security measures of each platform; users are responsible for familiarizing themselves with and complying with the legal terms and conditions of each platform.

The data controller is expressly exempt from any liability arising from the use of social media by minors or individuals with special needs. The controller’s social media accounts do not knowingly collect any personal information from minors. Therefore, if a user is underage, they must not register, use the controller’s social media platforms, or provide any personal data. In particular, under Spanish law, the processing of a minor’s personal data is only permissible from the age of 14 onward. Additionally, if required by applicable law or if the user has special needs, the involvement of a parent or legal guardian, or another legally authorized representative with valid proof of representation, will be necessary.

  1. Employment and Candidate Management

Individuals interested in applying for job opportunities with the controller may submit their personal and professional information via various channels, preferably through designated forms, email addresses, or other established means for this purpose.

Such data will be processed in accordance with the privacy terms set forth herein, for the purpose of managing applications for potential employment, internships, or training opportunities within the controller’s organization, including any subsidiaries or affiliated companies, where applicable.

The processing will be carried out based on the informed consent of the data subject or another valid legal basis.

If the information provided is not of professional interest to the entity, or once it is no longer necessary for the purposes for which it was collected, it will be deleted, ensuring confidentiality and data anonymization.

Any data subject may revoke their consent and exercise their rights related to privacy in accordance with the terms outlined in this Privacy Policy.