SPIRIT & BRANDS, S.L. (hereinafter the Entity) is committed to due diligence and compliance with the Data Protection regulations implemented through Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and the free movement of such data General Data Protection Regulation (RGPD) and Organic Law 3/2018 on Data Protection and Guarantee of Digital Rights (LOPDGDD).
1. Data Controller and contact details of the Data Protection Officer/Data Protection Officer (DPO/DPO):
Identity: Spirit & Brands SL
Address / C. P.: Passeig de Gràcia, 103 4º 08008 Barcelona
DPO / DPO contact details: firstname.lastname@example.org
Data Protection Channel: https://www.corporate-line.com/cnormativo-spiritbrands/nueva-comunicacion
2. Purposes of processing
The Entity will process the information provided by the interested parties for the following purposes:
- Manage your attention, visit and meeting at our facilities, as well as the management and implementation of the services / products contracted.
- To manage any type of request, suggestion or petition about our professional services made by interested parties.
- Informative and commercial communications: processing of your data in order to inform you about activities, articles of interest and general information
related to our activity and the services/products contracted.
- Manage data provided by job candidates through the Curriculum Vitae (CV) for the purpose of the selection and recruitment process.
- Promotional actions and campaigns (promotions, raffles,…).
- Manage the communications received through the SPIRIT & BRANDS ethical channel and carry out the appropriate investigations (in the event that
the informant identifies him/herself).
For the good purpose and development of your attention and management of the above purposes, the holder consents to the processing of your data for the above purposes, all under the strictest compliance with the Data Protection regulations and the policy that we are detailing. You may exercise your rights at any time (see specific section).
3. Data retention criteria
Management of services / products contracted with the Entity: the personal data provided in the contracts, offers and/or service proposals, as well as those of other persons whose intervention is necessary, will be kept for as long as the contracted services are in force. At the end of the provision of the contracted service/s, the personal data shall be kept in the event that liabilities may arise with the Entity and/or in compliance with other regulatory frameworks that are applicable to the Entity or a regulation with the rank of law that requires the conservation of the same. Personal data shall be kept in such a way as to allow the identification and exercise of the rights of those affected and under the legal and organisational technical measures necessary to guarantee the confidentiality and integrity of the same.
Curriculum Vitae Management: the Entity, as a rule, keeps your Curriculum Vitae for a maximum period of one year; at the end of this period, it will be automatically destroyed, in compliance with the principle of data quality.
Others: the rest of the data and information provided by the user by any means will be kept for the time necessary to fulfil the purpose for which they were collected.
- The legal basis that enables the Entity to process the personal data of users, customers, potential customers by virtue of the following titles:
- The consent of the persons concerned for the processing and management of any request for information or enquiry about our services and products. Consent given by Job Applicants for recruitment and selection purposes.
- The framework for the provision and/or contracting of services/products with the Entity.
- Legitimate interest in sending you information, commercial and/or promotional offers related to the Entity’s activity and the services/products contracted via e- mail or any other means.
No personal data will be passed on to third parties, except as provided for by law.
Personal data is collected directly from the persons concerned and from our partners. The categories of personal data provided to us by our employees are as follows:
- Identification data.
- Postal or e-mail addresses.
- Data provided and/or consented to by the interested parties themselves related to and necessary for the management and performance of the service / product requested.
Right of Access, Rectification and Deletion: interested parties have the right to obtain confirmation as to whether or not the Entity is processing personal data concerning them. Interested parties have the right to access their personal data, as well as to request the rectification of inaccurate data or request its deletion when, among other reasons, the data is no longer necessary for the purposes for which it was collected.
Right to Restriction and Opposition: In certain circumstances, data subjects may request that we restrict the processing of their data, in which case we will only retain the data for the purpose of exercising or defending claims. In certain circumstances and for reasons related to their particular situation, data subjects may object to the processing of their data. The Entity will stop processing the data in this case, except for compelling legitimate reasons, or for the exercise or defence of possible claims. These rights may be exercised in our Data Protection Channel, see specific section.
8. Ethical Channel
The Entity has implemented a Communications and Whistleblowing Channel to comply with Law 2/2023 of 20 February, regulating the protection of persons who report regulatory infringements and the fight against corruption. The channel is intended for reporting any suspicions or violations of wrongdoing, including suggestions or queries.
Accessed via the following link: https://www.corporate-line.com/cnormativo-spirit-brands/nueva-comunicacion
9. Attention and support
Interested parties may inform the Entity of any doubts regarding the processing of their personal data or the interpretation of our policy by contacting the Data Protection Officer/Data Protection Delegate (DPO/DPD) at the address indicated at the beginning of this policy.