Your privacy is important to Cunext Group, so we are committed to processing your personal data in an appropriate and responsible manner, observing at all times the principles of data protection and in full compliance with current legislation (EU Regulation 2016/679 of the European Parliament and of the Council, of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and the free movement of such data -GDPR- and Organic Law 3/2018, of 5 December, on the Protection of Personal Data and guarantee of digital rights -LOPD‑).

In this privacy notice we inform you in detail who is responsible for the processing of your personal data, for what and why it is used, for how long it is stored and whether it will be transferred or disclosed.

In order for you to have full control over your personal data, we indicate to whom and how you can exercise your rights.

DATA CONTROLLER

The company belonging to the Cunext Group with which you have carried out any of the activities subject to processing defined in this privacy notice, whose detailed information is contained below, shall have the status of data controller

See detail

PROCESSING ACTIVITIES

1.Commercial contacts

• PurposeExchange of communications on the occasion of business activity maintained between different companies of the Cunext Group with their customers or suppliers.
• Legal basis. Legitimate interest (Article 6.1, paragraph f) of the GDPR and Article 19 of the LOPD).
• Retention period.Limitation period for obligations relating to services arising from the commercial and/or mercantile relations maintained.
• RecipientsNo cession or communication is foreseen.

2. Communications made through the Ethics Channel

• PurposeManagement, processing and investigation of communications sent through the Ethics Channel, as well as, where appropriate, the adoption of disciplinary measures or the processing of any legal proceedings arising therefrom.
• Legal basis. Necessity of the processing to comply with legal obligations applicable to the controller (Article 6.1 paragraph c) pertaining to the GDPR, in conjunction with the legal obligation to establish a whistle blowing channel pursuant to Article 10 of Law 2/2023). In the case where the processing of special categories of special data is necessary, the basis of legitimacy is the necessity of the processing for reasons of essential public interest (Article 9.2 paragraph g) of the GDPR).
• Retention period.  The time required to decide on the appropriateness of initiating an investigation into the reported facts and, in any case, within three (3) months from the receipt of the communication without any investigation having been initiated. In the event of the initiation of investigative actions that may involve the exercise of legal action, the statute of limitations period established by law for the exercise of such action shall be the statute of limitations period established for the exercise of such action.
• RecipientsWhere appropriate, they shall be communicated to the judicial authority, the Public Prosecutor’s Office or the competent administrative authority in the context of a criminal, disciplinary or sanctioning investigation.

Control of access to facilities

• PurposeTo identify the people who access the facilities and to monitor them during their stay in them.
• Legal basis.Legitimate interest (Article 6.1, paragraph f) of the GDPR).
• Retention period.Limitation period for possible minor or serious offences that may be incurred.
• RecipientsRecipients are not foreseen, except in cases of possible security incidents, which would be communicated, if necessary, to the forces of law and order.

4. Video Surveillance

• PurposeSecurity of persons, goods and facilities.
• Legal basis. Public interest (Article 6.1, paragraph e) of the GDPR and Article 22 of the LOPD).
• Retention period.One (1) month.
• RecipientsRecipients are not foreseen, except in cases of possible security incidents, which would be communicated, if necessary, to the forces of law and order.

We do not make any automated decisions on the basis of the data provided, nor do we create any profiles with such data.

RIGHTS

Anyone has the right to obtain confirmation as to whether or not we are processing personal data that concerns them. Data subjects have the right to access their personal data, as well as the right to request the rectification of inaccurate data or, where appropriate, to request its erasure when, among other reasons, the data is no longer necessary for the purposes for which it was collected. In certain circumstances (in the case of requests for rectification, erasure, opposition and cancellation prior to erasure) data subjects have the right to limitation of its processing. Data subjects also have the right to portability of such data.

In any case, data subjects can submit a claim to the Spanish Data Protection Agency (www.aepd.es).

Data subjects may exercise their rights or submit their requests to our Data Protection Officer using the following e-mail address dpd@cunext.com.