+34 919.342.330
  • Calle Via de Los Poblados, 1 - Madrid - ES
Get in touch

Privacy policy

Processing

What processing do we perform with your personal data?

In compliance with Regulation (EU) 2016/679 and the Organic Law on Personal Data Protection, we inform you that your personal data may be subject to the following processing:

  • TR04 – Advertising campaigns (Legal basis: Law 34/1988, of November 11, General Advertising Law.)
  • TR08 – Collection of opinions from interested parties (Legal basis: Regulation (EU) 2016/679 on data protection and LOPD.)
  • TR03 – Own staff selection (Legal basis: Royal Legislative Decree 3/2015, of October 23, which approves the revised text of the Employment Law.)
  • TG01 – Accounting management and own books, as responsible party (Legal basis: Royal Decree 1514/2007, of November 16, which regulates the General Accounting Plan.)
  • TG25 – Data collection for own fiscal management (Legal basis: Law 58/2003, of December 17, General Tax Law.)
  • TG12 – Own labor management: data collection (Legal basis: Royal Legislative Decree 1/1994, of June 20, which approves the revised text of the General Social Security Law.)
  • TR09 – Security on technical and organizational measures in applied software (Legal basis: Regulation (EU) 2016/679 on data protection and LOPD.)
  • TE08 – Personal Data Protection (Legal basis: Regulation (EU) 2016/679 and Organic Law 3/2018.)
  • TE02 – Occupational risk prevention (Legal basis: Law 31/1995, of November 8, on Occupational Risk Prevention.)
  • TE07 – Document destruction (Legal basis: Regulation (EU) 2016/679.)
  • TV01 – Sales/Service Provision (Legal basis: Commercial and Fiscal Legislation.)
  • TE03 – Transport service and/or package delivery (Legal basis: Royal Decree of August 22, 1885, which publishes the Commercial Code.)
  • TR05 – Emails (Legal basis: Commercial Code and other applicable legislation.)
  • TR01 – Information requests received (Legal basis: Commercial Code and other commercial provisions.)
  • TR07 – Incident and/or security breach management (Legal basis: Regulation (EU) 2016/679 on data protection and LOPD.)
  • TE04 – Own legal matters management (Legal basis: Applicable commercial and labor legislation.)
  • TE01 – Maintenance of IT systems (Legal basis: Commercial Code.)

Responsible Party

¿Quiénes somos?

Who are we?

We are responsible for the processing of your data. Therefore, we inform both the interested parties and the competent authorities in an express, precise, and unequivocal manner about the following aspects related to the data controller:

EXPOENT PACK S.L
B09953043
CALLE VIA DE LOS POBLADOS Nº 1, 3º ANDAR EDIFÍCIO E
MADRID 28033
MADRID
[email protected]

Purposes

What do we use your personal data for?

In this organization, we may process your personal data exclusively for the following purposes:

  • Verify that all necessary technical measures are being implemented for the correct management of personal data with the applied software.
  • Send commercial and/or advertising information by email.
  • Manage information requests received from the interested party about our products or services.
  • Exclusively manage internal incidents detected in compliance with the GDPR requirements.
  • Conduct advertising campaigns to promote our services and/or products.
  • Collect opinions from interested parties.
  • Select personnel to fill necessary job vacancies.
  • Comply with all requirements stipulated by the Occupational Risk Prevention Law.
  • Send packages and correspondence.
  • Manage any legal issues affecting the company.
  • Manage, maintain, and repair data storage systems.
  • Perform actions for our own labor management.
  • Perform actions for our own fiscal and accounting management.
  • Comply with the principle of limiting the retention period of personal data.
  • Comply with the requirements of Regulation (EU) 2016/679 and Organic Law 3/2018.
  • Administrative management of individual clients.
  • Carry out the sale or provision of the contracted service.
  • A commercial or user profile may be created based on the information provided or obtained. It is expressly stated that, under no circumstances, will profiles be created with the data of a minor.
  • The personal data you provide will be kept as long as the contractual relationship lasts or, if applicable, until you exercise your right to object or withdraw the consent given. To do this, you can go to the corresponding section on our website or send an email to the address indicated in the section regarding the responsible party.

Legitimacy

Why do we use your personal data?

We are authorized to process your personal data for the following reasons:

  1. Your unequivocal, informed, and express consent, in cases where it is legally required, without in any case conditioning the execution of other processing whose legitimacy is different, and without affecting the legality of the processing prior to the withdrawal of such consent.
  2. A legal obligation of the data controller.
  3. The execution of the service provision contract and/or purchase of the corresponding products, signed by you.
  4. The legal basis for processing your data is a legitimate interest of the data controller. This interest is based on a prior proportionality or balancing test between the legitimate interest of the controller and the interests or rights and freedoms of the data subjects. This balancing involved assessing the interest, evaluating the impact of the processing on the data subjects, balancing the two aforementioned concepts, and implementing additional safeguards. Since the final balance is favorable to the controller, the processing can be carried out in accordance with the applicable data protection legislation. For any questions or clarifications, you can contact us through the email provided in the section corresponding to the data controller.

Recipients

Who can we share your personal data with?

Your personal data will be shared with the following companies and organizations:

  • Tax Agency
  • State Public Employment Service
  • General Treasury of Social Security
  • National Data Protection Agency
  • Banks and savings banks

Your personal data will not be transferred to any third country or international organization.

Sources

What data do we process and how did we obtain it?

Your personal data will be incorporated into the following files, owned by the organization:

  • FG01 Own accounting management
  • FG02 Own labor management
  • FG15 Own fiscal management. Data collection
  • FE01 IT maintenance
  • FE02 Occupational risk prevention
  • FE03 Transport and shipping
  • FE04 Own legal matters
  • FR01 Information requests received
  • FR03 Own personnel selection
  • FR04 Advertising campaigns
  • FR05 Emails
  • FR07 Incident and/or security breach management
  • FR08 Collection of opinions from interested parties
  • FR09 Security in software and hardware
  • FE07 Document destruction
  • FE08 Personal Data Protection
  • FP01 Clients

The personal data we process in our organization come from the following sources:

  • The data subject themselves

Rights

What rights can you exercise?

We guarantee the exercise of your rights regarding the processing of your personal data.

  • Obtain confirmation if your data is being processed.
  • Exercise the right to access the personal data we hold, obtaining information about the purposes of processing, the category of data processed, the possible recipients, the retention period, the origin of the data, and, if applicable, the creation of profiles or automated decision-making.
  • Exercise the right to rectification. Remember that the personal data we hold must always accurately reflect reality, so feel free to exercise your right if any data undergoes alteration, change, or cancellation. You guarantee that the personal data provided by any means are true and accurate, committing to notify any alteration or modification, being solely responsible for any loss or damage caused to the controller or third parties due to the communication of incorrect, inaccurate, or incomplete information.
  • For reasons related to your specific situation, you can object to the processing of your data, in which case our organization will stop processing the data unless there are legitimate reasons that prevent it.
  • Request the deletion of your personal data when, among other reasons, they are no longer necessary for the purposes described above or when we no longer have the legitimacy to process them.
  • Request the portability of your data, when the processing is carried out by automated means and is linked to our entity based on a signed contract or you have given consent for the processing performed. In these cases, you have the right to receive your personal data in a structured, commonly used, and machine-readable format, or to transmit them directly to another controller when technically possible.
  • In certain circumstances, you can request the limitation of the processing of your data, in which case we will only keep them for the exercise or defense of claims.
  • Object to automated decision-making, including profiling.

These rights can be exercised free of charge, except in legally provided cases, by written and signed request from you or, if applicable, from your representative, addressed to the controller, at the addresses provided for this purpose in the first section, or physically at any of our establishments.

You also have the right to file complaints, either with the Spanish Data Protection Agency (on the website https://www.agpd.es/) or with the corresponding supervisory authority. Likewise, you can resort to the Courts of Justice to seek compensation.

Finally, you have the right to withdraw your consent in the same way you gave it. To do this, you can visit our website, where you will find the necessary information to quickly and easily cancel the authorization granted for these communications. You can also send an email to the address indicated in the section concerning the controller.

Additionally, we inform you that for each processing of your personal data, the possible threats and impacts that may occur as a result of them are determined, mitigating or eliminating, if possible, potential damages, through the application of corresponding security measures that are periodically reviewed to determine their effectiveness.

Our control system also allows us to comply with the principles of processing your data, being able to demonstrate to the interested party the principle of purpose limitation of the processing, the principle of retention period limitation, the principle of data minimization, as well as the principle of integrity and confidentiality.

Finally, we inform you that you will periodically receive surveys that will allow us to know your opinion about any suggestion related to the processing of your personal data, to also comply with the principle of transparency and accuracy of the data processed.

Last updated: 05/07/2024

Copyright © 2023 FCO Group. All rights reserved