Privacy Policy


  1.  INTRODUCTION

NATRA S.A. reserves the right to amend this Policy to adapt it to new legislation, case-law criteria, industry practices, or the company’s interests. Any amendment will be announced duly beforehand, so that you are fully aware of its contents.

In order to provide you with certain services, it is necessary to manage your personal data. For these purposes, such data will be incorporated into the corresponding data processing activities of NATRA, S.A. The data will be processed for the specific purpose of each processing, mainly in accordance with the rules established by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) and the specific legislation on data protection according to the jurisdiction applicable to the different Group companies.

 

2. GENERAL INFORMATION

Below, we provide general information on the privacy and personal data protection safeguards applied to the processing activities carried out on the Portal and by other means:

 

  1. Who is the Data Controller of your personal data?

Without prejudice to the status of Data Controller that may be held by the different Group companies, among other factors, depending on the data subjects, the type of processing and the applicable jurisdiction, NATRA S.A., as owner of this website, holds the status of Data Controller, with registered office for these purposes at:

Calle del Poeta Joan Maragall 1 – 1er.  Piso
Edificio Eurocentro
28020 – Madrid
Contact telephone number: (+34) 914178868

 

  1. Why do we process your personal data?

The purpose of collecting and processing personal data, through the various website forms made available to users, is, as appropriate, to manage and respond to requests for information, questions, complaints, claims, compliments or suggestions to publications or any services or activities, events or events provided, offered or sponsored.

 

  1. What is the lawful basis that legitimizes the processing of your personal data? Viz, what is the basis for or the reason why we are able to process your personal data?

The lawful basis that allows us to process your personal data is as follows; (i) the consent given by you by signing or accepting the relevant forms, for one or more specific purposes; (ii) and, where appropriate, the performance of a contract to which you are a party, as a contractor or successful bidder. 

 

  1. For how long do we store your personal data?

We will store your personal data for the corresponding period of time in order to maintain a record of customer service and to manage our services efficiently, and providing the person concerned does not request the erasure of such data. Even if erasure is requested, the data will remain blocked for the necessary time, restricting the processing thereof, only for one of the following reasons: to comply with legal/contractual obligations of any kind to which we are subject and/or during the legal periods during which we could be liable and/or the exercise or defence of claims arising from the relationship with the data subject.

 

  1. Who should keep the data up to date?

On the other hand, to ensure that the data in our computer and/or paper files always correspond to reality, we will try to keep them updated. Accordingly, for these purposes, the User must make the changes directly, when so enabled or by communicating, using irrefutable means, to the corresponding area or department of NATRA S.A. and/or of the other Group companies.

 

  1. Who may be assignees or recipients of your personal data?

Personal data will not be transferred or disclosed to third parties, except in the cases necessary for the development, control and fulfilment of the purpose/s expressed, in those cases provided for in law. Depending on the type of processing, there may be international transfers. Group companies that process data in countries within the European Economic Area are subject to the GDPR. In relation to our Canada-based companies, there is a Commission Adequacy Decision: Commission Decision 2002/2/EC of 20 December 2001, with regard to companies subject to the scope of application of the Canadian Data Protection Act.

 

  1. Personal data security

Without prejudice to the security measures appropriate to the risk and their corresponding applicable legal frameworks adopted by the different Group companies, NATRA, S.A. will introduce the appropriate technical and organisational measures in its IT system, in compliance with the principle of accountability. This is to guarantee the security and confidentiality of the data stored, thus avoiding their alteration, loss, unauthorised processing or access; taking into account the state of the art, the costs of application, and the nature, scope, context and purposes of the processing, as well as risks of varying likelihood and severity associated with each of the processing operations.

 

  1. What are your data protection rights and how can you exercise them?

You may exercise your rights to access, rectification, erasure, restriction on processing, data portability or, where appropriate, objection. For this purpose, you must write to NATRA S.A., Calle del Poeta Joan Maragall 1 – 1er.  Piso, Edificio Eurocentro, 28020 – Madrid, Spain, or through the email address: dataprotection@natra.com. Your application must specify which of these rights you are requesting and, in turn, you must provide or, in the case of postal mail, attach a photocopy of your ID card or equivalent ID document. If you are acting through a legal or voluntary representative, they must also provide a document proving the representation and their ID document. If you believe that your right to personal data protection has been violated, you may file a complaint with the Spanish Data Protection Agency ( www.aepd.es).

 

  • ADDITIONAL INFORMATION ON DATA PROTECTION

 

  1. CANDIDATES

The purpose of processing your curricular data is to carry out the processes of personnel recruitment in our organisation.

The lawfulness of the processing is based on Article 6.1.a) of the GDPR: the data subject consented to the processing of their personal data for one or more specific purposes.

Your data will not be disclosed or communicated to third parties. Personal data may be disclosed to other Group companies, provided you have given us your explicit consent beforehand. Group companies that process data in countries within the European Economic Area are subject to the GDPR. In relation to our Canada-based companies, there is a Commission Adequacy Decision: Commission Decision 2002/2/EC of 20 December 2001, with regard to companies subject to the scope of application of the Canadian Data Protection Act.

The CV will be kept as long as the data subject has explicitly given their consent.

 

  1. CUSTOMERS

Your personal data will be used for the purpose of maintaining relations of any kind with our customers as a result of the contractual relationship that we maintain, in particular with regard to economic, administrative and tax management, quality, and personalised attention necessary to comply with the contractual relationship.

The lawfulness of the processing is based on Article 6.1.b) of the GDPR: the processing is necessary for the performance of a contract to which the data subject is party or for the implementation at the request of the data subject of pre-contractual measures, and 6.1c) the processing is necessary for compliance with a legal obligation applicable to the data controller.

The data will not be disclosed to third parties, unless they are communicated to public or private entities, to which it is necessary or mandatory to transfer them in order to manage the contractual relationship, as well as in the cases provided for by law. Group companies that process data in countries within the European Economic Area are subject to the GDPR. In relation to our Canada-based companies, there is a Commission Adequacy Decision: Commission Decision 2002/2/EC of 20 December 2001, with regard to companies subject to the scope of application of the Canadian Data Protection Act.

Your personal data will be stored for the duration of the established relationship and, once it has ended, they will be stored in accordance with the legal storage periods for economic and tax matters which, depending on the document type, can range from a minimum of 4 years to a maximum of 10 years.

 

  1. SUPPLIERS

The lawful basis that legitimizes the processing of data is the contractual relationship, for the formalisation and performance of the same.

The purpose of data processing is to maintain the contractual relationship, vis-à-vis the economic and technical aspects arising therefrom, as well as the development and control of the service(s) contracted and, if applicable, the sending of information on the incidents related thereto.

The data will not be disclosed to third parties, unless they are communicated to public or private entities, to which it is necessary or mandatory to transfer them in order to manage the contractual relationship, as well as in the cases provided for by law. Group companies that process data in countries within the European Economic Area are subject to the GDPR. In relation to our Canada-based companies, there is a Commission Adequacy Decision: Commission Decision 2002/2/EC of 20 December 2001, with regard to companies subject to the scope of application of the Canadian Data Protection Act.

The data will be stored for the time necessary to fulfil the purpose for which they were collected and to determine the possible liabilities that may arise from that purpose and the processing of the data and may be required by the competent public authorities (Tax Agency or Courts).

 

  1. SOCIAL MEDIA

NATRA has different profiles on social media to publicise its activities and to interact with users. Users of these social media who voluntarily decide to follow or be friends with NATRA, signify their consent to the processing of their personal data relating to their profile in order to interact on social media. NATRA does not collect data from social media for purposes other than those mentioned. The use of social media involves an international transfer of data for the provision of the service according to the owner of the social media through which you interact with NATRA S.A. In the case of LinkedIn, this communication is made on the basis of the adoption by the social media of standard contractual clauses, in accordance with COMMISSION ENFORCEMENT DECISION (EU) 2021/914 of 4 June 2021. You may at any time cease to follow or be friends with NATRA.

The user must respect the rights of third parties, especially the rights of privacy and data protection, as well as intellectual and industrial property regulations, in all information published on the NATRA website. The publication of information that in any way violates morals, public order, fundamental rights, public freedoms, with special attention to the honour, privacy or image of third parties and, in general, human rights, is prohibited. The user will be the sole party responsible for the information they publish.

We recommend you review the privacy settings of the social media and we attach a link to the different privacy policies:

LinkedIn https://es.linkedin.com/legal/privacy-policy

 

  1. EMAIL

The personal data we process as a result of the reception and/or exchange of emails, will be processed in order to attend and respond to your request for information or query, to maintain commercial or professional contacts and relationships that occur as a result of the same, or for the maintenance of any contractual relationship.

The lawful basis that legitimizes the processing of data is your consent expressed through your communication with our group companies.

The data will not be disclosed to third parties, unless they are communicated to public or private entities, to which it is necessary or mandatory to transfer them in order to manage the contractual relationship, as well as in the cases provided for by law. Group companies that process data in countries within the European Economic Area are subject to the GDPR. In relation to our Canada-based companies, there is a Commission Adequacy Decision: Commission Decision 2002/2/EC of 20 December 2001, with regard to companies subject to the scope of application of the Canadian Data Protection Act.

The data will be stored for the time necessary to fulfil the purpose for which they were collected and to determine the possible liabilities that may arise from that purpose and the processing of the data and may be required by the competent public authorities (Tax Agency or Courts).