Privacy policy

Your privacy is important to us, and so is transparency on how we gather, use and share information about you. This policy sets out to help you understand:

MINORS

Pursuant to the provisions of data protection legislation, NAVARRA DE SERVICIOS Y TECNOLOGÍAS, S.A.U. (hereinafter, NASERTIC) establishes that you must be over 14 years of age to access this website. If you are under 14 years of age and have accessed this website, you should not provide us with any of your data. You are responsible for the truthfulness of this information. If NASERTIC finds that the above requirement has not been complied with, it is entitled to ignore the information request. Information about minors regarding their professional or economic situation, or details of their relationship with other family members shall not be gathered under any circumstances without their families' consent.

WHO IS THE DATA CONTROLLER OF YOUR PERSONAL DATA?

NAVARRA DE SERVICIOS Y TECNOLOGÍAS, S.A.U. with TIN BA31098064, and domicile at C/ Orcoyen s/n, 31011, Pamplona (Navarra), tel: 848 420 500 and email address at: info@nasertic.es.

Pursuant to the provisions of the GDPR and the Spanish LOPDGDD, NASERTIC has appointed a Data Protection Officer. Their main function shall be to inform and advise the data controller of the obligations pertaining to same by virtue of the GDPR and to supervise compliance with the provisions of data protection legislation currently in force.

To contact the data protection officer, write to: dpd@nasertic.es

WHAT DO WE PROCESS YOUR PERSONAL DATA FOR?

Contact: the data that you send us when you complete one of our contact forms or send an email is used to answer the information request.
Access control: when you visit our facilities we will ask you for your data to keep a record of people from outside the organisation who visit our company.
Selection processes: if you send us your CV, your data shall be stored in our job bank so that you can participate in the job offers that best match your profile. We will process your data in order to assess and manage your job application.
Whistle blower channel: the data that is provided shall be processed in order to respond to a query or process a complaint made according to our code of ethics.
Video surveillance: the images recorded by the security cameras located in our facilities shall be processes in order to guarantee the security of our facilities and the persons that work there.
Compliance with legal obligations that apply to companies (Occupational Health and Safety Act, Workers' Statute, the LOPDYGDD, the Transparency Act, commercial legislation, etc. )
Seminars: images and contact data of people and speakers who attend them.
Communication and marketing: information about the communication activities of the company with contact details of third parties.
Projects: information about projects managed by the company with data about third parties, staff involved and collaborators.

HOW LONG DO WE KEEP YOUR DATA FOR?

Contact: The data that you send us shall be kept unless you withdraw your consent for us to process them, in which case your data shall be kept solely for the period required by legislation currently in force. You can withdraw your consent at any time.
Selection processes: the data provided shall be stored until a job is adjudicated or you exercise your right of erasure.
Contractual compliance: your data shall be kept for the period necessary to comply with the indicated purpose and shall be stored for as long as the organisation is responsible for any matters arising from the processing of the data in accordance with legislation currently in force.
Access control: your data shall be kept for the period necessary to comply with the indicated purpose and shall be stored for as long as the organisation is responsible for any matters arising from the processing of the data.
Whistle blower's channel: in accordance with the provisions of art. 24 of the LOPDGDD, the data of the person who writes the complaint and of the employees and third parties shall be kept in the complaints system solely for the period necessary to come to a decision about starting an investigation of the events. In any case, three months after the data is entered, we shall erase them from the whistle blower system, unless they are kept to leave evidence of the functioning of the preventive model of crime prevention demonstrated by our organisation. Complaints that have not been been studied shall only appear in anonymised format.
Video surveillance: images shall be kept for a maximum of 30 days. If a legal or contractual infringement is recorded, the images may be kept in an independent media format for delivery to the police, magistrates or courts of law, or may be employed in the exercise or defence of administrative or judicial claims .
Compliance with legal obligations: your data shall be kept for the period necessary to comply with the indicated purpose and shall be stored for as long as the organisation is responsible for any matters arising from the processing of the data in accordance with legislation currently in force.
Seminars: your data shall be kept for the period necessary to comply with the stated purpose and shall be stored for as long as the organisation is responsible for any matters arising from the processing of the data in accordance with legislation currently in force.
Communication and marketing: your data shall be kept for the period necessary to comply with the indicated purpose and shall be stored for as long as the organisation is responsible for any matters arising from the processing of the data.
Projects: your data shall be kept for the period necessary to comply with the indicated purpose and shall be stored for as long as the organisation is responsible for any matters arising from the processing of the data in accordance with legislation currently in force.

Your data shall be processed in a legal, faithful, transparent, adequate, relevant, limited, precise and up to date manner. That is why we undertake to take all the reasonable measures to ensure that they are erased or corrected when they are inexact.

WHAT IS THE LEGAL STANDING FOR PROCESSING YOUR PERSONAL DATA?

The legal basis for processing your personal data is:

Contact: Data subject's consent when accepting the Privacy Policy for forms.
Selection processes: the application of pre-contractual measures at the data subject's request when sending an email or CV.
Contractual compliance: performance of the contract entered into by the parties (customers, providers, employees).
Compliance with legal obligations with regard to transparency, occupational health and safety, commercial obligations, data protection, etc.
Communications and marketing: Consent and legitimate interest when receiving communications or publishing images..
Video surveillance: compliance with a duty of public interest with regard to the images recorded to guarantee the security of the facilities and persons working there.
Whistle blower's channel: Compliance with a legal obligation.
Videovigilancia: cumplimiento de una misión de interés público respecto de las imágenes tomadas para garantizar la seguridad de las instalaciones y personas.
Seminars: Data subject's consent to attendance and subsequent dissemination of his/her image in communication channels.
Projects: Data subject's consent to registration and dissemination data, compliance with legal obligations.

If third-party data is provided, you declare that you have the consent of the owners of said data to communicate them or you act as their legal representative, hereby releasing NASERTIC of any responsibility.

WHAT TYPE OF DATA DO WE PROCESS?

The categories of data that we process are:

Contact: identifying details (name, surnames, email, company, telephone number and IP address).
Selection process: Identifying details, data about personal characteristics, data about social circumstances, academic and professional data, data about job (profession, position, non-economic data about salary, employee's records), data about health or disabilities.
Contractual compliance: Identifying details, data about personal characteristics, data about social circumstances, academic and professional data, data about job, commercial data, economic, financial and insurance data, data about transactions relating to goods and services, data about health or disabilities.
Contractual compliance: Identifying details, data about personal characteristics, data about social circumstances, academic and professional data, data about job, commercial data, economic, financial and insurance data, data about transactions relating to goods and services, data about health or disabilities.
Legal compliance: Identifying details, data about personal characteristics, data about social circumstances, academic and professional data, data about job, commercial data, economic, financial and insurance data, data about transactions relating to goods and services, data about health or disabilities.
Access control: Name and surname, company, person being visited.
Whistle blower's channel: Personal details
Video surveillance: Personal details (image)
Seminars: Personal details and image
Communications and marketing: Personal details and image
Projects: Identifying details, data about personal characteristics, data about social circumstances, academic and professional data, data about job, commercial data, economic, financial and insurance data, data about transactions relating to goods and services.

WHO SHALL WE TRANSMIT YOUR PERSONAL DATA TO?

The data shall not be transferred to third parties unless there is a legal obligation to do so or because it is necessary to comply with the aims of the processing. In such cases your data may be sent to:

Selection processes: your data may be sent to the Corporación Pública Empresarial de Navarra (CPEN).
Legal obligation: public administrations with competencies in the field, the police, judges and courts.
Contractual compliance: Your data may be transferred as part of the performance of the contract and to comply with the relevant legislation. They may be sent to the following:
- Corporación Pública Empresarial de Navarra.
- Financial entities
- Tax consultancy.
- Statutory auditors.
- Lawyers and Solicitors.
- General Treasury of the Social Security.
- Work inspectorate
- National Institute of Employment.
- Public Tax Administration
- Trade union organisations
- Entity appointed to manage occupational health and safety.
- Entity appointed to collaborate with the Fundae on worker training.
- Banking entities.
- Educational bodies with which agreements have been established for internships.
Third parties via cookies used on the web in their policy.

WHAT ARE YOUR RIGHTS WHEN YOU PROVIDE US WITH YOUR DATA?

Right	Content	Customer service channels
Access	You are entitled to obtain confirmation about whether NASERTIC is processing your personal data..
Correction	You can modify your data when it is inaccurate.
Erasure	You can have your data erased.
Opposition	You can ask for your data not to be processed.
Limitation of processing	You can ask for limitations on the processing of your data when:
	ü While we check the accuracy of your data that you are appealing against.
	ü The processing is illegal and you oppose the erasure of the data.	dpd@nasertic.es
	ü NASERTIC does not need to process your data, but you need them to lodge or defend against claims.	C/ Orcoyen s/n, 31011, Pamplona (Navarra).
	ü You have opposed the processing of your data to meet a legitimate interest of NASERTIC, while said interest is verified to see if it prevails over your rights and freedoms.
Portability	You can receive the personal data that you have sent us in electronic format, along with data that has been obtained from your contractual relationship with NASERTIC, and any that we transmit to another entity of your choice.
	If you feel that your request has not been correctly attended to, you can contact the Spanish Data Protection Agency (www.agpd.es) and lodge a claim.
	To exercise your rights, attach a copy of your national identity card or other document proving your identity to your application.
	The exercise of these rights is free of charge.

COMMERCIAL COMMUNICATIONS BY ELECTRONIC MEANS

NASERTIC would like to inform you that it complies with Law 34/2002 of 11 July, on Information Society Services and Electronic Commerce and does not send or use spam, and so asks for you consent to process your electronic mail or mobile phones for commercial purposes when necessary.

UPDATE OF THE PRIVACY POLICY

NASERTIC reserves the right to modify its privacy policy or conditions of use of its services to adapt them to legislation currently in force, or for other reasons. When such reasons arise, we shall inform you of any change and will ask to read the most recent version of our policy and when applicable ask you to confirm your acceptance of same. NASERTIC ensures total confidentiality and secrecy of the personal data that we have gathered and we have therefore taken security measures to prevent the unauthorised alteration, loss, processing or access to said data, and guarantee its integrity, availability and security. However, NASERTIC shall not be held responsible for incidents relating to personal data when these are caused by the following: an attack or unauthorised access to the systems to such an extent that it is impossible to detect or impede them even when using measures that meet the current state of the art.

Last update on 30 May 2023