1.
Data protection commitment

At CALAF GRUP 1964, SL (hereinafter CALAF Grup or the company) we are committed to ensuring that the personal information of users who access the official website as well as other accesses on social networks and the Internet (hereinafter, ¨Website¨) is protected and is not used improperly.

For this reason, the purpose of this Privacy Policy is to explain who is responsible for the processing, for what purpose your personal information will be processed, the legitimacy for the processing, how we collect it, why we collect it, how we use it and the rights that you have.

Therefore, by using the website and voluntarily providing us with your personal data, we understand that you have read and understood the terms of the Privacy Policy in relation to your personal data.

In this sense, CALAF Grup assumes the responsibility of complying with the current national and European data protection legislation in force at all times and aims to process your data in a lawful, fair and transparent manner.

This Web Privacy Policy may be subject to modification for any legal adaptation to future legislative or jurisprudential developments. In any case, the processing of the user’s personal data will be regulated by the Data Protection Policy that was in force at the time of browsing, so it is recommended that whenever you connect to the website, you read this, as well as its legal notice.

2.
Responsible for the processing

Who manages your personal data?

The personal data collected directly from the user when connecting to the website will be treated confidentially and will be incorporated into the corresponding Processing Activities Register of:

Responsible for the treatment: CALAF GRUP 1964, SL
Tax ID: B66145574
Registered office: Carretera de Manresa, 50-60 08280 CALAF
Telephone: +34 938 680 306
Mercantile Registry of , Barcelona
Email : rgpd@calafgrup.com

3.
Purpose and legitimacy of the treatment

What is the purpose for which we process your Personal Data? and Why are we entitled to process your personal data?

The only personal data to which CALAF Grup will have access will be those that the User provides voluntarily.

In this regard, the User must be aware that in order to access the services offered through the Website as well as access to the Employee Portal area, personal data, usernames and passwords will be requested and sometimes the completion of forms in which the mandatory data or fields are indicated with the symbol *. If you do not provide these fields, or do not check the acceptance checkbox of the privacy policy, the sending of the information will not be allowed. It usually has the following formula: “I have read and accept the Privacy Policy.”

If you do not fill in the mandatory Data, you will not be able to:

• Access all or part of the website services.
• Receive the services we offer.
• Respond to your requests.

You must understand that there are certain personal data whose processing is mandatory to comply with certain legal requirements, as well as to contractually formalize the requested services. For these reasons, we always commit to processing your Data in accordance with current regulations.

On the other hand, if you log in through social networks you authorize us to collect and process the Data that you have authorized, which is shared publicly through the configuration of this third-party solution. Consequently, we may use such Data to complete the information obtained directly from you.

We may process your personal data for the purposes we indicate, in accordance with the following basis of legitimacy:

• Contract: Because we need to process your personal data to be able to formalize the contract for the requested services, as well as to be able to execute it and comply with the obligations that arise.
• Legal requirement: Because there is a law that requires us to collect and process your personal data.
• Legitimate interest: Because we have a legitimate interest in ensuring the continuous improvement of our Services.
• Consent: Because you have expressly and voluntarily given us your consent or requested information from us.

Uses for contractual purposes
We will process your personal data for contractual purposes, that is, to fulfill our contractual commitments based on the relationship with you, to:

• The management, formalization, fulfillment and development of the contract regarding the contracted or requested services.
• Create your user account and allow you to log in to the Worker Portal.

Use for the purpose of complying with a legal obligation
We are entitled to process your data when you exercise one of the rights that protect you in matters of Data Protection, as it is necessary for the fulfillment of obligations in matters of data protection, specifically in the field of attention to the rights of interested parties, in accordance with the provisions of articles 12 to 22 of the aforementioned Regulation and articles 12 to 18 of Organic Law 3/2018, of December 5, on the Protection of Personal Data and Guarantee of Digital Rights.

Uses for purposes of legitimate interest
If you are already a customer and have received updates and information about products and services similar to those you have already contracted with CALAF GRUP, unless you have told us, or you tell us otherwise, we will continue to send you information on the basis of CALAF GRUP’s legitimate interest, based on keeping you informed and updated about products or services that may be of interest.

We will process your personal data to carry out quality or opinion surveys, website maintenance or telephone support.

Uses based on your consent
Consent for the processing of your data for the purposes described in this section will be understood to be given by checking the corresponding boxes provided for this purpose in the web forms expressing your consent, or other statements or conduct that unequivocally indicate that you accept the processing, depending on the product, website, service or application that you are using.

Specifically, we will require your consent for the following treatments:

• To manage the queries or requests you make to us through the emails available on the website or through the contact form.
• To offer you information on personalized content and offers that may be of interest to you, given the Cookies installed. To be able to manage cookies, you must refer to the website’s cookie policy.
• To manage your personal data so that you can participate in surveys or tests related to our services.
• To allow sharing information from our website by email or through social networks.

I do not want to receive any more advertising.

• If you do not wish to receive further commercial communications, send an email with your email address, name and surname and ID number, to the address rgpd@calafgrup.com

4.
Data type

What type of personal data do we process about you?
The personal data that may be processed will be the minimum and necessary for the purposes indicated above and to this end, those indicated below:

• Identification data: name, surname, national identity document or foreigner’s identity number.
• Contact details: landline telephone, mobile telephone, email address. Other data: data provided by the interested parties themselves in the open fields of the forms that may appear on the Website.
• Those for browsing the web or from third parties with whom we have reached an agreement.
• Date of creation of the last visit, as well as your IP address and the times you accessed the website.
• Username, passwords and other such credentials that are used to authenticate users and validate their actions in the Worker Portal area.
• Cookies: Through your browsing, different cookies may be installed on your device in accordance with what is established in our Cookies Policy.

5.
Social networks

There is access to Social Networks as indicated above, for the purpose of providing information about the company, access to the client area and control and monitoring of the service, that is, everything related to the contracted services offered by CALAF Grup.

Regarding social networks, the user may access them directly or through the link or link of the website, but in any case it is likely that these social networks have their own privacy policies, through which they will explain how they use and share your personal information. We recommend that you carefully review the privacy policies before using these social networks to be sure that you are satisfied with the way in which your personal information is collected and shared.

6.
Data communication and international data transfer

To whom do we communicate or transfer your personal data?
We inform you that your data will not be transferred to third parties unless necessary for the following purposes.

Communication of data due to a legal obligation
When authorized by a rule and, in particular, when one of the following cases occurs: a) The processing or transfer is intended to satisfy a legitimate interest of the controller or the transferee protected by this rule; b) The processing or transfer of the data is necessary for the controller to comply with a duty imposed on him by this rule.

Communication of data for the fulfillment of a contractual obligation
For the development, fulfillment and control of the existing relationship with you regarding the service contracted with CALAF Grup.
In this sense, your data may be communicated to third parties, suppliers or professional services when necessary for the proper fulfillment of the legal or contractual obligations indicated above. These suppliers will not process your data for their own purposes that have not been previously informed by CALAF Grup.
In those cases where, for better management and provision of services, data is accessed on behalf of third parties, CALAF Grup guarantees the maintenance of confidentiality in the processing of personal data. In any case, a data processor contract will be signed with the suppliers.

International Data Transfer
CALAF Grup will not carry out any International Transfer of data, but in the event that some of CALAF Grup’s suppliers necessary for the fulfillment, control and management of the existing relationship with you regarding the contracted service are located in territories located outside the European Economic Area (the countries of the European Union plus Liechtenstein, Iceland and Norway), CALAF Grup will adopt the appropriate guarantees and always maintain the integrity and confidentiality of your data.

7.
Data quality

The veracity of your data is important and must be up to date.

The web user and the recipient of the services provided will be solely responsible for the veracity and accuracy of the data provided, with CALAF Grup acting in good faith as a mere service provider. Therefore, it is important that the data provided is true, truthful and lawful, with CALAF Grup reserving the right to exclude from the services those users who have provided false data, without prejudice to the initiation of legal actions, and you undertake to inform us of any changes that your personal data may undergo, so that CALAF Grup has them updated at all times.

8.
Data retention

How long can we keep your personal data?
CALAF Grup will keep your Personal Data for the duration of the contractual or business relationship and until necessary to carry out the purposes set out in this Privacy Policy. Once this time has elapsed, we will only retain the personal data for the fulfillment of our legal obligations, as well as those derived from the existing relationship with you, including the period in which a judge or court may require them, taking into account the limitation period for legal actions.

The processed data will be maintained until the legal periods mentioned above expire, if there is a legal obligation to maintain it, or if this legal period does not exist, until the interested party requests its deletion or revokes the consent granted.

9.
Use of cookies

Browsing the Website and social networks will mean that we process your personal data to personalize your experience and remind you of our services. For this reason, cookies are used, for more information you can refer to the Cookies Policy.

10.
Proactive responsibility

Regarding security and protection, we inform you that CALAF Grup has the necessary technical and organizational measures to guarantee the security of the personal data for which it is responsible and to prevent its alteration, loss, treatment or unauthorized access, in compliance with the provisions of article 32 of the GDPR.

11.
Exercise of rights and inquiries

What are your Rights?
The rights that you can exercise in relation to your personal data are:

Right of Access	Right to know what data we are processing about you
Law of revocation of the consent	Right to withdraw consent at any time when you have given us authorization to process your data
Law of rectification	Right to have your data rectified or completed if it is inaccurate
Law opposition	Right to object to those treatments based on legitimate interest
Law of deletion	Right to have your data deleted when it is no longer necessary for the purposes for which it was collected
Law of limitation	Right to limit the processing of your data (in certain cases, expressly provided for in the regulations)
Right of portability	Right to have us provide you with your data (data processed for the execution of products and services and data that we process with your consent) so that you can transmit them to another person responsible.

You may exercise these rights by writing to:

• The Entity : CALAF GRUP 1964, SL
• Registered office : Carretera de Manresa, 50-60 08280 CALAF
• Telephone : +34 938 680 306
• Email : rgpd@calafgrup.com

Especially when you have not obtained satisfaction in the exercise of your rights, you have the right to file a complaint with the national control authority. To this end, you should contact the Spanish Data Protection Agency: C/ Jorge Juan, 6, 28001-Madrid.

12.
Validity and modification of the privacy policy

This Policy may be modified by changes in the requirements established by the legislation in force at any time, by judicial decisions and jurisprudential changes, as well as by changes in the Company’s actions and business strategy, for this reason, so that users are aware of the Privacy Policy in force at any time, they are recommended to periodically review it. 1. DATA PROTECTION COMMITMENT

At CALAF GRUP 1964, SL (hereinafter CALAF Grup or the company) we are committed to ensuring that the personal information of users who access the official website as well as other accesses on social networks and the internet (hereinafter, ¨Website¨) is protected and is not used improperly.
For this reason, the purpose of this Privacy Policy is to explain who is responsible for the processing, for what purpose your personal information will be processed, the legitimacy for the processing, how we collect it, why we collect it, how we use it and the rights that you have.
Therefore, by using the website and voluntarily providing us with your personal data, we understand that you have read and understood the terms of the Privacy Policy in relation to your personal data.
In this sense, CALAF Grup assumes the responsibility of complying with the current national and European data protection legislation in force at all times and aims to process your data in a lawful, fair and transparent manner.
This Web Privacy Policy may be subject to modification for any legal adaptation to future legislative or jurisprudential developments. In any case, the processing of the user’s personal data will be regulated by the Data Protection Policy that was in force at the time of browsing, so it is recommended that whenever you connect to the website, you read this, as well as its legal notice.