Personal Data Protection Policy of FINANCIERA MADERERA S.A. (FINSA)

In compliance with current regulations on data protection, Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 (GDPR), Organic Law on Protection of Personal Data (LOPDCP, 15/ 99), Development Regulation of the LOPDCP (Royal Decree, 1720/2007, of December 21), we inform you of the Personal Data Protection Policy, in regard to the processing of personal data, is the one that is detailed below.

Responsible for the treatment of personal data

The data controller is the legal entity that determines the purposes and means of processing personal data. In other words, the controller decides how and for what purposes the personal data is processed.

For the purposes of this Data Protection Policy, the person responsible for the processing of personal data is:

  • Social reason: FINANCIEIRA MADERERA S.A (FINSA). Original buisness of Society group: GRUPO FINSA
  • NIF: A15005499
  • Registered in the Mercantile Registry of A Coruña, Page SC-3085 Volume 951 Page 142
  • Registered office: Carretera Nacional 550 km 57. E 15707 - Santiago de Compostela. España
  • e-mail address: finsa@finsa.es
  • Telephone number: +34 981 050 000 / Fax.: +34 981 050 700
  • Data Protection Delegate:

What personal data do we process and how do we protect it?

Personal data is any information about an identified or identifiable natural person.

For the purposes established in this Privacy Policy, the person in charge collects and processes the personal data that is explained in each type of treatment, and that will depend on the different services that you request or the contractual relationship that you maintain with our entity.

Our organization undertakes to treat with total confidentiality and to apply the appropriate security measures, of a physical, technical and organizational nature, for the protection of your personal data.

You guarantee and are responsible, in any case, for the veracity, accuracy, validity and authenticity of the personal data provided and undertake to keep them duly updated.

Data processing of "Coordination of business activities"

  1. What type of personal data do we process?

Identification data: name, ID, date of birth, address, telephone, email address, signature, image.

Personal characteristics data: Sex, marital status, nationality, age, date and place of birth and family data.

Academic and professional data: profession, position, experience, qualifications.

  1. For what purpose do we process your personal data?

We treat the personal data that you provide us for the prevention of occupational risks and coordination of business activities with workers of auxiliary companies.

The personal data provided will be kept as long as the employment relationship is maintained. If, once the employment relationship has ended, you decide to cancel your personal data, they will be kept until the legal deadlines defined by accounting, tax and labor regulations have expired, and once said deadlines have elapsed, your data will be deleted from our system.

  1. What is the legitimacy for the treatment of your data?

The legal basis for the treatment of your data is the fulfillment of an employment contract, as well as the fulfillment of a legal obligation of the person in charge.

  1. To which recipients will your data be communicated?

Your data may be communicated to outsourcing entities for the coordination of business activities for data verification.

Your personal data will not be transferred to any other entity, except those that are necessary to public bodies by legal obligation.

International transfers are made to the United States of America protected under the Privacy Shield, through the data processor Google (Gsuite).

Processing of data of “Job candidates”

  1. What type of personal data do we process?

Identification data: name, ID, date of birth, address, telephone, email address, signature, image.

Personal characteristics data: Sex, marital status, nationality, age, date and place of birth and family data.

Academic and professional data: profession, position, experience, qualifications.

  1. For what purpose do we process your personal data?

We treat the personal data that you provide us for the management of the company's selection processes.

The personal data provided will be kept as long as the interested has not withdrawn their consent in order to continue saving their curriculum vitae for future selection processes. In any case, the CVs will be eliminated after one year has elapsed since they were sent.

  1. What is the legitimacy for the treatment of your data?

The legal base for the treatment of your data is the express consent that is requested.

  1. To which recipients will your data be communicated?

Your data may be transferred to the companies of the FINSA group:

  • FINANCIERA MADERERA, S.A. A-15005499
  • FORESA, INDUSTRIAS QUIMICAS DEL NOROESTE, S.A A-28141224
  • DECOTEC PRINTING, S.A A-60886702
  • COGENERACION DEL NOROESTE, S.L B-15761612
  • PROTECCION E INTEGRIDAD, S.A A-15210412

Your personal data will not be transferred to any entity.

IT is carried out in the United States of America protected under the Privacy Shield, through the data processor Google (Gsuite).

Treatment of data of "Clients and Suppliers"

  1. What type of personal data do we process?

Identification data: name, ID, address, telephone, email address.

Financial data: bank account, credit card data.

Academic and professional data: profession, position, experience, qualifications.

Data related to transactions: products and services provided

  1. For what purpose do we process your personal data?

We treat the personal data that you provide us for the management of the data of the company's clients and suppliers, to maintain the commercial relationship, accounting, administrative and billing management, as well as tax obligations.

The purpose of advertising and commercial prospecting has also been foreseen, for which the express consent of the interested party is requested.

The personal data provided will be kept as long as the business relationship is maintained. If you decide to cancel your personal data, they may be kept in our databases for the periods provided by law in order to comply with tax and accounting obligations, and they will be deleted once said legal periods or those that are applicable have expired.

  1. What is the legitimacy for the treatment of your data?

The legal basis for the treatment of your data is the execution of a contract, as well as the fulfillment of a legal obligation of the person in charge.

The communication of offers and promotions that could be of interest to you is based on the express consent that is requested.

  1. To which recipients will your data be communicated?

Your data may be communicated to companies in charge of processing FINSA for the preparation of market studies and commercial positioning.

Your personal data will not be transferred to any entity, except those that are necessary to public bodies by legal obligation.

IT is carried out in the United States of America protected under the Privacy Shield, through the Google data processor (Gsuite and Cloud Platform).

Data processing of “Transportation Management Activity”

  1. What type of personal data do we process?

Identification data: name, ID, address, telephone, email address.

Academic and professional data: profession, position, qualifications.

Data related to the geolocation of the transport of our goods, routes carried out, as well as tachograph data.

  1. For what purpose do we process your personal data?

We treat the personal data that you provide us for the management of the data of the company's carriers, the management of logistics and transport, in such a way that it is possible to know where the products are, and make delivery forecasts and procedures logistics.

The personal data provided will be kept as long as the business relationship is maintained. If you decide to cancel your personal data, they may be kept in our databases for the periods provided by law in order to comply with tax and accounting obligations, and they will be deleted once said legal periods or those that are applicable have expired.

  1. What is the legitimacy for the treatment of your data?

The legal basis for the treatment of your data is the execution of a contract, as well as the fulfillment of a legal obligation of the person in charge. It may also be constituted by the consent of the interested party.

  1. To which recipients will your data be communicated?

The data may be communicated to the entity in charge of processing the positioning data.

Your personal data will not be transferred to any entity, except those that are necessary to public bodies by legal obligation.

IT is carried out in the United States of America protected under the Privacy Shield, through the data processor Google (Gsuite).

Treatment of data of "Contacts and potential clients"

  1. What type of personal data do we process?

Identification data: name, address, telephone, email address.

  1. For what purpose do we process your personal data?

We treat the personal data that you provide us in the contact form for the management of data of commercial contacts and potential clients.

The purpose of advertising and commercial prospecting has also been foreseen, for which the express consent of the interested party is requested.

The personal data provided will be kept as long as the business relationship is maintained. If you decide to cancel your personal data, it will be removed from our contact database.

  1. What is the legitimacy for the treatment of your data?

The legal basis for the treatment of your data is the express consent that is requested.

  1. To which recipients will your data be communicated?

The data may be communicated to those in charge of treatment who carry out tasks of managing the sending of communications, as well as the management of social networks.

IT is carried out in the United States of America protected under the Privacy Shield, through the data processor Google (Gsuite).

Treatment of "Security" data

  1. What type of personal data do we process?

Identification data: name, ID, address, telephone, signature, image/voice.

  1. For what purpose do we process your personal data?

We process personal data to ensure the security of the company's facilities by recording video images (video surveillance).

We also process the data to manage access control.

Personal data will be kept for a maximum of the established legal periods (one month).

  1. What is the legitimacy for the treatment of your data?

The legal basis for the processing of your data is the satisfaction of legitimate interests pursued by the data controller.

  1. To which recipients will your data be communicated?

Your data may be communicated to PROINSA, the entity in charge of processing security data, as well as to installation and maintenance companies for alarm and access control services.

Your personal data will not be transferred to any entity, except those that are necessary to the Security Forces and Bodies by legal obligation.

Nor are international transfers of personal data planned.

¿What are your rights when you provide us with your data?

In accordance with the applicable regulations on data protection, you have a series of rights in relation to the processing of your personal data. The exercise of these rights will be free for you, except in cases where manifestly unfounded or excessive requests are made, especially repetitive ones.

These rights are the following:

  1. Right to information: You have the right to be informed in a concise, transparent, intelligible and easily accessible manner, with clear and simple language, about the use and treatment of your personal data.
  2. Right of access: You have the right to ask us at any time to confirm if we are treating your personal data, to provide you with access to them and information about their treatment and to obtain a copy of said data. The copy of your personal data that we provide will be free of charge, although the request for additional copies may be subject to the charge of a reasonable amount based on administrative costs. For our part, we may ask you to prove your identity or require more information that is necessary to manage your request.
  3. Right of rectification: You have the right to request the rectification of inaccurate, outdated or incomplete personal data concerning you. You may also request that incomplete personal data be completed, including by means of an additional declaration.
  4. Right of deletion: You have the right to request the deletion of your personal data when, among other reasons, the data is no longer necessary for the purposes for which it was collected. However, this right is not absolute, so that our organization may continue to keep them duly blocked in the cases provided for by the applicable regulations.
  5. Right to limit treatment: You have the right to request that we limit the treatment of your personal data, which means that we may continue to store them, but not continue treating them if any of the following conditions are met:
  • That you challenge the accuracy of the data, for a period that allows the person in charge to verify the accuracy of the data;
  • the treatment is unlawful and you oppose the deletion of the data and request instead the limitation of its use;
  • our entity no longer needs the data for the purposes of the treatment, but you need them for the formulation, exercise or defense of claims;
  • You have opposed the treatment, while it is verified if the legitimate reasons of our entity prevail over yours.
  1. Right to data portability: You have the right to have your data transmitted to another data controller in a structured, commonly used and machine-readable format. This right applies when the processing of your personal data is based on consent or the execution of a contract and said processing is carried out by automated means.
  2. Right of opposition: This right allows you to oppose the processing of your personal data, including profiling. We will not be able to attend to your right only when we process your data in the event that we prove legitimate reasons for the treatment or for the formulation, exercise or defense of claims.
  3. Right not to submit to automated decisions, including profiles: This right allows you not to be the subject of a decision based solely on automated processing, including profiling, that produce -said decisions- legal effects or affect you in a similar way. Unless said decision is necessary for the conclusion or execution of a contract, is authorized by law or is based on consent.
  4. Right to withdraw consent: In cases where we have obtained your consent for the processing of your personal data in relation to certain activities (for example, in order to send you commercial communications), you can withdraw it at any time. In this way, we will stop carrying out that specific activity for which you had previously consented, unless there is another reason that justifies the continuity of the processing of your data for these purposes, in which case, we will notify you of said situation.
  5. Right to file a claim with a supervisory authority: You have the right to file a claim with the Spanish Data Protection Agency, C/ Jorge Juan, 6, 28001 Madrid, 901 100 099 - 912 663 517 (www.agpd.es), or at the email address: https://sedeagpd.gob.es/sede-electronica-web/vistas/formQuejasSugerencias/seleccionarQuejaSugerencia.jsf

You can exercise the rights indicated above, by sending us a communication to the physical address or to the electronic address indicated, accompanying a document proving your identity and providing the necessary details to process your request.

Interested parties can obtain additional information about their rights on the website of the Spanish Agency for Data Protection, www.agpd.es.