Privacy Policy

At BOLSCHARE AGRICULTURE SL (hereinafter BOLSCHARE) we care about privacy and transparency.

Below, we indicate in detail the processing of personal data that we carry out, as well as all the information related to them.

PERSONAL DATA PROTECTION – PRIVACY

The provider is deeply committed to compliance with the regulations on protection of personal data, and ensures full compliance with the obligations set forth, as well as the implementation of technical and organizational security measures, as established in the General Data Protection Regulation of Europe EU 2016/679 (RGPD) and Law 3/2018 on Data Protection and Guarantee of Digital Rights (LOPD-GDD).

The provider makes available to users the Privacy Policy of the entity informing users regarding the following aspects:

1. Data of the person in charge of the treatment.
2. Purpose
3. Legitimation.
4. Addressees
5. Source
6. Additional information.

When we need to obtain personal information from you, you are always asked to provide it voluntarily and expressly.

In compliance with the regulations on Protection of Personal Data, you explicitly consent to the personal data provided, are treated under our responsibility, to perform the following purposes:

1. Manage our relationship and provide you with the requested personalized service.
2. The processing of queries, advice, orders, requests or any type of request that is made by the user through any of the forms of contact that are made available to the user on the BOLSCHARE website.
3. Sending commercial advertising communications about our products by e-mail, fax, SMS, MMS, social communities or any other electronic or physical means, present or future, that enable commercial communications.

All requested data are mandatory, if not provided, it would be impossible to carry out the purpose for which they are requested in each case.

TREATMENT INFORMATION

According to the provisions of Article 13 of the General Data Protection Regulation EU 2016/679 and Article 11 of the Organic Law 3/2018 on the Protection of Personal Data and Guarantees of Digital Rights, the user must receive timely and specific information from the data controller and the uses and purposes of the processing. For this purpose, the following information is indicated:

1. Who is responsible for the processing of your data?

BOLSCHARE AGRICULTURE SL

B72407547

PASEO FLUVIAL 15, BADAJOZ SIGLO XXI BUILDING, 15TH FLOOR – 06011 – BADAJOZ (SPAIN).

(+34) 654 552 399

ncacho@bolschare.com

1.1. Contact details of the Data Protection Officer (DPO):

Tuidentidad y Seguridad SLU

C/ Francisco Guerra Díaz 12 P4 1ºC, 06011 Badajoz (Spain)

privacidad@bolschare.com

2. For what purpose do we process your personal data?

In BOLSCHARE we process the information provided by the interested parties in order to carry out the following purposes:

1. CUSTOMER MANAGEMENT: To carry out the administrative, accounting and fiscal management of the services requested, as well as to send commercial communications about our products and services.

2. IMAGE MANAGEMENT FOR MARKETING PROJECTS: to capture and disseminate personal data about your image and/or video, for promotional and informative purposes, within the marketing projects carried out by our entity for publication on the Internet (social networks, video platforms and websites), in the entity’s publications and other media.

3. SUPPLIER MANAGEMENT: Administrative, accounting and tax management of contracted services, as well as contact persons.

4. PERSONNEL SELECTION: Manage the resumes received and carry out the personnel selection processes.

5. VIDEO SURVEILLANCE MANAGEMENT: To ensure the safety of people, property and facilities.

6. MANAGEMENT OF DATA OF THE PARTIES INVOLVED IN THE INTERNAL COMPLAINTS CHANNEL: Management of the internal complaints channel for the purpose of informing the person in charge of acts or conducts, occurring in the entity or caused by third parties contracting with it, and which may be contrary to the general or sectorial regulations applicable to it.

7. DATA MANAGEMENT OF THE PARTIES INVOLVED IN THE PROTOCOL FOR THE PREVENTION OF SEXUAL OR SEX-BASED HARASSMENT: Management of the protocol for the prevention of sexual or gender-based harassment; regulation of the procedure, management of the complaint, collection of personal data and interviews with the parties concerned.

8. FACILITY VISITOR MANAGEMENT: To register and manage visits to the facilities of the person in charge.

9. MANAGEMENT OF THE EXERCISE OF THE RIGHTS OF THE INTERESTED PARTIES: to manage and attend to the requests of the interested parties in the exercise of the rights established in the data protection regulations.

10. NEWSLETTER SUBSCRIPTION FORM: to send our newsletter and other promotional communications of interest to subscribers.

11. CONTACT FORMS: On the contact forms of our Web, attend your request and send you commercial communications, including by electronic means.

3. How long will we keep your data?

The data will be retained:

1. As long as the contractual relationship is maintained or for the years necessary to comply with legal obligations.

2. Regarding Resumes, data will be kept 2 years after the last interaction.

3. For the management of the protocol for the prevention of sexual or gender-based harassment, the data will be deleted after two years, unless its conservation is necessary to determine the possible responsibilities that may arise from possible claims made by the affected parties.

4. Regarding the internal complaints channel, the data will be kept for the time necessary to decide whether to initiate the investigation of the reported facts. The maximum period shall be three months from its entry into the system, unless the purpose of its conservation is to serve as evidence of the operation of the prevention model, in which case the data shall be kept anonymized. (LOPDGDD art. 24.4).

5. For the processing of data in the exercise of rights, they will be kept for the time necessary to resolve the requests and for at least three years to meet possible claims.

6. Regarding the registration of visits, the data will be kept for four years or until the interested party requests its deletion.

7. In relation to video surveillance, the data will be kept for a maximum of 30 days, except for communication to Security Forces and Bodies, and/or Courts and Tribunals.

8. For the treatment of data in the contact forms and Newsletter, the data will be kept as long as the interested party does not request its deletion.

4. What is the legitimacy for the processing of your data?

We indicate the legal basis for the processing of your data:

1. CUSTOMER MANAGEMENT:a. Execution of a contract: Fiscal, accounting and administrative management of clients. (RGPD art. 6.1.b).b. Legitimate interest of the Responsible PartyThe sending of commercial communications, including by electronic means. (RGPD Recital 47, LSSICE art. 21.2).
2. IMAGE MANAGEMENT FOR MARKETING PROJECTS:a. Consent of the interested party: We request your consent to carry out the capture, dissemination and transfer of image and/or video data for promotional purposes of your image, for publication on social networks, video platforms and websites, as well as in the publications of the entity and other media. (art. 2 Ley Orgánica 1/1982 de protección del derecho al honor, a la intimidad personal y familiar y a la propia imagen; RGPD art. 6.1.a).
3. MANAGEMENT OF SUPPLIERS:a. Execution of a contract: Perform the administrative, accounting and tax management of the contracted services. (RGPD art. 6.1.b).
   b. Legitimate interest of the Responsible Party: Management of professional contact data. (LOPDGDD art.19, RGPD art. 6.1.f).
4. 
   PERSONNEL SELECTION:
   a. Execution of a contract: Management of the Curriculum Vitae submitted by the candidate in order to carry out the personnel selection processes for the search of the best possible candidate for a specific job position. (RGPD art. 6.1.b).
5. VIDEO SURVEILLANCE:a. Mission in the Public Interest: Processing necessary for the performance of a mission carried out in the public interest or in the exercise of public powers vested in the controller (RGPD art. 6.1.e), as stated in the “Guide on the use of video cameras for security and other purposes”, published by the Spanish Data Protection Agency.
6. 
   DATA MANAGEMENT OF THE PARTIES INVOLVED IN THE INTERNAL COMPLAINTS CHANNEL:
   a. Public Interest Mission: Control of risks of non-compliance within the organization; (Ley Orgánica 3/2018, de 5 de diciembre, de Protección de Datos Personales y garantía de los derechos digitales (Organic Law 3/2018, of December 5, on Personal Data Protection and guarantee of digital rights). [Preámbulo V]).b. Fulfillment of a legal obligationDirective (EU) 2019/1937 of the European Parliament and of the Council of 23 October 2019 on the protection of persons who report breaches of Union law (art. 8; obligation to establish internal whistleblowing channels); Law 2/2023 of 20 February on the protection of persons who report regulatory breaches and the fight against corruption (art. 10; Obligated private sector entities).

   c. Consent of the interested party: For the conservation and recording of complaints made through telephone line and voice messaging systems with recording. As well as for the recording of the personal meeting requested with the entity for the purpose of denouncing. (Directive (EU) 2019/1937; art. 18.2 and 4; Law 2/2023, of February 20, art. 32. 4y 5).

7. 
   DATA MANAGEMENT OF THE PARTIES INVOLVED IN THE PROTOCOL FOR THE PREVENTION OF SEXUAL OR GENDER-BASED HARASSMENT:
   a. Compliance with a legal obligation: Organic Law 3/2007, of March 22, for the effective equality of women and men (art. 48); Royal Decree 901/2020, of October 13; Law 31/1995, of November 8, on the prevention of occupational hazards (art. 14).
8. MANAGEMENT OF VISITORS TO FACILITIES:a. Legitimate interest of the Responsible: Control of entrances and exits to the facilities of the responsible for security reasons and traceability of visits. (RGPD art. 6.1.f).
9. MANAGEMENT OF THE EXERCISE OF THE RIGHTS OF THE STAKEHOLDERS:a. Fulfillment of a legal obligation: manage and respond to requests from data subjects in the exercise of the rights established in the data protection regulations (RGPD, art.6.1.b).
10. NEWSLETTER SUBSCRIPTION FORM:a. Consent of the interested party: to send our newsletter and other promotional communications of interest to subscribers (RGPD, art. 6.1.a, and LSSICE art.21).
11. CONTACT FORMS:a. Execution of a contract: Management of potential customers who are interested in our products and/or services. (RGPD, art. 6.1.b, LSSICE art.21).
    b. Legitimate interest of the Controller: Management of professional contact data (LOPDGDD art.19, RGPD art. 6.1.f).

5. To which recipients will your data be communicated?

The data will be communicated to the following recipients:

1. CUSTOMER MANAGEMENT:a. Tax Administration, in order to comply with legal obligations (legal requirement).
   b. Bank entities, in order to issue the corresponding receipts (contractual requirement).
2. IMAGE MANAGEMENT FOR MARKETING PROJECTS:a. Internet (social networks, video platforms and websites), the entity’s website and other media, for the purpose of transferring and publishing the personal data and images and/or video of the work personnel for promotional purposes. (consent of the interested party).
3. SUPPLIER MANAGEMENT:a. Tax Administration, in order to comply with legal obligations (legal requirement).
   b. Bank entities, in order to make the corresponding payments (contractual requirement).
4. PERSONNEL SELECTION:a. No data will be transferred to third parties, unless legally required.
5. VIDEO SURVEILLANCE:a. If applicable, the State Security Forces and Corps, as well as Courts and Tribunals, in order to provide the images if a crime has been committed (legal requirement).
6. DATA MANAGEMENT OF THE PARTIES INVOLVED IN THE INTERNAL COMPLAINTS CHANNEL: 

   a. Independent Whistleblower Protection Authority, in order to manage and control the requests and possible claims, demands on the whistleblower protection measures (legal requirement).b. State Security Forces and Corps; Jurisdictional Bodies; Public Prosecutor’s Office, for the purpose of reporting the commission of a possible crime (legal requirement).

7. DATA MANAGEMENT OF THE PARTIES INVOLVED IN THE PROTOCOL FOR THE PREVENTION OF SEXUAL OR GENDER-BASED HARASSMENT: 

   a. State Security Forces and Corps; Jurisdictional Bodies; Public Prosecutor’s Office, in order to report the commission of a possible crime (legal requirement).

8. FACILITY VISITOR MANAGEMENT:a. Compañía de vigilancia Aragonesa SL, in order to perform the access control of labor personnel and assignment of access cards (contractual requirement).
9. MANAGEMENT OF THE EXERCISE OF THE RIGHTS OF THE INTERESTED PARTIES:a. Control authorities, public administration bodies and Ombudsman, if applicable, in order to manage and deal with requests and possible complaints (legal requirement).
10. CONTACT AND NEWSLETTER FORMS:a. No data will be transferred to third parties, unless legally required.

6. Data transfers to third countries?

• Facebook Ireland Limited (Facebook and Instagram), for the purpose of Social Networking Platform Services for publication of content of the organization. The guarantee for this transfer has been established through: Explicit consent of the data subject. Additional information is available from: 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; https://www.facebook.com/help/contact/540977946302970; https://es-es.facebook.com/about/privacy/update.
• Twitter International Company, in order to serve as a social network for the publication of the organization’s content. The guarantee for this transfer has been established through: Explicit consent of the data subject. Additional information is available at: Data Protection Officer: One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 IRELAND; https://twitter.com/es/privacy; https://help.twitter.com/forms/privacy.
• Google Ireland Limited (YouTube), for the purpose of providing services as a platform for the publication of promotional videos of the College. The guarantee for this transfer has been established through: Standard data protection clauses. Additional information is available at: https://policies.google.com/privacy?hl=es;
  https://support.google.com/policies/answer/9581826?hl=es&visit_id=638211518626325875-2142653611&rd=2.
• LinkedIn Ireland Unlimited Company, for the purpose of Social Networking Service for the publication of content of the organization. The guarantee for this transfer has been established through: Explicit consent of the data subject. Additional information is available at: https: //es.linkedin.com/legal/privacy-policy?; https://www.linkedin.com/help/linkedin/answer/a1343190?trk=microsites-frontend_legal_privacy-policy&lang=en.

7. What are your rights when you provide us with your data?

Any person has the right to obtain confirmation as to whether or not BOLSCHARE is processing personal data concerning them.

Interested parties have the right to access their personal data, as well as to request the rectification of inaccurate data or, where appropriate, to request its deletion when, among other reasons, the data is no longer necessary for the purposes for which it was collected. You also have the right to data portability.

In certain circumstances, the interested parties may request the limitation of the processing of their data, in which case we will only keep them for the exercise or defense of claims.

In certain circumstances and for reasons related to their particular situation, data subjects may object to the processing of their data. In this case, BOLSCHARE will stop processing the data, except for compelling legitimate reasons, or the exercise or defense of possible claims.

You may materially exercise your rights as follows: by contacting privacidad@bolschare.com or C/ Francisco Guerra Díaz 12 P4 1ºC, 06011 Badajoz (Spain).

When commercial communications are sent using the legitimate interest of the data controller as a legal basis, the data subject may object to the processing of his or her data for this purpose.

The consent given is for all the indicated purposes whose legal basis is the consent of the interested party. You have the right to withdraw such consent at any time, without affecting the lawfulness of the processing based on the consent prior to its withdrawal.

In case you feel that your rights concerning the protection of your personal data have been violated, especially when you have not obtained satisfaction in the exercise of your rights, you can file a complaint with the competent Data Protection Supervisory Authority through its website: www.aepd.es.

8. How did we obtain your data?

The personal data we process at BOLSCHARE comes from the data subject himself or his legal representative.

The categories of data processed are:

• Identifying data.
• Postal and e-mail addresses.
• Commercial information.
• Bank and economic data.