Data protection law includes principles, categories of data, numbers and roles in the company, various procedures for obtaining user consent and many other elements that force companies to respect them.
The problem is that some think it only affects digital businesses and theirs relationships with customers. The first thing you should know is that you can use the website of the Spanish Data Protection Agency.
Processing of Customer Data
Customers are those people with whom a business relationship is maintained. The definition includes different categories of personal data: those necessary for the maintenance of the business relationship and its management, such as B. Billing, sending postal or email marketing, customer service and loyalty; Identification data: name and surname, NIF, postal address, telephone numbers, email and finally bank details: for payments by direct debit.
Information clause: This is an example of the text that must be included on all forms you use to collect personal information from your customers, whether it’s on paper or through a web form:
Responsible: Identity: pepe – CIF: 55555555Q Postal address: calle XXXX Telephone: 555555555 Email: XXXXX@……com
“On behalf of the company, we process the information you provide to us in order to provide the requested service and billing. The data provided will be kept for as long as the commercial relationship lasts or during the years necessary to comply with legal obligations. The data will not be passed on to third parties, unless there is a legal obligation. You have the right to obtain confirmation as to whether “pepe” is processing your personal data, therefore you have the right to access your personal data, rectify inaccurate data or request its deletion when the data is no longer necessary.
Likewise, I request your permission to offer you products and services related to those requested and to keep you as a customer.” Next, two unique boxes must be filled in for the recipient to mark a YES or a NO. If the answer is the second, then in no case will you not be able to send advertising later.
Data processing with potential customers
This contains the data necessary to carry out the commercial advertising of the company. These are those that correspond to the identification: first and last name and postal address, telephone numbers, email.
As for obtaining the data of these prospects, it can only be extracted when provided voluntarily or from publicly available sources that are not penetrated by the Internet. The only publicly available sources are: the advertising count, from which the name, surname and address of the people registered there can be taken; the telephone book (regulated by current regulations); List of people who belong to a professional group, from which only their name, occupation, title, activity, academic degree, professional address and information about their membership in this group can be taken; official newspapers and bulletins (with some exceptions) and the media.
Also keep in mind that this affects the common practice of many companies of making business calls at home or sending emails for the same purpose. According to the new regulation, this is only possible if they are customers and the commercial calls are related to the contracted product or service. It should also be borne in mind that the Data Protection Regulation requires explicit, affirmative and unequivocal consent, so they must give their consent in this way. If they are former customers, they should delete the personal data as the purpose for which it was collected is no longer fulfilled. If the data has been extracted from publicly available sources, the regulation contains an article that specifies what to do. In the case of e-mails, they must have given their consent (on paper or in digital form) in order to send commercial e-mails.
Information clause: The text to be recorded is:
Responsible: Identity: pepe – CIF: 55555555Q Postal address: calle paco Telephone: 555555555 Email: XXXXX@……com
“On behalf of the company, we process the information you provide to us in order to send you advertising about our products and services by any means (post, email or telephone) and to invite you to company events. The data provided will be kept as long as you do not request the termination of the activity. The data will not be passed on to third parties, unless there is a legal obligation. You have the right to obtain confirmation as to whether we are processing your personal data at pepe, therefore you have the right to access your personal data, correct inaccurate data or request its deletion, if the data is relevant for the purposes for which they are no longer required, are no longer required has been collected”.
Warning: “If you purchase personal information from third parties to promote their products and services, you must consider that it comes from publicly available sources and is verified with the Robinson List.” Clear.
Processing of applicant data
This is the data that the applicant voluntarily provides for a position in a specific company. This usually includes personal data as well as school and professional data. They may only be used for the purpose that triggered them and must be deleted within one year of the application being made.
Information clause: You must include it in all forms you use to collect personal information from job applicants, whether it’s on paper or through a web form:
Responsible: Identity: pepe – CIF: 55555555Q Postal address: calle paco Telephone: 555555555 Email: XXXXX@……com
“On behalf of the company, we treat the information you provide to us to keep you informed of the various job opportunities within our company. The data provided will be kept until the order is placed or until you exercise your right of withdrawal, therefore you have the right to access your personal data, rectify inaccurate data or request its deletion when the data is no longer necessary. The data will not be shared with third parties.”
If applicants submit their CV on plain paper without a form, they will be asked to sign a dated form with the above information.
supplier data
It is the data collected to manage the relationship with the suppliers of products and services. The data is all data necessary for maintaining the employment relationship, such as identification, name, NIF, postal address, telephone numbers, email. The data may be kept until the deadlines established by tax legislation to establish responsibilities.
Information clause. The text must be included in all forms you use to collect personal data from suppliers, e.g. B. Invoices:
Responsible: Identity: pepe – CIF: 55555555Q Postal address: calle paco Telephone: 555555555 Email: XXXXX@……com
“On behalf of the company, we process the information you provide to us to place an order and bill for the services. The data provided will be kept for as long as the commercial relationship lasts or during the years necessary to comply with legal obligations. The data will not be passed on to third parties, unless there is a legal obligation. You have the right to obtain confirmation as to whether we are processing your personal data at pepe, therefore you have the right to access your personal data, correct inaccurate data or request its deletion when the data is no longer necessary. “
If suppliers provide their data through another system, they will be asked to sign a dated form containing the above information.
warning: “Do not forget to sign the last page of each contract received.”
service company
Finally, it is worth noting what happens to the companies that provide services to the parent company, e.g. B. a hosting company. In this case, your contract with the company providing the service must contain the following contractual clauses:
clauses: “Through these clauses, the hosting company, as data controller, is allowed to treat, on behalf of XXXXX as data controller, the personal data necessary to provide the service described below. The treatment will consist of a hosting company. For the execution of the benefits deriving from the fulfillment of the purpose of this contract, the entity responsible for the treatment XXXXXX provides the entity of the hosting company with the information available in the computer equipment that performs the data processing carried out by the person supports responsible. . Term: This Agreement has a term of XXXXXX, renewable. Upon termination of this contract, the person responsible for the treatment must return the personal data to the responsible person and delete all copies that he has in his possession. However, you can keep the data blocked in order to comply with possible administrative or judicial responsibilities.
Other clauses
In addition to those referred to in the consent to the processing of personal data, it is also important to have clauses for the transfer of personal data image rights in cases where, for example, they have profiles on social networks and want to publish photos of an event or action, these clauses must always be signed.
Talk about the employees Any data related to the employment relationship may be collected, ie personal identification data (first name, last name, social security number, postal address, telephone numbers, e-mail), academic, professional and bank details. They can all be transferred to the Employment Agency and kept as long as the responsibilities do not expire. In this sense, it is also appropriate to introduce a clause giving the Agency the power to handle this data in order to provide its service. and Automatic Renewal, which will be automatically renewed unless otherwise decided by either party.
In the event that the company uses video surveillance for the facilities, your consent is not required if the processing of your personal data would be based on another legal basis: legitimate interest, that is, it is considered a necessary measure for security or the proper functioning of the company concerned.
Father’s Day gifts suggested by influencers
Typical mistakes when setting up a fashion online shop
what is it and what are its properties
How to choose the best sales system for your business
US Export Guide
10 successful companies in Spain that generate billions of euros
Learn how to make money with your business
How to get more followers on Instagram: 5 tips
How to price your services
The prestige of your product with a “waiting list”
Is it good to share your business ideas?
Eneko Knorr: “I like founding companies, not managing them”
How to go from supplier of Inditex to manufacturer of successful brands
Business plan for starting a restaurant
Email Marketing Benefits You Shouldn’t Miss
Designing ecological stoves
The Marlboro Cowboy Strategy
Financial expenses you need to consider
Business Opportunities in Uruguay
Have you ever had an idea stolen by a partner, boss or colleague?
What are the qualities of an entrepreneur? Ensure your success!
How to create a business blog
12 ways to build your online business
Demo Day Coworking EOI: Make your entrepreneurial project a success
Retail: definition, characteristics and example
9 solid business models for your business idea
A Spaniard among the best inventors in the world as a finalist for the European Inventor Award 2021
Invest in the stock market like someone ordering a pizza
The false business myths of the pre-Covid era
