1. WHO IS RESPONSIBLE FOR PROCESSING YOUR DATA?
If you, or any authorised person, have provided us with your data, Netex Knowledge Factory, S.A. with CIF: ESA15595754 we are the data controller for this data. This data will be processed in accordance with provisions established in the regulations on protection of personal data, that is, Regulation (EU) 2016/679 of April 27th, 2016 (GDPR) relating to the protection of individuals and the Spanish Organic Law 3/2018, of December 5th, concerning Protection of Personal Data and Digital Rights Guarantee regarding the processing of personal data and to the free circulation of such data. It is possible that there exist other people responsible for the processing that we carry out, and in such cases we will always inform about the person or entity responsible for this data, as well as their identifying data. At Netex Knowledge Factory, S.A. we are committed to complying with obligations on the secrecy of personal data and the need to safeguard it. Thus we adopt all measures necessary to avoid the alteration, loss, unauthorised access or processing of this data, in accordance with the aforementioned Regulation. Netex Knowledge Factory, S.A. is part of a group that comprises:
- Netex (UK) Limited GB150 0648 44
- ELEARNING SOLUTIONS COMPANY S de RL with the CV ESO120706418
2. WHERE DO WE PROVIDE INFORMATION?
3. WHICH PERSONAL DATA DO WE PROCESS?
The personal data that we process is as follows:
- Data that you decide to provide for us voluntarily.
- Data derived from communications that you have with us.
- Information which is available from publicly available sources, and for which we have legitimate access.
- Data derived from the contractual or pre-contractual relationship that you have with us, including your image, in which case you will always be kept informed about the possibility of your image being captured.
- Data on you provided to us by third parties, where a legitimate basis for this exists or having obtained your consent to do so.
- Data on third parties that you have given us, with the prior consent of the third party in involved.
4. HOW DO WE PROCESS DATA?
5. WHAT IS THE LEGITIMATION OF DATA PROCESSING?
The basis of the legitimisation of the processing of personal data will be that which arises from contractual, pre-contractual, employment or any other kind of relationship required for the processing of data, such as express consent.
6. HOW DO WE MANAGE ELECTRONIC COMMUNICATIONS?
In the case of receiving communications by these means (electronic mail, automated form response messages, and other communication systems), we inform you that such messages are sent exclusively to the recipient, and may contain privileged or confidential information. If you are not the intended recipient, you are hereby notified that the use, disclosure and/or copying of these without permission is prohibited under current legislation. In accordance with the provisions of Law 34/2002 of July 11th on Company Information and Electronic Commerce Services, and Directive 2002/58/EC, we inform you that in the event that you do not want to receive communications and information of a commercial kind via this electronic communication system, please indicate this to us using the same route, stating in the subject “UNSUBSCRIBE TO COMMERCIAL COMMUNICATIONS” so that your personal data are deactivated from our database. Your request will be actioned within a period of 10 days from the date of sending the request. In the event that we do not receive an express reply by you, we will understand that you agree to and authorise our entity to continue making such communications.
7. HOW LONG DO WE RETAIN YOUR DATA?
The personal data relating to individuals that Netex Knowledge Factory, S.A. collects by any means will be retained whilst the person involved does not request its deletion. Also, the data will be retained for as long as the relationship that promoted the processing of the data exists, always respecting legal periods for retention. When such a period has ended, the personal data will be deleted from all the systems of Netex Knowledge Factory, S.A..
8. WILL YOUR DATA BE COMMUNICATED TO THIRD PARTIES?
There will be no sharing, transmission, or transfer of personal data, except for that already noted, other than due to legal obligation. If, due to a request from the Public Administration or the Autonomous Institutions within the scope of those functions expressly conferred on these entities by law, we are asked for your data, we will provide it. If a case of sharing, transmission or transfer of personal data exists outside the scope of the previously mentioned cases, you will receive prior notification so that you can provide us with your consent where required. But so that we can achieve a satisfactory level of internal organisation, plus a good level of operation and procedures to ensure the effective management of Netex Knowledge Factory, S.A., it may be necessary to contract the services of consultants, professionals, or other service-based companies to process data under our instruction. This processing by third parties is regulated in a contract in which, in writing or in some other form that provides for the verification of its signing and content, it is stated expressly and specifically that the data processor therein will process the data in accordance with our instructions and will not apply or use data for any purposes other than those which appear in said contract, nor will this entity communicate the data to other persons, even for its conservation.
9. WHAT ARE YOUR RIGHTS?
Data protection regulations confer on you the following rights:
- Revocation rights of any consent previously given.
- Access rights: To know what type of data is being processed and the characteristics of the processing being done.
- Rectification rights: To be able to request the modification of data which is inaccurate or untruthful
- Portability rights: To be able to obtain a copy in an interoperable format of the data that is being processed.
- Limitation rights of the processing, in cases where this processing is considered unnecessary.
- Cancellation rights: To request the cessation of data processing, and the deletion of the same when its retention is no longer necessary.
Also, we would like to inform you that you can withdraw the consent that you have given, without this affecting the legality of the processing already carried out, by sending your request to the address indicated in the previous paragraph. In this case, your application should be accompanied by a copy of your DNI or other ID document proving your identity. If you want more information regarding the processing of your data, to rectify data which is inaccurate, to object to and/or limit any processing you consider to be unnecessary, or to request the cancellation of the processing when the data is no longer necessary, you can write to Netex Knowledge Factory, S.A., C / Ícaro, 44, 15172 – Oleiros (A Coruña) or by email to email@example.com.
- Such communication should include the following information: Name and surname(s) of the user, a statement of the request being made, along with their address and accredited details.
- The exercising of these rights should be done by the owner him or herself. However, they can also be exercised by someone authorised as a legal representative of the owner. In a such a case, documentation which accredits this representation of the owner should be provided.
Remember, also, that you have the right to present a complaint to the Spanish Data Protection Agency (AEPD), if you consider that your rights have been infringed, to Protección de Datos, C/ Jorge Juan, 6 28001-Madrid – FAX: 914483680- TEL: 901 100 099- E-mail: firstname.lastname@example.org
10. WHAT IS THE PURPOSE AND THE BASIS OF LEGITIMATION OF DATA PROCESSING?
In what follows, we set out the purposes of data processing by one, or all, of the Data Controllers previously specified.