PRIVACY POLICY

1. Introduction.

We have a high level of commitment to the privacy of individuals, which is why the protection of personal data is important to us.

We process data in accordance with the provisions of the EU General Data Protection Regulation 2016/679, Organic Law 3/2018 on the Protection of Personal Data and Guarantee of Digital Rights and other relevant legislation in force.

This Privacy Policy has been revised in July 2023 to comply with the duties of information and transparency of the website itself and the controller in general, to provide any type of interested party and not only the users of the website with the general terms of the controller in the matter. There may be variations until the next revision.

2. Who is responsible for the processing of your data?

Responsible: NEWGARDEN SPAIN S.L.
NIF/CIF: B98434665
Address: AV. FRANCIA, 5, P.I. LAS SALINAS. 30840 ALHAMA DE MURCIA (MURCIA)
E-mail: info@newgarden.es

3. What is the origin and type of data we process?

The origin of the information we process may be any of the following categories:
- Paper, electronic or digital forms.
- Communication and messaging systems: email and messaging applications, telephone, etc.
- Other lawful sources and origins of information.
The different categories of data that we may process depending on the type of data subject (user, customer, supplier, employee, etc.) and the nature of the activity of the data controller and the different data processing operations are:
- Identification data, for example: name and surname.
- Identification codes or passwords, e.g. user name, employee code.
- Postal or electronic contact addresses, for example: telephone, email, social media profile.
- Personal and professional characteristics data, e.g. age, date of birth, qualifications, professional experience, CV.
- Economic, financial and insurance data, e.g. bank details, credit card details, etc.
- Financial and non-financial payroll data and other information of an employment nature, e.g. job title, payroll document, etc.
- Transactional data, e.g. goods and services supplied and received.
- Special category data, e.g. trade union membership, racial origin.
- Other data and information necessary or implicit in the performance of our activities, services and purpose.

OBLIGATORY OR OPTIONAL NATURE OF THE INFORMATION PROVIDED BY THE DATA SUBJECT.

The interested party, by ticking the corresponding boxes and entering data in the fields marked as obligatory (for example with an asterisk) in the contact form or presented in download forms, expressly and freely and unequivocally accepts that their data are necessary to deal with their request by the data controller, with the inclusion of data in the remaining fields being voluntary.

The interested party guarantees that the personal data provided to the data controller are truthful and undertakes to communicate any changes to them. The data requested through the website, marked as obligatory, are necessary for the provision of an optimal service to the interested party. In the event that all the data is not provided, there is no guarantee that the information and services provided will be completely tailored to your needs.

4. For what purposes do we process your personal data?

In general, the data are processed in order to successfully carry out the actions implicit in the normal development and management of the controller's activity. However, we can specify different processing purposes depending on the possible existing categories of data subjects:
- Customers and potential customers: management and maintenance of commercial, pre-contractual and contractual relations; internal administration; economic management; advertising and marketing, customer service.
- Collaborators, creditors and suppliers: management and maintenance of commercial relations, internal administration and financial management.
- Employees: management, development and maintenance of the employment relationship, human resources management, communications, training activities, occupational risk prevention, registration of the working day and other purposes derived from legal obligations and development of the employment relationship.
- Candidates: management of CVs received, management of job offers and personnel selection.
- Web and social network users: user service and management of communications between the parties.
- Visitors: visitor services and access control to the facilities.
- The existing information of any other category of data subjects processed by the data controller will be processed within the framework of its activity, in strict compliance with the applicable regulations and under the general criteria of this Privacy Policy.
Other general purposes that the data controller may implement are:
- Development of a commercial profile, with the aim of improving your experience by personalising offers and communications. No individualised decisions will be made on the basis of this profile and will act on the basis of legitimate interest.
- Video surveillance, for the security of goods and people, as well as the corresponding labour control based on legitimate interest.
- Telephone switchboard, in order to record communications for security, guarantee and quality of service, based on legitimate interest.
- Financial risks and control of monetary obligations. In the case of debtors with certain, due and enforceable payments pending, the data controller may communicate this circumstance to credit solvency files, debtors' files, and debt management or collection services, among others, based on legitimate interest.
- Communications: development and execution of communications through the available data and means of contact (e-mail, instant messaging, etc.) with categories of internal stakeholders (employees) and external stakeholders (customers, prospects, collaborators, suppliers, etc.). The purposes of such communications may be informational, organisational, commercial and advertising, as appropriate on the basis of informed consent and the legitimate interest of the data controller.
- Other purposes derived from the nature of the data controller, motivated by the normal development and exercise of its activity, on the basis of a valid legitimate basis.

5. How long will we keep your data?

In general, personal data will be retained at least for as long as there is a relationship with the data subject, as long as deletion is not requested, as long as liability may arise or as long as there is a legal provision for retention.

With regard to the data of candidates and job seekers, they will be deleted immediately when they are no longer of interest to the data controller.

The controller has in its data protection plan an inventory of retention periods that it observes to manage the different applicable retention periods.

The deletion of data shall in any case be carried out in such a way as to ensure the confidentiality of the data.

6. What are the legitimate grounds for processing your data?

The controller observes and applies the various existing legitimate bases that apply to each purpose of processing. These are:

a) Informed consent of the data subject.
b) Pre-contractual or contractual commitments.
c) Legitimate interest of the controller.
d) Applicable legal obligations.
e) Other legally prescribed legitimate bases.

7. To which recipients will your data be communicated?

Data subjects' data will not be communicated to any third parties by default, except: a) auxiliary services, authorised data processors or other implicit third parties necessary for the correct provision of goods and services; b) public authorities and administrations competent in the exercise of their functions; c) other legitimate data subjects and legally foreseen third parties.

8. What are your rights when you provide us with and/or we process your data?

As a data subject, you may at any time ask us to exercise any of the following data protection rights:

- Access to the data subject's personal data to confirm whether or not data concerning him/her are being processed and to obtain further information about this processing.
- Rectification or deletion of personal data concerning the data subject when, among other reasons, they are inaccurate or no longer necessary for the purposes for which they were collected.
- To limit the processing of the data subject's personal data in certain circumstances, in which case it will only be kept for the purposes of the exercise or defence of claims, for the protection of the rights of another person or for reasons of public interest.
- Receive the personal data concerning you, which you have previously provided to us, and in a structured format where possible (portability of your data).
- Object to the processing of your data in certain circumstances and on grounds relating to your particular situation. The company will stop processing your data, except for compelling legitimate reasons, or the exercise or defence of possible claims.
- To revoke consent, which may entail the annulment or cancellation of the existing business or contractual relationship, if any. Without prejudice to the processing carried out prior to the withdrawal of consent.

To do so, all you have to do is contact us at the email or postal address indicated at the beginning.

Optionally, you can also contact our designated data protection officer or the Data Protection Agency to find out more about your rights or to request the protection of these rights by the supervisory authority.

9. Data security.

We adopt the necessary technical and organisational measures in our information system to ensure an adequate level of confidentiality, integrity, availability and resilience of data in order to protect the rights and freedoms of data subjects.

The controller complies with the provisions and principles described in the GDPR to process data in a lawful, fair and transparent manner in relation to the data subject, and adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.

However, to the extent permitted by law, we do not assume any liability for damages from alterations that third parties may cause to our information system. Any breach of security will be duly and immediately reported to the competent authority and/or law enforcement agencies.

10. Sending communications or information.

Our policy regarding the sending of information by telematic means (e-mail, instant messaging, etc.) is limited to sending only communications that we consider to be of interest to our users and interested parties, in relation to the functions and activity of the company, or that you have consented to receive.

If you prefer not to receive these messages, we will offer you the possibility of exercising your right to cancel and waive the receipt of these messages, in accordance with the provisions of Title III, article 22 of Law 34/2002 of Services for the Information Society and Electronic Commerce.

11. Social networks.

The data controller may have a presence on social networks through the corresponding profiles, with this section and any legal and privacy terms present on the website being applicable to the processing of data of users or interested parties who become followers or in any way are linked to these profiles.

The purposes of use of these profiles by the data controller are for communication, commercial development, marketing and advertising, to process queries made to the data controller and user service, to inform about actions, activities and events organised by the data controller or in which it participates, and to interact through the official profiles.

The legitimate bases set out in section 6 above are complemented in this case because the user or data subject may have a profile on the same social network as the data controller and has decided to join or connect with the data controller's profile, thus showing interest in the information published by the data controller. Therefore, at the time of following the profiles of the data controller, he/she gives his/her consent to the processing of those data available on his/her profile.

The user can access the privacy policies and terms of the corresponding social network at any time, as well as configure the privacy features that can be carried out on their profile. The publications made by the user will be known by other users, so the user is primarily responsible for their privacy.

Users who are followers and/or participants in our profiles shall refrain from:

a) From publishing content or information contrary to the Law, morality, and good faith. It is not permitted to use or behave in any way that is illicit, annoying, inappropriate, that may generate negative opinions in the profile or that infringes on people's rights.

b) behaving in a manner contrary to the principles of legality, honesty, responsibility, protection of human dignity, protection of minors, protection of public order, protection of privacy, consumer protection and intellectual and industrial property rights.

The operator reserves the right to remove any content deemed inappropriate without prior notice. Likewise, it is released from any responsibility in relation to the security measures corresponding to each platform, and the user must be aware of them together with the legal terms and conditions of use of the platform itself.

The responsible party is expressly exonerated from any liability that may arise from the use of social networks by minors or persons with special abilities. The social networks of the responsible party do not knowingly collect any personal information from minors, therefore, if the user is a minor, they should not register or use the social networks of the responsible party, nor should they provide any personal information. Particularly in Spain, the processing of a minor's personal data may only be based on the age of 14 years or older. On the other hand, if any rule or regulation so requires, or if the user has special abilities, the intervention of the holder of their parental authority or guardianship, or of their legal representative by means of a valid document accrediting the representation, will be necessary.

12. Employment and candidate management


Those interested in accessing employment offers of the responsible entity may provide their data and professional information to the responsible entity through different channels, preferably through the existing forms, e-mail addresses, and existing means for this purpose, where appropriate.

These data will be processed in accordance with these terms of privacy herewith for the purpose of managing applications for possible employment, internship and training offers of the responsible entity and any subsidiary companies or companies belonging to the same business organisation, where it exists and where applicable.

The processing shall be carried out on the basis of the data subject's informed consent or other valid legitimate basis.

The data provided, if they are no longer of professional interest to the entity or once they are no longer necessary for the purposes for which they were collected, will be deleted, ensuring their confidentiality and anonymisation.

Any interested party may revoke their consent and exercise their privacy rights under the terms set out in this privacy policy.