WHO IS THE DATA CONTRIOLLER OF YOUR DATA?
Name: IRUDEK 2000 S.L.
Tax Identification Code/Tax Identification Number: B20649505
Registered Office: Erribera Industrigunea, 8-A, 20150, Aduna (Gipuzkoa)
Recorded in the Commercial Registry of Gipuzkoa, Sheet -SS-15176, Folio -18, Volume -1734, Section -8, First entry.
Telephone: 943692617
Email address: rgpd@irudek.com

FOR WHAT PURPOSE DO WE PROCESS YOUR PERSONAL DATA?
Pursuant to the provisions of EU Regulation 679/2016 and Organic Law 3/2018 of 5 December on the protection of personal data and guarantee of digital rights, we inform you that the personal data you provide and that which is generated during the development of the relationship with you, is processed for the following purposes:

• To respond to your requests.
• To provide you with information about IRUDEK 2000 S.L. products, with you consenting to the sending of commercial communications by email or by any other equivalent means of electronic communication (such as SMS) that you have provided us with.
• To allow you to participate in competitions and or commercial promotions.
• If you send us your CV, your application will be taken into account in the recruitment process.
• Sending communications by any means that you have provided us with, related to activities carried out by the organisation and which may be of interest to you.
• Responding to queries, complaints and suggestions, and carrying out all kinds of communication actions.
• Accounting, tax and administrative management of the entity.

For how long will we store your data?
Personal data provided to us shall be kept until its deletion is requested by the person concerned, or whoever legally acts as their legal representative, and for as long as it is necessary – including the need to keep it for the applicable or relevant limitation periods – for the purpose for which it was collected or recorded.

Data will be stored subject to IRUDEK 2000 S.L.’s legal obligation to keep it. Once these time periods have elapsed, the data shall be destroyed or erased, and the deletion, elimination or destruction shall be carried out in such a way that the information is no longer recoverable.

Legitimisation
The legal basis for processing data is the consent given by the person concerned. This is obtained expressly and unequivocally by you completing and, where appropriate, sending the paper or electronic documents and forms in which your data is collected. All the organisation’s documents, which are used to collect data for different uses, contain informative clauses pursuant to Data Protection regulations, and consent is expressly given by means of the concerned party’s signature, or by sending the forms that are on the website.

The processing is also legitimate if it is necessary for the performance of a contract, or the provision of a service provided to the data subjects, to which they are party, or for the application of pre-contractual measures at their request (Article 6.1.a and b GDPR).

IRUDEK 2000 S.L. is also legitimised in any processing to comply with the legal obligations to which it is subject and for the satisfaction of legitimate interests, provided that the interests or fundamental rights of the persons concerned do not prevail over these.

To whom will your data be communicated?
Your data will not be transferred to any organisation without your consent, except for those transfers provided for by law. In this regard, your express consent will be requested for the transfer of your data to any other organisation.

As a consequence of the management of the authorised purposes, your data may be communicated to organisations or persons directly related to IRUDEK 2000 S.L. and to the services provided by them. Likewise, your personal information will be at the disposal of public administrations, judges and courts, to deal with possible liabilities arising from the processing and provided that these transfers are protected by law.

Your data may also be disclosed to companies that provide us with consultancy, IT maintenance, marketing, training or auditing services. These organisations only have access to personal information that is necessary to carry out these services, and are required by a “data processing contract” to maintain confidentiality, not to use the information for other purposes, and to take measures to ensure the integrity and availability of the information.

No international transfers of data outside the European Union or to entities that do not comply with the data protection standards set out in EU Regulation 679/2016 are foreseen.

Where does your data come from?
The personal data processed by IRUDEK 2000 S.L. is provided by the person concerned or obtained from sources accessible to the public.

What categories of data does IRUDEK 2000 S.L. process?
IRUDEK 2000 S.L. will process the data you provide us with, which may be in the following categories:

• Identification and contact details
• Academic and professional data
• Detailed employment data
• Economic, financial and insurance data
• Business information

What are your rights?
Any person has the right to obtain confirmation as to whether or not IRUDEK 2000 S.L. processes personal data concerning them.

The persons concerned have the right to access their personal data and to obtain a copy of the personal data undergoing processing, to update it, and to request the correction of inaccurate data or, where appropriate, to request its deletion when, among other reasons, the data is no longer necessary for the purposes for which it was collected.

In certain circumstances and on grounds relating to their particular situation, concerned parties may object to the processing of their data. IRUDEK 2000 S.L. will stop processing the data, except for legitimate reasons, or to exercise possible claims.

Also, in certain circumstances, provided for in Article 18 GDPR, concerned parties may request that the processing of their data be restricted, in which case IRUDEK 2000 S.L. will process it, with the exception of its storage, with the consent of the concerned party or for the formulation, exercise or defence of claims, or for the protection of the rights of another natural or legal person or for reasons of public interest of the Union or of a specific Member State.

As a consequence of the application of the right to delete or object to personal data processing with regard to the online environment, concerned parties have the right to be forgotten according to the jurisprudence of the Court of Justice of the EU.

Pursuant to the right to portability, concerned parties have the right to obtain their personal data in a structured, commonly used and machine-readable format and to transfer it to another processor.

All concerned parties have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects with regards to them or which significantly affects them in a similar way, subject to the exceptions provided for in Article 22.1 GDPR.

The concerned party has the right to have their data deleted, as a result of the purpose for which the data was processed or collected having ceased to exist, as a result of revocation of consent when this is what legitimises the processing, or for other reasons set out in Article 17 of the GDPR. Deletion shall be carried out via high-level data erasure on automated media and physical destruction of non-automated media.

How can you exercise your rights?
In writing, with a copy of an ID card or other documents that prove the identity of the person concerned, to the addresses indicated at the top of this page.

What avenues of complaint are there?
If you feel that your rights have not been properly addressed, you have the right to file a complaint with the Spanish Data Protection Agency, whose contact details are: Telephone: 901 100 099 / 912 663 517. Postal Address: C/ Jorge Juan, 6 Madrid.