Data Controllers
The following companies of the RAMÓN GARCÍA Group act as joint data controllers:
- CARPINTERÍA RAMÓN GARCÍA, S.A., Tax Identification Number [NIF]: A15679103, Address: Lugar de O Campo, No. 2, 15685, Mesía, A Coruña.
- RAMÓN GARCÍA CONTRACT, S.L. – Tax Identification Number [CIF]: B70405535 and address at Pl. Agramar, 8, Bajo, 15172 Perillo, A Coruña.
- COCINA HOGAR ORDES, S.L. – Tax Identification Number [CIF]: B70306303 and address at Lugar O Campo, No. 2 15685 Mesía, A Coruña.
- MAQUINARIA Y ELECTRODOMÉSTICOS ORDES, S.L. – Tax Identification Number [CIF]: B70288501 and address at Lugar de O Campo, No. 2, 15685, Mesía, A Coruña.
- PLUS ATOUT, S.L. – Tax Identification Number [CIF]: B70258157 and address at Lugar O Campo, No. 2 15685 Mesía, A Coruña.
- INVERSIONES GARCÍA GÓMEZ MESÍA, S.L. – Tax Identification Number [CIF]: and address at Pol. industrial Merelle, Plots 86/87/88, 15680 Ordes, A Coruña
To exercise your data protection rights, you can do so at the postal addresses provided and via the email address lopd@gruporg.eu.
Purposes and Legal Bases
In addition to the basic data protection information provided through each data collection method, below is additional information regarding the purposes, legal bases, and other details of the following files or processing activities:
- Candidate management
If résumés are received, they will be reviewed to determine if the profile fits any of our job openings. CARPINTERÍA RAMÓN GARCÍA, S.A. acts as a joint data controller.
The legality of the processing is based on Article 6.1a of the GDPR: "the data subject has given consent to the processing of their personal data for one or more specific purposes."
- Website users
Personal data is collected through the website for various purposes, including but not limited to:
- Contact section for inquiries, complaints, suggestions, or claims.
- Analysis of browsing habits through analytical cookies (see the Cookie Policy published on the website).
The legality of the processing is based on Article 6.1a of the GDPR: "the data subject has given consent to the processing of their personal data for one or more specific purposes."
Data Transfers or Communications
For the management of certain services offered by the entity, it is necessary to allow access to certain data by third-party service providers contracted for this purpose. Accordingly, the entity enters into the respective data processing agreements required and has given precise instructions to the different service providers or data processors to ensure the security and integrity of the data they have access to in connection with the contracted service.
Outside of the aforementioned cases, your personal data will not be disclosed to third parties except as legally required.
Data Retention Period
In addition to the basic data protection information provided through each data collection method, below is additional information regarding the purposes and legal bases for the following files or processing activities:
- Clients: Data will be retained until the end of the contractual relationship and will be kept, properly blocked, for the periods required to fulfil any legal obligations that may arise.
- Potential clients: Data will be retained for 1 year.
- Curriculum Vitae: Data will be retained for 1 year.
- Website users:
- Contact: Data will be retained while your request is being processed.
- Cookies: Data will be retained for the periods specified in the Cookie Policy.
Profiles and International Data Transfers
It is possible for international data transfers to be made to the companies within the Ramón García Group in the USA and Ramón García México.
Withdrawal of Consent
When the processing of personal data is based on consent, interested parties have the right to withdraw their consent at any time, easily and at no cost, by sending a written request to the data controller's address or via email at lopd@gruporg.eu. Withdrawal of consent will not affect the legality of the processing carried out based on consent before its withdrawal.
Rights of the Data Subjects
Data protection regulations grant a series of rights to data subjects or data owners. These rights are as follows:
- Right of Access: The right to obtain information about whether your personal data is being processed, the purpose of the processing, the categories of data being processed, the recipients or categories of recipients, the retention period, and the source of the data.
- Right to Rectification: The right to obtain the correction of inaccurate or incomplete personal data.
- Right to Object: The right to oppose a specific processing activity based on the consent given.
- Right to erasure: the right to obtain the erasure of data in the following circumstances:
- When the data are no longer necessary for the purposes for which they were collected.
- When the data subject withdraws consent.
- When the data subject objects to the processing.
- When the data must be erased to comply with a legal obligation.
- When the data were obtained through a service of the information society based on Article 8(1) of the European Data Protection Regulation.
- Right to restriction of processing: the right to obtain the restriction of the processing of data in the following circumstances:
- When the data subject contests the accuracy of the personal data, for a period that allows the company to verify its accuracy.
- When the processing is unlawful and the data subject objects to the erasure of the data.
- When the company no longer needs the data for the purposes for which it was collected, but the data subject needs it for the formulation, exercise, or defense of claims.
- When the data subject has objected to the processing while it is verified whether the legitimate grounds of the company override those of the data subject.
- Right to data portability: the right, when processing is carried out by automated means, to receive personal data in a structured, commonly used, machine-readable, and interoperable format, and to transmit it to another data controller, provided that the processing is based on consent or within the framework of the execution of a contract.
- This right, by its nature, cannot be applied when the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller.
- Right not to be subject to automated individual decision-making: the right not to be subject to a decision based solely on the processing of personal data, including profiling, that produces legal effects concerning the data subject or similarly significantly affects them.
This right shall not apply when:
- It is necessary for the performance of a contract between you and the data controller.
- The processing of your data is based on your prior consent.
* In these first two cases, the data controller must ensure the data subjects' right to obtain human intervention, express their viewpoint, and challenge the decision.
- It is authorized by Union or Member State law and includes adequate measures to safeguard the rights, freedoms, and legitimate interests of the data subject.
* In turn, these exceptions shall not apply to special categories of data (Article 9(1)), unless Article 9(2) (a) or (g) applies and the appropriate measures mentioned in the previous paragraph have been taken.
Data subjects may exercise the indicated rights by contacting the entity in writing, sent to lopd@gruporg.eu, specifying the right they wish to exercise in the subject line. Alternatively, they may send their request to the company's postal address: Parque Empresarial de Merelle, 85-86-87, Ordes, 15689, A Coruña.
In this regard, the entity will address your request as promptly as possible, taking into account the deadlines established by data protection regulations. Additionally, it is important to note that the data subject may at any time file a complaint with the Spanish Data Protection Agency at www.aepd.es.
Security
The security measures adopted by the entity are those required in accordance with Article 32 of the GDPR. In this regard, the entity, taking into account the state of the art, implementation costs, and the nature, scope, context, and purposes of the processing, as well as the varying probability and severity of risks to the rights and freedoms of individuals, has established appropriate technical and organizational measures to ensure a level of security appropriate to the existing risk.
In any case, the entity has implemented sufficient mechanisms to:
- Ensure the confidentiality, integrity, availability, and resilience of systems and processing services on an ongoing basis.
- Restore the availability and access to personal data quickly in the event of a physical or technical incident.
- Regularly verify, evaluate, and assess the effectiveness of the technical and organizational measures implemented to ensure the security of the processing.
- Pseudonymize and encrypt personal data, where applicable.
Cookies
A cookie is a file or device that is downloaded to the user's terminal equipment with the purpose of storing data that can be updated and retrieved by the entity responsible for its installation. In other words, it is a file that is downloaded to your computer when you access certain websites. For more information, please refer to our Cookie Policy.