|
In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016,
and Organic Law 3/2018 of December 5, on the Protection of Personal Data and the Guarantee of Digital Rights,
we inform you that the personal data provided herein will be incorporated into a file owned and managed by DISEÑO Y TECNOLOGIA.INGENIEROS CONS.S.L.U.
|
• DISEÑO Y TECNOLOGÍA.INGENIEROS CONS.S.L.U
• CL INDUSTRIAS.EDIF.ANTARES 4, 2-08, ALCORCÓN, 28923 (MADRID)
• ditecingenieros@ditecingenieros.net
|
|
Necessary processing for the development and execution of a legal relationship between the data controller and the data subject, or for the satisfaction of a legitimate interest of the controller, provided that such interest does not override the rights and freedoms of the data subjects, particularly when they are minors.
|
|
Category of data subjects
Candidates for new employment. Users who submit their personal resumes to participate in a selection process within the entity to become part of its organization.
|
|
The data necessary for maintaining the relationship.
The following data will be processed: name, surname, address, contact telephone number, email address, professional career, or academic information.
|
|
Recipients
Tax Administration. Law enforcement and security forces. Banks and financial entities. Other recipients.
|
|
International data transfers
No personal data transfers are carried out at the international level.
|
|
Retention period
The data will be retained for as long as necessary to fulfill the purpose for which they were collected. Once the purposes for which the data were initially collected no longer apply, they will be retained for the period established by law to comply with the necessary requirements regarding the statute of limitations on liabilities.
|
Security Measures for the Processing of Personal Data through Resumes
The resumes we receive daily contain personal data of the candidate or potential candidate. The phone number, address, full name, and email address are personal data, and in order to respect data protection regulations, it is necessary to inform the individual about where their data will be stored, for what purpose it will be used, and where they can exercise their rights if they wish to cancel, rectify, or object to this processing. Furthermore, we require the explicit consent of the data subject.
Whenever we receive a resume, we must obtain the data subject's consent in order to process the personal data included in it. This consent must be given in writing or, in any case, explicitly.
If we do not have the candidate's consent, we must destroy the resume.
If the resume is on paper, it must be destroyed using a document shredder, not just thrown in the trash, as it contains personal data.
If it is in an email, the email should be deleted from the inbox and from the server.
The processing of data is lawful when it is necessary for the application, at the request of the employee, of pre-contractual measures or the intention to conclude a contract (Article 6.1(b) GDPR).
Data processing 'must be lawful when necessary in the context of a contract or the intention to conclude a contract' (Recital 44 GDPR).
If a public notice or job announcement is made for recruitment purposes, it should include the information required under Article 13 of the GDPR.
If the resume is submitted directly by the candidate without being requested, procedures should be established to provide information, including an acknowledgment or confirmation that the candidate is aware of the conditions under which the data processing will take place.
The duty of information must be carried out through a means that allows for the verification of its compliance, and it must be retained as long as the processing of the data subject’s data continues.
The entity is responsible for the custody of the documentation provided by the candidate (for example, the resume).
In the event of the loss of such documentation, which contains personal data, the entity will be in violation of the GDPR (principle of integrity and confidentiality).
Once the recruitment process is completed, if the candidate is not hired, the legal basis for data processing no longer applies, and therefore, consent would be required for future processing (e.g., inclusion in a job pool), unless the employer can demonstrate a legitimate interest. Otherwise, the resume must be destroyed, and the personal data must be erased and blocked.
|
