Privacy Notice
Global Omnium Idrica S.L., with address at Plaza Legión Española, Nº4, CP 46010, Valencia, NIF no. B-44527141 and telephone number 963 86 05 00 (hereinafter IDRICA), as the data controller for the processing of your personal data, informs you with complete transparency for your clear understanding:
- Why we need to process your data.
- What data we may store about you and for how long.
- With whom we share your data.
- What are your data protection rights and how can you exercise them.
IDRICA will process your data in full compliance with current data protection regulations. Your data will not be subject to exclusively automated decisions or profiling that could significantly affect you and it will not beused for purposes further or other than those reflected in this document.
A) DATA PROCESSING ACTIVITIES:
Below we provide detailed information on the processing we carry out according to the categories of data subjects whose data we process, for what purposes, on which legal basis, for how long and with whom, if any, we share such data.
a) Purposes and lawfulness of the processing: Your data will be processed for the following purposes:
- The management and monitoring of the relationship with our suppliers, as it is necessary for the performance of a contract or for the application, where appropriate, of pre-contractual measures, as well as by virtue of IDRICA´s legitimate interest.
- Accounting and tax management purposes, as it is necessary to comply with legal obligations that apply to us.
- To send you communications related to special events, such as Christmas or birthday greetings, or, where appropriate, messages of condolence, based on our legitimate interest in maintaining with the most cordial relationship possible with you in accordance with established social customs.
- Additionally and only if the need arises, we will also process your data for control and security purposes, legal advice and regulatory compliance, as it is necessary to satisfy our legitimate interest in the defence of our interests and rights, in the avoidance of conduct contrary to our internal codes and regulations and to comply with legal obligations applicable to us (auditing, compliance with criminal regulations, protection of personal data, etc.).
b) Origin and storage period of your data: The data have been provided to us by you personally or by your legal representative or by other sources (recommendations from third parties, advertising spaces or through your corporate website, or exceptionally, complaints from third parties, witnesses, or competent authorities). We will store the data for as long as you maintain the contractual relationship with us and thereafter, duly blocked, for the legally stipulated period for the defence or filing of possible claims.
c) Categories of personal data: The categories of personal data that we process are identification data, contact information, data related to personal characteristics (such as nationality and marital status), economic, financial and transaction-related data, as well as any other data necessary for the proper provision of the contracted service. Very rarely, we may also process other types of information that may be relevant in a possible internal incident, investigation, or complaint.
d) Communication of your data: We may share your personal data with the following entities and/or persons:
- Public Administrations, other Public Organisms and entities authorized by law, when required or necessary.
- Exceptionally, Courts and Tribunals or other dispute resolution bodies, such as Arbitration Courts and mediators and Notaries and Registrars.
In addition, we may also share your data with our following suppliers, but only to the extent required to provide us with their services:
- Group companies, for administrative and IT support services.
- INLOGIQ SOFTWARE QUALITY, S.L. and other suppliers for computer support and development services and IDRICA’s intranet.
- LOTES DIALVA, S.A., for certain mailings.
- Translation services companies or professionals.
- Consulting and legal firms for the defence of the legal interests and IDRICA rights.
- Other providers that may complement or replace the above.
e) International data transfers: Not foreseen.
a) Purposes and lawfulness of processing: Your data will be processed for the following purposes:
- The management and development of the relationship we maintain with third parties, natural or legal persons, through their legal representatives and, where appropriate, contact persons, based on our legitimate interest in maintaining an appropriate relationship with such third parties.
- To send you communications related to special events, such as Christmas or birthday greetings, or, where appropriate, messages of condolence, based on our legitimate interest in maintaining the most cordial relationship with you in accordance with established social customs.
- Send you information and commercial communications of products, services and activities of IDRICA through the following means:
- By electronic means if you have previously given us your consent to that effect.
- By mail or telephone, based on our legitimate interest in promoting our services and products.
- Additionally, and only if the need arises, we will also process your data for control and security purposes, legal advice and regulatory compliance, as it is necessary to satisfy our legitimate interest in the defence of our interests and rights, in the avoidance of conduct contrary to our internal codes and regulations and to comply with legal obligations applicable to us (auditing, compliance with criminal regulations, protection of personal data, etc.).
b) Origin and storage period of your data: The data have been provided to us by you personally or by your legal representative, or by other sources (the company to which you provide your services, LinkedIn or the corporate website of the company for which you work, or exceptionally, complaints from third parties, witnesses or competent authorities). We store your data as long as you provide your services to the entity with which we maintain a relationship, and subsequently, duly blocked, for the legally established period of time for the defence or filing of possible claims.
However, for the sending of commercial communications by electronic means, we will keep your data as long as you do not revoke the consent you gave us for that purpose.
c) Categories of personal data: The types of data we use are identification data, data related to personal characteristics (such as legal age), employment data (such as place of work and your position), and representation data (in the case of representatives). Very rarely, we may also process other types of information that may be relevant to a possible internal incident, investigation, or complaint.
d) Communication of your data: We may share your personal data with the following entities and/or persons:
- Public Administrations, other Public Bodies and entities authorized by law, when required or necessary.
- Exceptionally, Courts and Tribunals or other dispute resolution bodies, such as Arbitration Courts and mediators and Notaries and Registrars.
In addition, we may also share your data with our following suppliers, but only to the extent required to provide us with their services:
- Group companies, for administrative and IT support services.
- INLOGIQ SOFTWARE QUALITY, S.L. and other suppliers for computer support and development services and IDRICA’s intranet.
- LOTES DIALVA, S.A., for certain mailings.
- Consulting and legal firms for the defence of the legal interests and rights of IDRICA.
- Other suppliers that may complement or replace the above.
e) International data transfers: Exceptionally, we may need to transfer your personal data to Courts and Tribunals or other dispute resolution bodies, State Security Forces and Corps, Attorneys, Experts, Notaries and Registrars outside the European Economic Area, if this is necessary for the formulation, exercise or defence of claims.
a) Purposes and lawfulness of the processing: Your data will be processed for the following purposes:
- Management of selection processes, given our legitimate interest in the selection of personnel to cover job positions or in the request made by the candidate himself.
- Additionally, and only if the need arises, we will also process your data for control and security purposes, legal advice, and regulatory compliance, as it is necessary to satisfy our legitimate interest in the defence of our interests and rights, in the avoidance of conduct contrary to our internal codes and regulations and to comply with legal obligations applicable to us (auditing, compliance with criminal regulations, protection of personal data, etc.).
b) Origin and storage period of your data: The data have been provided to us by you or your legal representative or by other sources (platforms such as LinkedIn or talent search companies, or exceptionally, complaints from third parties, witnesses or competent authorities). We keep them for 1 year from the receipt of the application, CV or candidate history, unless they are necessary for a longer period for the formulation or defense of possible claims or for the investigation of possible irregularities or criminal acts.
c) Categories of personal data: The types of data we use are identification data, contact data, academic and/or professional data, such as job or occupation. Very rarely, we may also process other types of information that may be relevant to a possible incident, investigation or complaint.
d) Communication of your data: We may share your personal data with Public Administrations, other Public Bodies and entities authorized by law, when required or necessary.
In addition, we may also share your data with our following suppliers, but only to the extent required to provide us with their services:
- Group companies, for administrative and IT support services.
- INLOGIQ SOFTWARE QUALITY, S.L. and other suppliers for computer support and development services and IDRICA’s intranet.
- Consulting and legal advisory firms, when strictly necessary.
- Other suppliers that may complement or replace the above.
e) International data transfers: Not foreseen.
a) Purposes and lawfulness of the processing: Your data will be processed for the following purposes:
- Installation of cookies in your browser or device to analyse visits to our corporate website, allow certain user preferences, and for behavioural advertising purposes upon consent given or request made by you. Besides the information contained here and below, you have additional information about cookies in our Cookies Policy.
- Registration and processing of communications or requests received through contact forms and email addresses (such as media@idrica.com, sales@idrica.com and marketing@idrica.com) published on our website for this purpose, based on our legitimate interest in properly attend to the users of our website.
b) Origin and conservation period of your data: The data have been provided to us by you or your legal representative. Those obtained, if any, through cookies, are stored for the period that, for each cookie or type of cookies is indicated in our cookie notice and / or Cookie Policy. With respect to the data you provide when sending us an email or through forms, said data be stored until the communication received is definitively attended and then, duly blocked, during the legally established period for the defence and interposition of possible claims.
c) Categories of data: The types of data we use are identification data, contact data and any other data you provide us with through the communication you send us and, in the case of cookies, data from the device used, such as IP, browser used and its version, as well as data on browsing habits and other statistical data.
d) Communication of your data: Your data will be shared with SOLUCIONES WEB ONLINE, for the provision of the hosting service of our website and with the cookie providers listed in our Cookies Policy.
e) International data transfers: The use of the Google Analytics cookie set involves the transfer of your data to Google, an entity based in the USA, a place that does not offer a level of protection equivalent to that required in Europe with regard to the processing of personal data. For this reason, Google has committed to implement a series of measures to ensure an adequate level of protection equivalent to the European level through the so-called standard contractual clauses as indicated by Google in its Analytics Data Protection Measures document. The use of Youtube cookies also involves transfers of data to Google, which has committed to use EU-approved Standard Contractual Clauses to ensure the adequacy of the transfer to the data protection regulation. You can learn more about the safeguards applied by Google here.
LinkedIn and Twitter cookies also involve a transfer of data to these entities located in the USA, which have committed to apply the corresponding Standard Contractual Clauses as a guarantee to carry out these transfers. You can find more information about the protection mechanisms implemented by LinkedIn here and about the protection mechanisms implemented by Twitter here.
Apart from the above, you can find information on international data transfers carried out by the third parties identified in our Cookies Policy in the section <<Cookies on this website>> of said Policy.
a) Purposes and lawfulness of the processing: Your data will be processed to attend your communication and, if necessary, manage the request or incident raised, as it is necessary to comply with legal obligations that are applicable to us under the rules on data protection.
b) Storage period of your data: We will keep your personal data as long as necessary to resolve the request or incidence and subsequently, duly blocked, during the period legally provided for the defence or filing of possible claims.
c) Communication of your data: We may share your personal data with Public Administrations, other Public Bodies and entities authorized by law, when required or necessary.
In addition, we may also share your data with our following suppliers, but only to the extent required to provide us with their services:
- Group companies, for administrative and IT support services.
- INLOGIQ SOFTWARE QUALITY, S.L. and other suppliers for computer support and development services and IDRICA’s intranet.
- Consulting and legal advisory firms, when strictly necessary.
- Other suppliers that may complement or replace the above.
d) International data transfers: Not foreseen.
a) Purposes and lawfulness of the processing: Your data will be processed to interact with you in those social networks and platforms in which IDRICA has a presence. This processing will be carried out at all times in the context of the platform in question and subject to and based on the Terms and Conditions of the same, which have been accepted.
b) Origin and storage period of your data: Given that in no case do we store your personal data in our own systems, this processing will last as long as you interact with us through the mechanisms available on the various social networks or platforms on which we are present such as, for example, by using the “follow”, “connect” or “like” buttons or other similar buttons or functionalities.
c) Categories of data: The types of data we use are identification data, contact data and any other category of data that you wish to share with us through the platform by which you interact with us.
d) Communication of your data: From IDRICA, we will not share your data with third parties. However, remember that the platform through which you interact with us will process your personal data for its own purposes, including allowing you to use that social network or platform, and that it may communicate your personal data to third parties.
e) International data transfers: We will not disclose your data to third parties outside the European Economic Area. However, please note that the platform through which you interact with us may do so. For more information, please refer to the privacy notice of that platform.
f) Particularity on the exercise of data protection rights: Without prejudice to the fact that you can contact us whenever you consider it appropriate to exercise your data protection rights as indicated in section D), please note that you can exercise many of the rights set forth herein on your own through the tools available on the platform you use to interact with us. For example, you may rectify your personal data by modifying your profile on the platform, delete your data by deleting your account on the platform or by ceasing to interact with us on the platform, or exercise your right to data portability by requesting it from the platform.
a) Purposes and lawfulness of the processing: Your data will be processed for the following purposes:
- To send you information and commercial communications by electronic means (email or sms) of products, services and activities of IDRICA, provided that you have given us your consent to do so.
- To send you information and commercial communications by mail or telephone based on the legitimate interest we have in promoting our services and customer acquisition and loyalty.
b) Origin and conservation period of your data: Your personal data will have been provided to us by you or your legal representative. We will keep your data as long as you do not withdraw the consent given to us and subsequently, duly blocked, during the legally established term for the defence or interposition of possible claims.
c) Categories of data: The types of data we use are identification or contact data.
d) Communication of your data: Unless legally obliged or required by a competent public authority, we will only share your data with courier companies for postal delivery.
e) International data transfers: Not foreseen.
a) Purposes and lawfulness of the processing: Your data will be processed for the following purposes:
- Access control to IDRICA facilities, based on the legitimate interest in the protection of employees, business assets and visitors to IDRICA.
- Attending visitors and communications at the reception, under the contract or pre-contract with the visitor, if any, and the legitimate interest of IDRICA in attending such communications.
b) Period of retention of your data: We will keep your data for one month from your visit, unless they are necessary for a longer period for the formulation or defence of possible claims or for investigation of possible irregularities or criminal acts and, subsequently, duly blocked, during the period legally provided for the defence or filing of possible claims.
c) Communication of your data: Your data will only be communicated to third parties exceptionally in the event of claims, in which case they will be communicated to insurance companies, Courts and Tribunals or other dispute resolution bodies and State Security Forces and Corps.
d) International data transfers: Not foreseen.
B) IS IT MANDATORY THAT YOU PROVIDE US WITH YOUR PERSONAL DATA?
It will be mandatory that you provide us with the data that, as described before for each category of persons, are necessary for those purposes based on the performance of a contract that we have with you or for the fulfilment of legal obligations. In these cases, if such data is not provided, it will not be possible to fulfil your request or to perform all or part of the corresponding contract.
C) ABOUT OUR SUPPLIERS:
When choosing suppliers whose services involve them processing personal data on our behalf, IDRICA applies strict criteria to choose only those suppliers who offer an adequate level of guarantees for this purpose. We also contractually require them to adopt the necessary technical and organizational measures to ensure the protection of the rights and freedoms of the persons whose information is processed and that they may only use personal data for what is strictly necessary according to the service they provide us and for the duration of such service.
D) YOUR RIGHTS AND HOW TO EXERCISE THEM:
You have the right to obtain information about the processing of your data, to access it, to have it rectified or, where appropriate, deleted. In certain circumstances, you also have the right to limit the processing of your data, in which case we will only keep them for the exercise or defence of claims, to object to their processing and to their portability by transmitting them to you or directly to another company that you designate.
Revocation of consent: In relation to the processing of your data that we carry out based on the consent you have given us for it, you have the right to withdraw, at any time, such consent, although the revocation will not produce retroactive effects, so it will not affect the processing that had been carried out up to that moment.
You may exercise your right to object to the purposes described above that are based on the satisfaction of a legitimate or public interest. This right may be denied if, in view of the request made, it is proven that compelling legitimate grounds for the processing prevail or if the data are necessary for the formulation, exercise or defence of claims.
To exercise any of these rights you can contact IDRICA at the postal Plaza de la Legión Española, número 4, 46010 de Valencia y provista de C.I.F.: B-44527141 or by e-mail protecciondedatos@idrica.com.
We also inform you that, if you consider that there has been any kind of violation in relation to the processing of your personal data, you can file a complaint with the competent supervisory authority (in Spain the Agencia Española de Protección de Datos or body that replaces it in the future, for other European countries consult here).
E) CONTACT POINT:
For additional information, or for any other questions regarding the processing of your data, please do not hesitate to contact our Data Protection Officer through:
Address: Plaza de la Legión Española, número 4, 46010 de Valencia
E-mail: DPO@idrica.com.
F) INFORMATION SECURITY POLICY:
Global Omnium Idrica informs its customers and suppliers of the existence of its Information Security Policy, whose main objectives are:
- To guarantee the quality of the information and the continued provision of the organisation’s services, taking the appropriate preventive measures to protect the systems against accidental or deliberate damage, supervising daily activity and reacting promptly to security incidents.
- To establish a strategy for all the staff who process data in the organization, including protecting systems and information against any threats that may compromise their confidentiality, integrity, availability, authenticity and/or traceability.
Should you require a copy of Idrica’s Information Security Policy, please send us an email to quality@idrica.com.
Current version dated 13 of December of 2023.