WHO IS RESPONSIBLE FOR THE PROCESSING OF YOUR DATA?
The companies of the SISTEPLANT group, which is composed of the following entities, are respectively responsible for the processing of your personal data:
Company name: SISTEPLANT SL
C.I.F./N.I.F.: B95299707
Registered Office: Parque Tecnológico, Edif. 607, 48160 Derio ( Bizkaia)
Registered in the Mercantile Registry of Bizkaia Volume 4390, Folio 65, Page BI 38863, 1st Inscription
Company name: SISTEPLANT TECHNOLOGY SL
C.I.F./N.I.F.: B88002191 Registered
Office: Calle Golfo de Thessaloniki 27 piso 1º, 28033 Madrid (Madrid)
Registered in the Mercantile Registry of Madrid Volume 37269, Folio 103, Section 8, Page M 664662, Inscription 1ª
For both entities
From now on and to refer to both, the expression SISTEPLANT will be used.
FOR WHAT PURPOSE DO WE PROCESS YOUR PERSONAL DATA?
In accordance with the provisions of EU Regulation 679/2016 and Organic Law 3/2018 of December 5 on the protection of personal data and guarantee of digital rights, we inform you that the personal data you provide us and those generated during the development of the relationship with you, are treated for the following purposes:
HOW LONG WILL WE KEEP YOUR DATA?
The personal data provided will be kept as long as its deletion is not requested by the interested person, or who legally acts as their legal representative and this proceeds, and as long as they are necessary -including the need to keep them during the applicable limitation periods- or relevant for the purpose for which they were collected or registered.
The conservation of the data will be conditioned to the legal obligation that SISTEPLANT has to keep them. Once these deadlines have passed, the data will be destroyed or deleted, and the deletion, elimination or destruction will be carried out so that the information contained in the media is not recoverable.
Legitimation
The legal basis for the processing of your data is the consent given by the person concerned. This is obtained expressly and unequivocally by completing and, where appropriate, sending the documents and forms on paper or electronic in which your data is collected. In all the documents of the entity, which are used to collect data for the different uses, there are informative clauses in accordance with the provisions of the data protection regulations and the consent is expressly expressed by signing by the interested person, or sending the existing forms on the website.
The processing is also a cause of legitimacy when it is necessary for the execution of a contract, or the provision of a service provided to the interested persons, in which they are a party, or for the application at their request of pre-contractual measures (art. 6.1.a and b GDPR).
SISTEPLANT is also entitled to process your data to comply with the legal obligations to which it is subject and for the satisfaction of legitimate interests, provided that the interests or fundamental rights of the interested parties do not prevail over these.
Whatever the cause of legitimation, the consent can be revoked at any time.
TO WHICH RECIPIENTS WILL YOUR DATA BE COMMUNICATED?
Your data will not be transferred to any entity without your consent except for the assignments provided by law, in this sense your express consent will be requested for the transfer of your data to any other entity.
As a result of the management of the authorized purposes, your data may be communicated to the companies that make up the SISTEPLANT group and entities or persons directly related to SISTEPLANT and the services provided by it. Likewise, your personal information will be available to the Public Administrations, Judges and Courts, for the attention of the possible responsibilities arising from the treatment and provided that these assignments are covered by law.
Your data may also be transferred to companies that provide us with some type of advisory services, computer maintenance, marketing, training or auditing. These entities only have access to the personal information that is necessary to carry out these services, requiring it through a “data processing order” contract that maintains confidentiality, that they cannot use the information for other purposes and that they adopt measures that guarantee the integrity and availability of it.
International data transfers outside the European Union or to entities that do not comply with the data protection standards established by EU Regulation 679/2016 are not foreseen.
WHAT IS THE ORIGIN OF YOUR DATA?
The personal data processed by SISTEPLANT are provided by the person concerned, by the entity in which it provides services or obtained from sources accessible to the public.
WHAT CATEGORY OF DATA DOES SISTEPLANT PROCESS?
SISTEPLANT will process the data you provide us, which may be of the following categories:
WHAT ARE YOUR RIGHTS?
Anyone has the right to obtain confirmation as to whether SISTEPLANT processes personal data concerning them, or not.
Interested persons have the right to access their personal data and to obtain a copy of the personal data being processed, to update them, as well as to request the rectification of inaccurate data or, where appropriate, request its deletion when, among other reasons, the data are no longer necessary for the purposes for which they were collected.
In certain circumstances and for reasons related to their particular situation, interested parties may object to the processing of their data. SISTEPLANT will stop processing the data, except for compelling legitimate reasons, or the exercise or defense of possible claims.
Also in certain circumstances, provided for in Article 18 RGPD, the interested parties may request the limitation of the processing of their data, in which case SISTEPLANT will treat them, with the exception of their conservation, with the consent of the interested party or for the formulation, exercise or defense of claims, or with a view to the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a given Member State.
In the event that it was applicable, as a result of the application of the right to erasure or opposition to the processing of personal data in the online environment, the interested parties have the right to be forgotten according to the jurisprudence of the Court of Justice of the EU.
By virtue of the right to portability, the interested parties have the right to obtain the personal data concerning them in a structured format of common use and mechanical reading and to transmit them to another person in charge.
Every data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects on him or her or similarly significantly affects him, except for the exceptions provided for in Art.22.1 GDPR.
The interested party has the right to the deletion of their data, due to the disappearance of the purpose that motivated the treatment or collection, by revocation of consent when it is this one that legitimizes the treatment, or for the rest of the reasons contained in article 17RGPD. The deletion will be carried out by proceeding to the high-level erasure of the data contained in automated media and the physical destruction of non-automated media
HOW CAN YOUR RIGHTS BE EXERCISED?
By means of a letter always accompanied by a copy of the DNI or other document that proves the identity of the interested person addressed to the addresses indicated in the heading.
WHAT COMPLAINT CHANNELS ARE THERE?
If you consider that your rights have not been duly addressed, you have the right to file a claim with the Spanish Agency for Data Protection, whose contact details are: Telephones: 901 100 099 91.266.35.17 Postal address: C / Jorge Juan, 6 Madrid.
These conditions apply to contracting with the companies that make up the SISTEPLANT group and which currently are:
Company name: SISTEPLANT SL C.I.F.
/N.I.F.: B95299707
Registered Office: Parque Tecnológico, Edif. 607, 48160 Derio ( Bizkaia)
Registered in the Mercantile Registry of Bizkaia Volume 4390, Folio 65, Page BI 38863, 1st Inscription
Company name: SISTEPLANT TECHNOLOGY SL C.I.F.
/N.I.F.: B88002191 Registered
Office: Calle Golfo de Thessaloniki 27 piso 1º, 28033 Madrid (Madrid)
Registered in the Mercantile Registry of Madrid Volume 37269, Folio 103, Section 8, Page M 664662, Inscription 1ª
These general conditions are added to the contracts of the company with its clients, thus being stated in the different documents or annexes that are signed with the particular conditions applicable to each contract or service.
From now on, the name SISTEPLANT will be used to refer to any of the aforementioned companies.
The following is established as domicile for the purposes of any type of communication:
Registered Office: Parque Tecnológico de Bizkaia Edif. 607, 48160 Derio ( Bizkaia)
For both entities
2.1.- PROTECTION OF PERSONAL DATA
These clauses establish the conditions that enable SISTEPLANT to process personal data arising from the execution of the contract or the provision of the service contracted with the client.
SISTEPLANT will process, to the extent that the execution of the contract or the provision of the service makes it essential, personal data for which the client is responsible. These general conditions, mentioned in the particular conditions and accepted by the client are established to comply with the provisions of article 33 of Organic Law 3/2018 of December 5 on the protection of personal data and guarantee of digital rights, and in 28 of EU Regulation 2016/679 delimiting the obligations of the person in charge and the person in charge of treatment.
The treatment that is carried out will consist of the service detailed in the contract or budget accepted by the client
The client as responsible for the treatments authorizes SISTEPLANT to treat on its own the personal data contained in its files and treatments to the extent that this is necessary to provide the indicated service.
Regarding the indicated data, SISTEPLANT may treat them by adopting those decisions that are necessary for the adequate provision of the service.
2.1.2. IDENTIFICATION OF AFFECTED INFORMATION
For the execution of the services derived from the fulfillment of the object of this order, the client responsible for the treatment has made available to the entity SISTEPLANT, in charge of the treatment, the information described in the particular conditions, or in the accepted budget, without this description being exhaustive or excluding other related documents.
2.1.3. OBLIGATIONS OF THE CUSTOMER AS DATA CONTROLLER
The client, as responsible for treatment, in addition to those established in the data protection regulations, corresponds to at least the following obligations:
2.1.4. OBLIGATIONS OF SISTEPLANT SL AS DATA PROCESSOR
SISTEPLANT undertakes to comply with the provisions of European and Spanish data protection regulations and undertakes to:
2.1.4.1 INSTRUCTIONS FOR USE AND COMMUNICATION OF DATA
2.1.4.2 SECURITY MEASURES.
SISTEPLANT has adopted the appropriate security measures to safeguard the integrity of the personal data to which it has access for the provision of the service, and to prevent its alteration, loss, unauthorized access. In the same way, the measures adopted guarantee the confidentiality, integrity and availability of the information, as well as the permanent resilience of the treatment systems in case of physical or technical incident.
SISTEPLANT is in the process of implementing in your organization an information security management system, based on the UNE-EN-ISO 27001 standard.
The mode of provision of SISTEPLANT services will determine the security measures that are applicable as well as the person responsible for their establishment and maintenance. The services can be provided in different modalities:
2.1.4.3 PERSONNEL
The number of people who depend on SISTEPLANT, which processes the personal data of the person in charge is limited and known. There is an updated list of profiles with access, which are always essential to comply with the purpose of the contract.
All SISTEPLANT staff receive periodic training on confidentiality and data protection, know the applicable regulations, their obligations in the matter and the consequences of non-compliance with the law.
2.1.4.4. REGISTRATION OF PROCESSING ACTIVITIES
SISTEPLANT, keeps in writing, a record of all categories of processing activities carried out on behalf of the controller, and this contains:
2.1.5.- COMMUNICATION TO OTHER DATA PROCESSORS
SISTEPLANT may communicate the data to other data processors of the same controller, in accordance with their instructions. In this case, the person in charge will identify, in advance and in writing, the entity to which the data must be communicated, the data to be communicated and the security measures to be applied to proceed with the communication.
If SISTEPLANT must transfer personal data to a third country or to an international organization, under the Union or Member State law applicable to it, it will inform the person responsible for that legal requirement in advance, unless such law prohibits it for important reasons of public interest.
2.1.6.- SUBCONTRACTING
The customer allows the subcontracting of the services that are part of the object of this contract – Some of which involve the processing of personal data, especially the hiring of trainers.
The subcontractor, who will also have the status of data processor, is also obliged to comply with the obligations established in this document for SISTEPLANT as data processor and the instructions issued by the data controller. It corresponds to SISTEPLANT as initial manager, to regulate the new relationship so that the new person in charge is subject to the same conditions (instructions, obligations, security measures …) and with the same formal requirements as him, in relation to the proper processing of personal data and the guarantee of the rights of the affected persons. In the event of non-compliance by the sub-processor, SISTEPLANT as the initial processor will remain fully liable to the person in charge.
2.1.7.- RIGHTS OF INTERESTED PERSONS
SISTEPLANT, undertakes to assist the data controller in responding to the exercise of the rights of:
When the affected persons exercise the rights of access, rectification, deletion and opposition, limitation of treatment, portability of data and not to be subject to automated individualized decisions, before SISTEPLANT, it must communicate it by email to the usual address of the person in charge. The communication will be made immediately and in no case beyond the working day following the receipt of the request, together, where appropriate, with other information that may be relevant to resolve the request.
2.1.8.- NOTIFICATION OF DATA SECURITY BREACHES
SISTEPLANT as the person in charge of the treatment will notify the person responsible for the treatment, without undue delay, and in any case before the maximum period of 72 hours, and through EMAIL, the breaches of the security of the personal data in its charge of which it has knowledge, together with all the relevant information for the documentation and communication of the incident.
Notification shall not be required where such a breach of security is unlikely to constitute a risk to the rights and freedoms of natural persons.
If available, at least the following information shall be provided:
If and to the extent that it is not possible to provide the information simultaneously, the information shall be provided gradually without undue delay.
The person responsible for the treatment will be the one who must make the communications to the Data Protection Agency or to the interested persons .
2.1.9.- COLLABORATION WITH THE RESPONSIBLE
SISTEPLANT is committed to
2.1.10-TERMINATION OF THE RELATIONSHIP
Once the service has been completed, in accordance with the provisions of the contract, SISTEPLANT at the choice of the data controller will proceed to
Last updated: March 16, 2023
