1. INTRODUCTION

In GEOGRAMA, S.L. We are committed to the protection of privacy and the correct use of the personal data that we process and that you provide us, both online on this website and, where appropriate, any of its subdomains and microsites, as well as offline.

Please read this policy carefully and make sure you understand and agree to it, before providing us with your personal data. If you do not agree with it, do not use this website or its services or provide us with your data.

The fact of accessing this site, using any of its services or providing us with your data, either online or offline, we will understand as a clear affirmative action by which you give us your consent (when it is necessary) to treat your data for the purposes indicated below.

As also that indicated in the Legal Notice of this website, this privacy policy also applies to any of the companies that make up the group, currently GEOGRAMA, S.L. and GEOGRAMA GIS, S.L.

  1. WHO IS RESPONSIBLE FOR THE TREATMENT OF YOUR DATA?

GEOGRAMA, S.L.

Postal address: C/Pintor Clemente Arraiz, 8 Bajo, 01007, Vitoria-Gasteiz (Álava/Araba)

Email: dpd@geograma.com

Telephone: 945 131 372

  1. HOW HAVE WE OBTAINED YOUR DATA?

3.1. Obtaining the interested person himself.

If you are a client (current or potential), or user of our website, you have provided them, either offline or online, when requesting our products or services, or contacting us requesting information. In addition, you have been able to provide us in person, if you have come to our facilities.

By providing us with your data, you guarantee that you are enabled to do so, and that the information is true, up-to-date, and that it does not violate any contractual restrictions or rights of third parties. You have the responsibility to keep your data and your profile correct and updated, declining all responsibility GEOGRAMA, S.L. if not. You agree not to impersonate other Users by using their registration data for the different services and / or contents of the Website.

3.2. Obtained automatically when visiting our website:

When you visit our website or any other of our platforms (social networks, mobile applications…), we collect information through cookies and other tracking technologies and web analytics. This means that data is sent from your browser to our servers to optimize our services and improve your user experience. This data may be collected and stored automatically by us or by third parties on our behalf. You can check our cookie policy.

3.3. Communication by a third party of the data of the interested party.

It is possible that your data has not been provided to us directly by you, but has been provided to us by a third party with whom we work, to whom you have previously provided that data. For example, Registries of public ownership, our commercial network, public or private entities with which we reach collaboration agreements, etc…

Additionally, by accepting this privacy policy, and where appropriate, by the express consent you have granted, you authorize GEOGRAMA, S.L. So that, it may require from third parties the necessary data for the fulfillment of the provision or services.

3.4. Third party data communication:

With regard to the data of other people, you must respect their privacy by taking special care when communicating or publishing their personal data. Only its owner can authorize the processing of your personal data. The publication of data from third parties without their consent may violate, in addition to the regulations on data protection, those relating to the right to honor, privacy or the image of said third parties.

If you provide us with third party data, it is your responsibility to have their prior and express consent to use them, and it is your duty to inform them of the treatment that we are going to carry out with their data. By accepting this privacy policy, you expressly guarantee that you have the authorization for said contribution, exonerating us from any responsibility in case of any claim by an interested person.

  1. WHAT CATEGORIES OF DATA DO WE PROCESS?

In the case of the data provided by the interested person, we treat: identification data (name and surname, NIF/CIF, image), contact data (telephone, postal address, email address, invoice or delivery address), data commercial and economic (information on the products requested, customer history, and those necessary for payment: bank, credit card…), online profile data (information, preferences and interests).

In the case of browsing our website, we treat: the user’s IP address, the date and time of the visit, the URL of the site from which the user comes, the pages visited on our website, information about the browser used (type and browser version, operating system, etc.).

In the case of data provided by third parties: identification data; personal characteristics data; data on social, academic and professional circumstances; economic, financial and insurance data; data of transactions of goods and services, details of the employment.

We do not process specially protected data.

  1. WHY DO WE PROCESS YOUR DATA?

The data that you provide us, as well as all that generated during the development of the relationship that we maintain with you, we can process for different purposes:

  • If you are a current or potential client, to maintain contact and communication with you, and manage the contractual and/or commercial relationship.
  • If you are a user of our website, or sender or recipient of an email, to manage the requests you make to us online, and contact you.
  • In the case of accessing our facilities as a visitor: to manage access and control of visits
  • If you are an attendee of the training courses, to manage the registration and organization of said courses that we can promote or organize, to manage the contractual relationship with students and the registration to the activities or events promoted or organized by us, as well as the expedition of attendance and achievement certificates
  • In the case of providing us with your CV: to contact you and manage the selection processes that we carry out. In this case, it is mandatory that you accept the privacy policy, checking the field enabled for it. If you do not give your consent, we will not be able to consider your CV.
  • In the case of Mobile Mapping services, to offer mapping services, being the taking of images of people and vehicle license plates merely accidental, and susceptible to obfuscation.
  • To send you, through electronic communications, information about our activities, products and / or services similar to those requested, including advertising and / or commercial communications for the purposes of article 21 LSSICE 34/2002. If we already have a prior contractual relationship, we will send such communications based on our legitimate interest. In the event of not having a prior contractual relationship, we will only send you these types of communications, if you authorize us by checking the option that is expressly included for this purpose in the corresponding forms. The electronic communications that we send you will include, in the communication itself, the option to stop receiving them. If you choose to do so, we will stop sending you this type of communication in the future.
  • To transfer your data to other companies or entities, directly related to GEOGRAMA, S.L., in order to be able to provide you with the service or product you have requested, and the administrative-accounting management that such provision requires. Specifically, we may communicate your data to the recipients that are collected in the specific section that you will find later in this policy.
  1. HOW LONG WILL WE KEEP YOUR DATA?

6.1. General conservation period

The personal data that you provide us will be kept as long as the contractual, pre-contractual or commercial relationship is maintained and, once these are terminated, as long as the interested person does not request its deletion. Even if the deletion is requested, we can keep them for the necessary time and limiting their treatment, only to:

Comply with the legal/contractual obligations, to which we are subject,

  • and/or during the legal periods established for the prescription of any liability on our part,
  • and/or the exercise or defense of claims derived from the relationship with the interested person.

In coordination with the above criteria, the deletion of personal data either in computer records or on paper may be carried out, at the discretion of the organization, depending on logistical and/or storage space needs that make it advisable to delete information or documentation.

If you have submitted your application for a job, sending your CV: we will keep it until you request its deletion/during the term of its validity, so that we can contact you for selection processes.

In the event that we act as managers of the treatment for third parties providing those services, the conservation and deletion of the data will be conditional on the provisions of the data access contract signed between GEOGRAMA, S.L. and the corresponding entity that is responsible for the treatment.

  1. WHAT IS THE LEGITIMATION FOR THE PROCESSING OF YOUR DATA?

The legal basis that legitimizes us for the processing of your data can be diverse:

  • Compliance with the existing contractual or commercial legal relationship if you are already a client, supplier, or participant in our activities. In case you are a potential customer or supplier, the pre-contractual relationship binds us.
  • In the event that we act as those in charge of the treatment, for third parties providing them services (City Council, Provincial Council, Basque Government…), it may also be the fulfillment of the contractual relationship with said third party, derived from the contract for the provision of the service.
  • The provision of the requested data is mandatory as it is essential to formalize and/or maintain the contractual or pre-contractual relationship and comply with the legal obligations derived from it; if you do not provide them, we will not be able to provide the service derived from said relationship.
  • Consent: it can also be your consent if you have made a request yourself, or have given it to us for a specific purpose.
  • For example, if you have entered our website, if you have sent us your CV, if you are a visitor to our facilities, if you have given your consent to take photographs or to send commercial communications, etc…

Said consent is granted to us unequivocally by providing us with your data online or offline, with said contribution being considered a clear affirmative act that expresses said consent.

The provision of the requested data is mandatory, as it is essential to meet your request; if you do not provide them, we will not be able to carry out.

You can remove that consent at any time by sending us an e-mail in this regard to dpd@geograma.com. Said removal does not condition the processing of your data for the rest of the purposes described, but it may mean that we cannot answer your request.

  • Compliance with a regulation or legal obligation: such as those established in the fiscal, tax, social security, occupational risk prevention, consumer and user regulations, on the prevention of money laundering, criminal code (article 31), etc…
  • Our legitimate interest as an organization also constitutes a legal basis for processing your data. In accordance with recital 47 of the RGPD, we are interested in informing you of our activities, products and/or services, (or of the entities that are part of the Group, or of third entities with which the company/group has signed a collaboration agreement), including through electronic communications.
  • If we already have a prior contractual relationship, we will send such communications based on our legitimate interest. Otherwise, we will only send you that type of communication, if you give us your consent by checking the option that is expressly included for this purpose in the corresponding forms.
  • In any case, the indicated treatment of your data we consider proportionate and has a minimal impact on your privacy; but your interests, rights or freedoms will always prevail over our legitimate interest. So if you do not want us to treat your data for these purposes please send us an e-mail in this regard to dpd@geograma.com, and we will do so.
  • To communicate your data, in accordance with recital 48 of the RGPD to other companies of the group to provide the client with a comprehensive or specialized service that requires the intervention of interdisciplinary teams; or use your data for internal administrative purposes, including the processing of personal data of customers or employees.
  1. TO WHAT RECIPIENTS WILL WE BE ABLE TO COMMUNICATE YOUR DATA?

We inform you that the data you provide us may be communicated to third parties for the fulfillment of purposes directly related to the legitimate functions of transferor and assignee, such as:

  1. To banking entities: for the management of collections and payments.
  2. To our labor, accounting, tax, legal advice: for the management of our accounting and billing, management of workforce, legal advice and consulting, and the rest of the obligations of the organization.
  3. To the mutual and to the prevention service of others: in compliance with the obligations of occupational health surveillance and prevention of occupational hazards.
  4. To entities or bodies to which there is a legal obligation to carry out data communications: for example, the Tax Administration, Social Security…
  5. To any of the companies that make up the Business Group (currently GEOGRAMA, S.L. and GEOGRAMA GIS, S.L.): for internal administrative purposes, including the processing of personal data of customers, suppliers or staff.
  6. INTERNATIONAL DATA TRANSFERS

At GEOGRAMA, S.L., we use and may use service providers located outside the European Union, who may have access to personal data, for the provision of auxiliary services to our activity (accommodation, mailing, housing and management software). These companies may be different and vary over time but, in any case, we will choose companies that provide an adequate level of protection that offer a series of robust Binding Corporate Rules or that are companies belonging to countries that have been declared as countries with adequate level of protection. Which means that they are obliged to comply with requirements equivalent to those of Europe in terms of data protection.

Currently, we make transfers to the US to companies that have Binding Corporate Rules that guarantee the data protection required in the EU.

  1. SOCIAL MEDIA

Use of social networks

  • Features of Social Networks incorporated into our website

Our services may include certain Social Media features and widgets, such as “Connect with Facebook” connectors, the “Like” button, the “Share it” button, or other common interactive social media mini-programs. We are not responsible for the correct functioning of these.

  • Rules for the use of social networks:

Keep in mind that, if you decide to participate, publish or share content through our official page on a social network, said content will be public, and it will be your sole responsibility that said content comply with legal regulations.

You can prevent your personal data from appearing associated with said participation, configuring your privacy, or pseudonymizing your data (e.g., using a Nickname or alias).

We remind you that, with respect to the data of other people, you must respect their privacy by taking special care when communicating or publishing their personal data. Only its owner can authorize the processing of personal data.

The user may only publish on this page, or on our official page on social networks, personal data, photographs and information or other content whose ownership and property belong to him or for which he holds the authorization of third parties. If you provide us or publish third party data, it is your responsibility to have their prior and express consent to use, communicate and publish them, and it is your responsibility to inform them of the processing of their data by us or its publication by you. The publication of data from third parties without their consent may violate, in addition to the regulations on data protection, those relating to the right to honor, privacy or the image of said third parties.

In any case, we can eliminate both from this website and from our pages on social networks, any content published by the user when we detect that he has violated current legislation, and what is indicated in this privacy policy.

Social Networks are not hosted directly on our Services. Their policies and not ours govern your interactions with them. Read the privacy policies of these social networks for detailed information on the collection and transfer of personal data, your rights and on your privacy settings.

  • Data we collect through social networks

We collect data through these applications, and specifically, through functional and analytical cookies to allow them to function properly. These cookies may collect information about your IP address or your browsing history.

In addition, if you log into one of these social networks during your visit to one of our websites or mobile applications, the social network may add that information to your profile and that information will be transferred to the social network. If you do not want this data transfer to take place, exit your session in the social network before entering our websites or mobile applications, since it is not in our power to influence this collection and transfer of data through the connectors social.

  • Sample of other third-party pages within our website

Likewise, through our website, we can offer third-party content or services (through page frame techniques or framing), preserving the appearance of our website, and showing within it the appearance of a third party that provides the service. Keep in mind that the information you provide will be provided to those third parties, and not to us, so the policies of said third parties and not ours will govern.

  1. WHAT ARE YOUR RIGHTS WHEN YOU PROVIDE US WITH YOUR DATA?

You can exercise, when appropriate, your rights of access, rectification, deletion, limitation and opposition to your treatment, as well as other rights, at the postal or email address indicated at the beginning of this privacy policy. In both cases by means of a written and signed request attaching a copy of the DNI or passport or other valid document that identifies you. In case of modification of your data, you must notify it at the same address, this entity declining all responsibility in case of not doing so.

  • Right of access: You can ask us what personal data we are treating, or even request a copy of it.
  • Right of rectification: You can ask us to rectify inaccurate personal data or that we complete those that are incomplete, including by means of an additional declaration.
  • Right of deletion (right to be forgotten): You can ask us to delete your personal data when: they are not necessary for the purposes for which they were collected, you remove your consent, there has been an illicit treatment of them or due to compliance with an obligation legal.
  • Right to the limitation of the treatment: You can request the limitation of the treatment of your data, in which case we will only keep it for the exercise or defense of claims.
  • Right of opposition: You can oppose the treatment that is made of your data if said treatment is based on the legitimate interest of the person responsible for treatment or is for advertising purposes.

Once any of the above requests have been received, we will respond to you within the legally established deadlines. You can complain to the Spanish Data Protection Agency. If you want more information about the rights that you can exercise, and to request models of forms for the exercise of rights, you can visit the website of the Spanish Data Protection Agency, www.aepd.es