X Close

Privacy Policy

Confidentiality and Data Protection Policy

Eprom S.A. (hereinafter “the Company”) is committed to due diligence and compliance with Data Protection regulations. As part of this duty and commitment, the Data Protection Channel (DATAPROTECT line) has been established to cover the fundamental aspects of Data Protection, all managed, supervised, and certified by BONET Consulting, a leading firm in Regulatory Compliance and Data Protection. Below is detailed information about the confidentiality and personal Data Protection policy in compliance with Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, on the protection of natural persons regarding the processing of personal data and on the free movement of such data (General Data Protection Regulation or GDPR) and Article 11 of Organic Law 3/2018, on Personal Data Protection and Guarantee of Digital Rights (LOPD GDD). Data of the Data Controller and Contact Details of the Data Protection Officer (DPO):
  • Identity: EPROM ELECTRÓNICA, S.A.
  • Address / Postal Code: Crta. Castellar, 544 – 08227 Terrassa
  • Phone: +34 93 735 02 83
  • E-mail: lopd@epromsa.com
  • DPO Contact: Àngels Ruiz – lopd@epromsa.com
  • Data Protection Channel: www.dataprotect-line.com/eprom

Purposes of Processing

The Company will process the information provided by data subjects for the following purposes:
  • Manage your visit and meeting at our facilities, as well as the management and delivery of the contracted services/products.
  • Handle any inquiries, suggestions, or requests regarding our professional services made by data subjects.
  • Informative and commercial communications: processing your data to inform you about activities, articles of interest, and general information related to our activity and the contracted services/products.
  • Manage data provided by job applicants via Curriculum Vitae (CV) for recruitment and selection purposes.
  • Ensure the security of offices, facilities, and persons through access controls and video surveillance systems.
  • Comply with legal requirements applicable to the Company and its activities in health and occupational risk prevention.
  • Manage and control internal mechanisms, policies and protocols established by the Company for compliance and whistleblowing procedures.
  • Any processing necessary to comply with applicable regulations and official/sectoral requirements governing our activity.
  • For the proper execution of the above purposes, you consent to the processing of your data under the strictest compliance with Data Protection regulations and this policy. You may exercise your rights at any time (see specific section).

Data Retention Criteria

  • Management of contracted services/products: personal data provided in contracts, offers, and service proposals, as well as data of other necessary individuals, will be retained for the duration of the contracted services. After service completion, data will be retained where liabilities may arise or to comply with other legal obligations. Data will be kept to allow identification and exercise of data subject rights, under necessary technical, legal, and organizational measures.
  • Curriculum Vitae management: CVs will be kept for a maximum of one year; after that, they will be automatically destroyed, in compliance with data quality principles.
  • Employment contract management: personal data will be retained for the duration of the employment relationship and thereafter as required by liability or legal obligations.
  • Other: other personal data collected by any means will be retained as long as necessary to fulfill their collection purpose.

Legal Basis

The legal basis for processing personal data of users, clients, and prospects is:
  • Consent of data subjects for handling any request for information or inquiry about our services/products.
  • Consent of job applicants for recruitment and selection purposes.
  • Execution of service/product contracts with the Company.
  • Legitimate interest to send informative, commercial communications, and promotional offers related to the Company’s activity and contracted services/products.
  • Compliance with legal obligations and internal compliance procedures.
  • Legitimate interest to ensure the security of offices, facilities, and persons.

Recipients

No personal data is transferred to third parties, except where legally required.

Origin

Personal data is obtained directly from data subjects and our collaborators. Categories of personal data provided by collaborators include:
  • Identification data.
  • Postal or electronic addresses.
  • Data provided or consented by data subjects necessary for service/product management and delivery.

Rights

Right of Access, Rectification, and Erasure: data subjects have the right to confirm whether the Company is processing their personal data and to access or correct inaccurate data, or request deletion when no longer needed for processing purposes. Right to Restrict and Object: in certain circumstances, data subjects may request restriction of processing, in which case data will only be retained for defense of claims. They may also object to processing for reasons related to their situation; the Company will cease processing unless there are overriding legitimate grounds or for defense of claims. These rights may be exercised via our Data Protection Channel (see specific section).

Data Protection Channel / DATAPROTECT – line

The Company has implemented a Data Protection Channel, ensuring the highest commitment, rigor, and professionalism in security, experience, independence, and expertise in handling received communications. This Channel is provided through a web platform managed by an independent external expert to guarantee our commitments. Through this Channel, you may exercise your rights (see previous section) and report any suspected data breaches or non-compliance with Data Protection regulations or this policy. Access details for the Data Protection Channel are provided at the beginning of this policy.

Support and Assistance

Data subjects may contact the Company with any questions about personal data processing or policy interpretation by reaching the Data Controller / Data Protection Officer (DPO) at the contact details listed at the start of this policy.