The aim of this clause is to inform Sacyr website users about the processing of personal data that is carried out while browsing through its pages, as well as provide basic privacy information about those additional data processings that we consider relevant for its particularities to be informed here.
1. Ownership of the Website
Sacyr, S.A. holds the ownership of the Website, with registered office at C/ Condesa de Venadito 7, 28027 Madrid.
You may contact our Data Protection Delegate here: dpo@sacyr.com.
2. Data collected and purposes of the processing
- By just accessing the Service, Sacyr collects the IP address and other data related to the connection and its origin. The IP address is a code that identifies the user's Internet connection at a specific time, which could be statis or dynamic.
- Only the user's Internet access provider is able to identify the subscriber who was assigned an IP address at a specific time. Due to the very nature of the server that supports the Service, the IP address of the user is automatically registered along the date and time of access.
- Sacyr shall process the data collected in the Compliance section that users provide to manage the communications made at the Ethics Channel. The personal data of said users that we shall process are those duly required at the Ethics Channel, together with the optional data that the user has the possibility to fill out. .
- In the Employment Channel section, users may consult all the selection processes currently open. Should they apply to any of them, Sacyr shall process the personal data that users provide in order to assess their candidacy and their professional profile within any of the processes that we currently have open.
- Finally, in the case of suppliers, through the Providers Access section, users may use our tool to quickly and easily solve all the procedures related to Sacyr, since this portal is the solution that Sacyr facilitates to manage telematic invoices, costs savings and comply with current legislation. Providers Access are only available for Sacyr providers, so the company shall process the personal data of suppliers in order to carry out activities related to access management.
- Sacyr shall process the data you provide in the event that users register with Sacyr iChallenges. Sacyr iChallenges is a call for startups, entrepreneurs, innovation centers and innovative agents to join projects with the challenges posed by Sacyr. In the first phase of registration we shall only process the users’ contact information (name, surname and email).). In subsequent phases, additional data may be requested and will be appropriately informed in accordance with privacy regulations.
- The companies of Sacyr Group may collect personal data from their employees related to corporate events held inside or outside the usual workplace, for which occasionally, it will be necessary to collect data related to food intolerances or allergies, thus guaranteeing the safety of attendees.
3. Legal basis of processing
- User consent expressed through the sending a communication through the Ethics Channel, together with the need for processing for the maintenance or fulfillment of a contractual relationship, are the bases that legitimize this processing.
- In order to manage the job applications received through our Careers page, we shall process the data of the users based on the consent that this provides to the processing of their data, through the inclusion of their data in our form and/or through the sending of data through email.
- Sacyr shall process the data of the suppliers' representatives including Providers Access based on the performance of the contract that we hold with the supplier.
- Sacyr shall process the data of the users who provide such data to us through the registration in Sacyr iChallenges on the basis of the consent that we shall request from them.
- In the event of express consent from the users, Sacyr shall send commercial communications by email or other means of electronic communication, or will process personal data for the organization of corporate events inside or outside the usual workplace.
4. Recipients of data and international transfers.
Your personal data may be transferred to Administrations, Authorities and Public Organizations, including Courts and Tribunals, when required by applicable regulations.
Similarly, Sacyr has collaborators who provide services, such as IT and web maintenance companies, legal services and administrative agencies that, in connection with the provision of their services, access Sacyr's personal data, about which could be the controller or the processor.
Sacyr carries out a selection and control of these third parties with which it has signed data protection agreements, through which they undertake to follow a series of obligations in terms of data protection. Other than the above assumptions, Sacyr does not communicate your personal data to any additional third party. In the event that any of our service providers which are personal data processors are located outside the EU, Sacyr shall adopt all measures that are applicable in accordance with the regulations designed to ensure the proper transfers of personal data to third countries or international organisations.
5. Storage of personal data
Personal data shall be kept for the period of time during which any legal liability may arise (that is, up to the prescription of liability that may arise from the regulations on data protection or cybersecurity).
6. Rights of users regarding data protection.
Users can exercise their rights of access, rectification, deletion, opposition, limitation of processing and portability, as well as revoke the consent given, regarding the processing for which Sacyr, S.A. is responsible by writing to the person responsible, accrediting their identity, to the following address: Condesa de Venadito 7, 28027, Madrid or by sending an email to protecciondedatos@sacyr.com, providing your ID or equivalent document, identifying yourself as a user of the contact page of Sacyr, S.A., and specifying your request.
Should users want more information or consider that their data portection rights have been breached, they may contact the Spanish Agency for Data Protection (www.aepd.es) or the Sacyr Data Protection Delegate .
7. Security measures
Sacyr has adopted all the necessary security measures to ensure the integrity, security and storage of personal data stored in their systems, in accordance with the provisions of current legislation on data protection, recognizing and appreciating the importance of the responsible use of the information herein.
8. Additional Information
Should the users have any questions about the information contained in our Privacy Policy, please send an email to: dpo@sacyr.com.
9. Lei Brasileira de Proteção de Dados. Identificação do responsável local.
Em atendimento à legislação brasileira de proteção à privacidade de dados pessoais, a SACYR mantém profissional com as atribuições de Encarregado de Dados Pessoais, pessoa indicada para atuar como canal de comunicação entre as sociedades empresárias do Grupo no Brasil, de um lado, e titulares de dados pessoais e a Autoridade Nacional de Proteção de Dados (ANPD), de outro.
Caso o Titular de Dados Pessoais tenha dúvidas sobre o tratamento de seus dados pelo GRUPO SACYR e suas sociedades empresárias com atuação no Brasil, ou quaisquer solicitações no âmbito da Lei Geral de Proteção de Dados Pessoais (LGPD) relacionadas às nossas atividades no país, é possível entrar em contato por meio de e-mail direcionado ao Encarregado de Dados Sacyr abaixo identificado:
Ana C. Alves (Encarregada SACYR Brasil)
E-mail: dpobrasil@sacyr.com