Privacy Policy | Talenom

Talenom’s privacy policy describes the practices and principles related to the processing of personal data.

The privacy policy helps you understand what personal data we collect and why, as well as how we process, protect, store and delete your personal data.

This privacy policy applies to the Talenom website, Services offered to customers, Talenom Software and related information systems, as well as for recruitment and selection of personnel.

Why do we process personal data?

Talenom stores and processes personal data in order to provide services within the framework of a contractual relationship between Talenom and Talenom’s customers (Art. 6.1.b. of the European Union’s General Data Protection Regulation – «GDPR»).

Talenom may be obliged to disclose personal data if required to do so by applicable laws or regulations, or to comply with a request from a judicial or administrative authority (Art. 6.1.c. GDPR).

Talenom has a legitimate interest in the processing of personal data for the purpose of directing the marketing and sales of Talenom’s services, as well as to improve the quality of Talenom’s products and services (Art. 6.1.f. GDPR).

The processing of personal data is based on separate consent (Art. 6(1)(a) GDPR) for the following processing operations:

Direct marketing.
Use of personal images.
Criminal background check.

The data subject has the right to withdraw his/her consent at any time via a link in the marketing messages.

What personal data do we process?

Talenom processes, among others, the following personal data:

Name and surname.
Personal identification number (such as DNI, passport, NIE).
Gender, marital status, nationality, age, date and place of birth.
Details of family members and their circumstances, such as date of marriage, divorce, separation, matrimonial regime.
Personal registration number, social security/mutual insurance number.
Contact details, such as address, telephone number, email address.
Due diligence information required by the Money Laundering Act (KYC information).
Information on the beneficial ownership of a legal entity.
Information on Persons with Public Responsibility – PRP or PEP.
Health information (e.g. in relation to probate services from advisory services).
Health data (sick leave, accidents at work and degree of disability, excluding diagnoses, allergies, food intolerances, maternity and paternity leave), trade union membership (for the exclusive purpose of paying trade union dues, if applicable), trade union representative (if applicable), proof of attendance from own and third parties.
Attendance control data: date and time of check-in and check-out, reasons for absences.
Economic-financial data: tax address, payroll data, credits, loans, guarantees, tax deductions, cancellation of assets, judicial withholdings (if applicable), other withholdings (if applicable).
Bank details such as card number and IBAN, bank statements, tax returns, financial statements.
Economic data relating to civil insolvency, income and expenses, debts, taxes, ownership of assets, life insurance, pensions, scholarships, subsidies, corporate shareholdings, movable and real estate properties in general.
Personal images.
Customer history, such as contacts and changes to services.
Call and video call recordings and other cases from our customer service.
User credentials for Talenom’s electronic services.
Log Information for Use of the Services.
Information provided by cookies.
Information voluntarily provided by those registered in the recruitment process, such as qualifications, training, professional experience, employment details, incompatibilities, references, among others that may be informed by the candidates.
Marketing Prohibitions and Consents.
Personal data contained in a complaint made through the Talenom Information Channel.
Other personal data that is necessary for the provision of the services.

In some of its services, Talenom processes personal data on behalf of its customers. In these cases, the customer is the Data Controller and Talenom acts as the Data Processor, in the capacity defined by the GDPR.

In this case, the processing activities related to the processing of personal data have been separately agreed with Talenom’s customer, using the Description of Personal Data Processing Activities included in this document:

[include link to Description of Personal Data Processing Activities]

Regular sources of information

In most cases, we receive your data directly from you, for example, in the following situations:

You become a customer of Talenom and use our products and services
Participate in Talenom surveys, campaigns, or events
You call our customer service or send a message in the chat
If you apply to work for us

In addition, we receive information about:

Records kept by authorities.
From national and international sanctions lists.
From other services that provide public contact information.
From the contact forms on the website Talenom.com.
Talenom’s internal sources of information.
Networking.

How do we protect personal data?

Technical protection of data in the registers

The technical protection of electronically processed data includes, for example, firewalls, password policy and two-factor authentication to Talenom’s customer information systems.

The data that is transferred to the client and Talenom services is encrypted with TLS (Transport Layer Security) technology. Data is backed up regularly and stored in a different location than the primary data.

Talenom conducts internal and third-party assessments and audits covering both the technical security of critical information systems and processes and guidelines for administrative information security and data protection.

Administrative Records Protection

When a person starts working at Talenom, they are informed of Talenom’s information security and data protection policy. This policy sets out the general rules on information security and data protection that the employee must mandatorily comply with.

Talenom’s staff’s awareness of information security and data protection is regularly maintained in a number of ways: by organising regular information security and data protection information exchange sessions for all company staff, and by organising mandatory information security and data protection training for employees every year.

Talenom’s employees and subcontractors access personal data in records based on the access rights given to them. Users’ access rights are reviewed periodically. System administrators’ access rights are monitored and removed when the user no longer needs them. Employees who have ceased to work at Talenom lose their access rights upon termination of the employment relationship.

According to the information security policy, Talenom employees may only process customer data when it is necessary for their work. It is not permitted to process customer data for other reasons, even if the employee had technical access to it due to his or her role and business reasons.

All Talenom personnel, and subcontractors acting on behalf of Talenom, have a duty of confidentiality in relation to all Talenom personal and customer data. The obligation of confidentiality is recorded in the employment contracts of Talenom staff and in agreements with third parties, including penalties for breach of confidentiality.

Physical protection of data in records

Customer data is processed in information systems located in the data center in Finland, exceptionally in Spain, or in cloud services located in the European Union.

In the data centers located in Finland, the most important production systems have been duplicated into two physically separated data centers to ensure security, data preservation and continuity of service in normal and exceptional situations.

These data centers provided by the service provider use certified security practices, access control, and monitoring procedures.

Data Disclosure & Outsourcing

Talenom may, if necessary, disclose personal data to any company in the Talenom Group.

In certain cases, Talenom must also disclose personal data to authorities if required to do so by applicable law or regulation or a request from a judicial or administrative authority.

Talenom may disclose non-sensitive personal data to its partners for the purpose of developing services, monitoring quality, and marketing.

Talenom may be required to disclose the KYC data of customers using BBVA’s API to BBVA in accordance with anti-money laundering legislation. The disclosure of data is based on an agreement between Talenom and BBVA, in which case BBVA’s data protection practices apply to the processing of personal data. You can access BBVA’s privacy policy from its website.

Talenom does not sell or rent personal data to third parties.

Talenom uses vendors that assist Talenom and/or provide part of our services. In this context, personal data may be transferred to the systems of the providers concerned for the purpose of providing the service. These providers are usually video surveillance, marketing or recruitment partners, operators or cooperation network companies for software development. Talenom enters into a Data Processor Agreement (DPA) with its vendors to protect the privacy rights and freedoms of data subjects. Upon request, Talenom will provide an up-to-date list of data processors.

Data transfer outside the EU/EEA

In general, personal data processed by Talenom is not transferred outside the European Union or the European Economic Area.

Contact information used in marketing communications and statistical data generated by the use of Talenom’s electronic systems, as well as data stored in the recruitment service, are transferred outside the EU/EEA to servers located in the United States. These are protected by the respective service providers in accordance with European Union data protection legislation.

Data transfers outside the EU/EEA are carried out in accordance with the standard contractual clauses for data protection approved by the European Commission.

Processors transferring data outside the EU/EEA:

Google Analytics
- Hubspot

How long do we keep the data?

Talenom processes personal data throughout the entire contractual relationship with the customer.

Company data and the data of the company’s decision-makers are stored in Talenom permanently, because the information is automatically renewed for us from the enterprise information system.

When the customer relationship ends, personal data is stored to the extent necessary to fulfil our legitimate interests.

We will keep direct marketing information until further notice.

After 3 months, recorded phone calls are automatically deleted from information systems.

How do we use cookies and web analytics?

Talenom collects information with cookies to improve the user experience on our site and services, evaluate content usage patterns, and support marketing.

Cookies are small text files that are stored on the terminal device of the website visitor.

The following information about the data subject is stored:

User’s IP address
- Time of the visit
- Pages Visited and Duration of Visit
- Type of browser used
- Terminal version and operating system
- Where the user comes from and where they go after using the site

By using the Talenom website, you agree to the use and storage of cookies on your computer.

The visitor can prevent the use of cookies by changing the browser settings so that the browser does not allow the storage of cookies. In this case, the user accepts that, for some services, blocking the use of cookies may, however, affect the functionality of the service.

Data from users’ terminal devices is collected automatically for the development of electronic products and customer service, using, for example, Internet browser cookies or similar technologies.

You can find more details about the use of cookies in the cookie notice available on our website.

Rights of Data Subjects

In accordance with sections 15-22 of the European Union’s General Data Protection Regulation – GDPR, the data subject has the right to:

Right of access to personal data
Restriction of the processing of your personal data
object to the processing of your personal data
Deletion of data («right to be forgotten»)
Portability from one system to another
Objection to the processing of automated decisions
Rectification of data
Lodge a complaint with the supervisory authority

The data subject may object to the processing of his/her personal data for direct marketing purposes at any time.

The exercise of some of the data subject’s rights is limited by other mandatory legislation, on the basis of which Talenom has the right and obligation to refuse on reasonable grounds the rectification, erasure, restriction of processing or portability of data from one system to another.

The interested party must send a written request based on his/her rights by e-mail to: protecciondedatos@talenom.com .

Contact details of the Data Controller and the Data Protection Officer

Data Controller

Talenom SLU

Barcelona, Avenida Diagonal, no. 532, 7 planta

NIF: B-66461351

Data Protection Officer

Vanessa Ferrari

E-mail: protecciondedatos@talenom.com

Data Breach Notification Policy

The controller notifies the data subject if the data breach is likely to pose a high risk to their rights and freedoms. The notification describes the nature of the data breach and the actions taken pursuant to the GDPR.

The controller has an obligation to notify the data protection authority within 72 hours of disclosure if the data breach is likely to pose a high risk to the rights and freedoms of natural persons.

Limitations

This privacy policy does not apply to third-party websites, applications, or services that may be made available through additional services provided by partners on Talenom’s services.

By opening the partner’s website, the customer leaves the Talenom service, allowing the third party to collect and share the information it has collected about the customer.

Talenom recommends that our customers always review the privacy policies of a third-party service before allowing the collection and use of their own personal information on those services.

Last Updated

20/05/2024

Description of Processing Activities

Responsible: Client

Manager: Talenom

Why do we process personal data?

Talenom stores and processes personal data in order to provide the services provided by the Processor in a contractual relationship between the Processor and the Controller (art. 6.1.b. of the European Union’s General Data Protection Regulation – «GDPR»).

Personal data is also processed and stored in order to comply with the requirements of applicable laws or regulations, or to comply with a request from a judicial or administrative authority (Art. 6(1)(c) GDPR).

Talenom will also carry out processing activities to:

Develop the Services contracted by the Clients.
Insert the Client’s employee data into the payroll and HR management application.
Legal advice or management of a legal entity.
The administration and billing of a Client.
Due diligence (KYC) information required by anti-money laundering legislation
Information about the beneficial owner of a legal entity.

Talenom has a legitimate interest in processing personal data for the purpose of directing the marketing and sales of Talenom’s services, as well as to improve the quality of Talenom’s products and services (Art. 6.1.f. GDPR).

What personal data do we process?

Talenom processes, among others, the following personal data, which may vary according to the type of services contracted:

Due diligence information required by the Money Laundering Act (KYC information).
Information on the beneficial ownership of a legal entity.
Identification Data

Actividad	Finalidades del Tratamiento	Colectivo	Categorías de Datos Personales
Servicio de Asesoramiento legal en Litigios	Proporcionar servicios legales de asesoramiento y representación en litigios a los clientes. Esto implica: 1. Representación Legal. 2. Defensa de Intereses. 3. Asesoramiento Legal. 4. Negociación. 5. Gestión de Documentos Legales. 6. Representación en Audiencias y Procedimientos. 7. Confidencialidad. 8. Resolución de Casos.	Clientes (demandantes o demandados) y sus contrapartes	Datos Identificativos: Nombre y apellidos, DNI o equivalente. Datos de Contacto: Dirección, teléfono y correo electrónico. Otros: Datos proporcionados por los clientes, según la necesidad del caso.
Servicio de Asesoramiento legal para los Clientes	Elaboración de informes, pareceres, atendimiento de consultas legales.	Clientes personas físicas, representantes legales de clientes personas jurídicas, sus empleados, colaboradores, proveedores y sus clientes. Agentes implicados en operaciones inmobiliarias, financieras, administrativas y societarias. Datos de familiares de los Clientes.	Datos Identificativos: Nombre y apellidos, DNI o equivalente. Datos de Contacto: Dirección, teléfono y correo electrónico. Otros: Datos proporcionados por los clientes, según la necesidad del caso.
Servicio de Asesoramiento Mercantil para los clientes	Constitución y disolución de sociedades, fusiones, adquisiciones, pactos de socios, llevanza de los libros corporativos, contratos mercantiles, poderes, actas de titularidad real, due diligences.	Clientes personas físicas, representantes legales de clientes personas jurídicas, sus empleados, colaboradores, proveedores y sus clientes. Agentes implicados en operaciones. Datos de familiares de los Clientes.	Datos Identificativos: Nombre y apellidos, DNI o equivalente. Datos de Contacto: Dirección, teléfono y correo electrónico. Datos de características personales: Sexo, estado civil, nacionalidad, residencia, edad, fecha y lugar de nacimiento y datos familiares. Datos de circunstancias familiares: régimen matrimonial. Datos académicos y profesionales: Ocupación. Datos económico-financieros: Certificado Bancario. Datos de propiedades mobiliarias e inmobiliarias en general. Transferencias bancarias.
Servicio de Asesoría Contable y Fiscal para los Clientes	Presentación de impuestos, mantenimiento de los libros contables, asesoría fiscal.	Clientes personas físicas, representantes legales de clientes personas jurídicas, sus empleados, colaboradores, proveedores y sus clientes. Agentes implicados en operaciones inmobiliarias, financieras, administrativas y societarias. Datos de familiares de los Clientes.	Datos Identificativos: Nombre y apellidos, DNI o equivalente, número de registro de personal, número de Seguridad Social/Mutualidad. Datos de Contacto: Dirección, teléfono y correo electrónico. Categorías especiales de datos: datos de salud (bajas por enfermedad, accidentes laborales y grado de discapacidad, sin inclusión de diagnósticos, maternidad, paternidad), afiliación sindical y colegiaciones profesionales (a los exclusivos efectos del pago de cuotas sindicales y profesionales, en su caso). Antecedentes penales. Datos de características personales: Sexo, estado civil, nacionalidad, residencia, edad, fecha y lugar de nacimiento y datos familiares. Datos de circunstancias familiares: Fecha de matrimonio, divorcio, separación, viudedad. Datos académicos y profesionales: Titulaciones, formación y experiencia profesional (CV, certificado de vida laboral). Datos de detalle de empleo. Incompatibilidades. Datos de control de entrada y salida en el país: fecha y lugar de entrada y salida, motivo de ausencia. Datos económico-financieros: Datos económicos de nómina, créditos, préstamos, avales, deducciones impositivas, retenciones judiciales (en su caso), otras retenciones (en su caso). Datos bancarios. Datos económicos relativos a insolvencia. Deudas. Datos relativos a ingresos y gastos personales, tanto dentro como fuera del país. Impuestos satisfechos en el extranjero. Titularidad de bienes tanto dentro como fuera del país. Datos económicos relacionados a herencias y donaciones. Becas y subvenciones. Seguros de vida, pensiones. participaciones societarias, propiedades mobiliarias e inmobiliarias en general. Otros datos: datos relativos a la acción social. Datos aduaneros.
Servicio de Emisión y Gestión de Certificados Digitales	Registro y gestión de las solicitudes de emisión de certificados digitales. Gestión de la emisión de los certificados digitales. Gestión de los certificados digitales de los clientes de Talenom.	Colaboradores, empleados, clientes	Datos Identificativos: Nombre y apellidos, DNI o equivalente, código de usuario, firma, huella digital. Datos de Contacto: Dirección, teléfono y correo electrónico. Datos académicos y profesionales: Departamento, empresa Datos de características personales: Lugar y fecha de nacimiento Datos tecnológicos: Dirección IP, logs.
Servicio de Gestión laboral para clientes	Activar sociedades o autónomos para que puedan operar y contratar empleados. Contratación y gestión de nóminas y contratos de los trabajadores. Bajas de trabajadores, gestiones de prestaciones.	Personal laboral de los clientes y sus familiares, representantes legales de las empresas y sus familiares. Abogados de los clientes y representantes legales de sus anteriores asesorías. Representantes sindicales.	Datos Identificativos: Nombre y apellidos, DNI o equivalente, código de usuario, firma, huella digital, número de registro de personal, número de Seguridad Social/Mutualidad. Datos de Contacto: Dirección, teléfono y correo electrónico. Categorías especiales de datos: datos de salud (bajas por enfermedad, accidentes laborales y grado de discapacidad, sin inclusión de diagnósticos, alergias, intolerancias alimentarias), afiliación sindical ( a los exclusivos efectos del pago de cuotas sindicales, en su caso), representante sindical (en su caso), justificantes de asistencia de propios y de terceros. Datos de características personales: Sexo, estado civil, nacionalidad, edad, fecha y lugar de nacimiento y datos familiares. Datos de circunstancias familiares: Fecha de alta y baja, licencias, permisos y autorizaciones. Datos académicos y profesionales: Titulaciones, formación y experiencia profesional (CV). Datos de detalle de empleo. Incompatibilidades. Referencias profesionales. Datos de control de presencia: fecha/hora entrada y salida, motivo de ausencia. Datos económico-financieros: Datos económicos de nómina, créditos, préstamos, avales, deducciones impositivas, baja de haberes correspondiente al puesto de trabajo anterior (en su caso), retenciones judiciales (en su caso), otras retenciones (en su caso). Datos bancarios. Otros datos: datos relativos a la acción social. imágenes, fotos del personal.
Servicio de Inmigración para los clientes	Obtención, renovación, extinción de permisos de residencia. Comunicación a las autoridades migratorias o policiales.	Clientes personas físicas y sus familiares. Trabajadores de empresas con sus familiares.	Datos Identificativos: Nombre y apellidos, DNI o equivalente, firma, huella digital, número de Seguridad Social/Mutualidad. Datos de Contacto: Dirección, teléfono y correo electrónico. Datos de características personales: Sexo, estado civil, nacionalidad, edad, fecha y lugar de nacimiento y datos familiares, nombre del padre y de la madre. Datos de circunstancias familiares: Fecha de matrimonio, de divorcio/separación. Datos académicos y profesionales: Titulaciones, formación y experiencia profesional (CV). Datos de detalle de empleo. Incompatibilidades. Referencias profesionales. Datos de control de viajes: fecha entrada y salida de España, motivo de ausencia. Datos económico-financieros: Datos económicos de nómina, certificados de deudas la agencia tributaria y seguridad social. Datos bancarios. Otros datos: datos del padrón municipal. Imágenes, fotos personales.
Servicio de Seguros	Ofrecimiento de servicios de seguros, que finalmente serán contratados con corredurías colaboradoras.	Clientes y sus representantes legales.	Datos Identificativos: Nombre y apellidos, DNI o equivalente, firma, huella digital. Datos de Contacto: Dirección, teléfono y correo electrónico. Otros datos: aquellos que sean necesarios para la elaboración de una propuesta económica de los seguros solicitados por los clientes.
Servicio en Trafico de Cambio de Titularidad de Vehículos	Cumplimiento del contrato para la transferencia de titularidad de un vehículo	Clientes de Talenom y sus contrapartes en la transferencia del vehículo (comprador y vendedor)	Datos Identificativos: Nombre y apellidos, DNI o equivalente, datos del permiso de conducir, firma, huella digital. Datos de Contacto: Dirección, teléfono y correo electrónico. Datos de características personales: Sexo, estado civil, nacionalidad, edad, residencia, fecha y lugar de nacimiento y datos familiares. Otros datos: datos del vehículo.
Servicios de Real Estate para los clientes	Asesoramiento legal para la adquisición de un inmueble relacionada con facilitar y llevar a cabo la transacción inmobiliaria de manera legal y eficiente.	Clientes personas físicas, representantes de clientes personas jurídicas. Agentes y partes intervinientes en las operaciones (comprador, vendedor, entidad financiadora, inmobiliarias, etc).	Datos Identificativos: Nombre y apellidos, DNI o equivalente, datos del permiso de conducir, firma, huella digital. Datos de Contacto: Dirección, teléfono y correo electrónico. Datos de características personales: Sexo, estado civil, nacionalidad, edad, residencia, fecha y lugar de nacimiento y datos familiares. Datos de circunstancias familiares: Fecha de matrimonio, divorcio, separación, régimen matrimonial. Datos académicos y profesionales: Formación y actividad profesional. Datos económico-financieros: Datos económicos de nómina, créditos, préstamos, avales, deducciones impositivas, baja de haberes correspondiente al puesto de trabajo anterior (en su caso), retenciones judiciales (en su caso), otras retenciones (en su caso). Datos bancarios. Otros datos: datos del inmueble.

Regular sources of information

The Client enters personal data of its staff, suppliers and customers to Talenom’s information services, in addition to its own data. This personal data can be entered by means of electronic and/or physical material provided by the customer.

In addition, personal data is collected from the Tax Agency, Social Security, insurance companies, trade unions, credit services, competent authorities and other parties whose data must be processed in the service provided by Talenom.

Information from users’ devices is collected automatically for the purpose of developing the services and products offered by Talenom and developing customer service, using, for example, cookies from the Internet browser of Talenom’s digital products and online services.

Personal Data Disclosure Policies

Talenom has the power to share the Client’s personal data with its Auditor without the need for specific permission. In order to share the data with other collaborators of the Client, such as lawyers and consultants, the Client must give additional written authorization. When submitting the written material, a copy of the email sent is kept, indicating the basic information of the material disclosed, to whom the data has been communicated and when. This copy is stored in clients’ folders for any subsequent obligation to provide evidence. The Client may request the creation of user credentials for a third party to access the Talenom software and give them access to their data. In this case, the request also includes the customer’s consent to the disclosure of the customer’s data to the respective third party.

Data is communicated to tax authorities, financial institutions, electronic money institutions, pension insurance companies, insurance companies, trade unions, the National Social Security Institute or income-related pension funds without the customer’s authorization or consent when the disclosure of data is separately regulated by law. The processing of digital data is monitored with the help of event data from information systems, i.e. the storage of log data and its automatic or manual monitoring. In addition, if necessary, the log data can be used as proof of the events that have taken place.

Talenom may disclose personal data to any entity within the Talenom Group. Talenom does not sell or rent personal data to third parties.

Categories of recipients of personal data, including those from third countries and international organisations

The Processor may disclose personal data of the Client within the limits applicable by applicable law and in accordance with the terms of the contract between the Processor and the Client. Recorded data may be disclosed, for example, to tax and social security authorities, insurance companies, trade unions, pension funds, financial institutions.

The Processor has a legal obligation to disclose personal information to law enforcement based upon receipt of a written request.

In general, personal data will not be transferred outside the European Union («EU») or the European Economic Area («EEA»). Data transfers to outside the EU/EEA are made in accordance with the European Commission’s Standard Contractual Clauses regarding such transfers.

How do we protect personal data?

Technical protection of data in the registers

The technical protection of electronically processed data includes, for example, firewalls, password policy and two-factor authentication to Talenom’s customer information systems.

Administrative Records Protection

Physical protection of data in records

Customer data is processed in information systems located in the data center in Finland, exceptionally in Spain, or in cloud services located in the European Union.

These data centers provided by the service provider use certified security practices, access control, and monitoring procedures.

Obligations of the Client

The client is responsible for the implementation and maintenance of appropriate technical and organizational information security measures in its own information systems and physical environments.

How long do we keep the data?

Talenom processes personal data throughout the entire contractual relationship with the customer.

Company data and the data of the company’s decision-makers are stored in Talenom permanently, because the information is automatically renewed for us from the enterprise information system.

When the customer relationship ends, personal data is stored to the extent necessary to fulfil our legitimate interests.

We will keep direct marketing information until further notice.

After 3 months, recorded phone calls are automatically deleted from information systems.

Rights of Data Subjects

In accordance with sections 15-22 of the European Union’s General Data Protection Regulation – GDPR, the data subject has the right to:

Right of access to personal data
Restriction of the processing of your personal data
object to the processing of your personal data
Deletion of data («right to be forgotten»)
Portability from one system to another
Objection to the processing of automated decisions
Rectification of data
Lodge a complaint with the supervisory authority

The data subject may object to the processing of his/her personal data for direct marketing purposes at any time.

The data subject must send a written request based on his/her rights by e-mail to: protecciondedatos@talenom.com.

Instructions from the Data Controller to the Processor

The Customer may separately describe in separate documentation the more detailed instructions given to the Processor for the processing of personal data, which the Processor stores in Customer-specific file folders, as part of the Customer’s specific instructions.

Data Breach Notification

The Controller

The notification is made by the Processor to the Data Controller without undue delay following the disclosure of the data protection breach. The notification describes the nature of the data breach and the actions taken as required by law.

Registration

The controller will notify the data subject if the data breach is likely to pose a high risk to their rights and freedoms. The notification describes the nature of the data breach and the actions taken as required by law.

Supervisory Authority

It is the duty of the Data Controller to notify the Supervisory Authority (Spanish Data Protection Agency) within 72 hours of notification if the data breach is likely to pose a high risk to the rights and freedoms of natural persons. The Data Processor assists the Data Controller in notifying the Supervisory Authority of a separate request.

Contact details of the Data Processor and the Data Protection Officer

Data Processor