Privacy Policy

1. Basic privacy information

  • Responsible: Redsys Servicios de Procesamiento, S.L.
  • Purpose of processing: To manage the services of the website, the contractual relationship with clients and suppliers, relations with commercial contacts, the activities of job candidates, the ethical channel and the company's corporate obligations.
  • Legitimation: Consent (web services), execution of a contract or pre-contractual measures (client and supplier contracts and candidate management), legitimate interest (commercial contacts, execution of security measures on company information), legal obligation (corporate obligations of the company).
  • Recipients: No data will be transferred to third parties unless legally obliged to do so or to companies in the Group or in which Redsys has a stake in the management of candidates applying for employment.
  • Rights: Access, rectify and delete data, as well as other rights, as explained in the additional information.
  • Additional information: Additional detailed information on data protection and privacy can be found below.

2.- Additional privacy information

  • DATA CONTROLLER

    Contact details of the person responsible: Redsys, Servicios de Procesamiento, S.L., with Tax Identification Code B-85955367, registered office: Francisco Sancha, 12 - 28034 Madrid (hereinafter, Redsys).

    Contact details of the Data Protection Officer: you can contact the following telephone number +34 913 46 55 00 and/or by e-mail: dpd@redsys.es.

  • SCOPE OF THE POLICY

    When you access and use www.redsys.es you agree to accept this Privacy Policy, as well as the provisions contained in the Legal Notice and the Cookies Policy.

    At Redsys we provide you with information so that, prior to filling in your personal data, you can access the Privacy Policy and any other relevant information regarding Data Protection.

    This Policy also serves to provide additional second-level information on those information clauses that redirect to this Policy for this purpose.

  • PURPOSES OF DATA PROCESSING

    For what purposes do we process your personal data? Redsys is committed to using your personal data for specified explicit and legitimate purposes.

    Where it is intended to process your personal data for a purpose other than that to which you originally consented, you will be provided with sufficient information about the new purpose to obtain your consent again.

    In cases where your personal data may be used for profiling or automated decision-making, you will be provided with sufficient information about this and the consequences of such profiling or decision-making.

    We collect personal information necessary for the management and maintenance of some of our services, as well as for other purposes set out in this Privacy Policy:

    When are personal data requested through our website or through other channels?

    • To contract and execute any of the services and/or products that we offer or demand.
    • To manage applications from candidates to work with us.
    • To answer any queries you may have via the Contact email address.
    • To use the Ethical Channel.
    • To establish business relationships through the contact persons of other companies.
    • In order to meet the company's corporate obligations.
    • To provide access to company information protected by IRM encryption measures.

    What use will we make of the personal information we use?

    • To manage the contractual relationship with our customers and suppliers.
    • To handle and manage job applications and associated selection processes for candidates.
    • To deal with queries made by users via the contact email address.
    • Manage business relations with other companies through contact persons.
    • Manage the convening and holding of the company's corporate bodies and committees and the generation of associated documentation and actions.
    • To execute the security measures implemented on the company's information.

    In the specific case of the Ethical Channel which, in compliance with the Redsys Crime Prevention System, is implemented, it will be governed by its specific Privacy Policy which is available on the Channel itself.

    How long will we keep your data?

    Client and Supplier Data: The period of conservation of personal data will vary depending on the service that may be contracted or provided. In any case, it will be the minimum necessary, and may be kept until, depending on the circumstances that apply in each case:

    • 4 years: Law on Infractions and Penalties in the Social Order (obligations regarding affiliation, registrations, cancellations, contributions, payment of salaries, etc.).
    • 5 years: Article 4 of the Law on Infractions and Sanctions in the Social Order in relation to the Law on the Prevention of Occupational Risks and Article 1.964 of the Civil Code (limitation period for personal actions).
    • 6 years: Art. 30 Commercial Code (books, correspondence, documentation and supporting documents of the business activity).
    • 10 years: Articles 66, 66 bis and 67 of the General Tax Law (accounting books and records).

    Contact details: A maximum of 5 years in accordance with Article 1.964 of the Civil Code (limitation period for personal actions).

    Job applicants' data: In the case of persons who send us their CVs, Redsys may store them for a maximum of 24 months for inclusion in future vacancies, unless the candidate states otherwise.

    Business contact data: For the period necessary to maintain the business relationship and after the termination or exercise of the right of deletion by the data subject for a maximum of 5 years in accordance with Article 1.964 of the Civil Code (limitation period for personal actions).

    Details of members of corporate bodies: For 6 years from the closing date of each fiscal year, in accordance with Article 30 of the Commercial Code.

  • LEGITIMACY

    We process your data on the legal basis of providing you with the information or services you request from us and therefore based on the consent of the data subject.

    In other cases it may be necessary for the performance of a contract you enter into with us (e.g. service contracts concluded with Redsys) or for the application of pre-contractual measures.

    We may also process personal contact data based on Redsys' legitimate interest in establishing, managing and maintaining business relationships with other companies, as well as protecting your information by implementing security measures such as IRM systems that require third party recipients of the information to register in order to access it.

    In addition, there are legal obligations that Redsys as a limited company must comply with and Redsys will process personal data of the members of the corporate bodies and committees in accordance with the applicable company law.

    In each case, you will have full rights over your personal data and over the use of your personal data and you may exercise these rights at any time.

    Under no circumstances will we share your data to third parties without first notifying you and requesting your consent.

    In relation to the use of the services of the website or the use of any other channel through which data is collected, the sending of your personal data is obligatory in order to contact you, manage the relationship and be able to deal with the request you send us. Likewise, failure to provide the personal data requested or not accepting this data protection policy means that it will be impossible to subscribe and process the requests made on this website or any other channel.

  • RECIPIENTS

    To whom do we disclose your data?

    Redsys will disclose your data where legally required to do so. We also share personal information with other companies in the Redsys Group or in which Redsys has a stake only in relation to job applicant data.

    Apart from the aforementioned cases, in no case will your personal data be shared with third parties without your prior consent, unless the transfer of your data is necessary for the maintenance of the relationship with you, as well as in the cases provided for by the data protection regulations in force at any given time.

  • PROVENANCE

    All personal data that we process through our website comes directly from the data subject.

    In the event that the personal data were not obtained directly from the data subject, because they come from a legitimate transfer, or from publicly available sources, the data subject will be duly informed in this Privacy Policy or by any means that allows accreditation that the duty to inform has been fulfilled.

  • DATA PROTECTION RIGHTS

    How can rights be exercised? You can send a written communication to the registered office of Redsys or to the e-mail address dpd@redsys.es, including in both cases a photocopy of your ID card or other similar identification document, to request the exercise of the following rights:

    • Right to request access to personal data: you may ask Redsys whether Redsys is processing your data and which data.

    • The right to request the rectification of inaccurate or incomplete data or its deletion.

    • In certain circumstances and for reasons related to your particular situation, you will have the right to object to the processing, in which case Redsys will stop processing the data, except for compelling legitimate reasons or for the exercise or defence of possible claims.

    • In certain circumstances, you may exercise your right to data portability: if you want your data to be processed by another entity, Redsys will facilitate the portability of your data to the new controller where applicable.

    • In certain circumstances, you may request the right to restrict the processing of your data, in which case they will only be kept by Redsys for the purpose of defending possible claims.

    • In certain circumstances, there is a possibility to withdraw consent: where consent has been given for a specific purpose, you have the right to withdraw consent at any time, without affecting the lawfulness of the processing based on consent prior to its withdrawal.

    How can I exercise these rights?

    In any case, we provide you with forms on our website that will allow you to exercise the aforementioned rights more easily and quickly by sending them to the contact address of the Data Protection Delegate.

    How can I complain to the Supervisory Authority?

    If a user considers that there is a problem with the way in which Redsys is handling their data, they can address their complaints to the Redsys Data Protection Officer or to the corresponding data protection supervisory authority being the Spanish Data Protection Agency (www.agpd.es) the one indicated in the case of Spain.

  • SECURITY

    At Redsys we maintain the highest levels of security to protect your personal information from loss, destruction, accidental damage and unauthorised or unlawful access, processing or disclosure. When we receive your information, we use rigorous security procedures and features to prevent unauthorised access.

    For this purpose, Redsys will assess the risks inherent in the processing (their likelihood and severity), and implement measures to mitigate them, which will ensure an appropriate level of security, including confidentiality, considering the state of the art, the cost of implementation and the nature, scope, context and purposes of the processing with respect to the risks and the nature of the personal data to be protected.

    The actions described in this section and appropriate to ensure a level of safety adequate for the risk identified will include, where appropriate, inter alia, the following measures:

    • Pseudonymisation and encryption of personal data, where appropriate.

    • Measures capable of ensuring the continued confidentiality, integrity, availability and resilience of processing systems and services.

    • Measures capable of restoring availability and access to personal data quickly in the event of a physical or technical incident.

    • Existence of a process of regular verification, evaluation and assessment of the effectiveness of technical and organisational measures to ensure the security of processing.

    • Periodic assessment of the risk of accidental or unlawful destruction, loss or alteration of, or unauthorised disclosure of or access to, personal data transmitted, stored or otherwise processed.

    • Measures to ensure that any person acting under the authority of Redsys who has access to personal data may process such data only on instructions from Redsys.

  • CONFIDENTIALITY

    The personal data that may be collected will be processed with absolute confidentiality, undertaking to keep them secret and guaranteeing the duty to store them by adopting all the necessary measures to prevent their alteration, loss and unauthorised processing or access, in accordance with the provisions of the applicable legislation.

  • MINORS

    Minors under 18 years of age may not use the services available through www.redsys.es, or other channels, without the prior authorisation of their parents, guardians or legal representatives, who will be responsible for all acts carried out by the minors in their care.

  • RESPONSIBILITY

    The user will be solely responsible for the completion of forms with false, inaccurate, incomplete or outdated data.

  • COOKIES

    Our website uses "cookies" to collect information about how you use the Website. For more detailed information on how Redsys uses cookies, please see the Cookie Policy.