In this Privacy Policy, Users will find all relevant information applicable to the use of the personal data of our clients and Users by the GMS Plesium companies, regardless of the channel or medium (online or in person) they use to interact with us.
As a sign of transparency, we make all the information in this Privacy Policy permanently available to Users so they can consult it whenever they deem appropriate. Users will also find information about each process of their personal data as they interact with us.
The term “User” includes any person who accesses the Website, either directly or from any other Internet site.
The data controllers for User data are:
GMS Plesium, which is also the owner of the Website.
GMS Plesium
Tax ID: B60486503
Registration details: Volume 26681, Page 206, Sheet B-105981
That is, GMS Plesium (hereinafter referred to interchangeably as the “Controller” or the “Joint Data Controller”) is the Joint Data Controller. This means that we have regulated and are jointly responsible for processing and protecting Users’ personal data.
The Controller’s contact email address is: contact@gmsplesium.com
The collection, storage, modification, structuring, and, where appropriate, deletion of the data provided by Users will constitute processing operations carried out by the Controller.
The personal data that the Controller will process will generally be the following:
The User is informed that, when the Data Controller asks them to fill in their personal data to provide access to a feature or service on the Website, some fields will be marked as mandatory, as this data is required by the Data Controller to provide the service or access the feature in question.
Therefore, the User should bear in mind that if they choose not to provide this data to the Data Controller, they may not be able to complete their registration as a Registered User or enjoy those services or features.
The personal data provided by the User will be processed for the following purposes:
To manage the User’s registration as a Registered User on the Website: To register as a Registered User on our WThe collection, storage, modification, structuring, and, where appropriate, deletion of the data provided by Users will constitute processing operations carried out by the Controller.
The personal data that the Controller will process will generally be the following:
The User’s identification and contact information (e.g., first name, last name, company, sector, language, country, contact information, email, telephone number, etc.).
Username and password to access the Website in your capacity as a Registered User;
Connection, geolocation, and navigation data;
Commercial information (e.g., whether the User is subscribed to our newsletter);
The User is informed that, when the Data Controller asks them to fill in their personal data to provide access to a feature or service on the Website, some fields will be marked as mandatory, as this data is required by the Data Controller to provide the service or access the feature in question.
Therefore, the User should bear in mind that if they choose not to provide this data to the Data Controller, they may not be able to complete their registration as a Registered User or enjoy those services or features.
The personal data provided by the User will be processed for the following purposes:
To manage the User’s registration as a Registered User on the Website: To register as a Registered User on our Website, the User must voluntarily provide certain personal data, such as their email address, which will be incorporated into automated media owned by the Data Controller. The User may cancel their Registered User account by contacting the Data Controller at protecciondatos@gmsplesium.com.
For analytical and statistical purposes: to analyze how Users interact with the Website, identify potential errors or failures, and thus be able to make any necessary improvements.
To provide customer service: to respond to individual User questions via the Contact link provided for this purpose.
To manage the resumes received: if the User sends their CV to the Controller through the section provided for this purpose on the Website or applies to the various job offers published on the Website, the Joint Controllers will process the data to assess and manage the job application and, where appropriate, carry out the necessary actions for the selection and hiring of personnel.
For marketing purposes: If the User has subscribed to the Newsletter, the Joint Controllers will process the personal data to manage said subscription, including sending personalized information about the Joint Controllers’ products or services (via email, SMS, or push notifications via mobile phone, if the User has activated this option on their device). Furthermore, if the User agrees to participate in any promotional activity (such as contests, for example), they authorize the Joint Controllers to process the data they provide for each promotional activity. The legal bases for each promotional activity will always be made available to Users in advance.ntrollers will process the data to assess and manage the job application and, where appropriate, carry out the necessary actions for the selection and hiring of personnel.
The legal basis that allows the Joint Data Controllers to process Users’ personal data is, depending on the purpose, the following:
In managing the User’s registration on the Website as a Registered User,
the Data Controller is legitimized by the consent given by the User. The processing of the User’s data is necessary for the execution of the terms that regulate the use and access to certain content on the Website.
Usability and quality analysis: the Data Controller has a legitimate interest in analyzing the usability of the Website and the degree of User satisfaction.
Handling inquiries
The Data Controller has a legitimate interest in handling requests or inquiries raised by the User through the various contact methods available on the Website.
In managing the resumes received:
the Data Controller is legitimized by the consent given by the User when submitting their CV.
This consent may be withdrawn at any time, although this would mean that the application could not be considered in the Joint Controllers’ personnel selection processes.
However, the withdrawal of consent by the User will not affect the lawfulness of the processing carried out previously.
Marketing
The Data Controller is legitimized by the consent given by the User, for example when they agree to receive personalized information through various means, when they authorize the sending of push notifications on their mobile device, or when they accept the legal bases for participating in a promotional action.
In order to show the User personalized information, the Data Controller has a legitimate interest in profiling the information available to it (such as browsing habits, preferences, or purchase history) and the personal data they have provided, such as age range or language. The processing of this data is also beneficial to the User, allowing them to improve their user experience and access information according to their preferences.
If the User does not provide their data to the Data Controller, or does so in an erroneous or incomplete manner, it will not be possible to access certain areas of the Website, nor will it be possible to respond to queries, nor will their CV be included in the corresponding selection processes.
The personal data provided by the User will be processed by the Joint Controllers for the following period:
To manage the User’s registration on the Website as a Registered User: for as long as the User remains a Registered User (i.e., until they decide to unsubscribe). For usability and quality analysis: the User’s data will be processed punctually, for as long as the Controller carries out a specific quality action or survey or until the User’s browsing data is anonymized. To respond to inquiries: for as long as necessary to respond to the request or petition. To manage the resumes received. Marketing: until the User unsubscribes or cancels their subscription to the newsletter, and if they participate in promotional activities, for a period of six (6) months from the end of the activity. In order to determine any potential liabilities arising from the processing, the data will be duly stored and protected in the Data Controller’s systems and databases for as long as any liability arising from the processing may arise, in compliance with the regulations in force at all times. Once the possible actions in each case have expired, the Data Controller will delete the personal data.
To fulfill the purposes indicated herein, it is necessary for the Data Controller to transmit Users’ personal data to other entities within the MRO Group and to third-party service providers, such as:
Financial institutions; Fraud detection and prevention entities; Technology service providers; Logistics, transportation, and delivery service providers and collaborators; Customer service providers; Marketing and advertising service providers and collaborators.
The Data Controller has entered into data processing agreements with these service providers, and they will only access said information to provide the contracted service for and on behalf of the Data Controller.
Furthermore, Users are informed that some of the aforementioned service providers are located in territories outside the European Economic Area, which do not provide a level of data protection comparable to that of the European Union, such as the United States. In these cases, Users are informed that the Controller will transfer the data with full guarantees and safeguarding their security:
Some providers are Privacy Shield certified, a certification that Users can consult at the following link:
https://www.privacyshield.gov/welcome
With others, the Controller has signed Standard Contractual Clauses approved by the European Commission, the content of which can be consulted at the following link:
The Data Controller informs the User that, as a data hosting service provider, and pursuant to the provisions of Law 34/2002 of July 11, on Information Society Services and Electronic Commerce (LSSI), it retains for a maximum period of twelve (12) months the information essential to identifying the origin of the hosted data and the time at which the service was provided.
The retention of this data does not affect the confidentiality of communications and may only be used within the framework of a criminal investigation or to safeguard public security, and may be made available to judges and/or courts or the Ministry that so requests.
The communication of data to the State Security Forces and Corps will be carried out in accordance with the provisions of the regulations on personal data protection, and with the utmost respect for them.
The Data Controller adopts the necessary measures to guarantee the security, integrity, and confidentiality of the data in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
Although the Data Controller makes backup copies of the content hosted on its servers, it is not responsible for the loss or accidental deletion of data by Users.
Likewise, it does not guarantee the complete restoration of data deleted by Users, as said data may have been deleted and/or modified during the period since the last backup.
The services provided or rendered through the Website, except for specific backup services, do not include the restoration of content stored in backup copies made by the Data Controller when this loss is attributable to the User; in this case, a fee will be determined according to the complexity and volume of the recovery, always subject to the User’s acceptance.
The restoration of deleted data is only included in the price of the service when the loss of content is due to causes attributable to the Data Controller.
The Data Controller informs the User that they have the following rights:
Right of access
Right to know the User’s data held by the Data Controller.
Right to rectification
Right to request the Data Controller to rectify the User’s data held by the Data Controller. In this regard, the User undertakes to provide the Data Controller with true and accurate data at the time of registration and to notify the Data Controller of any changes or modifications. Any loss or damage caused to the Website, the Controller, or any third party due to the provision of erroneous, inaccurate, or incomplete information or data in the registration forms shall be the sole responsibility of the User.
Right to erasure
Right to request the Controller to erase the User’s data to the extent that it is no longer necessary for the purposes for which it needs to process it as stated in this Privacy Policy, or to the extent that it no longer has the legitimacy to do so.
Right to restriction
Right to request the Controller to restrict the processing of the User’s data, for example, by requesting that it temporarily suspend processing or retain it beyond the necessary time when the User may need it.
Right to object
When the processing of data is based on the legitimate interest of the Controller, the User shall have the right to object to the processing of their data.
Right to data portability
When data processing is based on the User’s consent, the User shall have the right to request data portability in a structured, commonly used, and machine-readable format, in order to transmit it directly to another entity, whenever technically feasible.
Right to withdraw consent
The User may withdraw consent from the Controller for the processing of their data at any time and for any purpose. Right to lodge a complaint: In the event of disagreement regarding the processing of their personal data, the User may lodge a complaint with the Spanish Data Protection Agency, in its capacity as supervisory authority, located at Calle Jorge Juan, No. 6 (28001 – Madrid).
The User may exercise any of these rights at any time by contacting GMS PLESIUM, at Calle Arquímedes, 10, 08210, Barberà del Vallès, Barcelona, or by email at contact@gmsplesium.com, or by requesting it by any other means that is available to them.
Minors under the age of 14 may not register as Registered Users on the Website without the prior authorization of their parents, guardians, or legal representatives. Parents, guardians, or legal representatives will be solely responsible for all actions carried out through the Website by minors in their care, including the completion of forms containing the minors’ personal data and, where applicable, the marking of accompanying boxes.
In this regard, and to the extent that the Controller cannot control whether Users are minors, it is advised that parents and guardians must implement the necessary mechanisms to prevent minors from registering on the Website and/or providing personal data without their supervision. The Controller assumes no liability in this regard.
In the event that any provision of this Privacy Policy is deemed invalid, in whole or in part, such invalidity or non-enforceability shall not affect any other provisions of the Privacy Policy that may have been established.
In the event that the Owner does not exercise any right or action recognized in this Privacy Policy, this shall not constitute a waiver thereof, unless acknowledged and agreed to in writing by the Owner.
The applicable law in the event of a dispute or conflict of interpretation of the terms of this Privacy Policy, as well as any matter related to the services of this Website, shall be Spanish law, to which the parties expressly submit. The Courts and Tribunals of Barcelona shall have jurisdiction to resolve all disputes arising from or related to its use.
This Privacy Policy is dated May 9, 2019.
The Controller may update this Privacy Policy when it deems appropriate. Therefore, it is advisable for the User to review this policy periodically, and if possible each time they access the Website, in order to be adequately informed about the type of information collected and how it is processed.
Notwithstanding the foregoing, the Controller will notify the User of any changes to this privacy policy that affect the processing of personal data provided through various means via the Website or even via email.