Pruvacy Policy

Geprom Software Engineering, S.L.U. (here in after referred to as “Geprom”), as the owner of this website (the “Website”), informs you that the companies of the Telefónica Group are committed to respecting the privacy of users and the secrecy and security of personal data, in compliance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation), as well as in Organic Law 3/2018, of 5 December, on the Protection of Personal Data and the guarantee of digital rights and other regulations in force.

Our principles are:

TRANSPARENCY

We will not treat your data in an unexpected, obscure or abusive way.

When we collect your personal data through our Website, you will be properly informed about: who processes your data, what is the purpose of the processing, what is the basis for the legitimacy of the processing, the possibility of exercising your rights and other relevant information. Furthermore, your data will be deleted according to the defined retention policy about which you will be informed and in any case, when you request it by exercising your right of deletion.

CONTROL

We will seek your consent where necessary and we will provide you with the necessary tools to access and update your personal information, as well as to decide how to manage your data, selecting the purposes for which we will process it.

SECURITY

We take care to ensure the security, secrecy and confidentiality of your data. Therefore, as part of our commitment and in compliance with current legislation, we have adopted the most demanding and robust security measures and technical means to prevent their loss, misuse or access without your authorisation, undertaking to keep them secret and guaranteeing our duty to safeguard them by adopting all necessary and reasonable measures to prevent their alteration, loss and unauthorised processing or access, in accordance with the provisions of the applicable legislation.

Therefore, at Geprom your privacy is a priority, which is why we protect your information in accordance with the privacy policy you can read below. If you have any questions, please contact us atinfo@geprom.comand we will be happy to help you.

 

1. Who is the data controller?

 

Geprom Software Engineering, S.L.U., company with CIF B-66844069 and registered office in Mollet del Vallés, Barcelona (Spain), C.P. 08100, calle Octavi Lecante, 8 -10, will be responsible for the processing of your data in accordance with what we inform you in this Privacy Policy.

 

We also have a Data Protection Delegate who ensures compliance with data protection regulations at Geprom, and who can be contacted for any questions, doubts and/or complaints you may have when we process your data, by writing to DPO_telefonicasa@telefonica.com.

2. What data is processed, for what purpose and why do we process the data?

 

Depending on the section of the Website, the data collection channel or the means by which you interact with Geprom, your data may be processed for the following purposes:

 

2.1 Handling of enquiries made through forms or other contact channels

What for? – Purposes of treatmentThe purpose of the treatment that we pursue is to attend and respond to queries raised by users of the Website and/or, in general, people who contact Geprom through the rest of the channels provided for this purpose.

 

Why? – Applicable legal basisThe legal basis on which we rely to carry out this purpose is the consent given when you voluntarily contact us.

 

What data? – Data typologyThe data that we process for this purpose are your identification, contact and/or professional data (e.g. name and surname, email, contact telephone number, sector, position and/or company for which you work), as well as the information contained in the query sent, the processing of which is necessary to provide you with a response.

 

Where did they come from? – SourceThe data that we process for this purpose is obtained from you when you complete the contact forms included on the Website and/or send us an email at the contact addresses that we make available to users, including those mentioned in this Privacy Policy.

 

Who do they belong to? – Stakeholder categoriesThe data that we process for this purpose relate to users of the Website or, in general, interested parties who send enquiries and any other data subjects whose data have been provided by the sender of the enquiry.

 

How long are they treated for? – Conservation periodsThe data we process for this purpose will be subject to the general retention criteria set out in section 3 of this Policy and, in any case, will not be retained for longer than is necessary to deal with the queries and, where appropriate, to meet Geprom’s possible responsibilities in relation to them.

 

2.2 Maintenance and management of the Website owned by Geprom, its security and user access to it.

 

What for? – Purposes of treatmentThe purpose of the processing that we pursue is to keep active and technically manage the website owned by Geprom that is visited by the user and to which this Policy is applicable and, where appropriate, any applicable Special Conditions, to protect it against security incidents and malicious attacks that it may suffer and, in general, to enable free and continuous access to it by all Internet users. The user can find further information on the scope of this purpose in the Cookies Policy applicable to the website owned by Geprom.

 

Why? – Applicable legal basisThe legal basis on which we rely to carry out this purpose is the legitimate interest of Geprom, as the owner, to ensure the availability and security of its Website for all Internet users who visit it, in accordance with the relevant legal and usage notices.

 

What data? – Data typologyThe data that we process for this purpose are those, generally pseudonymised, which are obtained directly from the devices with which the user accesses and browses the website owned by Geprom, the processing of which is strictly necessary for the fulfilment of the aforementioned purpose.

 

This website browsing data may include the user’s IP address; the date and time of connection; aggregate data on the type of audience browsing the website, such as geographical information, the device used for browsing, technology, etc.; browsing behaviour on the website, such as the number of pages viewed, average time on the page, bounce rate, whether content is shared through social networks, etc.; as well as aggregate data on the channels from which the audience arrives: organic search, direct search, social networks or referrals.

 

Where did they come from? – SourceThe data we process for this purpose comes from the devices with which the user accesses and browses the website owned by Geprom.

 

Who do they belong to? – Stakeholder categoriesThe data we process for this purpose relates to users accessing and browsing the Geprom website.

 

How long are they treated for? – Conservation periodsThe data we process for this purpose will be subject to the general retention criteria set out in section 3 of this Policy.

 

2.3 Managing the relationship with users through Geprom’s social networks

 

What for? – Purposes of treatmentThe purpose of the processing that we pursue is to interact and maintain contact with users who interact with Geprom through the different social networks in which Geprom has created an official account. This includes the public response to messages or public comments made by said users, appointments, attention and response to private messages through said networks, processing of the request to the Geprom area or to the Telefónica Group company competent to deal with it, etc. If strictly necessary, your data may be shared with the relevant Telefónica Group companies in order to process and respond to your request.

Why? – Applicable legal basisThe legal basis on which we rely to carry out this purpose is the consent you give when you interact with Geprom through the social network in which Geprom has an official account created.

 

What data? – Data typologyThe data that we process for this purpose are your public data in the profile of said social network, identification, contact and other data voluntarily shared during contact maintained through the social network or necessary to resolve the request made.

 

Where did they come from? – SourceThe data we process for this purpose comes from the social network through which you contact us and the data we obtain directly from you in that contact.

 

Who do they belong to? – Stakeholder categoriesThe data we process for this purpose relates to users who contact Geprom through the social network and any other data subjects whose data the user of the social network has been informed of when contacting Geprom.

 

How long are they treated for? – Conservation periodsThe data we process for this purpose will be subject to the general retention criteria set out in section 3 of this Policy.

 

2.4 Management of events organised by or in collaboration with Geprom

 

What for? – Purposes of treatmentThe purpose of the processing that we pursue is to manage attendance and facilitate access to the event site by interested users who decide to register voluntarily for the events. In addition, we may send out evaluation surveys for events in which you choose to participate.

Why? – Applicable legal basisThe legal basis on which we rely to carry out this purpose is the consent you give when you apply to attend or participate in the relevant event.

 

What data? – Data typologyThe data we process for this purpose are your identification, professional and contact details necessary to manage your registration for the event.

 

Where did they come from? – SourceThe data that we process for this purpose comes from the registration forms for the events provided for this purpose, whether they belong to Geprom and/or, where appropriate, to the other co-organisers of the events.

 

Who do they belong to? – Stakeholder categoriesThe data we process for this purpose relates to interested users who contact Geprom showing interest in attending or participating in events.

 

How long are they treated for? – Conservation periodsThe data we process for this purpose will be subject to the general retention criteria set out in the following section of this Policy.

 

2.5 Sending of commercial or advertising communications about Geprom products and services

 

What for? – Purposes of treatmentThe purpose of the processing we are pursuing is to send commercial information, including by electronic means, about Geprom’s products and services.

Why? – Applicable legal basisThe legal basis on which we rely to carry out this purpose is the express consent of the recipient as a general rule, all in accordance with the applicable regulations.

 

What data? – Data typologyThe data we process for this purpose are your identification, professional and contact data necessary to manage the shipment.

 

Where did they come from? – SourceThe data that we process for this purpose comes from the forms and/or other means of data collection provided for this purpose by Geprom.

 

Who do they belong to? – Stakeholder categoriesThe data we process for this purpose relate to interested users who contact Geprom showing interest in receiving commercial information.

 

How long are they treated for? – Conservation periodsThe data we process for this purpose will be subject to the general retention criteria set out in the following section of this Policy.

 

2.6 Management of applications for Geprom’s personnel selection processes.

What for? – Purposes of treatmentThe purpose of the processing is to cover the applications that are published at any given time, as well as to be able to communicate with the candidate and to be able to send him/her information about the selection process.

 

Why? – Applicable legal basisThe legal basis on which we rely to carry out this purpose is the consent given when you contact us, submit your application voluntarily by sending your CV and accept the privacy policy in the section provided for this purpose on the website.

 

What data? – Data typologyThe data we process for this purpose are your identification, contact, academic and/or professional data (e.g. name and surname, email, contact telephone number, studies and jobs held), as well as any additional information and/or data that the candidate decides to provide us with as part of the selection process.

 

Where did they come from? – SourceThe data that we process for this purpose are obtained from you when you complete the form on the website that we make available to users and/or other channels provided for this purpose by Geprom, where appropriate.

 

Who do they belong to? – Stakeholder categoriesThe data we process for this purpose relates to users of the Website who submit applications.

 

How long are they treated for? – Conservation periodsThe data we process for this purpose will be subject to the general retention criteria set out in the following section of this Policy.

3.How long is the data retained?

In general, we will retain your data for the time necessary to fulfil the purpose described in each processing activity and to determine any liability that may arise from that purpose.

 

By way of example, Geprom has established a series of retention periods that will be applicable depending on the purpose and the legitimate basis applicable to each processing activity, unless a different period has been specified in this Policy and/or in the specific conditions or conditions of provision of each of Geprom’s products and services:

 

– In order to carry out the processing related to the execution of the contract signed with B2B Clients, the data will be kept for the time strictly necessary to fulfil the purposes required for each product or service contracted. For example, data obtained from the B2B Customer will be retained for as long as the B2B Customer is in registration status.

– In accordance with civil, commercial and tax legislation, the data related to the contracting and invoicing of products and services contracted from Geprom will generally be stored for a minimum period of 6 years from the termination of the B2B Customer’s contract.

– With regard to processing associated with the management of applications within the framework of personnel selection processes at Geprom, in general, the data may be kept for the duration of the said process, as well as for a maximum period of 1 year after the end of the process.

 

In any case, your data will be kept in accordance with the retention criteria or specific terms that we inform you of in each case, described in each data processing activity and, where appropriate, until you withdraw your consent and/or object to the processing of your data. In this regard, we will do our best to provide you with an automatic and simple mechanism for you to withdraw the consent granted and/or to object to the processing and, in any case, we are at your disposal at the mailing address for exercising your rights as indicated in section 5 of this Policy.

 

Finally, please note that after the above deadlines, the data may be destroyed, blocked or anonymised, as appropriate, and in accordance with the provisions of the law.

4. Who is the recipient of the data? Are there any international transfers of data?

In order to carry out the processing purposes described above, we may make use of authorised subcontractors acting on behalf of Geprom, as processors (e.g. internet service providers, data hosting and support providers, platform providers, email providers, security service providers, etc.) and contractually subject to our instructions, only for the lawful purposes described above and only for the period of time strictly necessary for this purpose.

 

In particular, this involves giving access to your data to:

 

– Suppliers, as well as the companies they subcontract to, which help to fulfil the purposes described in section 3 of this Policy and/or to communicate and be in contact with you (e.g. Microsoft as our provider of the Office 365 and SharePoint tools).

– In the event that we need to share your information with other third parties (e.g. sponsors of events for which you have voluntarily registered or another Telefónica Group company for the proper management of such events), we will inform you accordingly and collect the necessary authorisations to do so. Such access shall only be for lawful purposes and for the period of time strictly necessary for that purpose.

 

In line with the above, we also inform you that, to the extent strictly necessary to comply with the purposes stated above, your data may be shared with other companies or entities belonging to or linked to the Telefónica Group, for processing under their responsibility and always for the same purposes stated in this Policy. The companies or entities belonging to or linked to the Telefónica Group to which your data may be shared can be consulted in the section “about Geprom”, “about the Company” or the equivalent section that replaces it available on the website www.telefonica.com.

 

In addition, where there is a legal obligation or requirement to do so, we may disclose your data to the competent public authorities in accordance with such legal obligation or requirement.

 

Where authorised subcontractors acting on behalf of Geprom or the above-mentioned recipients are located or process your data outside the European Economic Area, we will be making an international transfer of your data in accordance with data protection regulations. In general, we will avoid international transfers and your data will be processed within the European Economic Area. However, where necessary, we will take such organisational, technical and contractual measures as may be necessary to ensure the protection and security of your data, such as, for example, signing the European Commission’s Standard Contractual Clauses with the authorised subcontractor or third party transferee, carrying out impact assessments on the international transfer in question to assess the risk and take measures to mitigate it, encryption of data in transit or at rest, pseudonymisation of the data subject to the international transfer, the possibility for the data subject to claim damages directly against the authorised subcontractor or third party transferee, etc.

5. Whatrightsdo you have as a data subject?

As a data subject, data protection legislation grants you rights over your data which you may exercise against Geprom, as applicable. Here’s what they are and how you can exercise them. We also inform you that on the website of the Spanish Data Protection Agency (www.aepd.es) you can find further information on the characteristics of these rights and download templates for exercising each one of them.

 

– Right to withdraw consent:this is your right to withdraw your consent to the processing of your data for the purposes that are legitimate on that basis, at any time and in an easy way.

– Right of access: this is your right to ask us for details of the data we hold about you and how we process it, and to obtain a copy of it.

 

– Right of rectification:this is your right to obtain the rectification of your inaccurate or erroneous data, as well as to complete incomplete data.

 

– Right of erasure: this is your right to request deletion or suppression of your data and information in certain circumstances. However, please note that there are certain occasions when we are legally entitled to continue to store and process your data, for example, in order to comply with a legal obligation to retain data.

 

– Right of restriction: this is your right to restrict or limit the processing of your data in certain circumstances. For example, if you apply for deletion of data, but, instead of deleting it, you would prefer that we block it and process it only for retention purposes because you will need it later to make a complaint. Again, please note that there may be times when we are legally entitled to refuse your request for a restriction.

 

– Right to object: this is your right to object to our processing of your data for a specific purpose, in certain circumstances provided for by law and related to your personal situation.

 

– Right to portability: this is your right to ask us to receive your personal data in a structured, commonly used, machine-readable and interoperable format and to transfer it to another data controller, provided that we process your data by automated means.

 

– Right not to be subject to automated individual decisionsis your right to ask us not to subject you, in certain circumstances, to a decision based solely on automated processing of your data, including profiling, which produces legal effects concerning you or similarly significantly affects you.

 

In general, you may exercise these rights at any time and free of charge by contacting Geprom at info@geprom.com. Likewise, in general, mechanisms for the automated unsubscription of communications and other options for withdrawal of consent and opposition will be made available to the user.

 

It is important to bear in mind that when you exercise a right, in most cases, you must clearly specify which right you are exercising and provide a copy of a document proving your identity.

 

Any exercise of rights shall be answered within a maximum period of one month, which may be extended by two months if necessary, taking into account the complexity of the request and the number of requests.

 

Finally, in the event that you do not agree with the way in which your data is handled by Geprom, you have the right to lodge a complaint with the national supervisory authority by contacting the Spanish Data Protection Agency (Agencia Española de Protección de Datos), whose contact details are as follows:

 

Spanish Data Protection Agency

C/ Jorge Juan, 6 – C.P. 28001, Madrid (España)

www.aepd.es

6. Further processing of data and changes to the Privacy Policy

 

Geprom reserves the right to update this Privacy Policy at any time. Such update shall be made public by Geprom, in any case, with the legally required notice of its entry into force. In addition, it shall be communicated directly to the data subject where it affects his or her rights or freedoms or where, for example, the inclusion of a new processing activity would require the data subject’s consent or changes the scope of the legitimate interest that enables the processing to be carried out.

 

For further information, please note that you can also consult Telefónica’s Global Privacy Policy and Global Security Policy, which also apply generally to our company as a company belonging to the Telefónica Group.

 

Privacy Policy updated as of May 2022.