Privacy Policy

Secure&IT » Privacy policy and legal data protection

Privacy Policy

Who is responsible for the processing of your data?

In accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (RGPD) and the Organic Law 3/2018, of 5 December, on the Protection of Personal Data and guarantee of digital rights (LOPDgdd), we hereby inform you of the Privacy Policy of Secure and IT Proyectos S.L. (hereinafter, Secure&IT) with NIF B-85921625, and address at Calle Chile nº 8, Office 105, 28290, Las Rozas, Madrid.

Does Secure&IT have a Data Protection Officer?

Secure&IT has appointed a Data Protection Officer who can be contacted through the e-mail address [email protected].

For what purposes and on what basis do we process your personal data?

Your personal data may be processed by Secure&IT for the following purposes:

  • Contact: The purpose of the treatment is the management and response to requests made through the contact area of the website. Such treatment is legitimized on the basis of the express consent provided by sending your request (art. 6.1 a) RGPD).
  • Potential customers and commercial communications: Secure&IT may process your identification and contact data, for the purpose of maintaining relations of any kind, and to inform you about its products and services, at your request or with your consent. Such processing is legitimized by the legitimate interest (art. 6.1 f) RGPD) that binds the parties, in connection with art. 19 of the Organic Law 3/2018 of 5 December on the Protection of Personal Data and guarantee of digital rights in the case of professional contacts belonging to legal persons. In the case of potential customers natural persons, the processing is legitimized in their express consent (art. 6.1 a) RGPD).
  • Clients: Secure&IT processes the personal data of professional contacts belonging to legal entity clients for the purpose of managing the contractual relationship that binds the parties. Such processing is legitimized by the legitimate interest (art. 6.1 f) RGPD) that binds the parties, in relation to art. 19 of the Organic Law 3/2018 of December 5, on the Protection of Personal Data and guarantee of digital rights. In the case of physical personal customers, the processing is legitimized in the performance of a contract entered into between the parties (art. 6.1 b) RGPD).
  • Suppliers: Secure&IT processes the personal data of professional contacts belonging to suppliers legal entities for the purpose of managing the contractual relationship that binds the parties. Such processing is legitimized by the legitimate interest (art. 6.1 f) RGPD) that binds the parties, in relation to art. 19 of the Organic Law 3/2018 of December 5, on the Protection of Personal Data and guarantee of digital rights. In the case of physical personal providers, the processing is legitimized in the performance of a contract entered into between the parties (art. 6.1 b) RGPD).
  • Events: In the event that you have registered for one of our events, we will process your personal data for the purpose of managing the event, with legitimacy based on your express consent (art. 6.1 a) RGPD), which you provide by registering for the event.
  • Job candidates: In the event that you have submitted your curriculum vitae to enter our selection processes, Secure&IT will process the data for this sole purpose. Such processing is legitimized on the basis of your express consent (art. 6.1 a) RGPD) that you provide by sending your curriculum, as well as in the application of pre-contractual measures at your request (art. 6.1 b) RGPD).
  • Enforcement of rights and privacy management: Secure&IT may process your data for the purpose of handling your requests to exercise your data protection rights, or any other purpose necessary to comply with personal data protection regulations. Such processing is legitimized on the basis of compliance with a legal obligation (art. 6.1 c) RGPD).
  • Whistleblower channel: The purpose of the processing is the management of communications received through our whistleblower channel to bring to our attention potential irregularities committed by Secure&IT staff. Such processing is legitimized on the basis of compliance with a legal obligation (art. 6.1 c) RGPD).
  • Cookies: The use of cookies on our website involves the processing of your personal data. The purpose of the processing is, on the one hand, that you can browse our web pages without errors, through the installation on your device of technical cookies and, on the other hand, the improvement of the functionalities of the website through the information collected from analytical cookies that we install on your device, in the event that you give your consent (art. 6.1 a) RGPD). You can obtain more information about this in our cookies policy.

Who will be able to access your personal data?

Secure&IT will only communicate your personal data to:

  • Those third parties, agencies and public institutions of the General State Administration, of the Autonomous and Local Administrations, including the jurisdictional bodies to which it is legally obliged to provide them.
  • The collaborating companies and/or partners so that they can manage the contractual relationship with you.
  • Companies participating in corporate conferences/events in which Secure&IT is a promoter, due to the management of the relevant sponsorships, in compliance with the obligations of Secure&IT established in the contractual relations assumed with said companies. In these cases, only identification data will be communicated for the purpose of controlling attendance, unless you give your express consent to communicate your personal data to the aforementioned entities for additional purposes.
  • Service providers contractually bound to Secure&IT, as processors, who will process your personal data strictly according to our instructions, and with whom Secure&IT has signed the relevant personal data processing agreements.

Will there be international transfers of personal data?

Secure&IT does not routinely make international transfers of personal data. International transfers of personal data will only be made if strictly necessary to manage our relationship.

In the event that it is necessary to make any international transfer of your personal data, you will be informed in advance, and the international transfer will be carried out in strict compliance with the obligations established in the current regulations on personal data protection.

What security measures will be applied to your personal data?

Secure&IT has implemented the necessary technical and organizational security measures to ensure a level of security appropriate to the risk, taking into account the state of the art, the costs of implementation, and the nature, scope, context and purposes of processing, as well as the risks of varying likelihood and severity to the rights and freedoms of natural persons, in compliance with art. 32 of the General Data Protection Regulation (EU) 2016/679.

In this sense, Secure&IT is certified according to the ISO 27001:2013 Standard, related to information security management systems, as well as in the National Security Scheme in its High level, according to the Royal Decree 311/2022, of May 3, which regulates the National Security Scheme.

How long will we keep your personal data?

Secure&IT will process your personal data for the period of time set out below, which varies depending on the purpose for which we process it:

  • Contact and Potential customers: In the event that you contact Secure&IT to request information about our products and services, your data will be retained for a period of two years from the last communication made by the user, being renewed this computation with each new contact or relationship made by the user.
  • Sending of commercial communications: In the event that you are not a Secure&IT customer, your data will be processed for this purpose until you withdraw your consent. If you are a customer, your data will continue to be kept for the purpose of managing our contractual relationship, but you will not be sent commercial communications from the time you object to such shipment. However, if you are a customer, and do not object to receiving commercial communications, once our contractual relationship will continue to send them based on a legitimate interest, and until you object to such treatment.
  • Clients and Suppliers: The personal data of our clients and suppliers will be kept during the time in which the contractual relationship with the legal entity remains in force, in the case of professional contacts who provide their services in the same; and during the time in which the contractual relationship with the client or supplier natural person remains in force. Subsequently, the personal data will be kept until the prescription of possible legal responsibilities.
  • Events: The personal data of interested parties who register for our conferences/events, will be retained for that purpose for the time necessary to manage the conference/event, and thereafter will be retained until the prescription of possible legal liabilities.
  • Job candidates: Due to the specific profile of Secure&IT‘s vacancies, which are highly technical in nature, we will retain your resume for a maximum period of two years from receipt of your resume. In the event that we consider it necessary to keep your resume for a longer period of time, we will request your express consent and the submission of your updated resume. If you do not provide it, we will delete it immediately. If you do provide it, the two-year period will resume. In the event that you are a registered user of our employment platform, your personal data will be retained until you delete your profile from the platform.
  • Exercise of rights and privacy management: In the event that you have exercised your rights regarding data protection, or we need to process your data in compliance with legal obligations established by the data protection regulations, your data will be kept for the time necessary to comply with our obligations and, subsequently, until the time of prescription of possible legal actions duly blocked.
  • Informant Channel: The personal data processed in Secure&IT ‘s informant channel will be processed for the time necessary to manage the investigation file and, thereafter, until the prescription of possible legal responsibilities duly blocked, for a maximum period of ten years, in order to comply with our obligation to keep a logbook.
  • Cookies: Personal data obtained through cookies that we install on your device on the occasion of your visit to our corporate websites will be retained for the time determined in each cookie, which may vary depending on your customization of the cookie configurator. The maximum retention period is two years. You can find more information in our cookie policy.

How can you exercise your rights in relation to your personal data?

In case you wish to revoke the consents granted, as well as exercise your rights of access, rectification, opposition, deletion, limitation, portability and your right not to be subject to automated decisions, including profiling, you may address a written request to our Data Protection Officer through the following channels:

  • E-mail: [email protected]
  • Postal address: calle Chile nº 8, Office 105, 28290, Las Rozas, Madrid

Likewise, we inform you that you have the right to file a complaint with the Spanish Data Protection Agency if you consider it appropriate.

Secure&IT as data processor

Secure&IT, on occasions, positions itself as a processor of its clients due to the type of services it offers. The regulation of the processing commission shall be governed by the provisions of the general terms and conditions of Secure&IT, in strict compliance with the provisions of art. 28 RGPD.

User commitments

The user undertakes to inform Secure&IT of any change in the information provided. In order to make such communication, you may contact the email account [email protected].

error: ¡Lo sentimos! El contenido de esta web está protegido.