Privacy Policy

Your privacy is important to Grupo Cunext, which is why we are committed to processing your personal data appropriately and responsibly,
at all times adhering to data protection principles and fully complying with current legislation
(Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons
with regard to the processing of personal data and on the free movement of such data – GDPR – and Organic Law 3/2018 of 5 December
on the Protection of Personal Data and the Guarantee of Digital Rights – LOPD).

In this privacy notice, we provide detailed information on who is responsible for processing your personal data, for what purposes and why it is
used, how long it is retained, and whether it will be transferred or disclosed.

To ensure you have full control over your personal data, we explain to whom and how you can exercise your rights.

Data controller

The company within the Cunext Group with which you have carried out any of the activities subject to processing as defined in this privacy notice shall act as the data controller; further details are provided below:

 

Treatment activities

1. Commercial contacts

    • Purpose: Exchange of communications in connection with the commercial activities carried out between the various companies of the Cunext Group and their customers or suppliers.
    • Legal basis: Legitimate interest (Article 6(1)(f) of the GDPR and Article 19 of the LOPD).
    • Retention period: he limitation period for obligations relating to services arising from ongoing commercial and/or business relationships.
    • Recipients: No transfer or disclosure is envisaged.

 

2. Communications made through the Ethics Channel

    • Purpose: Management, processing and investigation of communications submitted through the Ethics Channel, as well as, where appropriate, the adoption of disciplinary measures or the handling of any legal proceedings arising therefrom.
    • Legal basis: Processing is necessary for compliance with legal obligations applicable to the data controller (Article 6(1)(c) of the GDPR), in relation to the legal obligation to establish a whistleblowing channel pursuant to Article 10 of Law 2/2023. Where the processing of special categories of personal data is required, the legal basis is that processing is necessary for reasons of substantial public interest (Article 9(2)(g) of the GDPR).
    • Retention period: The time strictly necessary to determine whether an investigation into the reported facts should be initiated and, in any event, no longer than three (3) months from receipt of the communication if no investigation has been initiated. If an investigation is initiated that may involve legal action, the data will be retained for the legally established limitation period for such actions.
    • Recipients: Where appropriate, the data may be disclosed to the judicial authorities, the Public Prosecutor’s Office, or the competent administrative authority within the framework of a criminal, disciplinary or sanctioning investigation.

 

3. Access control to facilities

    • Purpose: To identify individuals accessing the premises and to monitor them during their stay.
    • Legal basis: Legitimate interest (Article 6(1)(f) of the GDPR).
    • Retention period: The statutory limitation period applicable to any minor or serious offences that may be committed.
    • Recipients: No disclosures are envisaged, except in the event of potential security incidents, which may be reported, where appropriate, to law enforcement authorities.

 

4. Video surveillance

  • Purpose: Security of individuals, property and facilities.
  • Legal basis: Public interest (Article 6(1)(e) of the GDPR and Article 22 of the LOPD).
  • Retention period: One (1) month.
  • Destinatarios: No se prevén, salvo supuestos de posibles incidentes de seguridad, que serían comunicados en su caso, a las fuerzas del orden público

 

We do not carry out any automated decision-making based on the data provided, nor do we create any profiles using such data.

 

Rights

You have the right to obtain confirmation as to whether or not we are processing personal data concerning you. Data subjects have the right to access their personal data, as well as to request the rectification of inaccurate data or, where appropriate, to request its erasure, among other reasons, where the data are no longer necessary for the purposes for which they were collected.

In certain circumstances (in the case of requests for rectification, erasure, objection, or restriction prior to erasure), data subjects have the right to restriction of processing. You also have the right to data portability.

In any case, you may lodge a complaint with the Spanish Data Protection Agency(www.aepd.es).

Data subjects may exercise their rights or submit their requests to our Data Protection Officer via email at:
dpd@cunext.com.