PRIVACY POLICY
INDEX
- Purpose of the Privacy Policy
- Definition of personal data
- Identity of the Data Controller
- Applicable laws and regulations
- Principles applicable to the processing of personal data
- Safety measures
- Processing purposes
- Legitimacy of the treatment
- Recipients of your data
- Data processing activities performed
- Personal data of minors
- Origin and types of data processed
- Rights of interested parties
- Modification
1.-POLICY OBJECTIVE
At IMOPAC SA (hereinafter, Imopac), we respect your privacy and protect your personal data. This policy details how we collect, use and share your information in accordance with applicable data protection regulations, including the General Data Protection Regulation (GDPR).
This privacy policy applies to the website http://imopac.es/. If you do not provide us with your personal data, no processing of your information will be carried out.
We will inform you about the purposes of the processing, the entities that may have access to your data and your rights as data subject. Some processing may be based on legal obligations, contracts or legitimate interests, without requiring your express consent.
If the website uses cookies, we will clearly notify you in our Cookie Policy, where you can learn more about the use of cookies and how to manage your preferences.
This policy ensures transparency and is designed to make it clear to you how to know and exercise your rights.
2.-DEFINITION OF PERSONAL DATA
- Personal data: Personal data is any information relating to an identified or identifiable natural person (“Website user”). An identifiable natural person is any person whose identity can be determined, directly or indirectly, by means of identifiers such as a name, an identification number, location data, an online identifier, or through elements of his or her physical, physiological, genetic, psychological, economic, cultural or social identity.
3.-IDENTITY OF THE DATA CONTROLLER
Who collects and processes your data?
The Data Controller is:
IMOPAC SA CIF A78279122
How can you contact us?
- Postal and office address: c/ Loeches, 113 – 115 P.I. Ventorro del Cano . 28924, Alcorcón (Madrid), Spain
- Registered office: c/ Loeches, 113 – 115 P.I. Ventorro del Cano . 28924, Alcorcón (Madrid), Spain
- Email: info@imopac.es- Telephone: +34 91 633 42 38
Who can help you with our Data Protection Policy?
In Imopac we have a Data Protection Officer (DPO), whose function is to ensure compliance with current regulations on data protection within our organization. If you have any questions or need assistance regarding the processing of your personal data, you can contact our DPO through the following means:
- Auratech Legal – NIF B87984621
- Email: info@imopac.es- Telephone: +34 91 633 42 38
4.- APPLICABLE LAWS AND REGULATIONS
This Privacy and Data Protection Policy is developed based on the following data protection laws and regulations:
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data. Hereinafter GDPR.
- Organic Law 3/2018 2018 of December 5, on the Protection of Personal Data and Guarantee of Digital Rights. Hereinafter LOPD/GDD.
- Law 34/20022002, of July 11, , on Information Society Services and Electronic Commerce. Hereinafter LSSICE.
5.- PRINCIPLES APPLICABLE TO THE PROCESSING OF PERSONAL DATA
At Imopac we treat personal data in accordance with the principles established in the regulations in force, ensuring that the treatment is:
- Lawful, fair and transparent: We report in a clear and accessible manner how data is collected and used.
- Limited to specific purposes: Data are collected for legitimate purposes and are not used for other purposes.
- Data minimization: We only request data that is strictly necessary.
- Accuracy: We keep data up to date and correct inaccurate data.
- Retention limitation: Data is retained only for as long as necessary for the stated purposes.
- Integrity and confidentiality: We apply appropriate security measures to protect data.
- Proactive responsibility: We assume responsibility for complying with and demonstrating compliance with these principles.
6.-SAFETY MEASURES
What do we do to ensure the privacy of your data?
At Imopac, we have implemented the necessary technical and organizational measures to ensure the security of the personal data we process. These measures are designed to prevent alteration, loss, unauthorized access or improper processing of data, adapting to the state of technology and potential risks.
Among the measures we highlight:
- Confidentiality: Only authorized persons can access the information.
- Integrity: Information is kept accurate and protected against unauthorized modifications.
- Availability: We ensure that data is accessible to authorized persons at all times.
- Continuous assessment: We regularly review and improve our security measures to adapt to new threats and technological advances.
- Pseudonymization and encryption: We use these techniques to strengthen data protection, especially sensitive data.
7.- PURPOSE OF THE TREATMENT
Why do we want to process your data?
The following are the uses and purposes foreseen:
|
Management of Inquiries and Contacts through the IMOPAC Website
|
|
Cookies, pixel and tracking
|
|
IMOPAC’s Resume Management and Job Board
|
How long do we keep your data?
We use your data for the time strictly necessary to fulfill the purposes indicated above. Unless there is a legal obligation or requirement, the expected retention periods are:
Management of Inquiries and Contacts through the IMOPAC Website: For a period of 5 years from the last confirmation of interest. The personal data provided will be kept for as long as their deletion is not requested by the interested party and is appropriate, and for as long as they are necessary – including the need to keep them for the applicable statute of limitations – or relevant for the purpose for which they were collected or recorded.
Cookies, pixel and tracking You should access our cookie policy to know the retention time of each cookie as well as the information that has been collected.
IMOPAC Resume and Job Board Management : For a period of 1 year from the last confirmation of interest. The personal data provided will be kept for one year or until deletion is requested by the interested party. In case of being an employee of the company, it will be kept for as long as the employment relationship is in force and thereafter for the applicable or relevant statute of limitations.
8.- LEGITIMACY OF THE TREATMENT
Why do we process your data?
The collection and processing of your data is always legitimized by one or more legal bases, which are detailed below:
Management of Inquiries and Contacts through the IMOPAC Website
- (Art. 6.1.a RGPD) Data subject’s consent
- Law 34/2002, of July 11, 2002, on services of the information society and electronic commerce… Law 34/2002, of July 11, 2002, on information society services and electronic commerce.
- RGPD and LOPDGDD. Compliance with legal obligation: General Data Protection Regulation (RGPD) and Organic Law 3/2018, of December 5, on Personal Data Protection and guarantee of digital rights (LOPDYGDD). Legal obligation compliance: General Data Protection Regulation (GDPR) and Organic Law 3/2018, of December 5, 2018, on Personal Data Protection and guarantee of digital rights (LOPDYGDD).
Cookies, pixel and tracking
- (Art. 6.1.a RGPD) Data subject’s consent
IMOPAC’s Resume Management and Job Board
- Explicit consent of the person concerned
- RGPD: 6.1.a) Consent of the data subject. . The legal basis for sending information relating to professional practice or professional interest and for the provision of voluntary services is the consent you provide, which you may withdraw at any time.
9.- RECIPIENTS OF YOUR DATA
To whom do we disclose your data within the European Union?
Occasionally, in order to comply with our legal obligations and our contractual commitment to you, we are faced with the obligation and need to transfer some of your data to certain categories of recipients, which we specify below:
Cookies, pixel and tracking : Advertising and direct marketing companies
IMOPAC Resume Management and Job Opportunities: Organizations or persons directly related to the person in charge; Entities of the business group. If the profile could fit in another company of the group your resume will be shared with the same in order to help you in your job search.
Do we make International Transfers of your data outside the European Union?
We do not make international transfers of your data
10.- DATA PROCESSING ACTIVITIES
The data processing activities carried out through http://imopac.es/ are described below, specifying:
- Activity: Name of the data processing activity.
- Purposes: Uses and treatments carried out with the data collected.
- Legal basis: Legal basis that legitimizes the processing of data.
- Data processed: Types of data processed.
- Source: Data source.
- Retention: Data retention period.
- Recipients: Third parties to whom the data is transferred.
- International transfers: Data transfers outside the European Union.
10.1 -Treatment activities
These are those data processing activities whose purposes are necessary for the provision of services.
|
Management of Inquiries and Contacts through the IMOPAC Website |
|
|
Legal basis |
(Art. 6.1.a RGPD) Consent of the data subject (LSSICE. Law 34/2002, of July 11, 2002, on information society services and electronic commerce, RGPD and LOPDGDD. Compliance with legal obligation: General Data Protection Regulation (RGPD) and Organic Law 3/2018, of December 5, on Personal Data Protection and guarantee of digital rights (LOPDYGDD). |
|
Purposes |
Responding to requests through the website; Management of potential clients and commercial contacts interested in IMOPAC’s products and services; Attention and communication with users who make inquiries or require information. |
|
Data categories and groups |
Web users (Identification data) |
|
Data source |
The interested party or its legal representative |
|
Category of recipients |
Not foreseen |
|
International transfer |
Not foreseen |
|
Conservation period |
For a period of 5 years from the last confirmation of interest. The personal data provided will be kept for as long as their deletion is not requested by the interested party and is appropriate, and for as long as they are necessary – including the need to keep them during the applicable statute of limitations – or relevant for the purpose for which they were collected or recorded. |
|
Safety measures |
Security Measures (Art. 32 RGPD, Recital 83 RGPD, First Additional Provision LOPDGDDD) -Encryption of data in transit and at rest: Protection of information transmitted using secure protocols (HTTPS, TLS). -Access control: Limiting access to collected data to authorized personnel only. -Monitoring and auditing: Logging of access and activities on the information collected. -Data minimization policy: Exclusive collection of data necessary for the intended purpose. -Anti-spam measures and web attacks: Implementation of protection systems against bot attacks and unauthorized access. -Periodic backups: Guarantee of data recovery in case of incidents. |
|
Cookies, pixel and tracking |
|
|
Legal basis |
(Art. 6.1.a RGPD) Data subject’s consent |
|
Purposes |
Identify problems; Obtain statistical data on user navigation; Retain user preferences during their stay on a website; Youtube video streaming |
|
Data categories and groups |
Web Users (Identifying data; Other categories) |
|
Data source |
The interested party or its legal representative |
|
Category of recipients |
Companies engaged in advertising or direct marketing |
|
International transfer |
Not foreseen |
|
Conservation period |
You should access our cookie policy to know the retention time of each cookie as well as the information that has been collected. |
|
IMOPAC’s Resume Management and Job Board |
|
|
Legal basis |
Explicit consent of the data subject (RGPD: 6.1.a) Consent of the data subject. ) |
|
Purposes |
Assign the position that best suits the profile of each candidate; Consult the resumes received to select the most suitable person according to the needs of the company; Manage the applications received through the “Work with us” form on the IMOPAC website; Carry out the personnel selection processes to fill vacancies in the company. |
|
Data categories and groups |
Employees (Identifying information; Academic and professional). Job Candidates (Identifying information; Academic and professional; Job details) |
|
Data source |
The interested party or his legal representative |
|
Category of recipients |
Organizations or persons directly related to the person in charge; Entities of the business group; If the profile could fit in another company of the group your curriculum will be shared with the same in order to help you in your job search. |
|
International transfer |
Not foreseen |
|
Conservation period |
For a period of 1 year from the last confirmation of interest. Personal data provided will be retained for one year or until deletion is requested by the data subject. If you are an employee of the company, it will be retained for as long as the employment relationship is in force and thereafter for the applicable or relevant statute of limitations. |
|
Safety measures |
Security Measures (Art. 32 RGPD, Recital 83 RGPD, First Additional Provision LOPDGDDD) -Restricted access control: Only authorized personnel from the HR department can access the information. -Encryption of personal data: Protection in the storage and transmission of resumes and candidate data. -Logging and traceability of accesses: Tracking of queries and modifications made in the candidate database. -Encrypted backups: Periodic backup of information to prevent data loss. -Data minimization: Only the information strictly necessary for the selection processes is collected. -Secure deletion of data: Procedures for the definitive deletion of information after the retention period. |
11.- DATA OF MINORS
How do we handle the data of minors?
Minors under 14 years of age may not use the services offered through our website without the prior authorization of their parents, guardians or legal representatives. These will be solely responsible for all actions performed through the website by minors in their care, including the completion of online forms with the personal data of minors and, where appropriate, the selection of the corresponding checkboxes.
In accordance with the provisions of Article 8 of the RGPD and Article 7 of the LOPD/GDD, only persons over 14 years of age may consent to the lawful processing of their personal data by Imopac.
12.-PROVENANCE AND TYPES OF DATA PROCESSED
Where did we obtain your data?
Management of Inquiries and Contacts through the IMOPAC Website
- Users of the website: The interested party itself or its legal representative
Cookies, pixel and tracking
- Users of the website: The interested party or his legal representative
IMOPAC’s Resume Management and Job Board
- Employees: The interested party or its legal representative
- Applicants for employment: The applicant or his/her legal representative
What types of data do we collect and process about you?
Management of Inquiries and Contacts through the IMOPAC Website
Web users
- Identification data (E-mail address; Name and surname; Telephone number)
Cookies, pixel and tracking
Web users
- Identification data (IP address)
- Other categories (ID generated by Pixel or Cookie)
IMOPAC’s Resume Management and Job Board
Employees
- Identification data (Name and surname; Mailing address)
- Academic and professional (Professional experience)
Job Candidates
- Identification data (Name and surname; Mailing address; E-mail address; Telephone number)
- Academic and professional (Curriculum Vitae; Degrees)
- Employment Details (Worker History)
13- RIGHTS OF INTERESTED PARTIES
What are your rights regarding your data?
Data protection regulations give you specific rights that you can exercise in relation to the processing of your data. These rights are personal and non-transferable, which means that only you, as the data subject, can exercise them after verification of your identity.
Your rights are described below:
-Right of access: You may request confirmation of whether Imopac is processing your data and access information related to its processing.
-Right of rectification: If your personal data is inaccurate or incomplete, you may request its correction.
-Right to erasure (“right to be forgotten”): You may request deletion of your data when it is no longer necessary for the purposes for which it was collected, or if you withdraw your consent.
-Right to limitation of processing: You may request the limitation of the processing of your data, for example, while its accuracy is being verified or in other cases provided for by law.
Right to data portability: You have the right to receive your data in a structured, commonly used and machine-readable format and to transmit it to another data controller.
-Right to object: You may object to the processing of your data on grounds relating to your particular situation, or when the processing is based on a legitimate interest.
-Right not to be subject to automated decisions: You may request not to be subject to decisions based solely on automated processing of your data, including profiling.
-Right to withdraw consent: You may withdraw your consent at any time, without affecting the lawfulness of the processing based on the prior consent.
-Right to file a complaint: If you consider that your rights have not been respected, you may file a complaint with the corresponding supervisory authority: Spanish Data Protection Agency info@aepd.es https://www.aepd.es
To exercise any of these rights, you may contact Imopac using the contact information below:
- Responsible: IMOPAC SA
- Address: c/ Loeches, 113 – 115 P.I. Ventorro del Cano . 28924, Alcorcón (Madrid), Spain
- Phone: +34 91 633 42 38
- E-mail: info@imopac.es
- Website: http://imopac.es/
You can also exercise your rights with the Data Protection Officer:
Email: rgpd@auratechlegal.es – Telephone: 34 91 1134963
How can you exercise your rights in relation to your data?
To exercise your rights of access, rectification, deletion, limitation or opposition, portability and withdrawal of your consent, you can do so by sending an email to these addresses: rgpd@auratechlegal.es / info@imopac.es or by post to: c/ Loeches, 113 – 115 P.I. Ventorro del Cano . 28924, Alcorcón (Madrid), Spain
How can you file a complaint if you feel your rights are not being respected?
If you believe that the processing of your personal data does not comply with data protection regulations, you have the right to lodge a complaint with the relevant Supervisory Authority in your country of residence or place of business.
Depending on your location, you can contact the competent authority in your country. For example:
-In Germany, you can contact the Berliner Beauftragte für Datenschutz und Informationsfreiheit.
-In France, the competent authority is the Commission Nationale de l’Informatique et des Libertés (CNIL).
Specific contact details for Spain are as follows:
- Spanish Data Protection Agency
C/. Jorge Juan, 6. 28001, Madrid (Madrid), Spain
Email: info@aepd.es- Phone: 900293183
Web: https://www.aepd.es
If you are not sure which authority applies to you or need information on other supervisory authorities, you can consult the article on Data Protection Supervisory Authorities, where you will find contact details and links according to your location.
14.-MODIFICATION AND INFORMATION PRINCIPLE
This document ensures that you understand how we treat your personal data. By using our website or services, you confirm that you have been informed about the terms of our Privacy Policy, in accordance with the information principle set out in Article 13 of the GDPR. The lawful bases for processing your personal data are set out in Article 6 of the GDPR, and may include the performance of a contract, compliance with legal obligations or legitimate interest, among others.
This policy has been developed with the collaboration of Auratech Legal, a firm specializing in data protection, and will be reviewed periodically to ensure its adequacy and compliance.
Imopac reserves the right to modify this Privacy Policy according to changes in legislation, jurisprudence or directives of the control authorities. Any relevant modification that affects the purposes of the processing, storage periods or users’ rights will be explicitly communicated.
Last update: March 21, 2025