Privacy and Data Protection Policy
Gaudit, S.L., Gaudit Consell, S.L., and Economistes Associats, S.L. (as of now, the Entity) are committed to due diligence and regulatory compliance with the regulations classified as Personal Data Protection (PDP).
The following is detailed information on the Privacy and Personal Data Protection Policy in compliance with the provisions of Article 16 of Law 29/2021, of 28 October, described as the protection of personal data.
Data of the Data Controller and contact details of the Data Protection Officer and Delegate (RPD / DPD):
- Identity: Gaudit, S.L.
- Address and Postal Code: C / Bonaventura Armengol 15, 6è, AD500, Andorra la Vella – Andorra.
- Telephone: +376 808 136
- DPD contact details: Pilar Claparols Ayter – firstname.lastname@example.org
Purpose of treatment
The Entity will process information provided by interested parties for the following purposes:
- Manage your attention, visit, and meeting at our/your facilities.
- Manage the provision and performance of contracted services and products.
- Manage requests and suggestions about our professional services.
- Informative and commercial communications. That is processing your data to inform you about the activities, articles of interest, and general information related to our activity or contracted services and products.
- Manage data provided by job offer candidates through their Curriculum Vitae or any other means to initiate a selection and recruitment process.
- Ensure the security of offices, facilities, and people through access controls, video surveillance systems, and other access control/identification systems.
- Meet the legal provisions that apply to the Entity, and its activities, concerning health and occupational risk prevention.
- Manage and control the operation of the internal mechanisms, policies, and protocols established by the Entity to manage communications/complaints and regulatory compliance.
- All those treatments apply to us due to adequate compliance with the official/sectorial regulations and requirements to which our activity is subject.
To develop the attention and management of the above purposes, the owner, aware of the processing of your data, under the strictest compliance with qualified data protection regulations and the policy we are detailing, may exercise at any given time its rights specified in this policy.
Criteria for the preservation of the data processing
- Management of contracted services or products with the Entity: the personal data provided in the contracts or services proposed, as well as other people’s data whose intervention is necessary, will be kept while the contracted services are in force.
At the end of the provision of the contracted services, personal data will be held in case any responsibilities may arise with the Entity or in compliance with other regulatory frameworks that apply to the Entity. Personal data will be stored in a way that allows the identification and exercise of the person’s rights and under the necessary technical, legal and organizational measures to ensure its confidentiality and integrity.
- Management of the Curriculum Vitae: the Entity retains a Curriculum Vitae for a maximum of one year. Once this period has ended, the Entity will destroy it.
- Management of Employment Contracts: personal data will be kept, during the period in which the employment relationship is in force and, once it ends, in those cases where responsibilities may arise between the parties and when legislation is required.
- Others: the rest of the data and information provided by the user will be kept for the necessary time to fulfill the purposes for which they were provided.
The legal bases that enable the Entity to process users, customers, and potential customers’ personal data are:
- The given consent of those who may request information about our services and products.
- The given consent of those who may apply for a job for selection and recruitment purposes.
- The framework for providing or contracting services or products with the Institution.
- The legitimate interest in sending informative, commercial, or other promotional offers related to the activity of the Entity and the services and products contracted through e-mail or by any other means.
- Compliance with legal obligations and internal regulatory compliance procedures.
- The legitimate interest is to ensure security in offices, facilities, and for people.
No personal data will be transferred to third parties, except by law.
Personal data is obtained directly from interested parties and our collaborators. The categories of personal data provided to us by our collaborators are the following:
- Identification data.
- Postal and electronic addresses.
- Data provided or consented to by interested parties, is related and necessary for the management and realization of the requested service or product.
- Rights of Access, Rectification, Deletion / “Oblivion”: interested parties have the right to obtain confirmation as to whether or not their personal data is being processed.
Interested parties have the right to access their personal data and request the rectification or the deletion of inaccurate data when, among other reasons, the data is no longer necessary for the purposes for which it was collected.
- Right of Limitation and Opposition: Interested parties may request the limitation of the processing of their data, in which case, it will only be kept for the exercise or defense of claims. In certain circumstances and for reasons related to their particular situation, the persons concerned may object to the processing of their data. In that case, the Entity will no longer process the data unless there are legitimate imperative reasons, or for the exercise or defense of possible claims.
- Right to revoke the consent given: the interested parties have the right to withdraw their consent at any time, except in those cases provided in the Data Protection regulations, or if the data is necessary for the provision of the contracted services
However, this withdrawal has no retroactive effect, so it will not affect the lawfulness of the treatment based on prior consent.
- Right to portability: interested persons will have the right to the portability of their data when its processing is automatic. Therefore, they will have the right to request, receive and obtain the data that affects them.
Security and control measures
In compliance with the qualified Data Protection regulations, the Entity will process personal data by applying appropriate technical, legal, organizational, and security measures that guarantee the confidentiality and integrity of the information it manages, following its established current regulations.
In the event of any disagreement with the Entity regarding the processing of your data, you have the right to submit a complaint to the corresponding Data Protection Control Authority. In Andorra, this Authority is the Andorran Data Protection Agency.
Attention and support
Interested parties may communicate to the Entity any questions regarding the processing of their personal data or interpretation of our Policy, by contacting the Data Protection Officer and/or Delegate at the address indicated at the beginning of the present Policy.