In Antolin, we take protecting your Information very seriously. Your data is therefore processed with great care, with full respect for your privacy and in strict compliance with applicable data protection law. Organizational and technical security measures have been taken to protect all of our websites against the risks present in processing personal data. Our partners who support us in the provision of this website must comply with these provisions as well.
This policy has been designed in strict compliance with personal data protection legislation, that is, among others, Regulation (EU) 2016/679 of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation).
1.- IDENTITY OF THE CONTROLLER
The information provided by the owner of the data (the “User”) through any of the forms or methods of contact made available on the Website, which may content personal data, will be processed by GRUPO ANTOLÍN IRAUSA, S.A. (hereinafter, “THE COMPANY”), which registered offices at Burgos, Carretera Madrid-Irún, Km. 244,8 (ESPAÑA) y con CIF A09092305, as data Controller.
2.- PURPOSE OF DATA PROCESSING
The COMPANY will need to process the User's data both to meet the consultations and requests for information that the User makes through the Website, as well as to provide any requested services or services that the User decides to sign up to or register through any of the forms on the Website.
In this way, in Antolin we can process the personal data collected or obtained from the User for the following purposes:
- Contact: manage the data of the interested parties that contact THE COMPANY through the forms made available to the User by THE COMPANY. Likewise, personal data will be processed in order to manage the inquiries or requests that User sends through the channels enabled for this purpose on our Website, as well as promote and/or maintain the business, commercial and institutional relationship with THE COMPANY, by sending institutional communications, invitations to events, financial information or press releases.
- Job applicants (“Career site”): manage the personal data of Users interested in applying and participating in the recruitment and selection process of Antolin companies (the “Group”), and of the relationship with the User as job candidate.
- Whistleblowing line: processing of personal data necessary to manage queries or complaints that any User related in any way with THE COMPANY could file or submit, as well as the management of reports or communications that any person related to THE COMPANY could send through this channel.
- Other channels: THE COMPANY may also contact the User and collect their data through other channels such as email or social networks, in which case shall be informed about the purposes for which their data will be processed, and where appropriate, consent will be conveniently sought in each of these channels.
3.- LEGAL GROUND OF DATA PROCESSING
The data collected through the Website with the purpose of managing the services or actions carried out by THE COMPANY, as well as attending consultations or requests made by Users, will have as a legal basis the express consent, or the relationship contractual between THE COMPANY and the User; or the legitimate interest of THE COMPANY.
The data processed related to "Contacts", and other communication channels at your disposal, are based on the maintenance of your request and the legitimate interest of THE COMPANY to meet the information requirements through the Site Web. Likewise, the legal basis for the processing of User data with which there is a contractual relationship, for the maintenance and fulfillment of said commercial relationship, will be the contractual need itself.
The processing of your data related to “Job applicants” is based on the voluntary transfer of your curricular information and its conservation, in accordance with the legitimate interest of THE COMPANY, in order to arrange your inclusion in the Career site and carry out the activities necessary to complete the recruitment or selection process.
4.- TRANSFER AND RECIPIENTS OF THE PERSONAL DATA
The data that the User provides to the COMPANY will not be disclosed to any third party, unless:
- Disclosure is authorized by law.
- The processing responds to the free and legitimate acceptance of a legal relationship, the development, compliance and control of which necessarily requires data to be transferred to third parties.
- The data is requested by the Public Prosecutor’s Office, Official Public Authorities and public agencies or the Judges or Courts, in exercising the functions which with they are entrusted, when so required by the relevant and applicable regulation.
The categories of service providers of Antolin that may have access to your data as data processors, given the services they provide to the Group, are: Technology services and systems maintenance companies of Antolin.
THE COMPANY may transfer the data to Antolin companies when there is a legitimate interest, for corporate or organizational reasons on the basis of its approved Binding Corporate Rules (see . No data transfers will be carried out outside the European Economic Area (EEA) to countries that do not comply with an adequate level of protection or are not adhered to Antolin's Binding Corporate Rules (BCR).
5.- PRESERVATION AND STORAGE OF PERSONAL DATA
The period during which the personal data is stored will vary depending on the service, until the provision thereof has ended satisfactorily, or until the User revokes their consent. At any rate, the time personal data is to be kept will be reduced to the minimum necessary, so it will only be kept while the purpose for which it was collected still exists. When keeping this data is no longer necessary, the COMPANY will keep the data that may be necessary during the legally established terms blocked, so that any issues related to the processing thereof may be addressed. After the legal terms, any personal data will be deleted, adopting the appropriate security measures to ensure the total erasure thereof.
6.- USER RIGHTS
At any time, the User may exercise several rights concerning the processing of their personal data. Every person has these rights and, consequently, they cannot be waived. Below, the description and explanation of each of these rights:
- Access to your data: you have the rights to know and obtain confirmation regarding which of your personal data are being processed and the processing operations that are being performed with that data.
- Request the rectification or deletion of your data: you have the right to rectify inexact personal data which concern you and are processed by THE COMPANY; or, even, to request their deletion when, among other reasons, such data are no longer required for the purpose for which they were collected.
- Request restriction of the processing of your data: in certain circumstances, you have the right to ask that THE COMPANY restrict the processing of your data, in which case THE COMPANY will only keep them to execute or defend complaints as envisaged by the applicable data protection regulation.
- Data portability: in certain circumstances, you have the right to receive the personal data concerning you, and which you have provided to the COMPANY, in a structured, commonly used and machine readable format, and to transfer them to another data controller.
- Object to the processing of your data: in certain circumstances, and for grounds relating to your particular situation, you have the right to object to the processing of your data, in which case the COMPANY would stop processing them unless they must be kept for compelling legitimate interest for the processing, or to exercise or defend potential claims.
In order to exercise these rights, you should send a written request by letter to Antolín Irausa, S.A. (Ctra. Madrid-Irún Km. 244,8 09007 Burgos) or using the following contact mailbox prepared for that purpose, privacy mailbox: https://www.grupoantolin.com/en/contact-us?contact=privacy.
It is recommended that Users provide all the information about the services that use or have used and, if applicable, specify the right that wish to exercise, in order to adequately attend to your request, identifying their capacity as User of the Website, providing a photocopy of their National Identification Document, or equivalent identification, and specifying their request.
Additionally, note that you have the right to lodge a complaint or claim to the competent Data Protection Authority (in Spain, Agencia Española de Protección de Datos (www.agpd.es), and to the department responsible for data protection of "THE COMPANY" at the address (firstname.lastname@example.org).
7.- SECURITY MEASURES
The COMPANY has adopted the technical and organizational measures needed to ensure the security of personal data and prevent the unauthorized alteration, loss, processing or access, taking into account the state of technology, the nature of the stored data, and the risks to which it is exposed.
8.- DATA PROTECTION – RELATED POLICIES
There are various sections of the website in which your personal data may be collected, subject to prior information and in strict compliance with Spanish and European data protection legislation. If you belong to any of the categories indicated below, please click on the link indicated in each case in order to obtain information on the processing of your personal data:
- If you are a Antolin contact person for a client, provider, investor, media outlet or public agency, click here;
- If you are a Antolin contact person for a service provider and use the online service provider management tool, click here;
- If you are a Antolin contact person for a current or potential investor of Antolín and have asked to be included on the investor financial information distribution list, click here;
- If you are a candidate for a job with Antolin and intend to upload/have uploaded your CV and professional information to the tool for receipt of job candidate information, click here;
- If you intend to use/have used the Antolin transparency channel, click here;
9.- USER´s obligations regarding data protection
The User guarantees that the information provided is accurate, true and properly updated. The User commits to informing the COMPANY of any modifications in the information provided, informing through the privacy contact form, identifying themselves as a User of the Website and outlining the information that needs to be modified.
In the event that the User provides third party personal data for any purpose, they guarantee that they previously informed the affected parties and obtained their consent for the purpose of providing their data to the COMPANY.
BINDING CORPORATE RULES (BCR)
At Antolin we have adopted Binding Corporate Rules as we believe it is the best way to safeguard the personal data we handle.
Any personal data transfer throughout Antolin’s global business take place in accordance with applicable data privacy laws and in accordance with our Binding Corporate Rules (“BCR”).
Our BCRs are corporate privacy compliance frameworks that reflect the standards contained in European data privacy laws (including the GDPR). Having our BCR means that all Antolin entities which have signed up to our BCR have to comply with the same internal rules. It also means that your rights stay the same no matter where your data are processed by Antolin.