ES: +34 917 875 571 | IT: +393 499 875 451 | PT: +351 960 369 264 info@tenderstool.com

Privacy Policy

ADJUDICACIONES TIC SL. - B87148409

ADJUDICACIONES TIC S.L.C/ Colquide 6 Edificio Prisma, portal 2, 1ºA - 28231 Las Rozas de Madrid (Spain).
E-mail: privacity_adjudicaciones@grupo-omnitel.es

Purpose of processing: The provision of information services on tenders, awards and prior announcements and centralized purchases in the ICT sector of the central, regional and local public administration in Spain, as well as on tenders and awards in the ICT sector of the public administration in Portugal and Italy.
Target audience: Companies that want to apply to bidding and awarding processes.
Recipients: Clients
Retention period: The data provided will be retained for as long as the business relationship is maintained or for the time necessary to comply with legal obligations and meet possible liabilities that may arise from the fulfillment of the purpose for which the data were collected.

This Privacy Statement informs you of our privacy practices and other choices you can make about the way we collect information about your online activity, device usage and information you provide to Adjudicaciones TIC S.L. This privacy statement applies to all of Adjudicaciones TIC's investee companies (Omnitel Comunicaciones and Adjudicaciones TIC) in addition to the websites, domains, services, applications and products owned by Adjudicaciones TIC and its affiliates (collectively "Omnitel Group").

Introduction

 

1.1 Purpose

 

ADJUDICACIONES TIC S.L. attaches great importance to the treatment of personal data as a determining element in its activity.

For this reason, ADJUDICACIONES TIC S.L. has decided to define, approve and implement the present Personal Data Protection Policy that gathers the regulatory requirements according to the particular characteristics of ADJUDICACIONES TIC S.L. in the treatment of personal data in accordance with its activity and according to its structure and available resources.

This document is intended to be a stable framework, but due to the continuous evolution and intrinsic changes of information systems and the complexity of regulations, this Policy should be supplemented or developed by other documents.

Likewise, with the acceptance of the present policy, we proceed to the acceptance of the protocol in the matter of Data Protection.

 

1.2 Principles

The principles relating to the processing of personal data are as follows

  • Principle of lawfulness, fairness and transparency: personal data must be processed in a lawful, fair and transparent manner in relation to the data subject.
  • Principle of purpose limitation: personal data must be collected for specified, explicit and legitimate purposes and will not be further processed in a way incompatible with those purposes.
  • Principle of data minimization: personal data must be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
  • Principle of data accuracy: personal data must be accurate and, if necessary, updated.
  • Principle of limitation of the storage period: keeping the data no longer than necessary for the purposes of processing.
  • Principle of integrity and confidentiality: personal data shall be treated in such a way as to ensure adequate data security.
  • Principle of proactive responsibility: manifested, among others, in extreme diligence in the choice of the provider that processes data and in the implementation, prior to the start of processing, of appropriate technical and organizational measures (obligation of privacy by design) and that allow that, by default, only data necessary for each of the specific purposes are processed (obligation of privacy by default).

 

1.3 Regulatory framework

The specific related regulations are mainly the following:

Standard Reference
GDPR Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data. Recital 78
Article 24.2 Responsibility of the controller
LOPD Organic Law 3/2018 of December 5, 2018, on Personal Data Protection and guarantee of digital rights. Full text

 

1.4 Legitimacy for treatment

The legal basis depends on the Services you use and how you use them. This means that we collect and use your information only when we need it to provide the Services to you, including to operate the Services, provide customer support and personalized features, and protect the security of the Services.

It satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to market and promote the Services and to protect our legal rights and interests; we need to do so to satisfy the terms of our agreement with you; you consent to us doing so for a specific purpose; or we need to process your data to comply with a legal obligation.

If you have consented to us using your information for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place. Where we use your information because we or a third party (for example, your employer) have a legitimate interest in doing so, you have the right to object to that use, although, in some cases, this may mean stopping using the Services.

 

2. SCOPE

The scope of application of this Policy is limited exclusively to ADJUDICACIONES TIC S.L., individually.

2.1 Legitimation of the data

We receive and store all information that you enter on our website or otherwise provide to us. You can choose not to provide certain information, but if you do, you may not be able to take advantage of many of the features we offer. The information you provide is useful to us in responding to your requests, personalizing future communications, improving our sites and contacting you.

The main purpose of collecting your personal data is to provide you with a secure, optimal, efficient and personalized experience. To this end, you agree that we may use your personal data to:

  • Customize, evaluate and improve our services, content and materials.
  • Analyze the volume and history of your use of our services.
  • Inform you about our services, as well as the services and promotional offers of our partners.
  • Prevent, detect and investigate any activities that are considered potentially prohibited, illegal or contrary to good practices and ensure compliance with our terms of use and shipping policy.
  • Comply with legal and regulatory obligations.
  • We use the personal data you provide only in accordance with applicable data protection legislation.

 

3. STRUCTURE AND FUNCTIONS IN THE FIELD OF DATA PROTECTION


ADJUDICACIONES TIC S.L. has structured its organization with different data processing functions.

    - Responsible for treatment

ADJUDICACIONES TIC S.L. is responsible for determining the purposes, means of processing and the appropriate technical and organizational measures to be applied in order to guarantee and prove that the processing of personal data is carried out in accordance with the applicable regulations on the matter, taking into account the nature, scope, context and purposes of the processing, as well as the risks of varying probability and severity for the rights and freedoms of natural persons.

- Security Officer

This is the person designated primarily to coordinate and control security measures.  

    - System Administrator

Responsible for managing and maintaining the operational environment of data processing.

- Person in charge of personnel

It is responsible for ensuring that the internal rules are known by the employees, adopting the necessary publicity and training measures for this purpose.

    - Directly responsible for treatment activities

For each processing activity, a person directly responsible for it will be identified whose main function is to collaborate directly with the Security Officer in the performance of his or her duties. Likewise, he/she must propose changes and improvements and report any modification related to the processing activity.

    - Data Processor

ADJUDICACIONES TIC S.L. may appoint data processors to process personal data for which it is responsible. The data processor may only process such data following its instructions.

ADJUDICACIONES TIC S.L. will only choose data processors that offer sufficient guarantees in the application of appropriate technical and organizational measures, so that the processing by the latter guarantees the protection of the rights of the interested parties.   

The processing by the processor shall be governed by a contract, which binds the processor to the controller and sets out the subject matter, duration, nature and purpose of the processing, the type of personal data and categories of data subjects, and the obligations and rights of the controller and processor, including the security measures to be implemented.

The processor may not use another processor without the prior written authorization, specific or general, of the controller.

ADJUDICACIONES TIC S.L. will have an updated list of all those service providers that process data under its responsibility.

- Data Protection Delegate

The Company shall appoint a Data Protection Delegate to advise and inform ADJUDICACIONES TIC S.L. of its obligations regarding data processing. His/her designation does not exempt him/her from the responsibility in the data processing.

ADJUDICACIONES TIC S.L. will provide the Data Protection Delegate with the necessary resources for the performance of his functions, as well as the access to personal data and to the processing operations.

The Data Protection Delegate is accountable to the highest hierarchical level of ADJUDICACIONES TIC S.L.

4. SECURITY OF PERSONAL DATA

Taking into account the state of the art, the costs of implementation, and the nature, scope, context and purposes of the processing, as well as risks of varying likelihood and severity to the rights and freedoms of natural persons, ADJUDICACIONES TIC S.L. shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk. In order to guarantee the security of special category data, specific measures shall be adopted.

Within the framework of its services, ADJUDICACIONES TIC S.L. attaches the highest importance to the security and integrity of its clients' personal data.

Therefore, and in accordance with the European General Data Protection Regulation 2016/679, ADJUDICACIONES TIC S.L. undertakes to take all necessary precautions to preserve the security of the data and, in particular, to protect them against any accidental or unlawful destruction, accidental loss, corruption, unauthorized circulation or access, as well as against any other form of unlawful processing or disclosure to unauthorized persons.

To this end, ADJUDICACIONES TIC S.L. applies industry-standard security measures to protect personal data from any unauthorized disclosure and, in particular, to prevent any unauthorized access, ensure the accuracy and correct use of the data, ADJUDICACIONES TIC S.L. has implemented appropriate electronic, physical and managerial procedures to protect and preserve the data collected through its services.

Despite this, absolute security against hacking or hackers is not guaranteed. Therefore, in case of security violation affecting you, ADJUDICACIONES TIC S.L. commits itself to inform you about it without undue delay and to take all necessary measures to stop the intrusion and minimize the consequences. In case of suffering any loss due to the exploitation by a third party of a security violation, ADJUDICACIONES TIC S.L. undertakes to provide you with all the necessary assistance so that you can assert your rights.

Any user, customer or hacker who discovers and takes advantage of a security breach exposes himself to criminal prosecution and ADJUDICACIONES TIC S.L. will take all measures, including filing a lawsuit and/or initiating legal action, to preserve the data and rights of its users or itself and limit the effects.

 

5. PREPARATION, UPDATING AND APPROVAL.

The responsibilities for preparing, updating and approving the Policy, in order to achieve a correct segregation of functions that avoids the existence of conflicts of interest, are distributed as follows:

  • The preparation and updating of the Policy is the responsibility of the Security Officer with the support of the Data Controllers.
  • The Company's management studies and proposes its approval.
  • The review of compliance with the Policy is the responsibility of Internal or External Audit.

Its content is reviewed and updated at least once a year and as many times as necessary to adapt it to significant changes that affect any of the elements that make up this Policy.

6. INFORMATION OF GENERAL INTEREST

This document has been designed for low risk personal data processing, from which it follows that it cannot be used for personal data processing that includes personal data related to ethnic or racial origin, political, religious or philosophical ideology, trade union affiliation, genetic and biometric data, health data, and sexual orientation data of individuals, as well as any other data processing that involves high risk to the rights and freedoms of individuals.

Article 5.1.f of the General Data Protection Regulation (hereinafter GDPR) determines the need to establish adequate security safeguards against unauthorized or unlawful processing, against loss of personal data, accidental destruction or damage. This implies the establishment of technical and organizational measures aimed at ensuring the integrity and confidentiality of personal data and the possibility of demonstrating, as established in Article 5.2, that these measures have been put into practice (proactive liability).

In addition, it must establish visible, accessible and simple mechanisms for the exercise of rights and have defined internal procedures to guarantee effective attention to the requests received.

7. ATTENTION TO THE EXERCISE OF RIGHTS

 

The controller shall inform all employees about the procedure for addressing the rights of data subjects, clearly defining the mechanisms by which the rights can be exercised and taking into account the following:

  • Upon presentation of their national identity card or passport, the holders of personal data (data subjects) may exercise their rights of access, rectification, deletion, opposition, portability and limitation of processing. The exercise of these rights is free of charge.
  • The data controller shall respond to data subjects without undue delay and in a concise, transparent, intelligible, clear and plain language and retain proof of compliance with the duty to respond to requests for the exercise of rights made.
  • If the request is submitted electronically, the information will be provided by electronic means whenever possible, unless the interested party requests otherwise.
  • Requests must be answered within 1 month of receipt, which may be extended by a further two months taking into account the complexity or number of requests, but in this case the interested party must be informed of the extension within one month of receipt of the request, stating the reasons for the delay.

RIGHT OF ACCESS: The right of access will provide data subjects with a copy of the personal data held together with the purpose for which they have been collected, the identity of the recipients of the data, the expected retention periods or the criterion used to determine it, the existence of the right to request rectification or deletion of personal data as well as limitation or opposition to their processing, the right to file a complaint with the Spanish Data Protection Agency and if the data have not been obtained from the data subject, any available information on their origin. The right to obtain a copy of the data may not adversely affect the rights and freedoms of other interested parties.

RIGHT OF RECTIFICATION: In the right of rectification will proceed to modify the data of the interested parties that were inaccurate or incomplete attending to the purposes of the treatment. The interested party must indicate in the request to which data refers and the correction to be made, providing, where necessary, supporting documentation of the inaccuracy or incompleteness of the data being processed. If the data have been communicated by the data controller to other data controllers, he/she shall notify them of the rectification of the data unless it is impossible or requires a disproportionate effort, providing the data subject with information about such recipients, if so requested.

RIGHT OF ERASURE: Under the right of erasure, data subjects' data will be deleted when they express their refusal to the processing and there is no legal basis preventing it, it is not necessary in relation to the purposes for which it was collected, they withdraw the consent given and there is no other legal basis legitimizing the processing or the processing is unlawful. If the erasure derives from the exercise of the data subject's right to object to the processing of his or her data for marketing purposes, the data subject's identification data may be retained in order to prevent future processing. If the data have been disclosed by the data controller to other data controllers, the data controller shall notify them of the erasure unless it is impossible or would require a disproportionate effort, providing the data subject with information about such recipients upon request.

RIGHT OF OPPOSITION: Under the right to object, where data subjects express their refusal to the controller to the processing of their personal data, the controller shall cease processing them provided that there is no legal obligation to prevent it. Where the processing is based on a public interest mission or on the legitimate interest of the controller, upon a request to exercise the right to object, the controller shall cease processing the data unless compelling grounds overriding the interests, rights and freedoms of the data subject or necessary for the formulation, exercise or defense of claims are demonstrated. If the data subject objects to the processing for direct marketing purposes, the personal data will no longer be processed for these purposes.

RIGHT OF PORTABILITY: Under the right of portability, if the processing is carried out by automated means and is based on consent or is carried out within the framework of a contract, data subjects may request to receive a copy of their personal data in a structured, commonly used and machine-readable format. They also have the right to request that it be transmitted directly to a new controller, whose identity must be communicated, where technically possible.

RIGHT TO LIMITATION OF PROCESSING: In the right to limitation of processing, data subjects may request the suspension of the processing of their data to contest its accuracy while the controller carries out the necessary verifications or in the event that the processing is carried out on the basis of the legitimate interest of the controller or in performance of a public interest task, while verifying whether these grounds override the interests, rights and freedoms of the data subject. The data subject may also request the retention of the data if he/she considers that the processing is unlawful and, instead of erasure, requests the restriction of the processing, or if, although the data are no longer needed by the controller for the purposes for which they were collected, the data subject needs them for the formulation, exercise or defense of claims. The fact that the processing of the data subject's data is restricted must be clearly stated in the data controller's systems. If the data have been communicated by the data controller to other data controllers, the data controller shall notify them of the limitation of the processing of the data unless it is impossible or would require a disproportionate effort, providing the data subject with information about these recipients, if so requested.

If the data subject's request is not acted upon, the controller shall inform the data subject, without delay and no later than one month after receipt of the request, of the reasons for its failure to act and of the possibility of lodging a complaint with the Spanish Data Protection Agency and of taking legal action.