·       Organic Law 3/2018, of 5 December, on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD).

·       Administer commercial relationships with customers and suppliers.

·       Handle customer service and product warranties.

·       Comply with legal, tax, and consumer obligations.

·       Purchase data (purchased products, order history, delivery addresses).

·       Economic and financial data (bank details, invoicing, payments, returns).

·       Contact information of suppliers and carriers.

·       Restricted access to personal data based on necessity.

·       Security protocols to prevent unauthorized access or data loss.

·       Organic Law 3/2018, of 5 December, on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD).

• Compliance with contractual obligations with employees and suppliers.
• Compliance with legal tax and accounting obligations.

·       Legitimate interest of the company in the efficient management of its resources and operations.

• Issue and manage sales and purchase invoices.
• Control payments and collections derived from commercial activity.
• Manage contracts with suppliers and customers.

·       Comply with tax, accounting, and commercial legislation.

• Identification data of clients and suppliers (name, surname, ID/NIE, VAT number, address, phone, email).
• Contractual information (commercial agreements, orders, supply conditions).
• Economic and financial information (bank data, invoicing, proof of payments and collections).
• Administrative and accounting documentation related to the business activity.

·       Restricted access to personal data based on necessity.

·       Security protocols to prevent unauthorized access or data loss.

·       Organic Law 3/2018, of 5 December, on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD).

• Compliance with contractual obligations with employees.
• Consent of employees for processing sensitive health-related data.

·       Compliance with legal obligations in labor and social security matters.

• Management of recruitment and hiring processes.
• Payroll and benefits administration.
• Professional development and talent management.
• Occupational health and workplace safety maintenance.
• Compliance with legal and labor obligations.

• Identification data: names, surnames, identification number.
• Contact data: address, phone number, email.
• Employment data: work history, positions, salaries, benefits, performance evaluations.
• Education data: qualifications, courses taken, certifications.
• Employment contracts: labor contracts, confidentiality agreements, work time records.
• Health data: medical information related to sick leaves, workplace adjustments.

·       Restricted access to personal data based on necessity.

·       Security protocols to prevent unauthorized access or data loss.

·       Organic Law 3/2018, of 5 December, on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD).

• Compliance with legal obligations established by the GDPR in relation to data protection rights.

·       Legitimate interest of the company to provide adequate responses to individuals’ requests and ensure the enforcement of their rights.

• Process and respond to individuals’ requests concerning their data protection rights.
• Facilitate the exercise of data subjects’ rights.

• Identification data: names, surnames, identification number.
• Contact data: address, phone number, email address.
• Request data: details of the specific request (e.g., right of access, rectification, erasure, etc.).

·       Restricted access to personal data based on necessity.

·       Security protocols to prevent unauthorized access or data loss.

·       Organic Law 3/2018, of 5 December, on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD).

• Compliance with legal obligations established by the GDPR and other data protection regulations.

·       Legitimate interest of the company in protecting the personal data of its clients and meeting security and privacy expectations.

• Investigate and manage personal data breaches in a timely and effective manner.
• Notify relevant authorities and affected individuals as required by applicable regulations.

• Identification data: names, surnames, identification number.
• Contact data: address, phone number, email address.
• Breach data: details of the incident, types of data compromised, number of affected individuals.
• Corrective actions: measures taken to mitigate breach impact and prevent future incidents.

·       Restricted access to personal data based on necessity.

·       Security protocols to prevent unauthorized access or data loss.

·       Organic Law 3/2018, of 5 December, on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD).

• Legitimate interest of the company in ensuring the security of its facilities and protecting its employees and clients.

·       Compliance with legal obligations established by data protection and security regulations.

• Security of premises: prevention of theft, vandalism, and other criminal activities.
• Protection of employees and clients: safeguarding their personal safety and well-being at the workplace.
• Compliance with legal obligations in accordance with applicable data protection and security laws.

• Images of persons: video recordings containing images of individuals.
• Incidental identification data: recordings may capture identifiable features such as faces, physical characteristics, clothing, etc.

• Installation of video surveillance cameras in strategic areas of the premises.
• Restricted access to video recordings, limited to authorized personnel of the department.
• Secure storage of video recordings in IT systems protected by appropriate security measures.