1.- Basic Privacy Information

  1. Responsible company: Redsys Servicios de Procesamiento, S.L.
  2. Purpose of processing: Manage web services, the contractual relationship with clients and suppliers, the commercial relationships with other companies, the activities for job applicants, the ethic channel and the company administrative bodies obligations.
  3. Legitimation: Consent (web services), execution of a contract or pre-contractual measures (client and supplier contract and management of applicants), legitimate interests (commercial contacts, security measures performance under company information), legal obligation (company administrative bodies obligations).
  4. Recipients: No data will be transferred to third parties except legal obligation or companies of the Group or participated by Redsys in the management of applicants for jobs.
  5. Rights: To access, rectify and delete data, as well as other rights, as explained in our Additional Information.
  6. Additional Information: You can consult additional and detailed information on data protection and privacy below.

2.- Additional Privacy Information

  1. Contact details of the person in charge: Redsys, Servicios de Procesamiento, S.L., with Tax Id Number B-85955367, registered office: Francisco Sancha, 12 - 28034 Madrid (hereinafter Redsys).

    Contact details of the Representative for Data Protection: you can contact by the following telephone 913 46 55 00 and / or by email:

  2. When you access and use you agree to accept this Privacy Policy, as well as the provisions contained in the Legal Notice and the Cookies Policy.

    In Redsys we provide you with information so that, prior to completing your personal data, you can access the Privacy Policy and any other relevant information on Data Protection.

    Likewise, this Policy serves to provide additional second level information of those informative clauses that redirect to it, with such purpose.

  3. For what purpose do we treat your personal data? In Redsys we are committed to using your personal data always for specific, explicit and legitimate purposes.

    In those cases in which it is planned to perform a treatment of your personal data for a purpose other than that which was originally agreed upon by you, you will be provided with sufficient information on the new purpose to obtain, again, your consent.

    In those cases in which, from your personal data, profiles may be created or automated orders be taken, you will be provided with sufficient information on the same and the consequences that may arise from them.

    We collect personal information necessary for the management and maintenance of some of our services, as well as for other purposes established in this Privacy Policy:

    In what cases are personal data requested through our website or through other channels?

    • To contract any of the services and/or products that we offer or demand.
    • To manage applications for candidates to work with us.
    • To answer the questions sent to us through the Contact email.
    • To use the Complaint Channel.
    • To manage commercial relationships through people of contact from third companies
    • To give access to the company information protected with IRM encryption measures.

    What use will we give to the personal information processed by us?

    • To manage the contractual relationship with our clients and suppliers.
    • To attend and manage job applications and the selection processes associated with the candidates.
    • For the attention of the queries made by the users through the Contact mail.
    • To manage the commercial relationships with other companies through people of contact
    • To manage the security measures performance under the company information

    In the specific case of the Complaint Channel, which in compliance with the Redsys Offence Prevention System, has been implemented, it will be governed by its specific Privacy Policy, which is available on the Channel itself.

    How long will your data be kept?

    Data of Clients and Suppliers: The period for conservation of personal data will vary depending on the service that may be hired or provided. In any case, it will be the minimum necessary, and can be maintained until, according to the circumstances that apply in each case:

    • 4 years: Law on Infractions and Sanctions in the Social Order (obligations regarding affiliation, registration, cancellation, contribution, payment of salaries ...)
    • 5 years: Article 4 of the Law on Infractions and Sanctions in the Social Order in relation to the Law on Prevention of Occupational Risks and Article 1.964 of the Civil Code (limitation period for personal actions).
    • 6 years: Art. 30 Commerce Code (books, correspondence, documentation and proof of business activity)
    • 10 years: Articles 66, 66 bis and 67 of the General Tax Law (books and accounting records)

    Contact E-mail data: A maximum of 5 years according to Article 1.964 of the Civil Code (limitation period for personal actions).

    Data of applicants for jobs: In case of people who send us their CV, Redsys may keep it stored for a maximum of 12 months to incorporate it into future calls, unless the candidate states otherwise.

    Data of commercial contacts: During the period we need to manage the commercial relationship between companies or until the data subject exercise the right to erasure and then a maximum of 5 years according to Article 1.964 of the Civil Code (limitation period for personal actions).

  4. We treat your information on the legal basis of providing the information or services requested by you (for example, the subscription to the Redsys Blog) and based, therefore, on the consent of the individual concerned.

    In other cases, it may be necessary for the execution of a contract that you enter into with us (for example, service contracts entered with Redsys) or for the application of pre-contractual measures.

    In addition, we may treat personal contact data with a basis of legitimacy in the legitimate interest of Redsys to establish, manage and maintain commercial relationships with other companies, and protect their information with the implementation of security measures as IRM technologies which requires the log in of the third parties’ recipients of the information to allow the access on it.

    In each of the cases, you will have full rights over your personal data and the use thereof and may exercise them at any time.

    In no case will we give your information to third parties without first informing you and requesting your consent.

    In relation to the use of the Web services or the use of any other channel for which data are collected, the sending of your personal data is mandatory to contact you, manage the relationship and be able to meet the request made by you. Also, failure to provide the requested personal data or not accepting this data protection policy means that it is impossible to subscribe and process the requests made on this website or on any other channel.

  5. To whom will your data be given?

    Redsys will transfer its data in case of legal obligation. Likewise, we share personal information with other Redsys Group companies or those owned by Redsys in relation, solely, with the data of job applicants.

    Out of the above assumptions, in no case your personal data are shared with third parties without obtaining your prior consent, unless the transfer of your data was necessary for the maintenance of the relationship with you, as well as in the cases provided by the regulation of data protection in force at any time.

  6. All personal data that we process through our website come directly from the interested party.

    In the event that the personal data were not obtained directly from the interested party, as a result of a legitimate cession, or from sources of public access, it will be duly informed in this Privacy Policy or by any means that can prove that the duty to inform has been performed.

  7. How can rights be exercised? You can send a communication in writing to the registered office of Redsys or to the email address, including in both cases a photocopy of your national ID or another similar identification document, to request the exercise of the following rights:

    • Right to request the access to personal data: you can ask to Redsys if this company is processing your data and which data.
    • Right to request rectification of inaccurate or incomplete data, or suppression thereof.
    • In certain circumstances and for reasons related to your specific situation, you will have the Right to stand against the processing, in which case, Redsys will stop processing the data, except for compelling legitimate reasons or that in the exercise or defence of possible claims, these must still be processed.
    • In certain circumstances, you may exercise the Right to the portability of the data: in case you want your data to be processed by another entity, Redsys will provide the portability of your data to the new person in charge in case this is applicable.
    • In certain circumstances, you may request the Right to limit its processing, in which case they will only be kept by Redsys for the defence of possible claims.
    • In certain circumstances, there is the option of withdrawing the consent: in the case that the consent has been granted for a specific purpose, you have the right to withdraw the consent at any time, without affecting the legality of the treatment based on the consent prior to its withdrawal.

    How can I exercise these rights?

    In any case, we put at your disposal on our website forms that allow you to exercise the aforementioned rights more easily and quickly by sending it to the contact address of the Data protection Delegate.

    How can I complain before the Control Authority?

    If a user considers that there is a problem with the way in which Redsys is handling his/her data, the users can direct their claims to the Delegate of Data Protection of Redsys or to the corresponding data protection control authority, being the Spanish Agency for Data Protection ( the one indicated in the case of Spain.

  8. In Redsys we maintain the highest levels of security to protect your personal data against loss, destruction, accidental damage and access, treatment or unauthorized or illegal disclosure. When we receive your data, we use strict procedures and security parameters to prevent any unauthorized access.

    To this end, Redsys will evaluate the risks inherent to the processing (its probability and severity), and will apply measures to mitigate them, which will guarantee an adequate level of security, including confidentiality, taking into account the state of the art, the cost of application and the nature, scope, context and purposes of the treatment with respect to the risks and the nature of the personal data that should be protected.

    The actions described in this section which are appropriate to guarantee an adequate level of security for the detected risk will include, where appropriate and among others, the following measures:

    • Pseudonymization and encryption of personal data, when appropriate.
    • Measures which are able to guarantee the confidentiality, integrity, availability and permanent resilience of the procesing systems and services.
    • Measures which are able to restore the availability and access to personal data quickly, in case of physical or technical incident;
    • Existence of a process for regular verification, evaluation and assessment of the effectiveness of technical and organizational measures to ensure the safety of the processing.
    • Periodic evaluation for the risk of destruction, loss or accidental or unlawful alteration of personal data transmitted, conserved or otherwise processed, or unauthorized communication or access to said data.
    • Measures to ensure that anyone who acts under the authority of Redsys and has access to personal data can only process said data following instructions from Redsys.
  9. The personal data that can be collected will be treated with absolute confidentiality, committing ourselves to keep them secret and guaranteeing the duty to keep them adopting all the necessary measures that prevent their alteration, loss and unauthorized treatment or access, in accordance with the established in the applicable legislation.

  10. Children under 18 are not allowed to use the services available through, or other channels, without the prior authorization of their parents, tutor or legal representatives, who will be responsible for all acts performed by minors under their responsibility.

  11. The user will be solely responsible for filling in the forms with false, inaccurate, incomplete or outdated information.

  12. Our website uses "cookies" to collect information on how to use the Website. If you wish to obtain more detailed information on how Redsys uses cookies, consult the Cookies policy.