Purpose

The purpose of this Privacy Policy is to inform people (hereinafter, users or interested parties) who visit our website (hereinafter, website, website or the website) we collect, process and protect the personal data you decide to provide us by any means (forms, e-mails, telephone, contracts, etc.) and, after reading it, freely decide whether you what us to process then. Additionally, it will serve to expand on the information that we have previously provided to the interested parties in the informative clauses provided in the processes for collecting their personal data.

Furthermore, this policy aims to comply with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter RGPD) and with Organic Law 3/2018 of 5 December on the Protection of Personal Data and guarantee of digital rights (hereinafter LOPDGDD).

Who is the controller of your personal data?

Identity – Entity:	SP-BERNER PLASTIC GROUP, S.L.
CIF/NIF:	B96480454
Postal address:	Camino de la Lloma, 35, CP 46960, Aldaya ( Valencia)
Telephone:	96 159 60 06
E-mail:	protecciondedatos@sp-berner.com
Corporate purpose:	Inyección de plástico
Website:	https://sp-berner.com/
Registration details:	Registro Mercantil de Valencia, Tomo 6677, Libro 3981, Folio 181, Sección 8, Hoja 47483, Inscripción 31.

What personal data will we process and how do we collect it?

For the development of our business activity, it is essential to process personal data whose collection can be carried out by digital means (e.g. email, web forms or questionnaires), by filling in paper documents or through face-to-face or telephone conversations and in any of these cases the data will be processed in a fair, lawful and transparent manner.

The categories of data that our entity will process about data subjects are:

• Identification data: name and surname, ID card or equivalent document, image, voice and signature.
• Contact details: telephone, email, postal address.
• Access data: username and password.
• Commercial data: budgets, purchase conditions, management and history of services and/or purchases, results of contacts (telephone, email, messaging and other communication channels).
• Accounting data: control of income and expenses, invoicing data.
• Banking data: bank accounts and bank cards.
• Financial data: queries on economic or asset solvency.
• Transaction of goods and services: transfers and direct debits, amounts and concepts.
• Curricular data: academic data, professional experience, personal characteristics, etc…
• Browsing data: analysis of the time spent on our website, pages visited, demographic data (e.g. age, sex, language).

Our entity will not collect special category data (e.g. health data, ethnic origin, political opinions or religious beliefs), but in the event that it is necessary to process them, we will inform you and ask for your prior and express consent.

Consequently, the data requested will be adequate, relevant, limited to those strictly essential and necessary, processed only by personnel and/or collaborators authorised by our entity, who will have signed a confidentiality agreement and undertake to comply with the necessary security standards that guarantee the confidentiality, integrity and availability of the data processed and other legal requirements established in the RGPD. Therefore, they will be treated within the law. 

The data to be processed are provided by the data subject himself or by his legal representative, although it may be the case that we delegate some functions to certain collaborators and they are responsible for collecting your data, but they will always be processed with your prior express consent.

In the event that a data subject does not provide the data we request or provides incomplete or incorrect data, it will not be possible to fulfil and maintain the relationship with them.

The categories of data that we may process about a person will depend on the relationship they have with us, as shown below:

• Customers:

Data of an identifying, contact, access, commercial, accounting, banking, goods and services transaction nature will be processed and may only be collected if the customer provides them to us at the time of purchasing goods or contracting services, either in person, by telephone, e-mail or through the forms provided on our website, etc.

• Information requesters: 

Whether the information requested is in person, by telephone or in writing (e.g. email or web forms) we will request and/or process identification, contact and commercial data. 

• Suppliers:

Identification, contact, commercial, commercial, accounting, banking, transaction of goods and services and financial data will be processed. These data may be processed during all stages of the business relationship and only if the supplier provides them in order to start the business relationship.

• Job applicants:

For this category of interested parties, curricular, identification, contact and other data related to their professional or personal characteristics will be processed, which will be provided by the applicant themselves when they send us their application by any means (e.g. in person, email, web forms), they may also be collected in recruitment interviews (in person or online), the job application may even be sent to us by a collaborator to whom we have delegated certain functions. For more information, please see our Job Applicant Policy.

• Users of social networks: 

We are present in different social networks and we may process identification, contact, commercial and other data that the user enables to be displayed or shared with other users of the social network, including curricular data (e.g. LinkedIn). For more information, please see our Social Media Policy.

• Subscribers:

In the subscription forms to our bulletins/newsletters an e-mail address is requested, which may be provided by the interested party on a voluntary basis.

• Claimants:

We will process identification data, contact data and personal information of our own or of third parties that the claimant sends us.

• Complainants:

Through our internal whistleblowing channel, you may make reports anonymously, but you may also voluntarily provide us with identification and contact details, as well as other personal information about yourself or third parties related to the report, in accordance with the provisions of Law 2/2023 of 20 February on the protection of persons who report regulatory infringements and the fight against corruption. More information on the terms of the Internal Whistleblowing Channel.

• Visitors:

Identification data will be processed, contact data, company for which you work if the visit is for commercial reasons, being these data collected when they are provided by the visitor himself when requesting access to our facilities or when your interlocutor in our entity, provides them to us to allow you access to these facilities.

• Web users:

When visiting our website and only if expressly authorized by the user, analytical data (e.g. time of visit or pages viewed) including demographic data (e.g. gender, age, country or language) may be collected. For more information, please see our Cookie Policy. 

• Further information for data subjects:

The information legally established in the corresponding informative clauses, included in the different means of data collection, will be made available to the interested parties, so that the interested party freely and expressly decides whether they want their personal data to be processed by our entity.

All categories and types of personal data processed will be duly identified in the corresponding processing activities owned by our company.

What will your data be processed for?

In general, the purpose of the processing of personal data carried out by our company is the fulfilment and maintenance of the relationship with the different groups of people with whom we have contact. 

Depending on this relationship, the processing of your data is carried out for different purposes, which are detailed below, by way of example but not limitation:

• Clients:

Your personal data will be processed to identify you, to fulfil and maintain the pre-contractual and contractual relationship including the sending of commercial communications by different means, to deal with queries, to carry out quality controls and commercial statistics, to provide our services, for the sale and delivery of goods, for accounting and invoicing management, the transaction of goods and services, the management of collections, incident management, claims and the exercise of rights, as well as for other purposes to which we are obliged to comply with this relationship, the laws to which we are subject or to meet our legitimate interests.

• Information requesters: 

We will process your personal data to deal with requests for information of any kind that you may wish to send us, to identify you, to send or deliver quotations and information about the goods and/or services of interest to you, including in our reply (verbal or written) commercial information related to your request. We will also make follow-up contacts, by different means, to know the decisions taken with respect to the commercial proposals that we have sent you.

• Job applicants:

Your data will be processed to include you in our selection processes and job vacancies, to identify you, as well as to contact you and inform you about vacancies, coordination of interviews and other matters related to your application. For more information, please see our Job Applicant Policy.

• Suppliers:

Your personal data will be processed for the purpose of maintaining the pre-contractual and contractual relationship, fulfilling the commercial relationship whether for the request of quotations, for the purchase of goods or contracting of services, to make enquiries and identify you, for accounting management and the transaction of goods and services, as well as for other purposes necessary to comply with said relationship, with our legal obligations and legitimate interests. 

• Users of social networks: 

We will process your personal data to maintain the relationship as users of the same social network, to identify you, to contact you, to share news or advertising and to process other personal data that the user of the social network allows to share with the rest of the components of the social network. For more information, please see our Social Networking Policy.

• Subscribers:

Your data will be processed to send you by e-mail our bulletins / newsletter or advertising, to identify you and to process incorporation or unsubscription of these mailings if we are requested to do so. 

• Complainants:

Personal data will be processed to identify you, manage your complaint and contact you about the status of your complaint, as well as to comply with our legal obligations and legitimate interests.

• Complainants:

The personal data you choose to provide in your complaint will be processed to register, manage your complaint, as well as to identify and contact you (except if the complaint is anonymous) for the acknowledgement of receipt of your complaint and to keep you informed about the status of our investigations within the deadlines and terms set out in Law 2/2023 of 20 February. We may also process your data on the basis of our legitimate interests and where necessary to comply with other legal obligations to which we are subject. Further information is available in the terms of the Internal Whistleblowing Channel.

• Visitors:

The data of visitors to our facilities will be processed to identify you, to comply with our obligations in terms of occupational risk prevention and for security and access control purposes.

• Web users:

By accepting the installation of cookies when visiting our website, data may be processed for different purposes (e.g. analysis of visits). For more information visit our Cookies Policy. 

• Further information for interested parties:

The information legally established in the corresponding informative clauses included in the different means of data collection (e.g. forms, locutions, contracts, etc.) will be made available to the interested parties, so that you can freely and expressly decide whether you want the personal data requested to be processed by our entity, in the same sense, this information will be recalled in the different documents or communications that we share with the interested parties (e.g. badges, invoices, legal notices, etc.).

In the event that the data subject does not provide the data we request or provides incomplete or erroneous data, we may not be able to deal with the request for information or to contact the data subject.

The data will not be processed further or for purposes other than those accepted by the data subjects. 

The purposes for which personal data are processed will be duly identified in the corresponding processing activities owned by our company.

Why do we process your data (legitimisation)?

The processing of your personal data by our company is carried out on one or more of the following legitimate bases:

1. When you give us your express, free, informed and unequivocal consent, after being informed at the time of collecting your data and more broadly with this privacy policy, that after reading it and if you agree, you can voluntarily authorise us to process your data for one or more purposes, by ticking the boxes provided for this purpose on our web forms or by your consent by signing the informative clauses that we provide at any time when requesting your personal data.
2. For the performance of a contract to which you are a party or for which you have requested us to take pre-contractual measures.
3. Where the processing is necessary for compliance with a legal obligation applicable to us.
4. When the processing is necessary for the fulfilment of legitimate interests pursued by us or by a third party, provided that such interests are not overridden by the interests or fundamental rights and freedoms of the data subject. In this regard, we inform that our entity has carried out an analysis weighing our legitimate interests with the rights and freedoms of the data subject, always respecting his or her fundamental rights.

In the event that the user is under 14 years of age, it will be necessary to have the consent of the parents, guardians or legal representative, to process their data. The user is solely responsible for the veracity of the data he/she sends us. 

Data retention

The personal data provided will be kept for as long as we maintain the relationship with the data subject and for the time necessary to fulfil the purpose for which the data was collected. 

Once this relationship has ended, we will keep it blocked in those cases in which it is necessary to keep it until the statute of limitations of responsibilities for the exclusive purpose of claims or legal actions, as well as to comply with our legal obligations, for example:

Interested parties	Sectoral scope	Legal basis	Storage period
Clients Suppliers	Accounting	Art. 30.1 R.D. Commercial Code	6 years from the last entry
Clients Suppliers	Fiscal	Art. 66 General Tax Law 58/2003	General term: 4 years In case of losses during the fiscal year: 10 years Invoices: 5 years
Workers	Labor	Art. 21 of Royal Legislative Decree 5/2000 – Social Order	4 years:
Job seekers	Labor	AEPD Labor Relations Guide	1  year
Working people	Occupational risk prevention	Art. 4.3 of Royal Decree 5/2000 – Social Order	5 years
Visitors	Facility access control	AEPD Instruction 1/1996	1 month
Web users	Use of cookies	Guide on the use of cookies by the AEPD	24 months maximum
Information requesters	Commercial Legal	Art. 20.1 a and d) Spanish Constitution	The shortest possible time or the time indicated by law
Clients Suppliers Visitors Job seekers	Video surveillance	Art. 22.3 LOPDGDD – protection of personal data	1 month
Customers	User information in Internet service providers	Art. 5 of Law 25/2007 – retention of electronic communications data and public communications networks	12 months from the date of communication. The data to be retained are those established in Article 3 of the law. After consulting with the operators, this period may be extended by regulation to a maximum of 2 years or a minimum of 6 months.
Complainants Affected	Complaints from the Internal Complaints Channel	• Art. 26.2 Law 2/2023 (internal information systems) • Art. 32.3 Law 2/2023 (internal information systems) • Art. 32.4 Law 2/2023 (internal information systems))	• If the reported facts have been investigated, the data will not be retained for more than 10 years. For the time necessary to decide whether to initiate an investigation into the reported facts. If it is proven that the information provided, or part of it, is not true, it must be deleted immediately, unless such inaccuracy may constitute a criminal offense, in which case the information will be retained for the time necessary to process the judicial proceedings. If an investigation has not been initiated within 3 months of receiving the report, it must be deleted.

Profiling

We do not profile or make automated decisions using your personal data, but if we do, we will inform you and ask for your prior consent to do so.

Similarly, you have the right to object to such processing at any time by writing to us at protecciondedatos@sp-berner.com

Transfer of data

As a general rule, our company does not pass on personal data to third parties without prior consent, although they may be passed on to other companies in our group of companies for centralised management.

However, it will be necessary to transfer data in the following cases:

In the case of our customers or suppliers, their personal data may be transferred to third parties by legal obligation (e.g. Tax Agency), or in those cases and entities necessary to provide our services or pay invoices (e.g. Banks) or in the case of delivery of goods, their data may be transferred to transport companies collaborating with our company. 

Likewise, the personal data of customers or suppliers may be processed by third parties to whom we delegate some of our obligations (e.g. accountants) and all of them have committed themselves by means of a data processor contract to comply with the same security measures implemented by our entity, as well as to submit to the duty of secrecy and confidentiality of the personal data processed, among other obligations regarding the protection of personal data.

In the case of job applicants, your data will not be transferred to third parties unless legally required to do so.

Regarding information applicants or users of our website, your data will not be transferred to third parties except in the cases set forth above and notified at each stage of collection, and only with your express consent, unless our legitimate interest prevails or we are legally required to do so, in which case your consent will not be required.

In the case of whistleblowers, their data may be lawfully processed by persons other than those responsible for the internal information system. They may also be communicated to third parties when necessary to adopt corrective measures within our entity or to process any disciplinary or criminal proceedings that may be appropriate (Article 32.2 of Law 2/2023).

In general terms, we may share your personal data with the competent judges, courts, public prosecutors, and/or public authorities in response to potential claims when we are required to do so.

International data transfer

In the event of transfers to third-party entities located in countries outside the European Economic Area, we will inform and request the prior and express consent of the interested parties.

Security Measures

Our entity has implemented all the necessary technical and organizational measures to protect the personal data processed, preventing its loss, theft, or unauthorized use.

These measures have been created based on the type of data processed and the purposes for which it is processed. These measures are periodically verified through our internal controls for compliance with personal data protection regulations and through external audits.

Your Rights

You, as the owner of your personal data and acting on your own behalf or through your legal representative (e.g., persons under 14 years of age), may contact us at any time and request that we exercise your personal data protection rights. We explain these rights:

We explain what these rights are:

• Right of Access:

You have the right to know and request the following information at any time:

• • Whether or not we are processing your personal data.
  • The purposes of the processing, as well as the categories of personal data being processed.
  • The source of your data, if you do not provide it to us.
  • The recipients or categories of recipients to whom my personal data has been or will be disclosed, including, where applicable, recipients in third parties or international organizations.
  • Information on appropriate safeguards regarding the transfer of my data to a third country or to an international organization, where applicable.
  • The expected retention period, or if not possible, the criteria for determining this period.
  • If automated decision-making is involved, including profiling, meaningful information about the logic involved, as well as the significance and expected consequences of such processing.
  • A copy of your personal data being processed.

• Right to Rectification:

Request rectification of your personal data when it is inaccurate, as well as completion of it when it is incomplete.

• Right to Object:

You may object to our processing of your data if it is incorrect or no longer necessary.

If you are acting as the person accused or affected by a complaint under Law 2/2023, you will not be able to exercise your right to object, as it is presumed (subject to proof to the contrary) that there are legitimate grounds for processing your personal data, in accordance with the provisions of Article 31.4 of the Law.

• Right to Erasure:

You can request that your data be deleted for any of the following reasons:

• • Your data is no longer necessary for the purposes for which it was collected or processed.
  • You have not given consent for the processing of your data.
  • When you have exercised your right to object.
  • When the data has been processed unlawfully.
  • When the data must be deleted to comply with a legal obligation.

• Right to Restrict Processing:

You may request that we exercise this right when one or more of the following situations apply:

• • When you contest the accuracy of your data, for a period enabling the controller to verify its accuracy.
  • When the processing is unlawful and you oppose the erasure of your data and request a restriction on its use instead.
  • When the data is no longer required for the purposes of the processing, but the data subject requires it for the establishment, exercise, or defense of legal claims.
  • When you have objected to processing pursuant to Article 21(1), while it is being verified whether the legitimate grounds of the controller override those of the data subject.

• Right to Data Portability:

 This refers to the right to obtain your data in a structured, commonly used, and machine-readable format, as well as to transmit it to another data controller for further processing.

1. Right not to be subject to automated decisions:

Right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects on you or significantly affects you in a similar way.

To exercise any of your rights, you must contact SP-BERNER PLASTIC GROUP, S.L. in writing, either by post to Camino de la Lloma, 35, CP 46960, Aldaya (Valencia), or by email to protecciondedatos@sp-berner.com, stating the rights you wish to exercise, accompanied by a copy of your ID or equivalent document so that we know who we should provide the requested information about and your contact information so that we can send you our response. If you are acting on behalf of another person, you must provide proof of representation.

If you have any suggestions or questions about the processing of your personal data, you can contact our data protection consultant:

BUSINESS ADAPTER, S.L.

Ronda Guglielmo Marconi, 11, 26, (Parque Tecnológico) 46980 Paterna (Valencia).

Data subject assistance form

We inform you that you have the right to file a complaint with the Spanish Data Protection Agency at: C/ Jorge Juan, 6, 28001 Madrid or at www.aepd.es.

Commitment to the Protection of Personal Data

Scope of application

Our commitment to the protection of personal data will be mandatory for all departments and workers of our entity, as well as those third parties acting on our behalf.

Purpose

We have established protocols for the processing of your personal data, in accordance with European and Spanish data protection regulations.

Principles

We will process your data legally, fairly, transparently, with data minimization, accuracy, retention periods, integrity, confidentiality, and active responsibility.

Special Category of Data

Our entity prohibits the processing of personal data that reveals ethnic or racial origin, political opinions, religious or philosophical beliefs, union membership, genetic or biometric data, health data, or data related to sexual orientation, except in the cases authorized by law and with the prior consent of the data subject.

Data Subject Rights

Our entity will address and respond to your requests to exercise your rights as quickly and diligently as possible.

Activity Log, Impact Assessment, and Security Measures

Our entity will keep a log of processing activities and analyze the purposes of the processing, categories of data subjects and data, recipients, international transfers, retention periods, etc., to assess the risks of processing and implement the necessary security measures to guarantee the confidentiality, integrity, and availability of personal data.

Likewise, for each processing activity, we have analyzed the need to prepare an Impact Assessment and determined whether there is an obligation to appoint a Data Protection Officer. If necessary, we have established that the person appointed to this position has sufficient knowledge and experience in accordance with current regulations.

Control

We rely on external support to advise us on this matter, monitoring all publications made by the competent supervisory bodies and other European and Spanish entities related to data protection regulations, in order to comply with these regulations at all times.

Updates to this Policy

Our organization reserves the right to modify this Policy without prior notice. Therefore, we recommend that you review it each time you visit our website.