“SICE SEGURIDAD” o “the Entity”) is a member company of the SICE Group, whose centralized organizational and management structure entails the application of a Group-wide data protection policy. In this regard, the processing of the Entity’s personal data will be covered by the details in the SICE Group’s data protection information, which interested parties may consult here.
In any case, SICE SEGURIDAD, will operate assuming the commitments of responsibility and compliance with data protection regulations instrumented through the General Data Protection Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and the free movement of such data (RGPD) and the Organic Law 3/2018 on Data Protection and Guarantee of Digital Rights (LOPDGDDD). In the cases that proceed by virtue of the application of local regulations, the corresponding additional requirements will be incorporated into the operations and activities of the SICE SEGURIDAD.
Due to the above, the interested parties are hereby informed about the processing of personal data carried out within the framework of the Entity’s activities, as well as the data protection rights and the service and support mechanisms available in this area.
The identification and contact details of the Data Controller and the Data Protection Officer are as follows:
Adress / C. P.: c/ de la Granja 72, Alcobendas, 28108, Madrid, España Email: seguridad@sice.com
Phone number: 916616927
Data Protection Officer (DPO): dpdexterno@bonetconsulting.com
Data Protection Channel: www.corporate-line.com/pd-gruposice
This data protection information refers to the processing of personal data collected within the framework of the activities and operations of the SICE Group through the various contact mechanisms available and which are processed for the purposes listed in the “Purposes” section.
Hereafter, we list the groups with respect to which we collect and process personal data:
> Shareholders and investors
> Advisers
> Candidates
> Employees
> Interns
> Data of freelancers (suppliers or collaborators)
> Personnel provided by Temporary Employment Agencies
> People who go to the offices and facilities of the Entity
> People who communicate with the Entity for any reason
> Own legal representatives
> Legal representatives and contact persons of clients / awarded authorities.
> Legal representatives and supplier contact persons.
> Legal representatives and contact persons of Collaborating Entities for the execution of research projects or the provision of products and services.
> Legal representatives, contact persons and staff of Collaborating Entities for the formalization and management of Temporary Union of Companies agreements (UTE in Spanish).
> People involved with projects of the Entity for the purposes of coordination and compliance with regulatory requirements and prevention of occupational hazards.
> Interested parties whose intervention is necessary in the field of provision of products and services as Data Processor.
> Users of the regulatory compliance mechanisms implemented by the Group.
> Directly from the interested parties: personal data is collected directly from the interested parties when they send an e-mail, contact us by telephone, fill in a form, send their CV, complete a questionnaire, as well as when it is necessary for the formalization of an agreement of any nature or to request assistance through the channels provided for this purpose.
> Provided by third parties: likewise, personal data may be collected when provided to us by a third party in the framework of the management and fulfillment of a contract for the provision of services and for the coordination of regulatory requirements associated with it, a Temporary Union of Companies agreement and the implementation of the project associated with it, an agreement or contract for the purposes of hiring personnel or to carry out a previously requested and / or informed management.
> Data Processors: may collect, access and process personal data in their capacity as Data Processors in connection with the services provided to our customers.
This processing will be governed by the data protection policies and information provided by the Data Controller in question.
We will keep, use and disclose personal information always within the limits of the data protection regulations in force and for the following purposes:
> Manage your attendance, visit and meetings in our facilities.
> Manage any type of request, suggestion, petition or complaint about the different products and services provided by SICE SEGURIDAD that the interested parties make to us on their own behalf or on behalf of an entity.
> Manage the relationship with our shareholders and investors.
> Manage the provision and performance of the services and products contracted or that have been awarded to us.
> Comply with the requirements of coordination and regulatory compliance, especially regarding ensuring safety and occupational risk prevention in the provision of services and products and in sanitary matters.
> Formalize and manage the acquaintance with suppliers and collaborators of the Entity.
> Formalize and manage the agreements of a Temporary Joint Venture (UTE) in which we participate.
> Send informative and commercial communications in order to inform recipients about upcoming events in which the Entity will participate, activities, articles on innovations related to the sector and the solutions provided, as well as general information related to our services and products that may be of interest to you.
The reception of our communications may be cancelled at any time through the channel www.corporate-line.com/pd-gruposice or by unsubscribing from these through the link provided in the communication itself.
> Manage the data provided by job candidates for selection and recruitment purposes.
> Formalize, develop, maintain and fulfill our obligations acquired by virtue of a labor or professional relationship or an agreement with a third party.
> Manage and control the operation of the internal mechanisms, policies and protocols established by the SICE Technology and Systems Group for the purposes of regulatory compliance and prevention of criminal liability, especially the reporting channels.
> Guarantee the security of offices, facilities and people through access controls, video surveillance systems and other access control / identification systems.
> Comply with the legal provisions that apply to the Entity and its activities.
> All those data processes that are applicable to us for due compliance with the regulations and official / sector requirements to which our activity is subject.
For the proper purpose and development of your attention and management of the above purposes, the processing of your data for the purposes that correspond to those mentioned above will be carried out under the strictest compliance with the Data Protection regulations and the Policy that we are detailing. You can exercise your rights at any time (see specific section).
The legal basis that enables the Entity to process the personal data of users, customers and potential customers are the following titles:
> The consent of the interested people for the processing and management of any request for information or enquiry about our services and products.
> The framework for contracting and / or awarding services or products provided by the different business lines of SICE SEGURIDAD, as well as compliance with the legal obligations associated with them.
> El marco contractual establecido con nuestros accionistas e inversores, así como el cumplimiento de las obligaciones impuestas por las normativas societarias.
> The contractual framework established with our shareholders and investors, as well as compliance with the obligations imposed by corporate regulations.
> The contracting framework of our suppliers.
> The legitimate interest to carry out checks for due diligence purposes and the formalization and management of agreements to establish a Temporary Union of Companies (UTE in Spanish).
> The legitimate interest to understand and analyze at the Group level and at the individual level of the Entity the development of the different lines of business, improve the products and services and enhance the corporate development of the Group.
> The legitimate interest to send informative and commercial communications related to our activity and the services and products offered through email or any other means.
> The legitimate interest to guarantee the security of the offices, facilities and people.
> The consent granted by the candidate when registering for our job offer(s) and the legitimate interest of the organization to include it in other selection processes of the companies of the Group if it fits the professional profile of the candidate.
> The fulfillment of the labor, professional contract and / or agreement formalized with training entities.
> The legitimate interest for the implementation of a regulatory compliance system, as well as to comply with security requirements and commitments to ethics and sustainability.
> The fulfillment of the requirements and obligations bequeathed to which the activity of the SICE Group’s activity refers.
> Management of contracted / awarded solutions: the personal data included in the contracts, offers and / or service proposals, as well as those of the rest of the people whose intervention is necessary in the established contractual relationship, will be kept for as long as they are in force for the agreements for the provision of services / products. At the end of the relationship, the personal data will be kept in the cases that responsibilities may arise between the parties or in compliance with other regulatory frameworks that are applicable to it and that require their conservation. The personal data will be kept in a way that allows the identification and exercise of the rights of those affected and under the legal and organizational technical measures necessary to ensure the confidentiality and integrity of these.
> Curriculum Vitae Management: generally, we keep your Curriculum Vitae for a maximum period of one year; once this period has concluded, it will automatically proceed to its destruction, in compliance with the data quality principle.
formalized with Temporary Employment Companies: personal data will be kept, in any case, for as long as the employment relationship is in force, the time agreed in the internship agreement or in the contract formalized with the Temporary Employment Company and, at the end of the same, in the cases that could derive responsibilities between the parties and when required by a regulation with the force of law.
> Others: the rest of the data and information provided by the interested parties by any measure, will be kept for as long as is necessary to fulfill the purpose for which they were collected and within the framework of responsibility and regulatory compliance that they have associated.
General
In compliance with data protection regulations, the Entity will process personal data by applying the appropriate technical, legal, organizational and security measures in order to guarantee the confidentiality and integrity of the information it manages in accordance with the provisions of the regulations in force.
> Appointment of a Group Data Protection Officer (DPO).
> Formation and sensitization of staff on data protection and information security.
> Implementation of policies and protocols for action regarding data protection and information security.
> Formalization of contracts for the Data Processor with all third parties that have access and process data on our own.
> Implementation of access control policies to resources and systems, identification and authentication policies, as well as delegation of authorizations to users according to the functions they perform.
> Backup copy and backup of our information and personal data.
> Assessment and periodic data protection controls by an external expert.
> Independent security certifications to maintain continuous approval in line with international standards for information security (ISO / IEC 270019).
We really appreciate that you inform the Data Protection Officer through the Channel established in this Privacy Policy, of any security risk, of which you have indications or knowledge, that may compromise the integrity and confidentiality of personal data and/or confidential information, in order to be able to take the necessary measures to avoid its unauthorized processing, loss, destruction or accidental damage.
As a specific and complementary concept to the above, the Entity applies cybersecurity measures to prevent and manage possible attacks and fraud by cybercriminals that threaten the privacy and protection of the data that our Entity processes and accesses in the scope of its activities and operations.
In this sense, we would like to warn that in the event of possible situations of risk due to communications whose content and/or format generate doubts as to their authenticity, we recommend omitting them and contacting the Data Protection Department through the contact details indicated in this Privacy Policy.
Furthermore, any request you receive from our Entity regarding changes in payment methods, requests for data or contact details or confidential (non-public) information, bank and/or credit card details and/or other official data, must not be attended without direct confirmation from our Entity by an alternative means. We are grateful for and need your cooperation in communicating and reporting any notification of this type of request and other possible situations of risk of cyber-attacks in which our Entity may be used, as well as any possible security risk of which you may be aware of.
SICE SEGURIDAD, whenever necessary to achieve the purposes described above, will share personal data with the following third parties:
> Companies of the SICE Technology and Systems Group and VINCI: when necessary for the correct management of a contract for the provision of services or products, for the management of the Group by virtue of its centralized organizational structure, as well as to share data of candidates whose profiles may fit into Entities vacancies.
> Collaborating entities: when their participation is required within the framework of a contract and / or agreement for the provision of products and services established with our clients or a public entity. Likewise, personal data may be communicated within the framework of a Temporary Union of Companies agreement for the execution of a project.
> Suppliers: personal data may be communicated to different suppliers due to the provision of services by them that requires access and processing of personal data, such as, for example, providers of consulting and legal advice services, providers of advice in labor, tax and accounting matters, providers of software and maintenance services, etc.
> Attorneys: if their intervention is required due to a judicial proceeding.
> Administrations and public bodies in compliance with applicable regulations (labor, occupational risk prevention, tax, accounting, data protection, etc.)
> Courts and Tribunals and the State Security Forces and Bodies: personal data will be communicated to these entities whenever it is officially required.
Apart from the previously detailed assumptions, no personal data will be communicated to third parties, except in compliance with a legal provision.
In accordance with the activity and scope of international operations, SICE SEGURIDAD provides its products and services through teams located in different parts of the world, including countries where data protection laws are different from those of the European Union. When necessary due to regulatory compliance requirements or for the provision of products or services offered by the Entity, personal data may be communicated to our teams or to third parties located outside the European Union.
Interested parties can request information about the international transfer of their personal data by exercising their access rights or by contacting the DPO through the specific contact mechanisms that the Entity has enabled for this purpose.
Right of Access, Rectification and Deletion: interested persons have the right to obtain confirmation about whether SICE SEGURIDAD is treating personal data that concerns them, or not, as well as to request the rectification of inaccurate data or request its deletion when, among other reasons, the data is no longer necessary for the purposes for which it was collected.
Right to Limitation and Opposition: in certain circumstances, the interested parties may request the limitation of the processing of their data, in which case, we will only keep them for the exercise or defense of claims or when necessary, in compliance with a law. Likewise, in some cases and for reasons related to their situation, the interested parties may object to the processing of their data. We will stop processing the data in this case, except for compelling legitimate reasons, or for the exercise or defense of possible claims.
Right to revoke consent: data subjects have the right to withdraw their consent at any time, except in the case of processing of personal data provided for in the Data Protection Regulations or necessary for the provision of the contracted service, which does not require such consent. However, this withdrawal does not have retroactive effects, so it will not affect the lawfulness of the processing based on previously granted consent.
Interested persons may exercise their data protection rights by writing to the postal address Calle la Granja, 72, P.I. Alcobendas, 28108 – Alcobendas (Madrid) or through the channel (www.corporate- line.com/pd-gruposice). Likewise, if you do not receive a reply from us within a month, you may complain to the Control Authority (Spanish Agency for Data Protection: www.agpd.es).
SICE Technology and Systems Group has implemented a Channel, contemplating the highest commitment, rigour and professionalism in terms of security, experience, independence and knowledge in the processing of the received communications.
The Channel, which includes the use in the field of Data Protection, has been implemented through a web platform, developed and managed by an independent external expert, to provide and guarantee our previous commitments to you.
Through the Channel, you can communicate and process the exercise of your Rights (see previous section) and communicate any indication or knowledge you may have of possible security violations (breaches), cyber-attacks and/or possible breaches or irregularities regarding Data Protection regulations and this SICE Technology and Systems Group‘s Policy.
The Channel access is detailed at the beginning of this Policy.
In case of disagreement with the Entity in relation to the processing of your data, you have the right to file a claim with the relevant Data Protection Supervisory Authority. In Spain, this Authority is the Spanish Data Protection Agency (www.aepd.es).
Interested parties may notify the SICE Technology and Systems Group of any doubts regarding the processing of their personal data or the interpretation of our Privacy Policy, by contacting the Data Protection Officer (DPO) at the address indicated at the beginning of this Policy.
SICE SEGURIDAD reserves the right to modify and / or update information on data protection, when necessary for proper compliance with the regulations on this matter. If there is any modification, the new text will be published in this same section of the website.
In each case, the relationship with users will be governed by the rules provided at the precise moment the website is accessed.