The Management / Governing Body of GAP Aluminium. (hereinafter, the data controller), assumes the maximum responsibility and commitment to the establishment, implementation and maintenance of this Data Protection Policy, guaranteeing the continuous improvement of the data controller with the aim of achieving excellence in relation to compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council, of April 27, 2016, regarding the protection of natural persons with regard to the processing of personal data and the free circulation of these data and by which repeals Directive 95/46/EC (General Data Protection Regulation) (DOUE L 119/1,04-05-2016), and the Spanish regulations on the protection of personal data (Organic Law, legislation specific sector and its implementing regulations).
GAP Aluminium’s Data Protection Policy rests on the principle of proactive responsibility, according to which the data controller is responsible for compliance with the regulatory and jurisprudential framework that governs said Policy, and is capable of demonstrating it before the competent control authorities.
In this sense, the data controller will be governed by the following principles that must serve all its staff as a guide and frame of reference in the processing of personal data:
Data protection by design: the data controller will apply, both at the time of determining the means of processing and at the time of the processing itself, appropriate technical and organizational measures, such as pseudonymization, designed to effectively apply the principles of data protection, such as data minimization, and integrate the necessary guarantees in the treatment.
Protection of data by default: the data controller will apply the appropriate technical and organizational measures in order to guarantee that, by default, only the personal data that is necessary for each of the specific purposes of the treatment are processed.
Data protection in the life cycle of the information: the measures that guarantee the protection of personal data will be applicable during the complete cycle of the life of the information.
Lawfulness, loyalty and transparency: personal data will be processed lawfully, loyally and transparently in relation to the interested party.
Limitation of purpose: personal data will be collected for specific, explicit and legitimate purposes, and will not be further processed in a manner incompatible with said purposes.
Data minimization: personal data will be adequate, pertinent and limited to what is necessary in relation to the purposes for which they are processed.
Accuracy: personal data will be accurate and, if necessary, updated; All reasonable steps will be taken to promptly delete or rectify personal data that is inaccurate with respect to the purposes for which it is processed.
Limitation of the retention period: the personal data will be kept in a way that allows the identification of the interested parties for no longer than is necessary for the purposes of the processing of the personal data.
Integrity and confidentiality: personal data will be treated in such a way as to guarantee adequate security of personal data, including protection against unauthorized or unlawful processing and against loss, destruction or accidental damage, through the application of technical measures or appropriate organisations.
Information and training: one of the keys to guaranteeing the protection of personal data is the training and information provided to the personnel involved in their processing. During the life cycle of the information, all personnel with access to the data will be suitably trained and informed about their obligations in relation to compliance with data protection regulations.
GAP Aluminum’s Data Protection Policy is communicated to all personnel responsible for processing and made available to all interested parties.
Consequently, this Data Protection Policy involves all the personnel responsible for the treatment, who must know it and assume it, considering it as their own, each member being responsible for applying it and verifying the data protection regulations applicable to their activity, as well as identify and provide the opportunities for improvement that it deems appropriate with the aim of achieving excellence in relation to its compliance.
This Policy will be reviewed by the Management / Governing Body of GAP Aluminium, as many times as deemed necessary, to adapt, at all times, to the provisions in force regarding the protection of personal data.

YOUR SECURE DATA

Information in compliance with personal data protection regulations

In Europe and in Spain there are data protection regulations designed to protect your personal information that are mandatory for our entity.

Therefore, it is very important for us that you fully understand what we are going to do with the personal data that we request.

In this way, we will be transparent and give you control of your data, with simple language and clear options that will allow you to decide what we will do with your personal information.

Please, if you have any questions after reading this information, do not hesitate to ask us.

Thank you very much for your help.

About us?
Our denomination:GAP Aluminum
Our CIF / NIF:
Our main activity:
Our address:
Our contact phone:
Our contact email address: info@gapaluminium.pt
Our website: https://www.gapaluminium.pt/
We are at your disposal, do not hesitate to contact us.

What are we going to use your data for?
In general, your personal data will be used to be able to relate to you and to be able to provide you with our services.

Likewise, they can also be used for other activities, such as sending you advertising or promoting our activities.

Why do we need to use your data?
Your personal data is necessary to be able to relate to you and to be able to provide you with our services. In this sense, we will put at your disposal a series of boxes that will allow you to decide in a clear and simple way about the use of your personal information.

Who will know the information we ask for?
In general, only the personnel of our entity that is duly authorized may have knowledge of the information that we request.

Similarly, those entities that need to have access to it so that we can provide our services may have knowledge of your personal information. Thus, for example, our bank will know your data if payment for our services is made by card or bank transfer.

Likewise, those public or private entities to which we are obliged to provide your personal data in order to comply with any law will have knowledge of your information. Giving you an example, the Tax Law requires you to provide the Tax Agency with certain information on economic operations that exceed a certain amount.

In the event that, aside from the cases mentioned, we need to disclose your personal information to other entities, we will previously request your permission through clear options that will allow you to decide in this regard.

How are we going to protect your data?
We will protect your data with effective security measures based on the risks involved in using your information.

For this, our entity has approved a Data Protection Policy and annual controls and audits are carried out to verify that your personal data is safe at all times.

Will we send your data to other countries?
In the world there are countries that are safe for your data and others that are not so safe. For example, the European Union is a secure environment for your data. Our policy is not to send your personal information to any country that is not safe from the point of view of protecting your data.

In the event that, in order to provide you with the service, it is essential to send your data to a country that is not as safe as Spain, we will always request your permission in advance and apply effective security measures that reduce the risks of sending your information. personnel to another country.

 

How long will we keep your data?
Personal data will be kept as long as you continue to be linked with us.
Once you disassociate yourself, the personal data processed for each purpose will be kept for the legally established periods, including the period in which a judge or court may require them in accordance with the limitation period for legal actions.
The data processed will be kept as long as the aforementioned legal periods do not expire, if there is a legal maintenance obligation, or if there is no such legal period, until the interested party requests its deletion or revokes the consent granted.
We will keep all the information and communications related to your request or the provision of our service, while the guarantees of the products or services last, to deal with possible claims.
In each treatment or type of data, we provide you with a specific period, which you can consult in the following table:

File

Document

Conservation

LOPD

Treatment of personal data, if it is different from the treatment notified to the AEPD

3 years

Personal data of employees stored in the networks, computers and communications equipment used by them, access controls and internal management/administration systems

5 years

providers

Bills

5 years

Contracts

5 years

Customers

Bills

5 years

Forms and coupons

7 years

Contracts

5 years

Human Resources

Payroll, TC1, TC2, etc.

Eight years

Resumes

Until the end of the selection process, and 1 more year with your consent

Docs of compensation for dismissal.

 

Contracts.

Temporary worker data.

4 years

Worker file.

Up to 5 years after discharge.

Marketing

Databases or web visitors.

While the treatment lasts.

Accounting

Accounting Books and Documents.

Partner agreements and boards of directors, bylaws of the company, minutes, regulations of the board of directors and delegated commissions.

Financial statements, audit reports

Records and documents related to grants

5 years

Fiscal

Keeping of the administration of the company, rights and obligations related to the payment of taxes.

 

Administration of dividend payments and tax withholdings.

10 years

Security and health

Workers’ Medical Records

5 years

Insurance

insurance policies

6 years (rule of thumb)

 

2 years (damage)

5 years (personal)

10 years (life)

Shopping

Registration of all deliveries of goods or provision of services, intra-community acquisitions, imports and exports for VAT purposes.

5 years

Legal

Intellectual and Industrial Property Documents.

 

Contracts and agreements.

5 years

Permits, licenses, certificates

6 years from the expiration date of the permit, license or certificate.

10 years (criminal prescription)

Confidentiality and non-compete agreements

Always the duration of the obligation or confidentiality

 

What are your data protection rights?
You can contact us at any time to find out what information we have about you, rectify it if it is incorrect and delete it once our relationship has ended, if this is legally possible.

You also have the right to request the transfer of your information to another entity. This right is called “portability” and may be useful in certain situations.

To request any of these rights, you must make a written request to our address, along with a photocopy of your ID, in order to identify you.

In the offices of our entity we have specific forms to request these rights and we offer our help to fill them out.

To find out more about your data protection rights, you can consult the website of the Spanish Data Protection Agency (www.agpd.es).

 

Can you withdraw your consent if you change your mind at a later time?
You can withdraw your consent if you change your mind about the use of your data at any time.

Thus, for example, if you were once interested in receiving advertising for our products or services, but you no longer wish to receive advertising, you can notify us through the opposition to treatment form available at the offices of our entity.

 

In case you understand that your rights have been disregarded, where can you make a claim?
In case you understand that your rights have been neglected by our entity, you can file a claim with the Spanish Data Protection Agency, through any of the following means:

Electronic office: www.agpd.es
Mailing address:
Spanish Data Protection Agency

C/ Jorge Juan, 6

28001-Madrid

Via telephone:
Phone 901 100 099

Phone 91 266 35 17

Filing a claim with the Spanish Data Protection Agency does not entail any cost and the assistance of a lawyer or solicitor is not necessary.

Will we create profiles on you?
Our policy is not to create profiles on the users of our services.

However, there may be situations in which, for the purposes of providing the service, commercial or otherwise, we need to create profiles of information about you. An example could be the use of your purchase history or services to be able to offer you products or services adapted to your tastes or needs.

In such a case, we will apply effective security measures that protect your information at all times from unauthorized persons who intend to use it for their own benefit.

Will we use your data for other purposes?
Our policy is not to use your data for purposes other than those we have explained to you. If, however, we need to use your data for different activities, we will always request your permission beforehand through clear options that will allow you to decide on the matter.