Privacy Policy about Data Protection

 

1.   BACKGROUND

According to legislation on personal data protection and the internal procedure established on this subject, they have to be given detailed information on the processing of their data.

2.   OBJECTIVE

The object of this policy, is to provide users, clients and suppliers with detailed information on how their data is processed.

3.   SCOPE

This information has to be made available to all users, clients and suppliers of SERVICIOS INTEGRALES DE ASISTENCIA A LAS COMPAÑÍAS ASEGURADORAS, S.L.U.

4.   INFORMATION

A.   Who is the person responsible for processing your data?

The person responsible for processing data referring to the different processes involved in managing users, clients and potential clients, associates and suppliers is SERVICIOS INTEGRALES DE ASISTENCIA A LAS COMPAÑÍAS ASEGURADORAS, S.L.U. (hereinafter RETSIS), with registered address in C/ Doctor Fleming, nº 3 – 5ª, 28036 Madrid Spain) and Company Tax Number B82088980.

For the purposes of our Data Protection Policy the contact number is +34914589070 and the contact email address is protecciondedata@retsis.es

B.    What type of data do we hold about you and how have we obtained it?

The categories of personal data that RETSIS processes on its clients and suppliers are:

  • Identification details.
  • Postal addresses or email
  • Commercial Information
  • Economic data and on transactions
  • Professional data

In no event do we process especially sensitive data.

All the data mentioned above has been obtained from you directly when you made your business offer, contractual proposal, etc. or through your company when you provided us with the identification details and other information necessary for performing the object of the contractual relationship between the parties. You or your company are required to provide us with updated information in the case of any change.

C.   What is the purpose of processing your data?

At RETSIS we process the data provided to us by the parties in question in order to manage the different activities arising from specific procedures carried out regarding sales, after-sale service, managing suppliers, quality of service, etc. This way we will use your data for performing the following actions:

  • For sending information requested from us using the contact form on our web site or through any other medium for contact with our company.
  • For providing both potential clients and our own clients with products and services of interest to them.
  • For managing the administrative, tax and accounting aspects of our clients and/or suppliers.
  • For carrying out satisfaction surveys, market surveys, etc. in order to be able to make the offers most suited to you and provide optimum service quality, etc.
  • Operations for formalising contracts.
  • Managing requests for information.
  • Managing suppliers’ information in order to make payments-transfers, and for standing orders/accounting/tax and invoicing.
  • Processing data of suppliers/associates/prescribers in response to third party payment orders (seizures for trade claims).
  • Operations involving contact details of associates-prescribers who are individuals providing services in companies.
  • Managing requests for information made through web forms or social networks.
  • Managing requests for information coming from non-digital media: telephone, mail, fax.
  • Carrying out appraisal services contracted by clients: claims appraisals, compensation proposals, etc.
  • Administrative and technical management of external experts and other technical associates engaged by the company.
  • Managing data protection rights of the data-subject.
  • Processes for searching, assessing and selecting candidates.
  • Processing data to be used for individual sending of advertising to clients and commercial canvassing.

We will not draw up commercial profiles based on the information supplied and therefore no automated decisions regarding you will be made that could lead to a commercial profile.

D.   For how long will your data be stored?

The personal data pertaining to individuals related to potential clients, clients and suppliers obtained by RETSIS through the various contact forms and/or for gathering information will be stored for as long as the data subject does not ask for them to be deleted. The data provided by our clients and suppliers will be stored for the duration of the business relationship  between the parties, and in any case respecting the minimum storage periods according to the matter.

In any event, RETSIS will store your personal data for the time period that is reasonably necessary taking into account our needs for addressing any issues arising or for solving problems, activating new services and complying with the requisites under applicable legislation. This means we can store  your personal data for a reasonable period of time even after you have ceased using our products or using this web site. After that period, your personal data will be deleted from all RETSIS systems.

E.    What is the basis for making the processing of your data legitimate?

Depending on the type of processing, below is a summary of the basis for making data processing legitimate:

PURPOSE OF PROCESSING

BASIS FOR LEGITIMACY

Managing accounting, tax and administrative aspects of clients

Implementation (pre)contract

Carrying out appraisal services contracted by clients: claims appraisals, compensation proposals

Implementation (pre)contract

Administrative and technical management of external experts and other technical associates engaged by the company.

Implementation (pre)contract

Operations for formalising contracts with companies or individuals

Implementation (pre)contract

Managing the quality of the service

Legitimate interest of the data controller

Managing data protection rights of the data-subject.

Regulatory obligation

Managing suppliers’ information in order to make payments-transfers, standing orders/accounting/tax and invoicing.

Implementation (pre)contract

Processing data of suppliers/associates/prescribers in response to third party payment orders (seizures for trade claims).

Regulatory obligation

Processes for searching, assessing and selecting candidates.

Consent of the data subject

Processing data to be used for individual sending of advertising to clients and commercial canvassing.

Consent of the data subject

Managing requests for information coming from non-digital media: telephone, mail, fax.

Consent of the data subject

Operations involving contact details of associates-prescribers who are individuals providing services in companies.

Consent of the data subject

Managing requests for information made through web forms or social networks.

Consent of the data subject

With regard to the basis for legitimacy of reference, you are required to provide your personal information; in the event that you do not provide your personal information, your contract cannot be concluded, nor can the legal obligations arising from the public authorities be complied with.

F.    To whom will your data be passed on?

RETSIS will never share your personal data with any third party company intending to use it for direct marketing, unless we have been expressly authorised to do so.

You are informed that we may provide your personal data to the institutions forming part of the Public Administration or competent Authorities in any cases in which RETSIS  receives a formal legal requirement from those Authorities, or in any cases in which, in good faith, it considers such action is reasonably necessary for complying with a legal process; for responding to any legal complaint or claim; or for protecting the rights of RETSIS or its clients and the general public.

In order to be able to satisfy the different needs arising from the accounting, tax and administrative management of our clients and suppliers, it might be necessary for RETSIS to transfer your data to other companies forming part of our group in Spain: RIESGOS TASACIONES Y SERVICIOS, S.A. and INVESTIGACIÓN DE SINIESTROS, S.L. engaged in insurance appraisals, insurance processing and investigation into the cause of incidents. 

RETSIS may provide your personal data to third parties (e.g. internet service providers who help us to administer our web site or who perform the services contracted, IT support and maintenance companies, companies handling logistics, tax and accounting consultancies, etc.). In any case, such third parties must at all times observe the same levels of security as RETSIS with regard to your personal data and, where necessary, they will be bound by legal undertakings in order to store your data privately and safely, and to use them only following specific instructions from RETSIS.

G.   What are your rights as the data subject or interested party?

Anyone is entitled to obtain confirmation as to whether or not RETSIS is processing personal data related to him or her.

To be specific, data subjects may request the right of access to their personal data, and to receive it in a common format and machine-readable if the processing is carried out using electronic equipment (portability rights).

Data subjects may also request the right to rectify any inaccurate data or, where appropriate, ask for it to be deleted if, amongst other reasons, the data is no longer deeded for the purposes for which it was obtained.

In addition, in certain circumstances, the data subjects may request a limitation to the processing of their data, or in certain circumstances and for reasons related to their particular situation, the data subjects may exercise their right to oppose the processing of their data. RETSIS shall cease processing the data, unless there are compelling legitimate grounds or in the case of making or defending any possible claims or in the exceptions established in applicable legislation.

You are also informed that you have the right to withdraw your consent given at any time, without this affecting the lawfulness of the processing based on the  consent given prior to being withdrawn.

You are also informed that at any time you may exercise the mentioned rights by writing to us using the contact details appearing in point A “Processing Controller” of this Data Protection and Privacy Policy for SERVICIOS INTEGRALES DE ASISTENCIA A LAS COMPAÑÍAS ASEGURADORAS, S.L.U., attaching a copy of your National Identity Document.

You are also entitled to present any complaint to the Spanish Data Protection Agency, especially if you have not obtained satisfaction in the exercising of your rights.

Spanish Data Protection Agency.

C/ Jorge Juan, 6

28001 – Madrid

Tel. 901100099 / 912663517

H.   Protection of data of web site users.

In accordance with current EU Regulation 2016/679, SERVICIOS INTEGRALES DE ASISTENCIA A LAS COMPAÑÍAS ASEGURADORAS, S.L.U. informs you that the personal data of users of the web site will be processed by RETSIS for the processing activity indicated on each data collection form on our web site. That data processing will be covered by your own consent.  By clicking on “SEND”, the user consents to the processing of his or her data by RETSIS

You are also informed that, unless to comply with a legal requirement or with your express consent, RETSIS will not pass on your data to third parties, except to the other group companies in Spain: RIESGOS TASACIONES Y SERVICIOS, S.A. and INVESTIGACIÓN DE SINIESTROS, S.L.

Users are also informed that they may at any time exercise their rights of access, rectification or deletion of data and also make use of other rights recognised in this document and regulated under Regulation (EU) 2016/679, informing SERVICIOS INTEGRALES DE ASISTENCIA A LAS COMPAÑÍAS ASEGURADORAS, S.L.U., C/ Doctor Fleming, nº 3 – 5ª, 28036 Madrid (Spain), +34914589070 and protecciondedata@retsis.es

Also, according to the provisions of Act 34/2002, of 11 July, on Information Society Services and Electronic Commerce, RETSIS undertakes to not send advertising by email without having first obtained the express authorisation from the recipient. The user may oppose the sending of advertising by ticking the corresponding box.

I.     Other information of interest about our Privacy Policy

●      Security Measures

RETSIS will implement the security levels required by European and Spanish data protection legislation in force, taking into account the state of technology, the costs of application and the nature, scope, context and purposes for the processing described, as well as the risk to the rights and freedoms of individuals, of varying likelihood and severity.

●      Processing the data relating to minors

Under the GDPR EU 679/2016 and RD 1720/2007, children over the age of 14 may give their consent to contracting information society services, such as for registering in a forum, filling out a contact form, etc. Nevertheless, RETSIS will be responsible for checking the veracity of the age given by the minor.

When processing data of children under the age of 14, the obtaining of such data will only take place with the express consent of their parents or guardians.

●      Modification to our Data Protection and Privacy Policy

From time to time RETSIS  may make changes and corrections to this sub-section on Data Protection Policy for Clients, Suppliers and Users. Please check this sub-section regularly to consult any changes that may have been made and how they may affect you.

●      Why is it necessary to accept this Data Protection and Privacy Policy?

This sub-section on Data Protection Policy for Clients, Suppliers and Users provides you with easy access to all the information necessary for you to be aware of the type of data held by RETSIS  on its clients, potential clients and/or suppliers, the rights granted to you as the data subject under data protection legislation and how to exercise those rights. Therefore, by intentionally sending your personal data using our contact media and/or when your  business relationship with our company has begun, you are considered to be aware of and accept the processing of your personal data as described in this policy. This personal information will only be used for the purposes for which you supplied it to us or if  certain national or regional regulations authorise us to do so.

In any case, we have to inform you that any refusal on your part to provide us with certain data could hinder the development of the contractual relationship between the parties with possible serious consequences when it comes to providing various benefits considered under the contract entered into with the company.

If you have any question regarding this Data Protection Policy for Potential Clients, Clients and Suppliers of RETSIS please contact us using the address provided in point A “Processing Controller” and will be delighted to attend to you and reply to any additional questions you may wish to ask.

●      Applicable Legislation

These Conditions will at all times be governed by the provisions of Spanish and European legislation on personal data protection and privacy.

Data Protection Policy Group for Employees

 

 

1.   BACKGROUND

According to legislation on personal data protection and the internal procedure established on this subject, employees have to be given detailed information on the processing of their data as employees.

2.   OBJECTIVE

The object of this policy, as part of the “Security Pack for the Information and Protection of Personal Data” for the RTS group of companies, is to provide employees with detailed information on how their data is processed.

3.   SCOPE

This information has to be provided to all employees of the RTS group of companies.

4.   INFORMATION FOR EMPLOYEES

A.   Who is the person responsible for processing your data?

The person responsible for processing data referring to the different processes involved in personnel management, depending on the RTS group company in which he or she is employed (hereinafter the COMPANY) is:

  • SERVICIOS INTEGRALES DE ASISTENCIA A LAS COMPAÑÍAS ASEGURADORAS, S.L.U., with registered address in C/ Doctor Fleming, nº 3 – 5ª, 28036 Madrid (Spain) and Company Tax Number B82088980

For the purposes of our Data Protection Policy the contact number is +34914584600 and the contact email address is protecciondedata@retsgrupo.com

B.    What type of data do we hold about you and how have we obtained it?

The personal data held by the COMPANY referring to you is:

  • Identification details.
  • Date and place of birth.
  • Address details.
  • Contact details.
  • Education/Academic qualifications
  • Professional experience and other curricular information.
  • Civil status and identification data on spouse and children.
  • Dates of birth of children.
  • Bank details.
  • Job details.

In no event do we process especially sensitive data.

All the data mentioned above has been obtained from you directly when you gave us your CV and other information for completing the employment contract process. Our employees are required to provide us with updated information in the case of any change.

Certain data is obtained directly by the company as a result of developing the employment relationship between the parties (for example, information on work experience performed within the company, positions occupied within the company, etc.)

C.   What is the purpose of processing your data?

In the RTS group of companies we process the data provided to us by our employees in order to manage the different activities arising from specific procedures carried out regarding personnel issues. This way we will use their data for performing the following actions:

  • Managing employment matters (registering, deregistering and changes in employment contracts, wage slips, etc.)
  • Managing tax matters (application of withholdings, bonuses, etc.).
  • Managing administrative matters (handling permits, holidays, etc.).
  • Managing social welfare schemes.
  • Use of biometric data as a means of controlling access to the facilities.
D.   For how long will your data be stored?

The personal data you provide to us in your Curriculum Vitae, on the “Employee Registration Form” or any other data collection form will be stored for the duration of the employment relationship with our company.

In any event, the COMPANY will store your personal data for the time period that is reasonably necessary taking into account our needs for addressing any issues arising or for solving problems, activating new services and complying with the requisites under applicable legislation in response to any formal requirement from the courts or the authorities. This means we can store  your personal data for a reasonable period of time even after you are no longer a part of our workforce. After that period, your personal data will be deleted from all systems in the COMPANY.

E.    What is the basis for making the processing of your data legitimate?

Depending on the type of processing, below is a summary of the basis for making data processing legitimate:

PURPOSE OF PROCESSING

BASIS FOR LEGITIMACY

Management of wage-slips, social security, occupational hazard prevention, human resources in general and management of associates

Implementation (pre)contract; Regulatory obligation

Management of corporate actions, documents, powers of attorney, etc.

Consent of the data subject

Processing of data to be used for drawing up employee training schemes

Consent of the data subject

Processing of data to be used for managing employee targets and bonuses

Implementation (pre)contract

Managing operations related to work experience and grants

Implementation (pre)contract

Processing of data to be used for managing employee welfare benefits

Implementation (pre)contract

Implementing third party debt payment requirements involving staff (seizures, wages)

Regulatory obligation

Compliance with legislation on occupational hazard prevention to be carried out by the company

Regulatory obligation

Exercising the corporate control of the company through time attendance control systems

Legitimate interest of the data controller

F.    To whom will your data be passed on?

The COMPANY will never share your personal data with any third party company intending to use it for direct marketing, unless we have been expressly authorised to do so.

You are informed that we may provide your personal data to the institutions forming part of the Public Administration or competent Authorities in any cases in which the COMPANY receives a formal legal requirement from those Authorities, or in any cases in which, in good faith, it considers such action is reasonably necessary for complying with a legal process; for responding to any legal complaint or claim; or for protecting the rights of the COMPANY or its clients and the general public.

You are informed that your data or the data of others supplied by you (spouse, children, etc) will not be transferred or passed on to third parties unless required by law, with the company being solely responsible for processing and storing it.

The COMPANY may provide your personal data to third parties (e.g. internet service providers who help us to administer our web site or who perform the services contracted, IT support and maintenance companies, companies handling logistics, tax and accounting consultancies, etc.). In any case, such third parties must at all times observe the same levels of security as the COMPANY with regard to your personal data and, where necessary, they will be bound by legal undertakings in order to store your data privately and safely, and to use them only following specific instructions from the COMPANY.

G.   What are your rights as the data subject or interested party?

Anyone is entitled to obtain confirmation as to whether or not the COMPANY is processing personal data related to him or her.

To be specific, data subjects may request the right of access to their personal data, and to receive it in a common format and machine-readable if the processing is carried out using electronic equipment.

Data subjects may also request the right to rectify any inaccurate data or, where appropriate, ask for it to be deleted if, amongst other reasons, the data is no longer deeded for the purposes for which it was obtained.

In addition, in certain circumstances, the data subjects may request a limitation to the processing of their data, or in certain circumstances and for reasons related to their particular situation, the data subjects may exercise their right to oppose the processing of their data. The COMPANY shall cease processing the data, unless there are compelling legitimate grounds or in the case of making or defending any possible claims or in the exceptions established in applicable legislation.

It shall also inform employees that at any time they may exercise those rights by writing to the Finance Department which is the department responsible for managing rights exercised by the data subjects for the COMPANY.

H.   Other information of interest about our Privacy Policy

●      Security Measures

The COMPANY will implement the security levels required by European and Spanish data protection legislation in force, taking into account the state of technology, the costs of application and the nature, scope, context and purposes for the processing described, as well as the risk to the rights and freedoms of individuals, of varying likelihood and severity.

●      Processing the data relating to minors

It is highly important for the COMPANY to protect the privacy of minors and, with that in mind, will only process your children’s data in cases where it is strictly necessary for complying with certain legal obligations (for example, application of income tax withholdings) or for managing social benefit programmes for our workers.

In any case, the obtaining of such data will only take place with the express consent of their parents or guardians.

●      Modification to our Data Protection and Privacy Policy

From time to time the COMPANY may make changes and corrections to this Data Protection Policy for Employees. Please check this document regularly to consult any changes that may have been made and how they may affect you.

●      Why is it necessary to accept this Data Protection and Privacy Policy?

This document of Data Protection Policy for Employees provides you with easy access to all the information necessary for you to be aware of the type of data held by the COMPANY on its employees, the purposes intended, the rights granted to you as the data subject under data protection legislation and how to exercise those rights. Therefore once your  employment relationship with our company has begun, you are considered to be aware of and accept the processing of your personal data as described in this policy. This personal information will only be used for the purposes for which you supplied it to us or if  certain national or regional regulations authorise us to do so.

In any case, we have to inform you that any refusal on your part to provide us with certain data could hinder the development of the employment relationship between the parties with possible serious consequences when it comes to providing various benefits considered under our employment contract.

If you have any question regarding this Data Protection Policy for the COMPANY’s employees please contact us using the address provided in Sub-section One “Processing Controller” and will be delighted to attend to you and reply to any additional questions you may wish to ask.