Privacy and Data Protection Policy
Before hiring and/or using any of our services or utilities, you should read this Privacy and Data Protection Policy.
If you are a Client of AUXADI, this Privacy and Data Protection Policy will be incorporated into the contract that governs your relationship with AUXADI, in order to guarantee the security of the data you provide to us as Data Subject or Data Controller.
In the event that you are only a User of our Website, you should read this Privacy and Data Protection Policy whenever you browse it and prior to sending data through the forms provided for this purpose in our Website. AUXADI CONTABLES & CONSULTORES S.A. (hereinafter AUXADI), with registered office at Nanclares de Oca Street 1B 28022 Madrid, is the owner of the Website www.auxadi.com, hereinafter the “Website”, this policy also applies to data that may be collected through the Website.
This Privacy and Data Protection Policy includes the guidelines and performance principles of AUXADI for the treatment of the personal data that you provide us with. In this Privacy and Data Protection Policy, AUXADI informs you about how it collects your data and how your data are processed.
AUXADI may change the terms established in this Privacy and Data Protection Policy, both partially and totally, in order for this document to be updated at any time and in accordance with the requirements established in national and international regulations.
When you are a Client and AUXADI makes changes to the terms of this Privacy and Data Protection Policy, we will inform you as a Client of the Firm, so that you may be aware of any terms that may affect you.
This policy will be valid until it is modified, amended and replaced by another policy. In this case, the new policy will be published in our Website.
AUXADI is a firm committed with ethics, honesty and transparency. For this reason, AUXADI is deeply committed to the protection of personal data, the security and the privacy of Users/Clients.
AUXADI complies with current legislation on Data Protection -Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR)-. AUXADI has adopted the necessary technical and organizational measures to prevent the loss, misappropriation, alteration, unauthorized access and theft of the personal data provided, taking into account the state of technology, the nature of the data and the risks to which they are exposed.
AUXADI will only obtain personal data when it is adequate, pertinent and not excessive in relation to the specific, explicit and legitimate purpose for which it was obtained. In other words, AUXADI will only collect data that are strictly necessary for each of the purposes pursued.
AUXADI’s commitment to privacy is reflected in the following guidelines:
- AUXADI respects the privacy of the Users and Clients as well as their choices at any time, for this reason it incorporates respect for privacy in each of its actions.
- AUXADI will never send commercial communications unless you have expressly consented it. You can change your mind about your preferences at any time, and AUXADI will respect and guarantee this option.
- AUXADI will not at any time offer and sell the data you provide us with.
- Your data will be secure and protected. AUXADI will always guarantee its confidentiality. Therefore, AUXADI only accepts high standards of quality and trust in its relationships.
- We will never use your data for purposes other than those for which they were collected.
As the Data Subject or Data Controller, you are responsible for ensuring that the data you provide are accurate, complete and up to date. Therefore, you will be the sole responsible in the event that the data you have provided us with are false, inaccurate, incomplete or out of date, or are personal data relating to third parties for whom you have not obtained their express consent or have not informed them of their processing.
In the specific event that, during the contractual relationship, the Client provides AUXADI with the personal data of employees or third parties, the Client, as the Data Controller, must have previously informed them of the processing of their personal data, of the purpose of the same, and have obtained the consent from the Data Subjects. You undertake to notify any change or modification of the data.
Any loss or damage caused to AUXADI as the Data Controller or Data Processor by the communication of erroneous, inaccurate, incomplete or third party information without its informed consent, whether in the contractual relationship or in the registration forms, shall be the sole responsibility of the Client and/or User.
In the event that AUXADI acts as Data Processor for the processing of personal data for which the Client is the Data Controller, both parties undertake to collaborate to guarantee the protection of such data and the effective exercise of the rights of their Data Subjects.
The Client undertakes not to provide AUXADI at any time with special categories of personal data, nor with any information or personal data that are not necessary or relevant for the execution of the contractual relationship.
Personal data means any information concerning identified or identifiable individuals. In other words, personal data are data that identify a natural person (e.g. name or surname) or that make it possible to identify that person (e.g. address).
Information relating to companies or legal entities is not considered personal data.
If you are an AUXADI Client, the Personal Data that can be collected for the execution of the service can be: name and surname, telephone, e-mail, official identity document, professional data. All this depending on the type of the service provided by AUXADI.
The personal data collected by AUXADI are the strictly necessary for the purpose pursued or the provision of the service.
In the event that you are a User of our Website, the personal data that may be collected through it will be the following: name and surname, e-mail, professional data and telephone.
AUXADI will never collect personal data of special categories.
Before providing us with your data, you must know the purposes for which it was processed, the Data Controller, the Data Processor (if applicable), the legitimate basis, the recipients of the data (if applicable) and their rights, among other aspects.
For this reason, in order to facilitate your understanding, you will find below a table where you can find information on all the issues related to the Protection of Personal Data according to the purpose of the processing.
|DATA SUBJECT||PURPOSE||DATA CONTROLLER||DATA PROCESSOR||LEGAL BASIS OF THE TREATMENT||WHAT PERSONAL DATA DO WE COLLECT?||RECIPIENTS OF SUCH PERSONAL DATA|
|CLIENT||Execution of a contract.||AUXADI ACCOUNTANTS & CONSULTANTS S.A. and/or Client||AUXADI CONTABLES & CONSULTORES S.A.||Consent of the Data Subject and contract for the provision of services.||Name, surname, e-mail, company, telephone, professional position.||Auxadi Group companies. Sometimes, trusted suppliers and/or tax filing authorities.|
|Performance of payroll services.||CLIENT||Service contract and consent of the Client’s employees.||Name, surname, e-mail, company, telephone, professional position.||Auxadi Group companies. Authorities such as Social Security, if applicable.|
|CLIENTE and/or USER||Mailing of news, publications, offers and/or services provided by AUXADI.||AUXADI CONTABLES & CONSULTORES S.A.||Consent of the Data Subject.||Name, surname, e-mail, company, telephone, professional position.||Auxadi Group companies.|
|USER||Possibility of taking part in the selection processes that are carried out in AUXADI and to incorporate the CV to our databases.||AUXADI CONTABLES & CONSULTORES S.A. and/or recruitment service providers such as Linkedin, Talent Clue or Infojobs.||Consent of the Data Subject.||Name, surname, e-mail, telephone and other personal and professional data incorporated in the Curriculum Vitae.||Auxadi Group companies.|
Companies of the AUXADI Group:
Depending on the services contracted, the data may be processed by companies of the AUXADI Group on the legal basis of the legitimate interest of the Group, for the provision of the service and for administrative and/or legal purposes.
We also sign contracts with trusted suppliers, from whom we demand compliance with current Data Protection regulations, for the provision of certain services and to carry out a variety of commercial operations on our behalf. We only provide them with the information they need to perform the service, and we require them not to use your personal data for any other purpose. In the event that the Client does not authorize the provision of a service by a trusted provider, we may choose between contracting with another provider or not to provide the service.
Depending on the services that the Client finally hires, we can communicate their data to certain authorities to comply with the service of tax compliance or management of registrations at the National Insurance, among others. AUXADI will always inform the Client in advance about who can have access to their data, depending on the services contracted.
As the Data Subject, you may exercise your rights of access, rectification, erasure, limitation of data, portability and opposition, as well as the right to be forgotten, by sending an e-mail to GDPR@auxadi.com, indicating in the subject “Exercise of rights”, or by post to Nanclares de Oca 1B, 28022 Madrid, in both cases accompanied by a copy of your ID card or official document proving your identity.
Below, we detail the content of each of your rights for your easy understanding. However, please refer to the General Data Protection Regulations 2016/679 for further information on your rights.
- Right of access: The Data Subject has the right to obtain confirmation from the Controller of the processing whether or not personal data concerning him are being processed and, if so, the right of access to the personal data.
- Right of rectification: The Data Subject shall have the right to have rectified inaccurate personal data concerning him/her rectified without delay from the Controller.
- Right of erasure (right of oblivion or right to be forgotten): The Data Subject shall have the right to obtain the erasure of personal data concerning him without delay from the Controller. It should be noted that this is not an absolute right, as there may be legal or legitimate grounds for retaining them.
- Right to opposition: The Data Subject has the right to oppose the processing of his/her data at any time.
- Right to restriction of processing: The Data Subject shall have the right to obtain from the Controller the restriction of processing of the data. This right can only be exercised in specific circumstances defined by the General Data Protection Regulation.
- Right to data portability: The Data Subject shall have the right to receive the personal data concerning him/her, which he or she has provided to a Controller, in a structured, commonly used and machine-readable format, and to transmit them to another Controller without being prevented by the Controller to whom they were provided, in the circumstances provided for in the General Data Protection Regulation.
Also, as the Data Subject, we inform you of the following rights concerning you:
- Right to information: You have the right to clear, transparent and easy to understand information about how we use your personal data and about your rights. This right to information is given effect through this Privacy and Data Protection Policy.
- Right to withdraw consent at any time when data processing is based on consent: You may withdraw your consent to the processing of your personal data when the processing is based on your consent. Such withdrawal of consent shall not affect the legality of processing based on consent prior to its withdrawal. If you wish to withdraw your consent, please contact us by the methods indicated above.
- Right to file a complaint to a supervisory authority: You have the right to file a complaint to the Spanish Data Protection Agency regarding AUXADI’s Privacy and Data Protection practices. However, please contact us before making such a claim by the methods indicated above.
All the data provided to AUXADI is stored on servers located in the European Union that comply with the security requirements established in European regulations.
AUXADI does not carry out international data transfers at any time. In the event that, in order to provide a contracted service, it is necessary to make a transfer outside the European Union, the Client will be notified in advance so that they can give their consent to the transfer; they will also be informed that all of our subsidiaries and suppliers are obliged to comply with European Data Protection regulations, wherever they are located.
AUXADI will only keep your personal data for the time necessary to comply with the purposes for which they were collected or to comply with legal obligations.
AUXADI, at the Client’s choice, will delete or return the personal data to the Client at the end of the service, all without prejudice to the fact that due to legal obligations, regulations, court orders, administrative authorities, etc., it has to keep them.
The personal data obtained by giving your consent for the execution of the commercial relationship and/or for the sending of communications, services, news, etc., will be maintained until you inform us that you wish us to delete your data, exercising your rights as explained above.
The personal data obtained in recruiting processes will be kept until the candidate unilaterally decides that we should delete them (exercising the rights explained above) or after 1 year from the selection process.
AUXADI will permanently and securely delete personal data after the end of the purpose for which it was granted or the period during which it must comply with a legal obligation.
In order to guarantee the security and confidentiality of your data, AUXADI has adopted the security levels required for the protection of personal data, having installed the technical and personal measures at its disposal to prevent the loss, misuse, alteration, unauthorized access and theft of the personal data provided.
The personal data that AUXADI may collect, derived from the contractual relationship that joins you with us or through the different communications that maintain with the Client/User will be treated with absolute confidentiality.
The technical and organizational measures implemented by AUXADI to guarantee the security of your data are detailed below. All measures are implemented in the Group’s subsidiaries, regardless of whether or not they process personal data of persons resident in the European Union.
AUXADI has implemented a Privacy and Data Protection Policy, as well as a Privacy and Data Protection Manual, which is available to all employees in the organization. Reviewing everything periodically. Employees also receive regular training on data protection and security.
All AUXADI employees and suppliers sign confidentiality agreements, guaranteeing in this way the duty of secrecy that they must maintain in all their actions with and/or for AUXADI.
Physical data access controls
With regard to measures to control physical access to personal data, AUXADI keeps the data in a place with restricted access and with the appropriate security measures. In this way, access to unauthorized persons is prevented, restricting access to the centers where the data is stored.
The building where AUXADI is located has alarm devices and uses CCTV surveillance technology to guarantee the security of the building and the documentation.
In addition, AUXADI has measures to ensure the safe disposal of documents or files containing personal data. For this reason, in the case of paper documentation, AUXADI provides its employees with the use of paper shredders.
System access controls
Regarding the access control to the systems, AUXADI has a system of user authentication and password for access to them. At the same time, for a better control, we have a list of people/users who have access to the data processing systems for authentication purposes, identifying each one of the accesses.
All data processing systems are password protected to prevent unauthorized access to personal data.
All employees receive training on how to protect their computer equipment, ensuring that the information contained therein is always up to date. The computer equipment is programmed so that, after detecting inactivity in the computer equipment in a short period of time, they are blocked to prevent unauthorized access to the system. The account is also blocked after multiple sequential unsuccessful login attempts.
As for the security systems used to guarantee the security of the data, AUXADI has established a control system to ensure that only authorized equipment are used when providing the service. Remote access is done through VPN, with connection audits available.
AUXADI also has technical security measures such as antimalware, automatic backups, antivirus and perimeter security.
In AUXADI, backup copies are created. These copies are stored in protected environments. AUXADI also has the ability to restore data from these backups.
AUXADI has established a procedure for the management of incidents, so that if a violation or breach of security occur, it can be communicated to the Spanish Data Protection Agency and/or the Data Subject within 72 hours.
If you have any questions regarding the protection of personal data, please write to us at GDPR@auxadi.com or by post to our Legal Department located at our headquarters: Nanclares de Oca Street 1B 28022 Madrid, writing in the subject GDPR.
Do not forget that if you wish to exercise your rights, you must write in the subject “Exercise of rights” and attach a copy of your official identity document to your communication.
This Privacy and Data Protection Policy is available both in English and Spanish. In case of discrepancy between them, the Spanish version will prevail.