Confidentiality and privacy conditions for training services

Version: 1.1

Effective date: 01-01-2021

 

The Privacy and Personal Data Protection Conditions (the Conditions) contained in this document apply to the services contracted as a result of the acceptance of an offer or proposal for consulting or audit services.

The applicable conditions will be those effective at the time the offer or proposal is sent. However, INGECAL reserves the right to make changes to these conditions, which will be communicated sufficiently in advance to the interested parties. The changes will become effective automatically as of the dates of entry into force indicated. In the event that you do not wish to accept them, you may give notice before the effective date to cancel the contracted services.

PRIVACY POLICY

Acceptance of the offer or proposal of services implies that both parties mutually authorize each other to incorporate their personal contracting data, together with any data obtained during the term of the contract, to be processed under their respective responsibility.

In the event that either party has provided personal data of third parties, the signatory of the respective party guarantees that it has lawfully collected them and has provided the data subjects with the necessary information on the processing of their data. Furthermore, the signatories agree that each party is responsible for seeking the consent of the data subjects for the transfer and processing of their personal data on behalf of the other party.

The purposes of the processing are:

  • To carry out the management of the contractual relationship and the provision of the services deriving from it. Legitimised because it is necessary for the performance of a contract to which the data subjects are party.
  • To manage the registration, coordination and monitoring of the attendance of participants in the contracted training activity. Legitimised by INGECAL’s legitimate interest in carrying out the contracted service.

The data may be communicated to necessary collaborators to whom we delegate part of the provision of the contracted services and other companies that provide us with services related to the ordinary and administrative activity of the company as data processors, whether national or international, such as, among others, email services providers, web hosting services, server hosting, SaaS management application services, file archiving in the cloud and others.

The provision of these services may involve the processing of personal data by companies located in countries outside the European Economic Area (international data transfers). However, this will only be done with countries that offer an adequate level of protection or that have made Standard Contractual Clauses (SCC) available to us in accordance with the European Commission’s decision for data transfers from controllers in the EU to processors established outside the EU.

Also, the data provided may be communicated to third parties and competent official bodies under the terms required by the legislation and regulations in force in order to enable the provision of the contracted services.

The data collected will be kept for the time necessary to fulfil the purpose for which they were collected, to maintain the INGECAL customers register and to determine the possible liabilities that may arise from this purpose and from the processing of the data

The data subject may at any time exercise their rights of access, rectification, deletion and portability of their personal data, as well as those of opposition and limitation of their processing.

These rights may be exercised free of charge by the interested party, and where appropriate by anyone representing him, by means of a written and signed request, accompanied by a copy of their ID card or equivalent document accrediting their identity, addressed to:

  • By email: ingecal@ingecal.cat
  • By post: Av. Cerdanyola 98, stairs B, 4º, office 18 – Edif. Collserola, 08173 Sant Cugat del Vallès (Barcelona)

In the case of representation, it must be proven by means of a written document and by attaching a copy of the ID card or equivalent document proving the representation.

In addition to the aforementioned rights, the data subject shall have the right to withdraw the consent granted at any time by means of the procedure described above, without this withdrawal of consent affecting the lawfulness of the processing prior to the withdrawal of consent. INGECAL may continue to process the data subject’s personal data of the extent that any other legitimacy justifying such processing persists.

INGECAL reminds the data subject that they have the right to lodge a complaint with the relevant supervisory authority (Spanish Data Protection Agency).

CONFIDENTIALITY OF INFORMATION

Confidential information is any information (commercial, technical, clinical or other) of the client company about its business affairs, technology, processes, products, plans, facilities and premises, which before being received by either parties was not known to them or were in their possession without obligation of confidentiality. Information that is publicly accessible on the websites of customers, suppliers or employees is not considered confidential.

The confidential nature of the information that could come to your knowledge through access to the company’s computer systems is expressly stated.

INGECAL undertakes to treat all information to which it has access or which it receives from its clients as confidential and to use it only to fulfil its obligations in accordance with the contracted service.

In particular, INGECAL undertakes to maintain secrecy and guarantee confidentiality and security with respect to the data to which it may have access for reasons of providing the contracted service. It may not make use of the confidential information to which it has access for purposes other than those determined by the services proposal, and the communication or transfer of confidential information is expressly prohibited.

This obligation of confidentiality does not apply (a) where the disclosing party has given its prior written consent; (b) to disclosures that we make to our subcontractors, external consultants to whom we delegate part of the performance of services, or to our auditors and professional advisors; (c) to disclosures that must be made in order to comply with legal or regulatory obligations; (d) to information that has been independently generated by the receiving party; or (e) where the disclosing party has given its prior written consent; (c) to disclosures that must be made in order to comply with legal or regulatory obligations; (d) to information that has been independently generated by the receiving party; or (e) where the disclosing party obtains the information without any breach of this confidentiality obligation.

Should it be necessary to communicate confidential information to a third party for justified reasons in the provision of the service, INGECAL guarantees that the recipient will assume an obligation of confidentiality at least as strict as that provided for in the provisions of this clause.

The obligation to maintain confidentiality shall remain in force after the termination or expiry of the service contract.

INFORMATION SECURITY GUARANTEES

In order to safeguard the security of information in general and personal data in particular, INGECAL has adopted all the technical and organisational measures necessary to ensure the security of the data to which it has access in terms of guaranteeing the permanent confidentiality, integrity, availability and resilience of the processing systems and services.

Specifically, security measures are in place consisting of:

  • Physical access control and protection of equipment, persons and facilities where data processing is carried out.
  • Access to its computer systems is by means of individual users and passwords, limiting access to data to those employees who strictly require it for the performance of their jobs.
  • That it makes backup copies of personal data for which it has an obligation to maintain the integrity and availability.
  • Where media or documents containing personal data are managed, they are duly kept under lock and key or equivalent locking devices.
  • Network perimeter protection systems to prevent intrusions and anti-virus protection of your computer systems.
  • A security incident log is in place and security breach notification mechanisms and procedures are in place.
  • That a Continuity Plan is in place that provides for the ability to restore availability and access to personal data quickly in the event of a physical or technical incident within the timeframe required to meet the business commitments to which we are obliged under our service contract.

INGECAL has also implemented internal controls in order to verify, evaluate and assess, on a regular basis, the effectiveness of the technical and organisational measures implemented to guarantee the security of the processing.

[/vc_column]
Contact Us

We're not around right now. But you can send us an email and we'll get back to you, asap.

Not readable? Change text. captcha txt
0

Start typing and press Enter to search

"data-cookieyes"=“cookieyes-other”"data-cookieyes"=“cookieyes-analytics”"data-cookieyes"=“cookieyes-advertisement”"data-cookieyes"=“cookieyes-functional”