Privacy Policy | Talenom

Talenom’s privacy policy describes the practices and principles related to the processing of personal data.

The privacy policy helps you understand what personal data we collect and why, as well as how we process, protect, store and delete your personal data.

This privacy policy applies to Talenom’s website, Services offered to customers, Talenom Software and related information systems, as well as for the recruitment and selection of personnel.

Identity of the Data Controller

The data controller of the personal data is: TALENOM SLU with NIF/CIF: B66461351 (hereinafter, «Data Controller» or simply «Talenom«). Their contact details are as follows:

Address: Avenida Diagonal 532, 7ª Planta, Barcelona (Barcelona)

Contact telephone number: 932208060

Contact email: ayuda@talenom.com

Data Protection Officer

Our Data Protection Officer (DPO) is Vanessa Ferrari

Teixeira. The DPO is registered with the Spanish Data Protection Agency (AEPD). For any data protection-related queries, you can contact our DPO at protecciondedatos@talenom.com

Why do we process personal data?

Talenom stores and processes personal data to provide services within the framework of a contractual relationship between Talenom and Talenom customers (art. 6.1.b. of the European Union’s General Data Protection Regulation – «GDPR»).

Talenom may be obliged to disclose personal data if required to do so by applicable laws or regulations, or to comply with a request from a judicial or administrative authority (art. 6.1.c. of the GDPR).

Talenom has a legitimate interest in processing personal data for the purpose of directing the marketing and sales of Talenom’s services, as well as to improve the quality of Talenom’s products and services (Art. 6.1.f. GDPR).

The processing of personal data is based on separate consent (Art. 6(1)(a) GDPR) for the following processing operations:

Direct marketing.
Use of personal images.

The data subject has the right to withdraw his/her consent at any time via a link in the marketing messages.

What personal data do we process?

Talenom processes, among others, the following personal data:

Name and surname.
Personal identification number (such as DNI, passport, NIE).
Sex, marital status, nationality, age, date and place of birth.
Data of family members and their circumstances, such as date of marriage, divorce, separation, matrimonial regime.
Personal registration number, social security/mutual insurance number.
Contact details, such as address, telephone number, email address.
Due diligence information required by the Money Laundering Act (KYC information).
Information about the beneficial ownership of a legal entity.
Information on Persons with Public Responsibility – PRP or PEP.
Health information (e.g. in relation to the probate service of advisory services).
Health data (sick leave, accidents at work and degree of disability, not including diagnoses, allergies, food intolerances, maternity and paternity leave), trade union membership (for the exclusive purpose of paying union dues, where applicable), trade union representative (if applicable), proof of attendance of own and third parties.
Attendance control data: date and time of entry and exit, reasons for absences.
Economic-financial data: tax domicile, payroll data, credits, loans, guarantees, tax deductions, deregistration, judicial withholdings (if applicable), other withholdings (if applicable).
Bank details such as card number and IBAN, bank statements, tax returns, financial balances.
Economic data relating to civil insolvency, income and expenses, debts, taxes, ownership of assets, life insurance, pensions, scholarships, subsidies, shareholdings, movable property and real estate in general.
Personal images.
Customer history, such as contacts and changes to services.
Call and video call recordings and other cases of our customer service.
User credentials for Talenom’s electronic services.
Service Usage Log Information.
Information provided by cookies.
Information voluntarily provided by those registered in the recruitment process, such as qualifications, training, professional experience, employment details, incompatibilities, references, among others that may be reported by the candidates.
Marketing prohibitions and consents.
Personal data contained in a complaint made through the Talenom Information Channel.
Other personal data that is necessary for the provision of the services.

In some of its services, Talenom processes personal data on behalf of its customers. In these cases, the client is the Data Controller of the Personal Data and Talenom acts as the Personal Data Processor, in the capacity defined by the GDPR.

In this case, the processing activities related to the processing of personal data have been separately agreed with the client of Talenom, using the Description of Personal Data Processing Activities included in this document.

We inform you that the data required are essential to be able to carry out the requested services, and your refusal to provide them implies the impossibility of carrying them out.

The information that the User provides to TALENOM SLU through the forms must be accurate and truthful. The user guarantees the authenticity of all the data communicated and will keep the information given to TALENOM SLU updated so that it corresponds, at all times, to the User’s real situation. In the event of inaccurate, incomplete or false statements communicated by the User, the User will be solely responsible for any damages that may be caused to TALENOM SLU or to third parties.

Regular sources of information

In most cases, we receive your data directly from you, for example, in the following situations:

You become a customer of Talenom and use our products and services.
Participate in Talenom surveys, campaigns, or events.
You call our customer service or send a message in chat or any other contact form or means of communication offered by Talenom.
If you apply to work for us.

In addition, we received information about:

Records maintained by the authorities.
From national and international sanctions lists.
From other services that provide public contact information.
Talenom’s internal sources of information.
Contact networks.

How do we protect personal data?

Technical protection of data in logs

The technical protection of electronically processed data includes, for example, firewalls, password policy and two-factor authentication to Talenom’s customer information systems.

The data that is transferred in the client and Talenom services are encrypted with TLS (Transport Layer Security) technology. Data is backed up regularly and stored in a different location than the primary data.

Talenom conducts internal and third-party assessments and audits covering both the technical security of critical information systems and processes and guidelines for administrative information security and data protection.

Administrative protection of records

When a person starts working at Talenom, they are informed of Talenom’s information security and data protection policy. This policy establishes the general rules on information security and data protection that the employee must comply with.

Talenom staff’s awareness of information security and data protection is regularly maintained in a number of ways: by organizing regular information sharing sessions on information security and data protection for all company personnel, and by organizing mandatory information security and data protection training for employees each year.

Talenom employees and subcontractors access personal data from records based on the access rights given to them. Users’ access rights are reviewed regularly. System administrators’ access rights are monitored and removed when the user no longer needs them. Employees who have stopped working at Talenom lose their access rights upon termination of employment.

According to the information security policy, Talenom employees can only process customer data when it is necessary for their work. Processing of customer data for other reasons is not permitted, even if the employee had technical access to it for their role and business reasons.

All Talenom personnel, and subcontractors acting on behalf of Talenom, have a duty of confidentiality in relation to all Talenom personal and customer data. The obligation of confidentiality is recorded in the employment contracts of Talenom personnel and in agreements with third parties, including sanctions for breach of confidentiality.

Physical protection of data in logs

Customer data is processed in information systems located in the data center in Finland, exceptionally in Spain, or in cloud services located in the European Union.

In data centers located in Finland, major production systems have been duplicated in two physically separate data centers to ensure security, data preservation, and continuity of service in normal and exceptional situations.

These service provider-provided data centers use certified security practices, access control, and monitoring procedures.

Data Disclosure and Outsourcing

Talenom may, if necessary, disclose personal data to any company of the Talenom Group.

In certain cases, Talenom is also required to disclose personal data to authorities if required to do so by applicable law or regulation or a request from a judicial or administrative authority.

Talenom may disclose non-sensitive personal data to its partners for the purpose of developing services, monitoring quality, and marketing.

Talenom may be required to disclose the KYC data of customers using the BBVA API to BBVA in accordance with anti-money laundering legislation. The data disclosure is based on an agreement between Talenom and BBVA, in which case BBVA’s data protection practices apply to the processing of personal data. You can access BBVA’s privacy policy from its website.

Talenom does not sell or rent personal data to third parties.

Talenom uses vendors who assist Talenom and/or provide part of our services. In this context, personal data may be transferred to the systems of the providers concerned for the purpose of providing the service. These providers are usually video surveillance, marketing or recruitment partners, operators or cooperative network companies for software development. Talenom signs a Data Processor Agreement (DPA) with its suppliers to protect the privacy rights and freedoms of data subjects. Upon request, Talenom will provide an updated list of processors.

Data transfer outside the EU/EEA

In general, personal data processed by Talenom is not transferred outside the European Union or the European Economic Area.

Contact information used in marketing communications and statistical data generated by the use of Talenom’s electronic systems, as well as data stored in the recruitment service, are transferred outside the EU/EEA to servers located in the United States. These are protected by the respective service providers in accordance with European Union data protection legislation.

Data transfers outside the EU/EEA are made in accordance with the standard contractual data protection clauses approved by the European Commission.

Data processors transferring data outside the EU/EEA:

Google Analytics
- Hubspot

How long do we keep the data?

Talenom processes personal data throughout the entire contractual relationship with the customer.

Company data and data of decision-makers in the company are stored in Talenom permanently, because the information is automatically renewed for us from the company information system.

When the customer relationship ends, personal data is stored to the extent necessary to meet our legitimate interests.

We will keep direct marketing information until further notice.

After 3 months, recorded phone calls are automatically deleted from information systems.

How do we use cookies and web analytics?

Talenom collects information with cookies to improve the user experience on our site and services, evaluate content usage patterns, and support marketing.

Cookies are small text files that are stored on the website visitor’s terminal device.

The following information about the data subject is stored:

User IP address
- Time of the visit
- Pages visited and duration of visit
- Type of browser used
- Terminal version and operating system
- Where the user comes from and where they go after using the site

By using the Talenom website, the user agrees to the use and storage of cookies on their computer.

The visitor can prevent the use of cookies by changing the browser settings so that the browser does not allow the storage of cookies. In this case, the user accepts that, for some services, blocking the use of cookies may, however, affect the functionality of the service.

Data from users’ terminal device is collected automatically for the development of electronic products and customer service, using, for example, internet browser cookies or similar technologies.

To manage consent and cookie settings, we use the Cookiebot tool. Through this tool, the user can configure their cookie preferences in detail and revoke consent at any time. To view the full cookie statement and change your preferences, you can access the Cookiebot icon (), available at the bottom of the page.

Rights of data subjects

In accordance with sections 15-22 of the European Union’s General Data Protection Regulation – GDPR, the data subject has the right to:

Right of access to personal data
Limitation of the processing of your personal data
object to the processing of your personal data
Deletion of data («right to be forgotten»)
portability from one system to another
Objection to the processing of automated decisions
Rectification of data
Submit a complaint to the supervisory authority

The data subject may object to the processing of his/her personal data for direct marketing purposes at any time.

The exercise of some of the data subject’s rights is limited by other mandatory legislation, on the basis of which Talenom has the right and obligation to refuse on reasonable grounds the rectification, deletion, restriction of processing or portability of data from one system to another.

The interested party must send a written request based on their rights through the following link: https://centinela.lefebvre.es/public/concept/2151714?access=kb2lXTRhBoKp3FUki4eMQwl%2fNsDOznQmiuTRa%2bPefLk%3d .

Data Breach Notification Policy

The controller notifies the data subject if the data breach is likely to pose a high risk to their rights and freedoms. The notice describes the nature of the data breach and the actions taken in compliance with the GDPR.

The controller is obliged to notify the data protection authority within 72 hours of disclosure if the data breach is likely to pose a high risk to the rights and freedoms of natural persons.

Limitations

This privacy policy does not apply to third-party websites, applications, or services that may be available through additional services provided by partners in Talenom’s services.

By opening the partner’s website, the customer leaves the Talenom service, allowing the third party to collect and share the information it has collected about the customer.

Talenom recommends that our customers always review the privacy policies of a third-party service before allowing the collection and use of their own personal information on those services.

Complaints to the supervisory authority

In the event that the user considers that there is a problem or infringement of the regulations in force in the way in which their personal data is being processed, they will have the right to effective judicial protection and to lodge a complaint with a supervisory authority, in particular, in the State in which they have their habitual residence, place of work or place of the alleged infringement. In the case of Spain, the supervisory authority is the Spanish Data Protection Agency (http://www.aepd.es).

Acceptance and Changes to this Privacy Policy

It is necessary that the user has read and agrees with the conditions on the protection of personal data contained in this Privacy Policy, as well as that they accept the processing of their personal data so that the Data Controller can proceed with it in the manner, during the periods and for the purposes indicated. Use of the website will imply acceptance of the Privacy Policy.

TALENOM SLU reserves the right to modify its Privacy Policy, in accordance with its own criteria, or motivated by a legislative, jurisprudential or doctrinal change of the Spanish Data Protection Agency.

Last Updated

28/06/2024

Description of Processing Activities

Data Controller: Client

Processor: Talenom SLU

Why do we process personal data?

Talenom stores and processes personal data to provide the services it provides in a contractual relationship between the Processor and the Controller (art. 6.1.b. of the European Union’s General Data Protection Regulation – «GDPR»).

Personal data is also processed and stored in order to comply with the requirements of applicable legislation or regulations, or to comply with a request from a judicial or administrative authority (Art. 6(1)(c) GDPR).

Talenom will also carry out treatment activities to:

To develop the Services contracted by the Clients.
Insert the Client’s employee data into the payroll and HR management application.
Legal advice or management of a legal entity.
The administration and billing of a Customer.
Due diligence (KYC) information required by anti-money laundering legislation
Information about the beneficial owner of a legal entity.

What personal data do we process?

Talenom processes, among others, the following personal data, which may vary according to the type of services contracted:

Due diligence information required by the Money Laundering Act (KYC information).
Information about the beneficial ownership of a legal entity.
Information on Persons with Public Responsibility – PRP or PEP.

Below is the Record of the Processing Activities carried out by Talenom as the Data Processor:

Processing activity	Real Estate: Management of purchase and sale and rental contracts, intermediation in real estate transactions. Change of Vehicle Ownership: Processing of documentation for vehicle transfers. Labor management: Administration of payroll, contracts, and fulfillment of labor obligations. Accounting and tax advice: Preparation of accounting, compliance with tax obligations, advice on tax planning. Commercial advice: Drafting and review of contracts, advice on commercial and corporate matters. Legal advice: legal advice on various matters, including procedural management. M&A Management: Due Diligence, advice on the structuring of transactions, formalization of purchase and sale contracts.
Basis of legitimacy	GDPR: 6.1.b) Processing necessary for the performance of a contract to which the data subject is a party or for the application of pre-contractual measures at the request of the latter.
Purpose of processing	Real Estate: Management and execution of real estate contracts. Change of ownership of vehicles: Formalization of transfers of ownership. Labor management: Compliance with labor and administrative obligations. Accounting and tax advice: Assistance in complying with tax and accounting obligations. Commercial and legal advice: Ensure regulatory compliance and the correct legal management of the company. M&A Management: Facilitate the execution of corporate transactions.
Category of interested parties	Clients natural persons, legal representatives of clients legal entities, their employees, collaborators, suppliers and their clients. Agents involved in real estate, financial, administrative and corporate transactions. Data of Clients’ relatives.
Treatment category	Collection (capture of personal data); Registration (registering or recording the information in a system or device, for subsequent processing); Structuring (ordering and structuring information to facilitate its processing); Modification (altering or changing information): Retention (keeping the information for a certain period of time); Extraction (obtaining information from the original system for submission or transfer to another system); Query (search for data about the system or device on which it is registered); Access (possibility of knowing the data by visualizing it): Interconnection (connecting data from two or more different systems) Comparison (comparison of data to find differences or discrepancies); Communication (sending the data to another recipient); Deletion (removing, making information disappear on the system or device); Destruction (disabling a physical medium to prevent access to information).
Security measures	Minimization of stored data Limitation of access to data. Segregation of duties through access profiles. Backups. Procedures and channels for the exercise of rights. Informative clauses and legal basis for data processing. Sign the corresponding data processing contract to ensure that the third party also complies with its Data Protection obligations
Data category	Identifying; Personal Characteristics Data; Academic and professional data; Time and attendance control data; Economic and financial data; Data on social circumstances; Commercial information data; Economic, financial and insurance data; Transaction data for goods and services; Online identifiers;
International Data Transfer	No international data transfers are made. If necessary, appropriate legal safeguards will apply.

Regular sources of information

The Client enters personal data of its personnel, suppliers and customers to Talenom’s information services, in addition to its own data. This personal data may be entered through electronic and/or physical material that the customer provides.

In addition, personal data is collected from the Tax Agency, Social Security, insurance companies, trade unions, credit services, competent authorities and other parties whose data must be processed in the service provided by Talenom.

Information from users’ devices is collected automatically for the purpose of developing the services and products offered by Talenom and developing customer service, using, for example, cookies from the Internet browser of Talenom’s digital products and online services.

Personal Data Disclosure Policies

Talenom has the power to share the Client’s personal data with its Auditor without the need for specific permission. In order to share the data with other collaborators of the Client, such as lawyers and consultants, the Client must give additional written authorization. When submitting the written material, a copy of the email sent is saved, indicating the basic information of the material disclosed, to whom the data has been communicated and when. This copy is stored in the clients’ folders for any subsequent obligations to provide evidence. The Client may request the creation of user credentials for a third party to access the Talenom software and give them access to their data. In this case, the request also includes the customer’s consent to the disclosure of the customer’s data to the respective third party.

Data is communicated to tax authorities, financial institutions, e-money institutions, pension insurance companies, insurance companies, trade unions, the National Social Security Institute or income-related pension funds without the customer’s authorisation or consent where the disclosure of data is separately regulated by law. Digital data processing is monitored with the help of event data from information systems, i.e. the storage of log data and its automatic or manual monitoring. In addition, if necessary, log data can be used as proof of events that have taken place.

Talenom may disclose personal data to any entity within the Talenom Group. Talenom does not sell or rent personal data to third parties.

Categories of recipients of personal data, including those from third countries and international organizations

The Processor may disclose the Client’s personal data within the limits applicable by applicable law and in accordance with the terms of the contract between the Processor and the Client. Recorded data may be disclosed, for example, to tax and social security authorities, insurance companies, trade unions, pension funds, financial institutions.

The Processor has a legal obligation to disclose personal information to the authorities based on receipt of a written request.

In general, personal data will not be transferred outside the European Union («EU») or the European Economic Area («EEA»). Data transfers outside the EU or EEA are made in accordance with the European Commission’s Standard Contractual Clauses regarding such transfers.

How do we protect personal data?

Technical protection of data in logs

The technical protection of electronically processed data includes, for example, firewalls, password policy and two-factor authentication to Talenom’s customer information systems.

Administrative protection of records

Physical protection of data in logs

Customer data is processed in information systems located in the data center in Finland, exceptionally in Spain, or in cloud services located in the European Union.

These service provider-provided data centers use certified security practices, access control, and monitoring procedures.

Customer’s Obligations

The client is responsible for the implementation and maintenance of appropriate technical and organizational information security measures in its own information systems and physical environments.

How long do we keep the data?

Talenom processes personal data throughout the entire contractual relationship with the customer.

Company data and data of decision-makers in the company are stored in Talenom permanently, because the information is automatically renewed for us from the company information system.

When the customer relationship ends, personal data is stored to the extent necessary to meet our legitimate interests.

We will keep direct marketing information until further notice.

After 3 months, recorded phone calls are automatically deleted from information systems.

Rights of data subjects

In accordance with sections 15-22 of the European Union’s General Data Protection Regulation – GDPR, the data subject has the right to:

Right of access to personal data
Limitation of the processing of your personal data
object to the processing of your personal data
Deletion of data («right to be forgotten»)
portability from one system to another
Objection to the processing of automated decisions
Rectification of data
Submit a complaint to the supervisory authority

The data subject may object to the processing of his/her personal data for direct marketing purposes at any time.

The data subject must send a written request based on his or her rights by e-mail to: protecciondedatos@talenom.com.

Instructions from the Data Controller to the Processor

The Client may separately describe in separate documentation the more detailed instructions given to the Processor for the processing of personal data, which the Processor stores in Client-specific file folders, as part of the Client’s specific instructions.

Data Breach Notification

The Responsible

The notification is made by the Processor to the Data Controller without undue delay after the disclosure of the data protection breach. The notice describes the nature of the data breach and the actions taken as required by law.

Registration

The controller will notify the data subject if the data breach is likely to pose a high risk to their rights and freedoms. The notice describes the nature of the data breach and the actions taken as required by law.

Control Authority

It is the duty of the Controller to notify the Supervisory Authority (Spanish Data Protection Agency) within 72 hours of notification if the data breach is likely to pose a high risk to the rights and freedoms of natural persons. The Processor assists the Controller in notifying the Supervisory Authority of a separate request.

Contact details of the Data Processor and Data Protection Officer

Data Processor

Talenom SLU

Barcelona, Avenida Diagonal, no. 532, 7th floor

NIF: B-66461351

Data Protection Officer

Vanessa Ferrari

E-mail: protecciondedatos@talenom.com

Data Breach Notification Policy

The controller is obliged to notify the data protection authority within 72 hours of disclosure if the data breach is likely to pose a high risk to the rights and freedoms of natural persons.

Subcontractor Contact Details

The client has agreed to the use of subcontractors in general. Talenom provides a list of subcontractors if requested.

Last Updated

28/08/2024

Talenom’s Privacy Policy

Description of Processing Activities

Contact us