Introduction.

We have a high level of commitment to the privacy of individuals, which is why the protection of personal data is important to us.

We process data in accordance with the provisions of the EU General Data Protection Regulation 2016/679, Organic Law 3/2018 on the Protection of Personal Data and Guarantee of Digital Rights and other applicable legislation.

This Privacy Policy has been revised in June 2024 in order to comply with the duties of information and transparency of the website itself and the responsible party in general, in order to provide any type of interested party and not only the users of the website with the general terms of the responsible party in this matter. There may be variations until the next revision.

Who is the controller of your data?

  • Responsable: ZERYA PRODUCCIONES SIN RESIDUOS S.L.
  • NIF/CIF: B99269580
  • Address: C/ San Vicente Mártir, 83 5º Of. 7º 46007 Valencia (España)
  • Mail: consultas@zerya.org

What is the origin and type of data we process?

The source of the information we process may be any of the following categories:

  • Paper, electronic or digital forms.
  • Communication and messaging systems: e-mail and messaging applications, telephone, etc.
  • Other lawful sources and origins of information.

The different categories of data that we may process depending on the type of data subject (user, customer, supplier, employee, etc.) and the nature of the data controller’s activity and the different data processing operations are:

  • Identifying data, e.g. name and surname, image.
  • Identification codes or passwords, e.g. user name, employee code.
  • Postal or electronic contact addresses, e.g. telephone, email, social media profile.
  • Data on personal and professional characteristics, e.g. age, date of birth, qualifications, professional experience, CV.
  • Economic, financial and insurance data, e.g. bank details, credit card details, etc.
  • Financial and non-financial payroll data and other information of an employment nature, e.g. job title, payroll document, etc.
  • Transaction data, e.g. goods and services supplied and received.
  • Special category data, e.g. health, trade union membership, racial origin.
  • Other data and information necessary or implicit in the development of our activities, services and object.

MANDATORY OR OPTIONAL NATURE OF THE INFORMATION PROVIDED BY THE DATA SUBJECT.

By ticking the corresponding boxes and entering data in the fields marked as mandatory (e.g. with an asterisk) in the contact form or submitted in download forms, the data subject expressly, freely and unequivocally accepts that his/her data is necessary for the data controller to deal with his/her request, the inclusion of data in the remaining fields being voluntary.

The interested party guarantees that the personal data provided to the controller are true and undertakes to communicate any changes to them. The data requested through the website, marked as mandatory, are necessary for the provision of an optimal service to the interested party. If not all the data is provided, there is no guarantee that the information and services provided will be completely tailored to the needs of the interested party.

For what purpose do we process your personal data?

In general, the data is processed to successfully carry out the actions implicit in the normal development and management of the controller’s activity. Although we can specify different processing purposes depending on the possible existing categories of interested parties:

  • Clients and potential clients: management and maintenance of commercial, pre-contractual and contractual relations; internal administration; financial management; advertising and marketing; customer service.
  • Collaborators, creditors and suppliers: management and maintenance of commercial relations, internal administration and financial management.
  • Employees: management, development and maintenance of the employment relationship, human resources management, communications, training activities, prevention of occupational risks, recording of working hours and other purposes arising from legal obligations and development of employment relations.
  • Candidates: management of received CVs, management of job offers and staff selection.
  • Web and social media users: customer service and management of communications between the parties.
  • Visitors: visitor assistance and access control to the facilities.
  • The existing information of any other category of interested parties processed by the controller will be done within the framework of its activity, in strict compliance with the applicable regulations and under the general criteria of this Privacy Policy.

Other general purposes that the controller may implement are:

Creation of a commercial profile, with the aim of improving your experience by personalizing offers and communications. No individualized decisions will be made based on this profile and action will be taken based on legitimate interest.

  • Video surveillance, for the security of property and people, as well as the corresponding labor control based on legitimate interest.
  • Telephone switchboard, in order to record communications for security, guarantee and quality of service, based on legitimate interest.
  • Financial risk analysis and control of monetary obligations. In the case of debtors with certain outstanding payments, due and payable, the controller may communicate this circumstance to credit solvency files, debtor files, and debt management or collection services, among others, based on legitimate interest.
  • Communications: development and execution of communications through the available data and means of contact (email, instant messaging, etc.) with categories of internal interested parties (employees) and external parties (clients, potential clients, collaborators, suppliers, etc.). The purposes of said communications may be informative, organizational, commercial and advertising, as appropriate based on the informed consent and legitimate interest of the controller.
  • Other purposes derived from the nature of the controller, motivated by the normal development and exercise of its activity, from a valid legitimizing basis.

How long will we retain your data?
In general, personal data will be kept at least as long as there is a relationship with the interested party, as long as their deletion is not requested, as long as responsibilities may arise or as long as there is some legal provision for conservation.

In general, personal data will be kept at least as long as there is a relationship with the interested party, as long as their deletion is not requested, as long as responsibilities may arise or as long as there is some legal provision for conservation.

The data controller has an inventory of retention periods in its data protection plan, which it observes in order to manage the different applicable retention periods.

The deletion of data will be carried out in any case ensuring its confidentiality.

What is the legitimacy for the processing of your data?
The controller observes and applies the different existing legitimate bases that apply to each processing purpose. These are:

  • Informed consent of the interested party.
  • Pre-contractual or contractual commitments.
  • Legitimate interest of the controller.
  • Applicable legal obligations.
  • Other legally required legitimizing bases.

To which recipients will your data be communicated?

The data of the interested parties will not be communicated to any third party by default, except: a) auxiliary services, authorized data processors or other implicit third parties necessary for the correct provision of goods and services; b) competent public authorities and administrations in the exercise of their functions; c) other legitimate interested parties and legally provided third parties.

What are your rights when you provide and/or we process your data?

  • As an interested party, you may at any time request us to exercise any of the following rights that you have in terms of data protection:
  • Access to the personal data of the interested party to confirm whether or not data concerning him or her are being processed and to obtain more information about this processing.
  • Rectification or Deletion of personal data concerning the interested party when, among other reasons, they are inaccurate or no longer necessary for the purposes for which they were collected.
  • Rectification or Deletion of personal data concerning the interested party when, among other reasons, they are inaccurate or no longer necessary for the purposes for which they were collected.
  • Receive the personal data concerning you, which you have previously provided to us, and in a structured format whenever possible. (Portability of your data).
  • Object to the processing of your data in certain circumstances and for reasons relating to your particular situation. The company will stop processing your data, except for compelling legitimate reasons, or the exercise or defence of possible claims.
  • Revoke consent, which may lead to the annulment or cancellation of the existing business or contractual relationship, if any. Without prejudice to the processing carried out prior to the withdrawal of consent.

To do so, you only need to contact us via the email or postal address indicated at the beginning.

Alternatively, you can also contact our designated data protection officer or the Data Protection Agency to learn more about your rights or request the protection of these rights by the supervisory authority.

Data security.

We adopt the necessary technical and organizational measures in our information system to guarantee an adequate level of confidentiality, integrity, availability and resilience of the data in order to protect the rights and freedoms of the interested parties.

The controller complies with the provisions and principles described in the GDPR to process data in a lawful, fair and transparent manner in relation to the data subject, and in an appropriate, relevant and limited manner to what is necessary in relation to the purposes for which they are processed.

However, to the extent permitted by law, we do not assume any liability for damages or losses caused by alterations that third parties may cause to our information system. Any breach of security will be promptly and appropriately reported to the competent authority and/or state security forces and bodies.

Sending communications or information.

Our policy regarding sending information via electronic means (email, instant messaging, etc.) is limited to sending only communications that we consider to be of interest to our users and interested parties, in relation to the functions and activity of the company, or that you have consented to receive.

If you prefer not to receive these messages, we will offer you the possibility of exercising your right to cancel and opt out of receiving these messages, in accordance with the provisions of Title III, Article 22 of Law 34/2002 on Information Society Services and Electronic Commerce.

Social networks.

The controller may have a presence on social networks through the corresponding profiles, and this section and any legal and privacy terms present on the website shall apply to the processing of data of users or interested parties who become followers or are in some way linked to said profiles.

The purposes of use of these profiles by the controller are communication, commercial development, marketing and advertising, processing queries raised to the controller and customer service, reporting on actions, activities and events organized by the controller or in which the controller participates, and interacting through official profiles.

The legal bases set out in section 6 above are supplemented in this case because the user or interested party may have a profile on the same social network as the controller and has decided to join or connect with the controller’s profile, thereby showing interest in the information published by the controller. Therefore, when following the controller’s profiles, they provide their consent for the processing of the data available in their profile.

The user can access the privacy policies and terms of the corresponding social network at any time, as well as configure the privacy features that may be implemented in his or her profile. The publications made by the user will be known to other users, so the user himself or herself is primarily responsible for his or her privacy.

Users who follow and/or participate in our profiles will refrain from:

  • To publish content or information that is contrary to the Law, morality, and good faith. Any illicit, annoying, inappropriate use or behavior that may generate negative opinions on the profile or that violates the rights of individuals is not permitted.
  • For behaving in a manner contrary to the principles of legality, honesty, responsibility, protection of human dignity, protection of minors, protection of public order, protection of privacy, consumer protection and intellectual and industrial property rights.

The controller reserves the right to remove any content deemed inappropriate without prior notice. The controller is also exempt from any liability in relation to the security measures corresponding to each platform, and the user must be familiar with them along with the legal terms and conditions of use of the platform itself.

The controller shall be expressly exonerated from any liability that may arise from the use of social networks by minors or persons with special abilities. The controller’s social networks do not knowingly collect any personal information from minors, therefore, if the user is a minor, he or she must not register, use the controller’s social networks, or provide any personal information. Particularly in Spain, the processing of personal data of a minor may only be based on those over 14 years of age. On the other hand, if any rule or regulation so requires, or the user has special abilities, the intervention of the holder of his or her parental authority or guardianship, or of his or her legal representative through a valid document proving representation, will be necessary.

Employment and candidate management

Those interested in accessing job offers from the controller may provide their data and professional information to the controller through different channels, preferably through existing forms, email addresses, and existing means for this purpose, where applicable.

These data will be processed in accordance with the privacy terms herein for the purpose of managing applications for potential job, internship and training offers from the responsible entity and any subsidiary companies or companies belonging to the same business organization, where applicable.

The processing will be carried out based on the informed consent of the interested party or another valid legitimate basis.
The data provided, if they are not of professional interest to the entity or once they are no longer necessary for the purposes for which they were collected, will be deleted ensuring their confidentiality and anonymity.

Any interested party may revoke their consent and exercise their rights in terms of privacy under the terms set out in this privacy policy.