PRIVACY POLICY

Privacy – Extended Information

The Privacy Policy is part of the General Conditions that govern this website.

Version 1 May 2018.

Who is responsible for processing your data?

This website is the responsibility of ASOCIACIÓN DE ACCIÓN FERROVIARIA, CETREN and CETREN FORMACIÓN SLU, which contact details are as follows:

CETREN FORMACIÓN S.L.   Headquarters: Paseo de la Castellana 91, 10th floor PC 28046 Madrid. Tax Id Nr: B85035251 Phone: 91 2648335 Mail: formacion@cetren.es

ASOCIACIÓN DE ACCIÓN FERROVIARIA, CETREN   Headquarters: Paseo de la Castellana 91, 10th floor PC 28046 Madrid. Tax Id Nr.: G28688331 Phone: 91 2648330 Mail: cetren@cetren.es

Please address any option indicated above to communicate with us.

We reserve the right to modify or adapt this Privacy Policy at any time. We recommend you check it, and if you have registered and access your account or profile, you will be informed of the changes.
If you are one of the following groups, consult the drop-down information:

• Web or email contacts

What data do we collect through the Web?

We can treat your IP, the operating system or browser that you use, and even the duration of your visit, anonymously.

If you provide us with information on the contact form, you will be identified to be able to contact you, if necessary.

• • To answer your questions, applications or requests.
  • To manage the requested service, answer your application, or process your request.
  • To inform by electronic means, upon on your request.
  • For commercial or event information by electronic means, provided there is an express authorization.
  • Perform analysis and improvements on the Web, about our products and services. Improve our commercial strategy.

Acceptance and consent of the interested party: If it be necessary to make a request to fill in a form and click on the submit button, this action shall necessarily imply that you have been informed and have expressly granted your consent to the contents of the clause attached to said form, or to accept the privacy policy.
All our forms have the * symbol in the mandatory data. If you do not fulfil these fields, or do not check the acceptance box of the privacy policy, you shall not authorize to receive information. It usually reads as follows: “□ I have read and accept the Privacy Policy.”

• Associates and students

What data do we use?

• • Prepare the budget and monitor it through communications between both parties.
  • Information by electronic means, which deal with your request.
  • Commercial or event information by electronic means, provided there is an express authorization.
  • Manage administrative, communications and logistics services performed by the Responsible Person.
  • Timely invoicing and tax declaration.
  • Perform the corresponding transactions.
  • Control and collecting procedures.

Quality surveys What data do we use?                           

• • Assess the degree of quality in the service provided
  • Improve the services offered, by virtue of ISO compliance

The legal basis is the express consent of the respondent.

Suppliers

What data do we use?

• • Information by electronic means, which deal with your request.
  • Commercial or event information by electronic means, provided there is an express authorization.
  • Manage the administrative, communications and logistics services performed by the person in charge.
  • Invoicing.
  • Perform the corresponding transactions.
  • Timely Invoicing and Tax Declaration.
  • Control and collection procedures.

The legal basis is accepting a contractual relationship, or failing that, your consent by contacting us or offering your products by any means.

• Social Network Contacts

What data do we use from social networks?

• • Answer to your questions, applications or requests.
  • Manage the requested service, answer your request, or process your request.
  • To engage with you and create a community of followers.

Accept a contractual relationship in the relevant social network environment, and in accordance with its Privacy policies:

How long are we going to keep personal data?

We can only consult or cancel your data in a restricted way by having a specific profile. We will treat them for as long as you let us by following us, being our friends, or clicking “like”, “follow” or similar buttons.

Any correction to your data or restriction of information or publications shall be done in your profile configuration or in your social network user itself.

• Jobseekers

What data do we use from your CV?

• • Organize the selection processes to contract employees.
  • Call you for job interviews and evaluate your candidacy.
  • If you have given us your consent, we may transfer it to collaborating or related companies, with the sole purpose of helping you to find employment.
  • If you check the acceptance box of the privacy policy, you give us your consent to transfer your job application to the entities that make up the group of companies with the aim of including you in their personnel selection processes.

Likewise, we inform you that one year after the receipt of your curriculum vitae, we will proceed to its safe destruction.

The legal basis is your express consent, by sending us your CV.

Do we include personal data of third parties?

No, as a general rule we only treat the data provided by the owners. If you provide us with data from third parties, you must previously inform and request their consent to said persons, or else you exempt us from any liability for breaching this requirement.

And data of minors?

We do not process data of children under 14 years. Therefore, refrain from providing them if you are not of that age or, where appropriate, providing data from third parties, that are not of that age. Asociación de Acción Ferroviaria, Cetren and Cetren Formación, shall not be liable for breaching this provision.

Do we make communications by electronic means?

• • We make them only to manage your request, it if is your contact mean provided.
  • We need your previous and express authorization to make our commercial communications.

What safety measures do we apply?

You can be calm: We have adopted an optimal level to protect the Personal that we proceed, and we have installed every mean and technical measure at our disposal according to the state of the technology in order to avoid any loss, misuse, alteration, unauthorized access and theft of Personal Data.

To which recipients will your data be communicated?

Your data will not be transferred to third parties, except as legally required. Specifically, they will be notified to the State Agency of Tax Administration and to banks and financial entities that collect the service provided or product purchased, and any responsible person for treating and executing the agreement.

In case of purchase or payment, if you choose any application, web, platform, bankcard, or any other online service, your data will be transferred to that platform or treated in your environment, always with maximum safety.

If we order it, the web development and maintenance company, or the hosting company, will have access to our website. They will have signed a contract to provide the services requiring them to maintain the same level of privacy as we do.

Any international data transfer when using American applications shall be adhered to the Privacy Shield agreement, which guarantees that American software companies comply with European privacy data protection policies.

What rights do you have?

• • To know if we are processing your data or not.
  • To access your personal data.
  • To request to rectify your data should it be inaccurate.
  • To request to delete your data if it is no longer necessary for the purposes for which it was collected or if you withdraw your consent.
  • To request to limit your data processing, in certain cases, and so we will only keep them in accordance with current regulations.
  • To carry your data, which will be provided in a structured format, commonly used, or mechanical reading. If you prefer, we can send them to the new person you designate. It is only valid in certain cases.
  • To file a claim to the Spanish Agency for Data Protection or competent control authority, if you believe that we did not treat you correctly.
  • To withdraw you consent for any processing that you consented, at all times.

If you modify any data, we thank you for letting us know in order to keep it updated.

Do you want a form to Exercise the Rights?

• • We have forms to exercise your rights, ask for them by email or if you prefer, you can use those prepared by the Spanish Agency for Data Protection or any third party.
  • These forms shall be electronically signed or accompanied by an Id. Card photocopy.
  • Should anyone represent you, please attach a copy of your ID, or sign it with your electronic signature.
  • The forms can be presented in person, sent by letter or by mail to the Responsible address at the beginning of this text.

How long does it take us to answer to the Exercise of Rights?

It depends on the right, but no longer than one month after your request, and two months if the subject is very complex and we notify you that we need more time.

Do we handle cookies?

If we use other types of cookies that are not necessary, you can consult the cookie policy in the corresponding link at the beginning of our website.

How long will we keep your personal data?

• • Personal data will be kept as long as you keep linked to us.
  • If you untie, the personal data processed for every purpose shall be kept for the legally set periods, including the period when a judge or court may require them according to the limitation period for legal actions.
  • The data processed will be maintained as long as the aforementioned legal deadlines do not expire, if there is a legal maintenance obligation, or if there is no legal deadline, until the interested party requests its deletion or revokes the consent granted.
  • We will keep all the information and communications related to your purchase or to the provision of our service, while the guarantees of the products or services last, to attend possible claims.
  • For any treatment or type of data we provide you with a specific period, which you can consult in the following table:

 

File	Document	Conservation
Clients	Invoices	10 years
	Forms and coupons	15 years
	Contracts	5 years
Human Resources.	Payroll, TC1, TC2, etc.	10 years
	CVs.	Until the end of the selection process, and 1 more year with your consent.
	Docs of severance pay. Contracts. Data of temporary workers.	4 years.
	Worker record.	Up to 5 years after employment termination.
Marketing.	Databases or web visitors.	During the treatment period.
Suppliers.	Invoices.	10 years.
	Contracts.	5 years.
Access control and video surveillance.	Visitor List.	1 month.
	Videos.	30 day retention.
Accounting.	Books and accounting documents. Partners agreements and boards of directors, company bylaws, minutes, board of directors regulations and delegated committees. Financial statements, audit reports. Records and documents related to grants	6 years.
Fiscal	Company management, rights and obligations related to tax payment. Administration of dividend payments and withholding taxes.	10 years
	Information on intragroup pricing	18 years 8 years for intra-group transactions for price agreements
Security and health	Medical Records of Workers	5 years
Environment	Information on chemical or substantially hazardous substances	10 years
	Documents related to environmental permits, while the activity is being carried out.	3 years after the end of the activity 10 years (prescription of the offence)
	Records on recycling or waste disposal	3 years
	Subsidies for cleaning operations must retain the documents of rights and obligations, receipts and payments.	4 years
	Accident Reports	5 years
Insurance	Insurance policies	6 years (general rule) 2 years (damage) 5 years (personal) 10 years (life)
Shopping	Record all delivered goods or services, intra-community acquisitions, imports and exports for VAT purposes.	5 years
Legal	Intellectual and Industrial Property Documents. Contracts and agreements.	5 years
	Permits, licenses, certificates	6 years after the permit, license or certificate maturity date. 10 years (prescription of the offence)
	Confidentiality and non-competition agreements	Always the term of the obligation or confidentiality
LOPD	Personal data processing, if it is different to that notified to the Spanish Data Protection Agency.	3 years
	Personal data of employees stored in networks, computers and communications equipment used by them, access controls and internal management/administration systems	5 years