LEGAL NOTICE & PRIVACY POLICY

The person in charge of this web page is: HILATURAS MAR, SL, a company registered in the Registry
Mercantil of Alicante volume 2,382 folio 0 page a-61614, with CIF B96490313 and address
social at C/ Carrer dels Teixidors, N 11,03450, Banyeres de Mariola (ALICANTE).

You can also contact us through the telephone number 96 656 80 86 (telephone) or
through the following e-mail address: hilaturasmar@hilaturasmar.com (email or link to contact form).

​

Intellectual and Industrial Property:

The design of this website and its source codes, as well as the logos, brands and other signs
logos that appear on it belong to HILATURAS MAR, SL and are protected by
the corresponding intellectual and industrial property rights.

​

Responsibility for the contents:

HILATURAS MAR, SL is not responsible for the legality of other third-party websites
from which this website can be accessed. HILATURAS MAR, SL is not responsible for the
legality of other third-party websites, which may be linked or linked from this
Web.

​

HILATURAS MAR, SL reserves the right to make changes to the website without prior notice, by
in order to keep your information updated, adding, modifying, correcting or deleting
the published content or the design of the portal.

HILATURAS MAR, SL will not be responsible for the use that third parties make of the published information
in the portal, nor of the damages suffered or economic losses that, directly or
indirectly, produce or may cause economic, material or data damage,
caused by the use of said information.

​

Content playback:

The total or partial reproduction of the contents published on this website is prohibited without the
prior written authorization from HILATURAS MAR, SL.

​

All the information related to privacy, you have it in our Privacy Policy.

 

PRIVACY POLICY:

​

Responsible for the treatment:

The Data Controller is HILATURAS MAR, SL, C/ Carrer dels Teixidors, N 11, 03450,
Banyeres de Mariola (ALICANTE).

​

Privacy Principles:

At HILATURAS MAR, SL we are committed to working continuously to
guarantee privacy in the processing of your personal data, and to offer you in each
moment the most complete and clear information that we can. We encourage you to read carefully
this section before providing us with your personal data.
If you are under fourteen years of age, please do not provide us with your data without the consent of your
fathers.

In this section we inform you of how we treat the data of the people who are related to
with our organization. Starting with our principles:

– We do not request personal information, unless it is necessary to provide you with the services that
you require us
– We never share personal information with anyone, except to comply with the law, or we have
your express authorization.
– We will never use your personal data for purposes other than those expressed in the
this privacy policy.
– Your data will always be treated with a level of protection appropriate to the legislation on the subject
of data protection, and we will not submit them to automated decisions.
We have drafted this privacy policy taking into account the requirements of the
current data protection legislation:
– Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on
to the protection of natural persons (GDPR).
– Organic Law 3/2018, of December 5, Protection of Personal Data and guarantee of digital rights (LOPD).
– Royal Decree 1720/2007, of December 21 (RLOPD).

This privacy policy is written on December 6, 2018.
Due to the modification of treatment criteria, in order to facilitate their understanding or to
adapt it to current legislation, it is possible that we modify this privacy policy.
We will update the date of it, so you can check its validity.

​

Treatments we carry out

​

TREATMENT OF EMPLOYEES

Legal Basis:

GDPR: 6.1.b) Treatment necessary for the execution of a contract in which the
interested party or for the application at his request of pre-contractual measures.

GDPR: 6.1.c) Processing necessary to comply with a legal obligation applicable to the controller
of the treatment. Royal Legislative Decree 2/2015, of October 23, which approves the text
Consolidated Law of the Workers' Statute.

Purposes of Treatment:

– Management of contracted personnel.

– Personal file. Time control.
Training. Pension plans. Prevention of occupational hazards.

– Issuance of the staff payroll.

– Management of union activity.

Collective:Employees

Data Categories:

– Name and surname, DNI/CIF/identification document, registration number
of personnel, Social Security/Mutuality number, address, signature and telephone number.

– Special categories of data: health data (sick leave, work accidents and degree of
disability, without including diagnoses), union affiliation, for the exclusive purpose of paying
union dues (if applicable), union representative (if applicable), proof of attendance of
own and third parties.

– Data of personal characteristics: Sex, marital status, nationality, age,
date and place of birth and family information. Data on family circumstances: Date of discharge and
cancellation, licenses, permits and authorizations.

– Academic and professional data: Degrees,
training and professional experience.

– Details of employment and administrative career.
Incompatibilities.

– Presence control data: date/time entry and exit, reason for
absence.

– Economic-financial data: Economic data on payroll, credits, loans,
guarantees, tax deductions, loss of salaries corresponding to the previous job (in
if applicable), judicial withholdings (if applicable), other withholdings (if applicable).

Bank data.

Recipient Categories:

– Entity entrusted with risk management
labor.
– General Treasury of the Social Security.
– Union organizations.
- Financial entities.
- State Tax Administration Agency.
– Main contractors to whom we provide services as subcontractors.

International transfers:International data transfers are not foreseen.
Term of Deletion:They will be kept for the time necessary to fulfill the purpose
for which they were collected and to determine the possible responsibilities that could arise
of said purpose and data processing.
The economic data of this treatment activity will be kept under the provisions of
in Law 58/2003, of December 17, General Taxation.

Security measures:Adapted to the requirements of Regulation (EU) 2016/679, Regulation
General of Data Protection.

​

TREATMENT OF CONTACTS

Legal Basis:Consent of the interested party

Purposes of Treatment:Respond to your request, send you information and track the
request.

Collective:Contact persons, customers, suppliers

​

Data Categories:Name and surname, telephone, email address

Recipient Categories:Data transfers to third parties are not contemplated.

International transfers:International data transfers are not foreseen.

Term of Deletion:The contact data will be kept for an indefinite period, or until
the interested party requests its deletion.

Security measures:Adapted to the requirements of Regulation (EU) 2016/679, Regulation
General of Data Protection.

​

PERSONAL RIGHTS ATTENTION TREATMENT (ARC)

Legal Basis:

GDPR: 6.1.c) Processing necessary to comply with a legal obligation
applicable to the data controller. General Data Protection Regulation.

Purposes of Treatment:Respond to requests in the exercise of the rights established by the
General Data Protection Regulation: Right of access, rectification, deletion,
limitation, portability and opposition to automated decision making.

Collective:Natural persons who request it (employees, clients, suppliers, persons of
Contact)

Data Categories:Name and surname, address, signature and telephone.

Recipient Categories:Personal data may be communicated to the Authority of
Control (Spanish Agency for Data Protection) in the framework of an investigation by guardianship of
rights initiated by the interested party.

International transfers:International data transfers are not foreseen.

Term of Deletion:They will be kept for a period of five years from the moment of the
request.

Security measures:Adapted to the requirements of Regulation (EU) 2016/679, Regulation
General of Data Protection.

​

TREATMENT OF CANDIDATES SELECTION PROCESSES (HR)

Legal Basis:

GDPR 6.1.a) The interested party gave their consent for the processing of their data
personal data for one or more specific purposes.
GDPR: 6.1.b) Treatment necessary for the execution of a contract in which the interested party is
party or for the application at its request of pre-contractual measures.

Purposes of Treatment:Selection of personnel and provision of jobs.

Collective:Candidates submitted to job provision procedures.

Data Categories:

– Name and surname, DNI/CIF/identification document, registration number
of personnel, address, firm and telephone.

– Data of personal characteristics: Sex, marital status,
nationality, age, date and place of birth and family data.

– Academic data and
Professionals: Qualifications, training and professional experience.

- Job detail data.

Recipient Categories:Data transfers to third parties are not foreseen.

International transfers:International data transfers are not foreseen.
Term of Deletion:They will be kept for the time necessary to fulfill the purpose
for which they were collected and to determine the possible responsibilities that could arise
of said purpose and data processing.
Security measures:Adapted to the requirements of Regulation (EU) 2016/679, Regulation
General of Data Protection.

​

TREATMENT OF SUPPLIERS
Legal Basis:

GDPR: 6.1.b) Treatment necessary for the execution of a contract in which the
interested party or for the application at his request of pre-contractual measures.
GDPR: 6.1.c) Processing necessary to comply with a legal obligation applicable to the
responsible for the treatment. Royal Legislative Decree 2/2015, of October 23, by which
approves the revised text of the Workers' Statute Law. Law 58/2003, of 17
December, General Tax.

Purposes of Treatment:

– Acquisition of products and/or services that we need for the
development of our activity.

– Control of subcontractors if applicable.

Collective:

– Providers.
– People who work for our suppliers.

Data Categories:

– Name and surname, DNI/NIF/identification document, address, signature and
telephone.
– Employment detail data: job position. Occupational safety training.
– Economic, financial and insurance data: Bank details.
Recipient Categories: – Financial institutions. (Bill Payment)
- State Tax Administration Agency.

International transfers:

International data transfers are not foreseen.

Term of Deletion:They will be kept for the time necessary to fulfill the purpose
for which they were collected and to determine the possible responsibilities that could arise
of said purpose and data processing, in accordance with Law 58/2003, of December 17,
General Tax,
Security measures:Adapted to the requirements of Regulation (EU) 2016/679, Regulation
General of Data Protection.

​

TREATMENT OF CLIENTS.
Legal Basis:

GDPR: 6.1.a) The interested party gave their consent for the processing of their data
personal data for one or more specific purposes.
GDPR: 6.1.b) Treatment necessary for the execution of a contract in which the interested party is
party or for the application at the latter's request of pre-contractual measures.
GDPR: 6.1.c) Processing necessary to comply with a legal obligation applicable to the
responsible for the treatment.
GDPR: 6.1.f) Processing necessary to satisfy the legitimate interests of the data controller
treatment.
Royal Legislative Decree 2/2015, of October 23, which approves the revised text of the
Workers' Statute Law.
Law 58/2003, of December 17, General Taxation.

Purposes of Treatment:Supply of our products / services

Collective:Customers

Data Categories:

– Name and surname, DNI/NIF/identification document, address, signature and
telephone.
– Economic, financial and insurance data: Bank details

Recipient Categories:

- Financial entities.
- State Tax Administration Agency.

International transfers:International data transfers are not foreseen.
Term of Deletion:They will be kept for the time necessary to fulfill the purpose
for which they were collected and to determine the possible responsibilities that could arise
of said purpose and data processing, in accordance with Law 58/2003, of December 17,
General Tax.

Security measures:Adapted to the requirements of Regulation (EU) 2016/679, Regulation
General of Data Protection.

​

SECURITY BREACH NOTIFICATION PROCESSING
Legal Basis:

GDPR: 6.1.c) Processing necessary to comply with a legal obligation
applicable to the data controller.
General Data Protection Regulation. Articles 33 and 34.

Purposes of Treatment:Management and evaluation of security breaches that occur in
our organization.

Collective:Variable: Employees, Clients, Suppliers, Contact Persons (it will depend on the
security breach)

Data Categories:Variable. (It will depend on the security breach).

​

Recipient Categories:

– Spanish Data Protection Agency.
– State Security Forces and Bodies.

International transfers:International data transfers are not foreseen.

Term of Deletion:They will be kept for the time necessary to fulfill the purpose
for which they were collected and to determine the possible responsibilities that could arise
of said purpose and data processing. The provisions of the regulations of
files and documentation.

Security measures:Adapted to the requirements of Regulation (EU) 2016/679, Regulation
General of Data Protection.

​

YOUR RIGHTS
You have the right to request a copy of your personal data, to rectify inaccurate data or
complete them if they are incomplete, or delete them, when they are no longer necessary
for the purposes for which they were collected.
You also have the right to limit the processing of your personal data and to obtain your data
personal information in a structured and readable format.
You can object to the processing of your personal data in some circumstances (in particular,
where we do not have to process them to fulfill a contractual or other requirement
legal, or when the object of the treatment is direct marketing).
Once you have given us your consent, you can withdraw it at any time. In that
moment we will stop processing your data or, where appropriate, we will stop doing so for that purpose in
concrete. If you decide to withdraw your consent, this will not affect any treatment that has been
took place while your consent was in force.
These rights may be limited; For example, if to fulfill your request we had to
reveal data about another person, or if you ask us to delete some records that we are
obliged to maintain by a legal obligation or for a legitimate interest, such as the
exercise of defense against claims. Or even in those cases where the
right to freedom of expression and information.
You can contact us by any of the means indicated in the section
Responsible for the Treatment of this privacy policy, providing a copy of a document
that proves your identity (usually the DNI).
Another of your rights is not to be subject to a decision based solely on treatment
automated, including profiling that produces legal effects or affects you.
Faced with any violation of your rights, such as, for example, that we have not attended to your
request, you have the right to file a claim with the Control Authority regarding
Data Protection. This can be the one from your country (if you live outside of Spain) or the Spanish Agency
Data Protection (if you live in Spain).

​

Links to Third Party Websites.
Our website may, from time to time, contain links to other websites. Is your
responsibility make sure you read the data protection policy and the legal conditions that
apply to each site.

​

Third party data.
If you provide us with data from third parties, you assume the responsibility of informing them in advance as
established in article 14 of the GDPR.