As you surely know, the entry into force of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of personal data (hereinafter GDPR), highlights the need to strengthen the levels of security and protection of personal data.
We would like to inform you that we comply with all the requirements that this legislation requires and that all the data, under our responsibility, is processed in accordance with legal requirements and with due security measures to ensure their confidentiality.
Who is responsible for processing your data?
ASCENSORES TRESA, S.A. (TRESA) - CAMINO LA XACONA 121 P.I. PORCEYO -33392 –GIJÓN – ASTURIAS - firstname.lastname@example.org
- Your data will be processed for the explicit and legitimate purposes for which they have been collected, which may be:
- Handling of your queries and requests: Management of Response to Queries, Claims or Incidents, Requests for Technical or Corporate Information, Resources and/or Activities, and in case you have given consent, for the purposes described in the additional consents that you have unequivocally provided us formally and/or by checking the boxes enabled for this purpose in the data protection clauses enabled in the base document that has regulated the commercial relationship according to the commercial contact channel.
- Management of Contact with the interested party through communication methods provided (email, post and/or telephone) in order to arrange meetings and visits, manage queries that you send us through the channels enabled for this purpose, manage notices, communications related to the service (sending of technical documentation (studies, technical sheets), administrative documentation, invoices, payment and collection management), coordination of activities, authorization request for using facilities, resolving incidents and coordination of actions derived from the services requested by those involved with the organization and/or by processing managers hired for legitimate and/or consented purposes.
- Offer and Commercial Management of TRESA’s* products and services. (*) The updated list of activities associated with the TRESA trade name is available on this corporate website
- Internal use, running of operations and administrative, economic and accounting management derived from the relationship with the owner (commercial and/or contractual relationship)
- Management of the contracting and provision of services of the organization, as well as compliance with contractual and regulatory requirements related to the organization or operation requested.
- Management of Contact with the interested party through communication methods provided (email, post and/or telephone) in order to arrange meetings and visits, manage queries that you send us through the channels enabled for this purpose, manage notices, communications related to the service (sending of technical documentation (studies, technical sheets), administrative documentation, invoices, payment and collection management), coordination of activities, authorization request for using facilities, resolving incidents and coordination of actions derived from the services requested by those involved with the organization and/or by processing managers hired for legitimate and/or consented purposes (bricklayers, electricians, plumbers, etc.).
- Sending commercial communications about products or services similar to those contracted by the customer with whom there is a prior contractual relationship, legitimized according to article 21 of the LSSICE (acronym for Law on Information Society Services and Electronic Commerce in force in Spain).
- Handling of your queries and requests: Management of Response to Queries, Claims or Incidents, Requests for Information, Resources and/or Activities.
- Quality control on our products and services, Quality management of processes and activities, as well as assessment of satisfaction/perception and performance results of the organization's stakeholders.
- Accreditation of technical solvency for requests for justification proof in bidding processes, technical offers, campaigns, activities, promotions, competitions, projects and subsidies in which the organization participates, as reference could be made that is associated with the services that we have rendered, to the extent that you would have consented unequivocally.
- Regulatory Compliance Management (applicable regulations as well as mandatory internal regulations): Investigation, monitoring and auditing of controls established for the prevention of crime, able to establish access controls to the facilities, as well as the controls related to the use of the images captured by the video surveillance systems to investigate accidents and/or incidents that may occur, as well as breaches of regulations, crimes or unlawful behaviour.
- Analysis of Profiles, to the extent that you would have unequivocally consented “To offer you products and services matching your interests, as well as improve your user experience, we will prepare a “profile”, based on the information provided. Automated decisions will not be made based on that profile”.
- Equity Solvency and Credit Assessment to confirm the economic viability of the operation requested, as well as, where appropriate, the communication and management associated with the claim of the agreed amounts for the provision of the service.
- Statistical and historical purposes that allow us to improve the commercial strategy of our products and services.
- The management and audit of management systems and regulatory compliance of processes and facilities of the organization
- Dissemination of our best practices in relation to the services we have provided and/or the publication and/or communication of graphic material that can incorporate the image of the owner and/or his/her staff in corporate media (for example and not limited to: web, social networks, newsletters, activity report, reports, presence in the media) and/or other means of public communication (sectoral publications and/or reports in the written press, TV, etc.), as dissemination of the results of the activity, promotion and dissemination, management of campaigns, activities and events and/or as accreditation of technical solvency in response to requests for justification proof in bidding processes, technical offers, projects and subsidies in which TRESA* participates, to the extent that you have consented unequivocally.
- The contact and sending of personal communications, invitations to events and gifts addressed to customers, congratulate you on special dates, conduct quality and satisfaction surveys, as well as to periodically inform you of news and corporate information, publication information of grants, contests, rates, offers, catalogues and promotions of TRESA products and services* in order to evaluate the quality of our processes and provide you with offers of products and services by telephone, written or electronic means through the means of communication provided, to the extent that you have consented unequivocally.
- The international transfer of your data to the extent that is strictly necessary to comply with the management of a project in a country outside the EU or by the location of processing systems for processing management applications. Rejection of this clause will prevent the execution of the project.
- The communication of your data to the ACO (Authorized Control Organization) in order to manage the contact and inspection obligation of the contracted facilities, to the extent that you have consented unequivocally.
- The management of subsidy(s) (processing, presentation and justification) that may correspond to the requested and/or contracted operation, to the extent that you have consented unequivocally. TRESA will not keep a copy of the documentation presented, except for the document that proves its presentation.
- Recording of Access and Video Surveillance of the Facilities, as well as the security and regulatory compliance in them, the investigation of possible incidents or accidents, management of associated insurance and management of warnings or sanctions for breaches of security regulations.
- Hourly control and/or face-to-face or attendance control and monitoring through access records, video surveillance and confirmation of functional performance both in the organization's facilities and in third-party facilities in which the interested party provides services to the organization (monitoring and control to verify fulfilment by the provider/collaborator of the contractual obligations).
- Demonstrate the Organization’s Regulatory Compliance to a third party that requires it: Communication to third parties of data related to the interested party, required by them to comply with the coordination of business activities, evidence of regulatory compliance of the organization and the internal regulations of the third party and/or for the management of access to facilities. For cases in which the interested party consents unequivocally, the communication of the information/documentation required by the third party may be carried out, which is not explicitly included in the established legal obligations, but in the internal regulations of the third party.
- Verify compliance by workers with their labour obligations and duties in accordance with article 20.3 of the Spanish Workers' Statute, which empowers employers to adopt surveillance and control measures (controls related to the use of images captured by video surveillance systems for the investigation of accidents and/or incidents that may occur, as well as breaches of labour regulations, crime or unlawful behaviour).
- Health and safety management (prevention of occupational risks and safety surveillance) and compliance evaluation.
To the extent that you have provided us with your CV, the uses and purposes for which we process your data are:
- Internal use for selection processes to job posts, for incorporation into the Job Board and for the offer and management of possible job offers or collaboration that may be generated.
- Management of skills evaluation for candidates and people going through selection and/or internal promotion to job positions
- Use in relation to the development of the application and its incorporation to the Job Board of companies associated with the TRESA* trade name for the offer and management of possible job offers or collaboration that may be generated, to the extent that you have consented unequivocally. To the extent that you do not consent to this purpose, we could not proceed to the acceptance of your application, to the extent that the management of candidates is carried out through the aforementioned job board.
- Use of your CV in the technical offer to projects in which your incorporation is valued, if you have given your unequivocal consent.
- Regulatory Compliance Management (applicable regulations as well as mandatory internal regulations): Investigation, monitoring and auditing of controls established for the prevention of crime, able to establish access controls to the facilities, information systems and printing of documentation for all personal data under the responsibility of the organization and therefore for all information systems of said entity, as well as the controls related to the use of the images captured by the video surveillance systems to investigate accidents and/or incidents that may occur, as well as breaches of labour regulations, crimes or unlawful behaviour.
- Management of Contact with the interested party through the provided communication methods (email and/or telephone) to manage notices and coordinate actions for the management of the selection process by persons related to companies associated with the TRESA* trade name and/or third parties to those who contract the candidate selection processes for vacancies or job positions.
- The performance of aptitude tests and/or certificates that may be required for the selection of personnel, which will be optional, will be understood as an expression of the user's consent for the inclusion of the data provided, as well as, if applicable, its assessment, in the database of the Job Board of companies associated with the TRESA* trade name and its automated processing in order to carry out that selection. As a consequence of the access to the facilities that may require the performance of said aptitude tests and/or certificates, processing associated with the security of said facilities may be carried out by recording accesses and/or video surveillance systems
- Visitor Management of Access and Video Surveillance of the Facilities, as well as the security and regulatory compliance in them, the investigation of possible incidents or accidents, management of associated insurance and management of warnings or sanctions for breaches of security regulations.
- Consent to the international transfer of your data to the extent that is strictly necessary to comply with incorporation to a project in a country outside the EU, if you have provided your unequivocal consent. Not accepting this clause will prevent your incorporation into the project in that country.
(*) You can check the updated list of companies associated with the TRESA trade name at www.ascensorestresa.com
How long do we keep your data?
- In any case, at the end of the relationship, data of the interested party will be blocked, according to the provisions of current data protection regulations.
- Accounting and Fiscal Documentation - For Tax purposes: Accounting books and other compulsory records according to the applicable tax regulations (IRPF (Personal Income Tax), VAT, IS (Corporate Tax), etc.), as well as documentary supports that justify the entries recorded in the books (including computer programs, files and any other proof that include tax significance), must be kept, at least, during the period in which the Administration has the right to check and investigate and, consequently, to settle tax debt (Arts. 66 to 70 of the Spanish General Tax Law). Limitation period of Tax Offences associated with the verification of the bases or fees paid or pending payment, or deductions applied or pending application, and Crimes against the Public Treasury and Social Security - Art. 66 bis of the Spanish General Tax Law and Criminal Code, respectively. – 4 years. Period for offences, 10 years.
- Accounting and Tax Documentation - For Commercial purposes: Books, correspondence, documentation and justifications concerning your business, duly ordered from the last entry made in the books, except as established by general or special provisions. This commercial obligation extends both to the compulsory books (income, expenses, investment goods and provisions, in addition to the documentation and supporting documents in which the entries recorded in the books are supported (invoices issued and received, receipts, corrective invoices, bank documents, etc.) (Art.30 of the Spanish Commercial Code) - 6 years.
- Documentation associated with the legalization of the elevator and its periodic inspections: during the life of the elevator/lift, according to industrial regulations.
- Documentation associated with the maintenance contract: during its entire duration.
- Documentation related to the execution of the civil works associated with the installation of the elevator: during the period of validity of the guarantee and/or inherent responsibility to it.
- Solvency Files: Data referring to certain debts, due and payable and not claimed (Art. 38.1 b) of PLOPD (acronym for Organic law about protection of Personal Data) - 5 years
- Documentation of Occupational Hazard Prevention - Documentation on information and training for workers. Records of work accidents or occupational diseases (Royal Legislative Decree 5/2000, of August 4, approving the revised text of the Law on Infractions and Sanctions in the Social Order) - 5 years.
- The images/sounds captured by the video surveillance systems will be removed within a maximum period of one month from their capture, unless they are related to serious criminal or administrative infractions in matters of public safety, with a police investigation in progress or with an open judicial or administrative procedure (Instruction 1/2006, of November 8, from the AEPD (acronym for Spanish Data Protection Agency), on the processing of personal data for surveillance purposes through camera systems or video cameras) - 30 days.
- Data included in the automated processing created to control access to buildings (Instruction 1/1996, of March 1, from the AEPD, on automated files established for building access control) - 30 days
- Data processed in relation to the legal guarantee will be kept during the validity of the legal guarantee until it expires, during the period that there could be a judicial or administrative claim in relation to the legal guarantee.
- Data processed for the submission of commercial communications will be kept until the consent granted is revoked.
- Data related to candidates who provide their CV will be kept during the calendar year in which it was received (except in cases in which the candidate is selected, in which case, the data will become part of the HR data processing of the hiring organization), as well as the legally stipulated periods for the exercise or prescription of any action of liability for breach of contract by the interested party or the Organization.
- Therefore, the data will be kept as long as the commercial relationship remains in force, based on the conservation periods established by the current regulations mentioned above, as well as the legally or contractually stipulated periods for the exercise or prescription of any liability action, contractual breach by the interested party or the Organization (amendment of the Spanish Civil Code establishes a period of 5 years to be able to carry out an action for civil liability, a term calculated from the date on which compliance with the obligation may be required).
What is the legitimacy for processing your data?
- The legal basis for processing your data is the fulfilment of the request that you have made to us. The data requested is necessary to correctly deal with this request.
- The execution of a contract, request, offer, order and/or commercial contract, for which the data provided will be communicated to the Brand manager in order to adequately handle, where appropriate, the guarantees and responsibilities of the products and services that it provides.
- Comply with a legal obligation: Administrative, commercial, tax, fiscal, accounting, civil and financial regulations, current labour legislation, occupational risk prevention (coordination of business activities) and social security and consumer and user defence legislation, as well as the regulations inherent to the operation contracted and the one associated to the sector (communications to the Spanish Ministry of Industry or a similar organization)
- Satisfying a legitimate interest of the Person Responsible: Processing of data as part of a commercial relationship and/or contract, which is necessary for its maintenance or compliance, fraud prevention, as well as legitimate interest cases in which the person responsible could be an injured party, and if necessary, the processing and communication of the data of the non-compliant party to third parties in order to manage regulatory compliance and defence of the interests of the data controller, video surveillance purposes as the legitimate interest of the organization in the protection of its assets, as well as the legitimate interest of direct marketing enabled by the LSSICE (sending of electronic commercial communications about products or services similar to those contracted by the customer, with which there is a prior contractual relationship).
- Security and legitimate interest assumptions in which the person responsible could be an injured party and it is necessary to process and communicate the data of the non-compliant party to third parties, in order to manage regulatory compliance and defence of the interests of the data controller.
- 20.3 and 4 Royal Legislative Decree 1/1995, of March 24, approving the revised text of the Spanish Law of the Workers' Statute (Estatuto de los Trabajadores, or ET): The employer may adopt the measures it deems most appropriate for monitoring and control to verify compliance by workers of their obligations and duties, the adoption and application of which maintaining their due consideration to human dignity and taking into account the real capacity of handicapped workers, as the case may be.
- In the case of candidate data that provide their CV, the basis for legitimizing the processing is the fulfilment of the application for incorporation into the job board of the interested party through the self-candidacy of the candidate, through the submission of their CV via the contact channels of the organization and/or selection companies hired to select the candidates for vacancies or job positions, as well as satisfying a legitimate interest of the Person Responsible: video surveillance purposes as a legitimate interest of the organization to protect its assets, prevent fraud and legitimate interest cases in which the person responsible could be an injured party and the processing and communication of the data in case of non-compliance with third parties was necessary in order to manage regulatory compliance and defend the interests of the data controller.
- The consent of the interested party unequivocally provided to us through formal means and/or by checking the boxes enabled for this purpose in the data protection clauses provided in the base document that has regulated the commercial relationship based on the contact channel.
To whom can your data be communicated?
- Brand Manager for the purposes derived from the contractual relationship (guarantees and responsibilities of the products and services it provides).
- Public Administration organizations or bodies with competences in the area involved in the processing (specify): AEAT (Spanish Tax Agency).
- Ministries of Industry and similar organizations by applicable regulations.
- ACO (Authorized Control Organization) in order to manage the contact and inspection obligation of the contracted facilities, in cases where it has been agreed to do so.
- Public agencies that offer subsidies for the management of the subsidy(s) (processing, presentation and justification) that may correspond to the operation requested and/or contracted.
- Security Forces and Bodies: To the extent that a right of justified access was required in the investigation of a regulatory breach.
- Compliance Complaints Channel (Complaints on violation of regulations and code of conduct are sent to the Regulatory Compliance Unit).
- Representatives of Workers/Health and Safety Coordination, External Auditors: In accordance with Spanish Royal Decree. 171/2004 - Accreditation, risks by Coordination of Business Activities.
- Insurance Entities: In the event of a loss, incident or accident, it is provided to insurers for the investigation of the event in order to define the scope and coverage of the insurance premium contracted by the data controller.
- In the case of data of candidates who provide their CV, potential recipients could also be companies associated with the TRESA* trade name, Organizations or persons directly hired by the Data Controller for the provision of services linked to the processing purposes: Temporary Employment Agencies and third parties to whom the candidate selection processes for vacancies or job positions in companies associated with the TRESA* trade name are contracted.
- Others: We can perform international transfers of your data to the extent strictly necessary to comply with the management of a project in a country outside the EU (Entities associated with the import/export of goods: Logistics agents, Customs, etc.) or for the location of processing systems for processing management applications (we inform you that part of the systems for handling the information of the brand may be in countries outside the EU. We recommend you access the privacy policies of the brand).
Under what guarantees is your data communicated?
- The communication of data to third parties is made to entities that provide a Personal Data Protection System according to the current legislation.
- With the organizations to which international data transfers can be performed, the standard contractual clauses approved by the control bodies in the field of data protection are signed.
What are your rights?
- You have the right to obtain confirmation about whether or not we are processing personal information that concerns you.
- Those interested have the right to access their personal data, as well as to request the rectification of inaccurate data or, where appropriate, request its deletion when, among other reasons, the data is no longer necessary for the purposes for which it was collected. It is not possible to exercise the right of rectification in the case of video surveillance processing, due to the nature of the data - images taken from reality that reflect an objective fact - this would be the exercise of an impossible content right.
- In certain circumstances, interested parties may request a limitation on the processing of their data, in which case we will only keep the data for the exercise or defence of claims.
- In certain circumstances and for reasons related to their particular situation, interested parties may object to the processing of their data, in which case the Data Controller will stop processing the data, except for compelling legitimate reasons, or the exercise or defence of possible claims.
- By virtue of the right to portability, interested parties have the right to obtain the personal data concerning them in a common structured format and to send the data to another controller.
- In the event that you have granted consent for a specific purpose, you have the right to withdraw the consent at any time, without affecting the legality of the processing based on the consent prior to its withdrawal.
Where can you exercise your rights?
- If you wish to exercise your rights, please go to the channel established for the exercise of rights by the data controller: email@example.com so that we can properly respond to your request.
- What information is required to exercise your rights? In order to exercise your rights, we need to prove your identity and the specific request you make to us, for which we request the following information:
- Documented information (written/email) of the specified request.
- Proof of identity as the owner of the data (Name, surname of the interested party and photocopy of ID or equivalent document (Passport, Foreigner ID number [NIE], etc.) of the interested party and/or their representative, as well as the document accrediting such representation. Likewise, in the case of video surveillance, it is required to provide additional documentation to provide an updated image that allows the controller to verify and check the presence of the affected person in their records.
- Address for notification purposes, date and signature of the applicant (in case of writing), or full name and surname (in case of email), or validation of the request in the private area of the communication channel with personal authentication key.
- When the data controller has reasonable doubts regarding the identity of the individual who is processing the request, he/she may request additional information to confirm the identity of the interested party.
- What is the General Procedure for Exercising your rights? Once we have received the required information, we will proceed to respond to your request in accordance with TRESA's general exercise of rights:
- The data controller will provide the interested party with information regarding their actions on the basis of an application in accordance with articles 15 to 22 (Rights of the interested party), and, in any case, within one month of receipt of the request.
- This period may be extended for another two months if necessary, taking into account the complexity and number of applications.
- The data controller will inform the interested party of any such extension within one month of receiving the request, indicating the reasons for the delay.
- When the interested party submits the application electronically, the information will be provided by electronic means whenever possible, unless the interested party requests that it be provided otherwise.
- If the data controller does not comply with the request of the interested party, he/she will without delay, and no later than one month after receiving the request, inform you of the reasons for not acting and the possibility of submitting a claim to a supervisory authority and exercising legal action.
- The information provided will be free, except for reasonable administrative fees.
- The data controller may refuse to act on the request, although he/she will bear the burden of demonstrating the manifestly unfounded or excessive nature of the request.
- In order to comply with current regulations on video surveillance Inst. 1/2006 of the AEPD, we inform you that recordings are kept for 1 month. As such, we will not be able to process formalized requests after this period. Likewise, in order to avoid affecting the rights of third parties, in the event of an access request, we will proceed to issue a certificate in which, with the greatest possible precision and without affecting the rights of third parties, we specify the data that has been processed. E.g. “Your picture was recorded in our systems on the ___th day of the month of the year between the hours of and _. Specifically, the system records your entry and exit from the building
What claim procedures are there?
- If you believe that your rights have not been properly addressed, you have the right to file a complaint with the competent data protection authority (agpd.es).
How have we obtained your data? Through:
- The interested party or their legal representative
- The interested party through the communication sent and/or through professional social networks
- Distributors, collaborators and installers, building/estate administrators, companies of marketed brands, events, organized industry fairs and/or in which the organization participates, professional social networks, as well as third parties with which TRESA maintains a commercial or service relationship of services and for which you must have your personal data to process the requested service, or to comply with our contractual commitments and tax and accounting obligations associated with the contracted service and/or to verify regulatory compliance under the responsibility of the organization, as well as, where appropriate, for administrative and operational management to manage access, incorporation to the project/service and/or verification of regulatory compliance under the responsibility of the organization (e.g. data relating to workers performing the contracted work in terms of coordination of business activities associated with the prevention of occupational hazards).
What category of data do we process?
- Identifying and contact information for example, but not limited to: name, surname, telephone number or email address, commercial information data, economic, financial and/or payment terms; Other types of data: contact data of people in the organization involved or related to the contracted/requested service, as well as those related and/or provided with the Consultation, Request for technical or corporate information, Resources and/or Activities, Claims or Incidents that you provide us, as well as the personal data of third parties that you may provide.
- Commercial data, of contact persons for the administrative and operational management associated with the execution of the contract/project and of workers who will carry out the contracted work in terms of coordination of business activities associated with the prevention of occupational hazards; In the case of workers who are going to carry out the contracted jobs in terms of coordination of business activities associated with the prevention of occupational hazards; Licenses or approvals, in the case of workers who will carry out the contracted work in terms of coordination of business activities associated with the prevention of occupational hazards; Data of commercial information and approval; Economic, financial and/or payment conditions data; Goods and services provided by the affected party, Financial transactions; Other types of data (specify): Name, surnames and Tax ID (NIF) of legal representative, contact details of people from the organization involved or related to the requested/contracted project.
- The data structure we process does not contain data regarding convictions and criminal offences, nor especially protected data unless the interested party is a beneficiary of a special condition that must be considered in the provision of the service and/or in the management of the subsidy that can be negotiated (e.g. handicap situation) and provide documentation that accredits it, as well as cases in which the holder has special conditions and has to provide documentation that incorporates this information, so that compliance of this condition can be accredited or justified.
- In the case of candidate data that provides their CV, the structure of the data processed would be, but not limited to, identifying and contact data (address, contact telephone number and contact email); Academic and professional data related to training, qualifications and professional experience; Personal data associated with marital status, family data, date and place of birth, age, sex, nationality; Work permit; Labour status data; Other information (Professional aspirations, Leisure and hobbies). To the extent that the candidate reports a disability condition, certificates that prove this may be required.
How is your personal data stored securely?
- In relation to the processing of your personal data, we inform you:
TRESA has formalised agreements to ensure that we process your personal data correctly and in accordance with current data protection regulations. These agreements reflect the respective functions and responsibilities in relation to you, and consider which entity is in the best position to meet your needs. These agreements do not affect your rights under the data protection law. For more information about these agreements, do not hesitate to contact us through our email firstname.lastname@example.org.
- In relation to personal data that TRESA could access as a result of the contracted services, we inform you:
The provision of services under the contract may imply physical access by TRESA staff to premises or facilities that may store personal data for which the customer is responsible for processing. In this sense, TRESA staff have signed clauses that prohibit access to all types of confidential information and, in particular, to personal data belonging to customers, unless the service scope includes the processing of personal data, in which case, TRESA would act as the person responsible for processing them, establishing in that case the relevant contract in accordance with current data protection regulations that would include, among other aspects, the goal, duration, nature, purpose, category of the data to be processed, security measures, duties and rights of the controller, organisational and technical security measures to guarantee confidentiality during the process, as well as the agreements adopted between customer and controller in relation to the transmission of security breaches and/or exercise of rights. The non-formalization of the personal data processing service in a contract by the customer presupposes that TRESA has no associated responsibility as the one in charge of processing said data.
Notwithstanding the foregoing, in the event that you are aware of any type of confidential information for providing the service, you undertake to maintain its secrecy, not disclose it or publish it, either directly or through third parties or companies, or to make it available to third parties. This confidentiality obligation is indefinite, continuing after termination of the contract for any reason. For the staff under its responsibility and hired on its behalf, TRESA undertakes to communicate and enforce the obligations established in terms of confidentiality.
In relation to the video surveillance systems with which facilities could be provided under the responsibility of TRESA, we inform you that TRESA takes all the necessary measures to store your personal data in a private and secure way:
- LOCATION OF CAMERAS: The capture of images in worker rest areas will be avoided.
- LOCATION OF MONITORS: Monitors where the camera feeds are displayed will be located in a restricted access space so that they are not accessible to unauthorized third parties.
- CONSERVATION OF IMAGES: Images will be stored for a maximum period of one month, with the exception of images submitted to the courts and security forces.
- DUTY OF INFORMATION: The existence of cameras and recording of images will be informed using an informative sign, including a pictogram and text, detailing the person responsible to whom interested parties will be able to exercise their right of access.
- RIGHT OF ACCESS TO IMAGES: In order to comply with the right of access of the interested parties, a recent photograph and the National ID of the interested party will be requested, as well as the details of the date and time to which the right of access refers. The interested party will not be given direct access to camera feeds in which images of third parties are shown. In case it is not possible to view the images by the interested party without displaying images of third parties, a document will be provided to the interested party which confirms or denies the existence of images of the interested party.