Privacy Policy

Geprom Software Engineering, S.L.U. (hereinafter referred to as “Geprom”), as the owner of this website (the “Website”), informs you that the companies of the Telefónica Group are committed to respecting the privacy of users and the confidentiality and security of personal data, in compliance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation), as well as in Organic Law 3/2018, of December 5, on the Protection of Personal Data and guarantee of digital rights and other current regulations.

Our principles are:

TRANSPARENCY

We will not process your data in an unexpected, obscure, or abusive way.

When we collect your personal data through our Website, you will be conveniently informed about: who processes your data, what is the purpose of the processing, what is the legitimacy of the processing based on, the possibility of exercising your rights, and other information of interest. In addition, your data will be deleted according to the retention policy defined on which you will be informed and, in any case, when you request it by exercising the right of cancellation.

CONTROL

We will collect your consent whenever necessary and we will provide you with the necessary tools so that you can access and update your personal information, as well as decide how to manage your data, selecting the purposes for which we are going to process it.

SECURITY

We are concerned about guaranteeing the security, secrecy, and confidentiality of your data. Therefore, as part of our commitment and in compliance with current legislation, we have adopted the most demanding and robust security measures and technical means to prevent its loss, misuse, or access without your authorization, committing ourselves to keep it secret and guaranteeing the duty to protect it by adopting all necessary and reasonable measures to prevent its alteration, loss, and unauthorized processing or access, in accordance with the provisions of applicable legislation.

Therefore, at Geprom your privacy is a priority, which is why we protect your information in accordance with the privacy policy that you can read below. If you have any questions, contact us at info@geprom.com and we will be happy to help you.

1. Who is responsible for data processing?

Geprom Software Engineering, S.L.U., company with CIF B-66844069 and registered office at C/ Ronda de Can Rabadà, 2, 5º 5ª, Edificio Logic, 08860 Castelldefels, Barcelona (Spain), will be responsible for the processing of your data in accordance with what we inform you in this Privacy Policy.

We also have a Data Protection Delegate who ensures compliance with data protection regulations at Geprom, and with whom you can contact, for any question, doubt and/or complaint you have when we process your data, by writing to DPO_telefonicasa@telefonica.com.

2. What data is processed, for what purpose, and why do we process the data?

Depending on the section of the Website, the data collection channel, or the medium with which you interact with Geprom, your data may be processed for the following purposes:

2.1 Attention to Queries Raised through Forms or other Contact Channels

What for? – Purposes of the processing : the purpose of the processing we pursue is to attend to and respond to the queries raised by users of the Website and/or, in general, people who contact Geprom through the rest of the channels enabled for this purpose.

Why? – Applicable legal basis : the legal basis on which we rely to carry out this purpose is the consent granted by voluntarily contacting us.

What data? – Data typology : the data we process for this purpose are your identification, contact and/or professional data (e.g. name and surname, email, contact telephone number, sector, position and/or company for which you work), as well as any information contained in the query submitted, the processing of which is necessary to give you a response.

Where have they been obtained from? – Origin : the data we process for this purpose are obtained from you, when you complete the contact forms included on the Website and/or send us an email to the contact addresses that we make available to users, including those mentioned in this Privacy Policy.

Who do they belong to? – Categories of interested parties : the data we process for this purpose refers to users of the Website or, in general, interested parties who send queries and any other affected parties whose data has been provided by the sender of the query.

For how long are they processed? – Conservation periods : the data we process for this purpose will be subject to the general conservation criterion reported in section 3 of this Policy and, in any case, will not be kept longer than necessary to address the queries and, where appropriate, face the possible responsibilities of Geprom in relation to them.

2.2 Maintenance and management of the Website owned by Geprom, its security and the access of users to it

What for? – Purposes of the processing : the purpose of the processing we pursue is to maintain active and technically manage the Website owned by Geprom that is visited by the user and to which this Policy is applicable and, where appropriate, any applicable particular Conditions, protect it against security incidents and malicious attacks that it may suffer and, in general, enable free and continuous access to it by all internet users. The user can expand information on the scope of this purpose in the Cookies Policy applicable to the website owned by Geprom.

Why? – Applicable legal basis : the legal basis on which we rely to carry out this purpose is the legitimate interest of Geprom, as owner, in guaranteeing the availability and security of its Website for all internet users who visit it, in accordance with the relevant legal and usage notices.

What data? – Data typology : the data we process for this purpose are those, in general pseudonymized, that are obtained directly from the devices with which the user accesses and browses the Website owned by Geprom, the processing of which is strictly necessary for the fulfillment of the informed purpose.

Among these browsing data on the Website may be the user’s IP address; the date and time of connection; aggregated data of the type of audience that browses the Website, such as geographic information, the device used for browsing, technology, etc.; browsing behavior on the Website, such as the number of pages viewed, the average time on the page, bounce rate, whether the content is shared through social networks, etc.; as well as aggregated data from the channels from which the audience arrives: organic search, direct search, social networks or references.

Where have they been obtained from? – Origin : the data we process for this purpose comes from the devices with which the user accesses and browses the Website owned by Geprom.

Who do they belong to? – Categories of interested parties : the data we process for this purpose refers to the users who access and browse the Website owned by Geprom.

For how long are they processed? – Conservation periods : the data we process for this purpose will be subject to the general conservation criterion reported in section 3 of this Policy.

2.3 Management of the Relationship with Users through Geprom’s Social Networks

What for? – Purposes of the processing : the purpose of the processing we pursue is to interact and maintain contact with users who interact with Geprom through the different social networks in which Geprom has created an official account. This includes public response to messages or public comments made by said users, appointments, attention and response to private messages through said networks, processing of the request to the Geprom area or to the Telefónica Group company competent to know it, etc. In the event that it is strictly necessary, your data may be shared with the Telefónica Group companies competent for the purposes of processing and giving due attention to your request.

Why? – Applicable legal basis : the legal basis on which we rely to carry out this purpose is the consent you grant by interacting with Geprom through the social network in which Geprom has an official account created.

What data? – Data typology : the data we process for this purpose are your public data in the profile of said social network, identification, contact and those others voluntarily shared during contact maintained through the social network or necessary to resolve the request made.

Where have they been obtained from? – Origin : the data we process for this purpose comes from the social network through which you contact and those that we obtain directly from you in said contact.

Who do they belong to? – Categories of interested parties : the data we process for this purpose refers to the users who contact Geprom through the social network and to any other affected parties whose data has been informed by the user of the social network when contacting Geprom.

For how long are they processed? – Conservation periods : the data we process for this purpose will be subject to the general conservation criterion reported in section 3 of this Policy.

2.4 Management of Events Organized by or in Collaboration with Geprom

What for? – Purposes of the processing : the purpose of the processing we pursue is to manage attendance and facilitate access to the venue of the events by those interested users who decide to voluntarily register in them. In addition, we may send evaluation surveys of the events in which you decide to participate.

Why? – Applicable legal basis : the legal basis on which we rely to carry out this purpose is the consent you grant when requesting your attendance or participation in the corresponding event.

What data? – Data typology : the data we process for this purpose are your identification, professional and contact data necessary to manage your registration to the event.

Where have they been obtained from? – Origin : the data we process for this purpose comes from the registration forms to the events enabled for this purpose, whether from Geprom and/or, where appropriate, from the rest of the co-organizers thereof when appropriate.

Who do they belong to? – Categories of interested parties : the data we process for this purpose refers to the interested users who contact Geprom showing interest in attending or participating in events.

For how long are they processed? – Conservation periods : the data we process for this purpose will be subject to the general conservation criterion reported in the following section of this Policy.

2.5 Sending Commercial or Advertising Communications of Geprom Products and Services

What for? – Purposes of the processing : the purpose of the processing we pursue is the sending of commercial information, including by electronic means, about Geprom’s products and services.

Why? – Applicable legal basis : the legal basis on which we rely to carry out this purpose is the express consent of the recipient as a general rule, all in accordance with applicable regulations.

What data? – Data typology : the data we process for this purpose are your identification, professional and contact data necessary to manage the sending.

Where have they been obtained from? – Origin : the data we process for this purpose comes from the forms and/or other means of data collection enabled for this purpose by Geprom.

Who do they belong to? – Categories of interested parties : the data we process for this purpose refers to the interested users who contact Geprom showing interest in receiving commercial information.

2.6 Management of Applications for Geprom Personnel Selection Processes.

What for? – Purposes of the processing : the purpose of the processing that is pursued is to cover the applications that are published at each moment, as well as to be able to communicate with the candidate and to be able to send information about the selection process.

Why? – Applicable legal basis : the legal basis on which we rely to carry out this purpose is the consent granted by contacting us, sending your application voluntarily by sending the curriculum and accepting the privacy policy in the section enabled for this purpose on the web.

What data? – Data typology : the data we process for this purpose are your identification, contact, academic and/or professional data (e.g. name and surname, email, contact telephone number, studies and jobs carried out), as well as any information and/or additional data that the candidate decides to provide us within the framework of the selection process.

Where have they been obtained from? – Origin : the data we process for this purpose are obtained from you, when you complete the form included on the Website that we make available to users and/or other channels enabled for this purpose by Geprom, where appropriate.

Who do they belong to? – Categories of interested parties : the data we process for this purpose refers to the users of the Website who send their applications.

3. How long are the data kept?

In general, we will keep your data for the period necessary to fulfill the purpose described in each processing activity and to determine the possible responsibilities that could arise from said purpose.

As an example, Geprom has established a series of conservation periods that will be applicable depending on the purpose and the legitimizing basis applicable to each activity of the processing, unless in some case a different period has been specified in this Policy and/or in the particular conditions or of provision of each of Geprom’s products and services:

– To carry out the treatments related to the execution of the contract signed with B2B Clients, the data will be kept for the time that is strictly necessary to fulfill the purposes required by each product or service contracted. For example, the data obtained from the B2B Client will be kept while it is in a high state.

– In application of civil, commercial and fiscal legislation, the data related to the contracting and billing of the products and services contracted to Geprom will be stored in general for a minimum period of 6 years from the withdrawal of the B2B Client.

– With regard to the treatments associated with the management of candidatures in the framework of personnel selection processes in Geprom, in general the data may be kept for the period that said process lasts, as well as a maximum subsequent period of 1 year after its completion.

In any case, your data will be kept according to the conservation criteria or specific periods that we inform you in each case, described in each activity of processing your data and, where appropriate, as long as you do not withdraw the consent granted and/or you do not object to its treatment. In that sense, we will make our best efforts to provide you with an automatic and simple mechanism so that you can withdraw the consent granted and/or so that you oppose the treatment and, in any case, we are at your disposal in the email for exercising rights informed in section 5 of this Policy.

Finally, please note that after the aforementioned periods, the data may be destroyed, blocked or anonymized, as appropriate, and in accordance with the provisions of the legislation.

4. Who is the recipient of the data? Are international data transfers produced?

To execute the treatment purposes described, we may make use of authorized subcontractors acting on behalf of Geprom, as data processors (e.g. internet service providers, data hosting and technical support, platform providers, email, security services, etc.) and contractually subject to our instructions, only for the lawful purposes described and during the period of time strictly necessary for it.

Specifically, this implies giving access to your data to:

– Suppliers, as well as the companies that they subcontract, which help to comply with the purposes described in section 3 of this Policy and/or to communicate with us and be in contact with you (e.g. Microsoft as our provider of the Office 365 and SharePoint tools).

– In the event that we must share your information with other third parties (e.g. sponsors of events to which you have voluntarily registered or another company of the Telefónica Group for the correct management thereof), we will inform you adequately and collect the necessary authorizations to do so. Said access will only be for lawful purposes and during the period of time strictly necessary for it.

In line with the above, we also inform you that, to the extent that it is strictly necessary to comply with the informed purposes, your data may be shared with other companies or entities belonging to or linked to the Telefónica Group, for processing under their responsibility and always with the same purposes informed in this Policy. The companies or entities belonging to or linked to the Telefónica Group with which your data may be shared can be consulted in the section “about Geprom”, “about the Company” or that equivalent section that replaces it available on the website www.telefonica.com.

In addition, in the event that there is a legal obligation or requirement that so provides, we may communicate your data to the competent public authorities in accordance with said legal obligation or requirement.

When the authorized subcontractors acting on behalf of Geprom or the aforementioned recipients are located or process your data outside the European Economic Area, we will be carrying out an international transfer of your data in accordance with the provisions of the data protection regulations. In general, we will avoid making international transfers and your data will be processed within the European Economic Area. However, in the event that it is necessary to carry them out, we will adopt the organizational, technical and contractual measures that are necessary to guarantee the protection and security of your data, such as, for example, the signing with the authorized subcontractor or third-party assignee of the Standard Contractual Clauses of the European Commission, the performance of impact assessments on the international transfer in question that allow evaluating the risk and adopting measures for its mitigation, the encryption of the data in transit or at rest, the pseudonymization of the data object of the international transfer, the possibility that the interested party can claim damages directly against the authorized subcontractor or third-party assignee, etc.

5. What rights do you have as the owner of the data?

As an interested party, the data protection regulations grant you rights over your data that, depending on their application, you can exercise against Geprom. Below, we detail what they are and how you can exercise them. In addition, we inform you that on the website of the Spanish Data Protection Agency (www.aepd.es) you can expand information on the characteristics of these rights and download templates to exercise each of them.

– Right to withdraw the consent granted: it is your right to withdraw the consent granted for the processing of your data for the purposes that are legitimized on that basis, at any time and in an easy way.

– Right of access: it is your right to request us for the detail of the data we have about you and how we treat them, as well as obtaining a copy of them.

– Right of rectification: it is your right to obtain the rectification of your inaccurate or erroneous data, as well as to complete those others that are incomplete.

– Right of suppression: it is your right to request the elimination or suppression of your data and information in certain circumstances. However, keep in mind that there are certain occasions in which we are legally entitled to continue conserving and processing your data, such as, for compliance with a legal obligation to conserve data.

– Right of limitation: it is your right to restrict or limit the processing of your data in certain circumstances. For example, if the suppression of data applies, but, instead of eliminating them, you prefer that we block them and treat them only for the purposes of their conservation since you will need them later to file a claim. Again, keep in mind that there may be occasions when we are legally entitled to reject your request for limitation.

– Right of opposition: it is your right to oppose that we treat your data for a specific purpose, in certain circumstances provided for in the regulations and related to your personal situation.

– Right to portability: it is your right to request us to receive your personal data in a structured format, of common use, of mechanical and interoperable reading, and you can transmit them to another data controller, as long as the processing of your data is carried out by automated means.

– Right not to be subject to automated individual decisions: it is your right to request us that, in certain circumstances, you are not subject to a decision based solely on the automated processing of your data, including the elaboration of profiles, that produces legal effects on you or significantly affects you in a similar way.

In general, you can exercise them at any time and free of charge by contacting Geprom at info@geprom.com. Similarly, in general, automated communication unsubscribe mechanisms and other options for withdrawing consent and opposition will be made available to the user.

For this, it is important to keep in mind that when you exercise a right, in most cases, you must clearly specify which one you exercise and provide a copy of a document proving your identity.

Any exercise of right will be answered within a maximum period of one month, and said period may be extended by two months if necessary, taking into account the complexity of the request and the number of these.

Finally, in the event that you do not agree with the way we treat your data by Geprom, you will have the right to file a claim with the national control authority, addressing the Spanish Data Protection Agency, whose contact details are the following:

Spanish Data Protection Agency

C/ Jorge Juan, 6 – C.P. 28001, Madrid (Spain)

www.aepd.es

6. Further data processing and changes to the Privacy Policy

Geprom reserves the right to update this Privacy Policy at any time. Said update will be made public by Geprom, in any case, with the prior notice to its entry into force that is legally necessary. In addition, it will be communicated directly to the interested party in the event that it affects their rights or freedoms or when, for example, the inclusion of a new treatment activity requires consent from the interested party or modifies the scope of the legitimate interest that enables the treatment.

For more information, we inform you that you can also consult the Global Privacy Policy and the Global Security Policy of Telefónica that also apply in general to our company in its capacity as a company belonging to said Business Group.