"VELCA MOTOR": RHINO ELECTRIC MOTORS SL, constituted in a public deed granted to Mr. Carlos Hidobro Arreba, Notary of Madrid, and registered in the Mercantile Registry on November 09, 2019, with CIF number: B-88.517.784.

Contact details of the person in charge: Rhino Electric Motors SL (B88517784) with tax address at Piedmont, 23, 28004. Madrid. Spain and contact email hello@velcamotor.com

You can find all the information regarding the protection of user data in our Privacy Policy.

This website uses cookies to collect information and improve the user experience. You can find more information on the use of cookies in our Cookie Policy.

Website content

Responsibility for the content of the Website

The Website contains texts prepared for merely informative or informative purposes. The opinions expressed in them do not necessarily reflect the views of.Rhino Electric Motors SL

The external links contained in this Website lead to sites managed by third parties. Rhino Electric Motors SL is not responsible for the contents or the state of said sites. The use of external links does not imply that Rhino Electric Motors SL Recommend or approve the contents of the landing pages.

Regulations and conflict resolution

These Conditions of Use of the Website are governed in each and every one of its extremes by Spanish law. The language of writing and interpretation of this legal notice is Spanish. This legal notice will not be filed individually for each user but will remain accessible through the Internet in this same Public Data.

To resolve any controversy or claim derived from any activity of Rhino Electric Motors SL, it must be done before the Spanish Courts.

Users who have the status of consumers or users as defined by Spanish regulations and reside in the European Union, if they have had a problem with an online purchase made from Rhino Electric Motors SL, to try to reach an out-of-court agreement can go to the Online Dispute Resolution Platform, created by the European Union and developed by the European Commission under the Regulation (EU) 524 / 2013.

Provided that the User is not a consumer or user, and when there is no rule that obliges otherwise, the parties agree to submit to the Courts and Tribunals of Madrid capital, as this is the place of conclusion of the contract, expressly waiving any other jurisdiction that may correspond to them.

Return policy and right of withdrawal

The customer will have 14 days to proceed with the return of the product purchased from the receipt of the same.

RECORD OF TREATMENT ACTIVITIES

The processing of personal data is carried out by Rhino Electric Motors SL always after having applied appropriate technical and organizational measures to guarantee a level of security appropriate to the risk. Each of them seeks to guarantee the permanent confidentiality, integrity, availability and resilience of the treatment systems and services. Likewise, it regularly carries out processes of verification, evaluation and assessment of the effectiveness of technical and organizational measures to guarantee the security of the treatment. Annually performs a full audit.

The minimum measures that Rhino Electric Motors SL applies are the following:

a) Physical:

  • 'Clean tables' policy.
  • Minimal use of paper or similar media.
  • Own printer or with password in case there are third parties with access to the output tray.
  • Own cross cut shredder for documents.
  • Own fireproof cabinets with specific locks.
  • Classified and labeled documents.
  • Workplaces protected with their own security measures and contracted to third parties, with the impossibility of access to unauthorized persons.

b) Logic:

  • Only and always original, updated and officially licensed software. Automatic update has been activated, whenever the system allows it.
  • Terminals that are dual-use will have an exclusive profile for professional purposes.
  • Disk encryption and additionally per file encryption.
  • Ability to restore the availability and access to personal data quickly in the event of a physical or technical incident thanks to a specific service contracted from a trusted provider, which includes making incremental backups for each change made and complete backups made periodically both by that same provider and, on a monthly basis, by the person in charge.
  • Firewall and updated protection systems endpoint in all terminals.
  • VPN contracted from a trusted provider for all terminals.
  • Mobile anchoring, except in trusted networks.
  • Different passwords in each application, periodically changed and stored encrypted in an official password manager provided by a trusted provider and reinforced with its own private key.
  • 2FA systems in applications and sites on the Internet.
  • Common protection tools: user blocked when not in use, privacy filter for screens, screensaver with password lock and USB shield to prevent data synchronization, among others.

Security measures are periodically reviewed, both manually and through specific software.

The Website of Rhino Electric Motors SL (velcamotor.com) has an SSL TLS v.1.2 encryption and its own security systems and others contracted from trusted third parties. The status of security measures is periodically reviewed manually and through specific solutions both installed and online (examples: SSL LabsSucuri o HTBridgeSecurity HeadersCookie Checker)

c) Organizational:

Velca treats the data by itself and, where appropriate, through third parties duly authorized by the interested parties or with whom it has contracts of data processor adapted to current regulations.

Criteria for the use of digital devices

E-mail and other data storage or communication instruments, as well as fixed or mobile terminals are exclusively work tools provided by Velca for the performance of labor or commercial functions, according to the contract, and may not be used for purposes personal, domestic or for professional purposes other than those agreed. Velca may make backup copies and access the content derived from the use of these media for the sole purpose of controlling compliance with labor, statutory or commercial obligations and to guarantee the integrity of said devices. In any case, the accesses will be made in accordance with the data protection regulations and ensuring the protection of the privacy of those affected.

Users may not allow third-party access to accounts and devices that have been entrusted to them by Velca due to their employment or commercial relationship. Once the reason for the delivery has ceased, the user's credentials will be withdrawn and the content will be deleted, and must be blocked for the appropriate time. The messages that are received in these accounts will be redirected to an institutional account (hello @) not assigned to a particular person but controlled by Rhino Electric Motors SL or, until his cessation, the person designated by him.

Data suppression and media destruction protocol

Local data is deleted, as well as backup copies of these on storage servers, on those intended for the provision of email services and on backup media located in places other than work or the usual home. Exceptions are cases in which the person in charge requests the return and when there is legal justification, which will be documented in each case, to maintain or safeguard the data beyond the provision of the service. The destruction of media will be done by physically guaranteeing the impossibility of extracting data.

Actions against security breaches

When personal data security violations occur, such as theft of documents or improper access to personal data, the person in charge will notify the Spanish Agency for Data Protection within 72 hours of said security violations. , including all the information necessary to clarify the facts that would have given rise to improper access to personal data. The notification will be made by electronic means through the electronic headquarters of the Spanish Agency for Data Protection. If for the case it is useful, you can use the guide that explains'How to manage an information leak in a law firm'.

Analysis of user navigation through the websites and social profiles managed by the person in charge in order to improve communication activity and allow third parties to learn from the user and show them personalized advertising for the financial benefit of themselves and the person in charge.

Co-responsibility in social networks: Rhino Electric Motors SL is jointly responsible, together with the owners of the social networks indicated and linked in the "website owner" tab, of the treatment corresponding to the initial collection of user data. These are the main joint controllers for the purposes of data management and receipt of requests for the exercise of rights by the interested parties. The owners of each of the social networks are, for their part, solely responsible or with third parties for the treatments they carry out once they have obtained the data.

1.- Collective

Users who access websites or social profiles managed by the person in charge.

2.- Data Categories

The type of data that is treated for this activity is the following:

  • Chain of browser user agents and IP address relationship, together with graphs and total values ​​on the navigation of all users for each of the pages of the website. These data are shown in a disaggregated way, so that they do not allow the person in charge to identify the users.
  • Third parties who have been entrusted with this treatment may have access to user identification data by connecting their browsing activities with other information available to them.

3.- Purposes of the treatment

Treatments are carried out with two related purposes:

  • Analytical purpose: Analysis of user navigation through the websites and social profiles managed by the person in charge in order to implement improvements in communication activity. It also allows third parties to know this user activity.
  • Advertising purpose: Allow third parties to learn from the user and show them personalized advertising in order for the person responsible to obtain economic benefit.

4.- Legal basis

This data processing finds its legal justification in that it is necessary for the satisfaction of legitimate interests pursued by the person responsible for the treatment. (art. 6.1.f of the General Data Protection Regulation). In particular, these legitimate interests consist in obtaining information that allows the activities of the person in charge to be improved and in obtaining income through their own advertising systems and those of third parties.

5.- Third parties with access to data

Google LLC

  • Description: American entity adhered to the Privacy Shield or Privacy Shield (see Google's tab in the Privacy Shield), with Privacy Policy own.
  • Contact: Torre Picasso, Plaza Pablo Ruiz Picasso, 1, 28020 Madrid. Form.
  • International transfer: Yes.
  • Treatments:
    • FeedBurner: Analytics through the automatic updates service or subscription via feed of the Website, without agreement of the person in charge of the treatment. This service is managed through FeedBurner, from Google LLC. The interested parties provide their email address after having explicitly given their consent to the proposed transfer and after having been informed of the possible risks for them of said transfer due to the absence of a decision on adequacy and adequate guarantees.
    • UAF YouTube: Analytics of video views through the service Google Analytics.

 Twitter Inc

  • Description: American entity adhered to the Privacy Shield or Privacy Shield (see Twitter page in the Privacy Shield), with own privacy policy.
  • Contact: 1355 Market Street # 900 San Francisco, California 94103. Form.
  • International transfer: Yes.
  • Treatments:
    • Twitter Analytics: Analytical service of each interaction of users with the publications of the person in charge on the social network Twitter. It generates an analytical report of global interactions, which it makes available to the person in charge.

GoDaddy Iberia SLU (formerly, HostEurope or RedCoruna)

  • Description: Spanish entity, with own privacy policy.
  • Contact: Avda. Coruña 36, ​​left mezzanine
    27003 Lugo. Form.
  • International transfer: No.
  • Treatments:
    • [currently not used] AWStats: Analytical service of users of the Website, through passive browser fingerprinting, on the contracted server.

6.- Recipients category

Data communications are not foreseen.

7.- International transfer

International transfers are planned to the US companies listed in the "Third parties with access to data" section.

The international transfers indicated in the records of cross-processing activities are made as long as the interested party provides data through the website of the person in charge or their social profiles or sends a communication to the person in charge or receives it from him.

No other international data transfers are planned.

8.- Deletion period

The data is deleted after the following conservation periods:

  • Google LLC: approximately 26 months (Privacy Policy).
  • Twitter: as long as they are needed (Privacy Policy).
  • GoDaddy Iberia SLU: 12 months (verified by the person in charge).

However, the data may be kept for a longer period of time to attend to the possible responsibilities that may arise from the processing of the data or the activities of the users.

9.- Data protection officer

It is not required for this treatment, due to the data processed and as its manager executes it, in accordance with the provisions of article 37 of the General Data Protection Regulation and in article 34 of the Organic Law 3 / 2018.

10.- Impact evaluation

It is not required for this treatment, due to the data processed and as its manager executes it, in accordance with the provisions of article 35 of the General Data Protection Regulation and in article 28 of the Organic Law 3 / 2018.

11.- Risk analysis

A risk analysis has been prepared on the security of the data. The security measures are those referred to above. Periodically and whenever a change occurs, the effectiveness of the security measures implemented is reviewed and evaluated. This evaluation is also done whenever there is an update on the systems. For the logical measures, there is the collaboration of a computer team.

The person in charge carries out its promotional activity in the media, congresses, educational institutions and through this Website, including the service or secondary web pages and their social profiles indicated in the 'Website Owner' tab.

1.- Collective

Interested in the activities and information about the activities of the person in charge or the content that he creates or publishes.

2.- Data Categories

The type of data that is treated for this activity is the following:

  • Main identifying data: Name and surname; Username
  • Other information: DNI, NIF or identification document; physical or electronic address; firm; telephone and sector of activity.

3.- Purposes of the treatment

The purposes of the treatment is advertising and commercial prospecting, including: sending communications, advertising and information, conducting opinion polls, commercial prospecting, market segmentation, decision-making aid system and collection of addresses.

4.- Legal Basis

This data processing finds its legal justification in that it is necessary for the satisfaction of legitimate interests pursued by the person responsible for the treatment. (art. 6.1.f of the General Data Protection Regulation). In particular, these legitimate interests consist of creating an image, improving reputation, generating or maintaining conversations on topics of interest and attracting users and potential clients, partners and collaborators, all of this also through marketing actions. direct and obtaining historical and statistical data.

In the event that a service is offered (for example, the subscription to the blog), the treatment will have its legal basis in that it is necessary for the execution of a contract in which the interested party is a party or for the application at the request of the latter of measures pre-contractual (art. 6.1.b of the General Data Protection Regulation).

5.- Third parties with access to data

Google LLC

  • Description: American entity adhered to the Privacy Shield or Privacy Shield (see Google's tab in the Privacy Shield), with Privacy Policy own.
  • Contact: Torre Picasso, Plaza Pablo Ruiz Picasso, 1, 28020 Madrid. Form.
  • International transfer: Yes.
  • Treatments:
    • G Suite: Set of office automation solutions through which the person in charge receives and sends communications.
    • FeedBurner: Subscription solution via feed to the Website of the person in charge through which it sends the contents that are published daily to the email addresses of the subscribers. The service is managed with a double verification factor (email with link) to guarantee that consent is expressly obtained for this activity.

 Twitter Inc

LinkedIn Corporation

GoDaddy Iberia SLU (formerly, HostEurope or RedCoruna)

  • Description: Spanish entity, with own privacy policy.
  • Contact: Avda. Coruña 36, ​​left mezzanine
    27003 Lugo. Form.
  • International transfer: No.
  • Treatments:
    • Hosting: Hosting service of the main website of the person in charge, through which the provider has access to the data that users provide or transmit through it.
    • Mail: Email service for receiving and sending communications.

Others: The person in charge makes use of auxiliary managers such as messaging or telecommunications services, for the reception and forwarding of messages and data.

5.- Recipients category

Data communications are not foreseen.

6.- International transfer

International transfers are planned to the US companies listed in the "Third parties with access to data" section.

The international transfers indicated in the records of cross-processing activities are made as long as the interested party provides data through the website of the person in charge or their social profiles or sends a communication to the person in charge or receives it from him.

No other international data transfers are planned.

7.- Deletion period

Feed: The personal data of those interested in receiving information, including those subscribed to the feed by e-mail, will be kept in the system indefinitely as long as the interested party does not request its deletion.

Comments on the responsible's websites: Comments and their metadata are kept indefinitely so that subsequent comments can be recognized and approved automatically instead of being kept in a moderation queue. The cookies that you decide to create in your browser related to your comments will store your data for one year.

Activities: The personal data of the people registered in general activities will be deleted when they have finished.

Data published online by the person in charge: The personal data uploaded by the person in charge to web pages and profiles on social networks will be kept from the moment the user offers their consent until they withdraw it.

8.- Data protection officer

It is not required for this treatment, due to the data processed and as its manager executes it, in accordance with the provisions of article 37 of the General Data Protection Regulation and in article 34 of the Organic Law 3 / 2018.

9.- Impact evaluation

It is not required for this treatment, due to the data processed and as its manager executes it, in accordance with the provisions of article 35 of the General Data Protection Regulation and in article 28 of the Organic Law 3 / 2018.

10.- Risk analysis

A risk analysis has been prepared on the security of the data. The security measures are those referred to above. Periodically and whenever a change occurs, the effectiveness of the security measures implemented is reviewed and evaluated. This evaluation is also done whenever there is an update on the systems. For the logical measures, there is the collaboration of a computer team.

The person in charge analyzes the behavior of the users in their navigation through the website and the different social profiles in order to prevent and block logical attacks.

1.- Collective

Users who access websites or social profiles managed by the person in charge.

2.- Data Categories

The type of data that is treated for this activity is the following:

  • IP addresses.
  • Browser user agent string.

3.- Purposes of the treatment

Analyze the behavior of users in their navigation through the website and the different social profiles in order to prevent and block logical attacks.

4.- Legal basis

This data processing finds its legal justification in that it is necessary for the satisfaction of legitimate interests pursued by the person responsible for the treatment (art. 6.1.f of the General Data Protection Regulation). In particular, these legitimate interests consist of preventing the destruction or alteration of data and systems, as well as preventing access to them from being blocked or third parties from carrying out other unauthorized treatments.

5.- Third parties with access to data

Automattic Inc

  • Description: American entity adhered to the Privacy Shield or Privacy Shield (see Google's tab in the Privacy Shield), with own privacy policy.
  • Contact: 60 29th Street # 343, San Francisco, CA 94110, United States of America. Form.
  • International transfer: Yes.
  • Treatments through the websites of the person in charge
    • Akismet: When visitors leave comments on the web, the data displayed in the comment form is collected, as well as the visitor's IP address and browser user agent string to help spam detection.

Google LLC

  • Description: American entity adhered to the Privacy Shield or Privacy Shield (see Google's tab in the Privacy Shield), with Privacy Policy own.
  • Contact: Torre Picasso, Plaza Pablo Ruiz Picasso, 1, 28020 Madrid. Form.
  • International transfer: Yes.
  • Treatments:
    • Google services (Gmail, YouTube, etc.): The American company has implemented and maintains defense systems against intrusions and anti-malware systems in the different services used by the person in charge.

Defiant Inc

  • Description: US entity not adhering to the Privacy Shield or Privacy Shield, with a policy of own privacy and with which the person in charge has signed this data processor contract.
  • Contact: 800 5th Ave., Suite 4100, Seattle, WA 98104. Form.
  • International transfer: Yes.
  • Treatments:
    • Wordfence: WordPress security plugin (CMS used by the person in charge) through which the American company receives data from all users who browse and interact with the main website.

Smart Human Capital SL

  • Description: Spanish entity with which the person in charge has signed a contract for data processor.
  • Contact: Calle del Jazmín 66, Planta 5, 28033 Madrid, Spain. Form.
  • International transfer: No.
  • Treatments:
    • Cyber ​​Hawks Team: Intrusion attempts are made from time to time to try to find bugs in the system. The solution is planned and tested in the event that data is altered or deleted due to this activity.

6.- Recipients category

Data communications are not foreseen.

7.- International transfer

International transfers are planned to the US companies listed in the "Third parties with access to data" section.

The international transfers indicated in the records of cross-processing activities are made as long as the interested party provides data through the website of the person in charge or their social profiles or sends a communication to the person in charge or receives it from him.

No other international data transfers are planned.

8.- Deletion period

The data is deleted after the following conservation periods:

  • Automattic Inc: approximately 30 days (Privacy Policy).
  • Google LLC: approximately 26 months (Privacy Policy).
  • Defiant Inc: approximately 90 days (data processor contract)
  • Smart Human Capital SL: In the event that data were obtained, a copy of these would be delivered to the person in charge, deleting the original ones immediately (contract of data processor)

However, the data may be kept for a longer period of time to attend to the possible responsibilities that may arise from the processing of the data or the activities of the users.

9.- Data protection officer

It is not required for this treatment, due to the data processed and as its manager executes it, in accordance with the provisions of article 37 of the General Data Protection Regulation and in article 34 of the Organic Law 3 / 2018.

10.- Impact evaluation

It is not required for this treatment, due to the data processed and as its manager executes it, in accordance with the provisions of article 35 of the General Data Protection Regulation and in article 28 of the Organic Law 3 / 2018.

11.- Risk analysis

A risk analysis has been prepared on the security of the data. The security measures are those referred to above. Periodically and whenever a change occurs, the effectiveness of the security measures implemented is reviewed and evaluated. This evaluation is also done whenever there is an update on the systems. For the logical measures, there is the collaboration of a computer team.

The treatment consists of the own procedures linked to the exercise of rights of third parties over their data incorporated in files whose treatment corresponds to the person responsible in whole or in part.

1.- Collective

The natural persons whose data are processed are those, including the representatives of legal persons, who submit a request for the exercise of rights to Velca.

2.- Data Categories

The type of data that is treated for this activity is the following:

  • Name and surname; DNI, NIF or identification document; physical address; email address and signature.
  • Other data: Those that may be included in the exercise or that have to be processed due to the provision of the service, which may include data from special categories and related to convictions and criminal offenses.

3.- Purposes of the treatment

The purpose of the treatment consists of the own procedures linked to the exercise of third party rights over your data incorporated in files whose treatment corresponds to Velca in whole or in part.

4.- Legal Basis

This data processing finds its legal justification in that the treatment is necessary for compliance with a legal obligation applicable to the person responsible for the treatment, according to article 6.1.c) of the General Data Protection Regulation.

5.- Third parties with access to data

Data may be accessed, depending on the case, by the third parties indicated in the transversal treatments.

6.- Recipients category

No addressees are foreseen.

7.- International transfer

The international transfers indicated in the records of cross-processing activities are made as long as the interested party provides data through the website of the person in charge or their social profiles or sends a communication to the person in charge or receives it from him.

No other international data transfers are planned.

8.- Deletion period

They will be kept for the time necessary to fulfill the purpose for which they were collected and to determine the possible responsibilities that may arise from said purpose and from the processing of the data.

9.- Data protection officer

It is not required for this treatment, due to the data processed and as its manager executes it, in accordance with the provisions of article 37 of the General Data Protection Regulation and in article 34 of the Organic Law 3 / 2018.

10.- Impact evaluation

An impact assessment has been carried out only for the cases in which the affected data are part of a treatment that requires it, in accordance with the provisions of article 35 of the General Data Protection Regulation and in article 28 of the Organic Law 3 / 2018. In these cases, it has been included as its own section.

11.- Risk analysis

A risk analysis on the security of the data has been prepared as an integral part of the impact assessment. The security measures are those referred to above. Periodically and whenever a change occurs, the effectiveness of the security measures implemented is reviewed and evaluated. This evaluation is also done whenever there is an update on the systems. For the logical measures, there is the collaboration of a computer team.

The person in charge has providers that provide services such as office rental, web hosting and email service, among others.

1.- Collective

The people whose data are processed are the vendors or service providers or, if these were companies, the contact persons.

2.- Data Categories

The type of data that is treated for this activity is the following:

  • Identifying data: Name and surname, ID, address, telephone, image and signature.
  • Employment details: entity or body and position held.
  • Economic-financial data: bank details.

3.- Purposes of the treatment

The purpose of the treatment is the management and control of the relationship with suppliers.

4.- Legal Basis

This data processing finds its legal justification in the fact that it is necessary for the execution of a contract in which the interested party is a party or for the application at the request of the latter of pre-contractual measures (art. 6.1.b of the General Data Protection Regulation).

5.- Third parties with access to data

Data may be accessed, depending on the case, by the third parties indicated in the transversal treatments.

6.- Recipients category

The data may be communicated to financial entities and the State Tax Administration Agency.

7.- International transfer

The international transfers indicated in the records of cross-processing activities are made as long as the interested party provides data through the website of the person in charge or their social profiles or sends a communication to the person in charge or receives it from him.

No other international data transfers are planned.

8.- Deletion period

They will be kept for the time necessary to fulfill the purpose for which they were collected and to determine the possible responsibilities that may arise from said purpose and from the processing of the data.

9.- Data protection officer

It is not required for this treatment, due to the data processed and as its manager executes it, in accordance with the provisions of article 37 of the General Data Protection Regulation and in article 34 of the Organic Law 3 / 2018.

10.- Impact evaluation

It is not required for this treatment, due to the data processed and as its manager executes it, in accordance with the provisions of article 35 of the General Data Protection Regulation and in article 28 of the Organic Law 3 / 2018.

11.- Risk analysis

A risk analysis has been prepared on the security of the data. The security measures are those referred to above. Periodically and whenever a change occurs, the effectiveness of the security measures implemented is reviewed and evaluated. This evaluation is also done whenever there is an update on the systems. For the logical measures, there is the collaboration of a computer team.

The person in charge teaches classes and lectures as a freelancer through universities and training areas.

1.- Collective

The people whose data is processed are teachers, administrative staff and students who participate in the courses.

2.- Data Categories

The type of data that is treated for this activity is the following:

  • Identifying data: Name and surname, ID, address, telephone, image and signature.
  • Employment details: entity or body and position held.
  • Academic and professional data: training, degrees.
  • Economic-financial data: bank details.

3.- Purposes of the treatment

The purpose of the treatment is the management and control of training activities. This includes: formalization of contracts for the development of the activity, the keeping of attendance lists, teaching and tutoring, the qualification of activities, the collection of activities and the issuance of certificates.

4.- Legal Basis

This data processing finds its legal justification in the fact that it is necessary for the execution of a contract in which the interested party is a party or for the application at the request of the latter of pre-contractual measures (art. 6.1.b of the General Data Protection Regulation).

5.- Third parties with access to data

Data may be accessed, depending on the case, by the third parties indicated in the transversal treatments.

6.- Recipients category

The data of the professors of paid activities will be communicated to the financial institutions and the State Tax Administration Agency.

7.- International transfer

The international transfers indicated in the records of cross-processing activities are made as long as the interested party provides data through the website of the person in charge or their social profiles or sends a communication to the person in charge or receives it from him.

No other international data transfers are planned.

8.- Deletion period

They will be kept for the time necessary to fulfill the purpose for which they were collected and to determine the possible responsibilities that may arise from said purpose and from the processing of the data.

The data of the teachers will be kept for future training actions, unless they request its deletion. In the case of paid activities, they will be kept under the provisions of the General Tax Law 58/2003.

9.- Data protection officer

It is not required for this treatment, due to the data processed and as its manager executes it, in accordance with the provisions of article 37 of the General Data Protection Regulation and in article 34 of the Organic Law 3 / 2018.

10.- Impact evaluation

It is not required for this treatment, due to the data processed and as its manager executes it, in accordance with the provisions of article 35 of the General Data Protection Regulation and in article 28 of the Organic Law 3 / 2018.

11.- Risk analysis

A risk analysis has been prepared on the security of the data. The security measures are those referred to above. Periodically and whenever a change occurs, the effectiveness of the security measures implemented is reviewed and evaluated. This evaluation is also done whenever there is an update on the systems. For the logical measures, there is the collaboration of a computer team.

The person in charge provides consulting and business services to individuals and companies.

1.- Collective

The natural persons whose data are processed are those, including the representatives of legal persons, who direct inquiries to the person in charge or to whom he provides legal services or legal consulting in its different modalities.

2.- Data Categories

The type of data that is treated for this activity is the following:

  • Name and surname; DNI, NIF or identification document; physical address; electronic address; firm; position of the entity he represents and data about it; telephone; Personal characteristics; social circumstances; Commercial information; economic, financial and insurance data; and data on transactions of goods and services.
  • Other data: Those that may be included in the query or that have to be processed due to the provision of the service, which may include data from special categories and related to convictions and criminal offenses.

3.- Purposes of the treatment

The purpose of the treatment is the registration and management of the queries made to the person in charge, as well as the provision of legal services or legal consulting in its different modalities.

4.- Legal Basis

This data processing finds its legal justification in the fact that it is necessary for the execution of a contract in which the interested party is a party or for the application at his request of pre-contractual measures and, where appropriate, for the purposes additional that the interested party accepts (articles 6.1.b and 6.1.a, respectively, of the General Data Protection Regulation).

5.- Third parties with access to data

Due to the special nature of the data processed through this activity, the security measures indicated above are also applied to these accesses by third parties, along with other additional ones that the person in charge prefers to keep reserved as a precaution.

Google LLC

  • Description: American entity adhered to the Privacy Shield or Privacy Shield (see Google's tab in the Privacy Shield), with Privacy Policy own.
  • Contact: Torre Picasso, Plaza Pablo Ruiz Picasso, 1, 28020 Madrid. Form.
  • International transfer: Yes.
  • Treatments:
    • G Suite: Set of office automation solutions through which the person in charge stores and edits files with personal data and receives and sends communications.

Dropbox International Unlimited Company

  • Description: Irish entity, with Privacy Policy own.
  • Contact: One Park Place, Floor 5, Upper Hatch Street, Dublin 2, Ireland. Form.
  • International transfer: No.
  • Treatments:

Dropbox Inc.

Data may be accessed, depending on the case, by the third parties indicated in the transversal treatments.

6.- Recipients category

Depending on the service provided and the need that must be covered for the provision of this, the data may be communicated to the following subjects: Justice Administration, State Tax Administration Agency, State Security Forces and Bodies, entities financial entities, entities dedicated to the fulfillment or non-fulfillment of monetary obligations and other public administration bodies.

When the legal service requires it, the person in charge will communicate the data to the companies in which he is a professional partner lawyer worker: SmartHC Legal y Reiz.

7.- International transfer

International transfers are planned to the US companies listed in the "Third parties with access to data" section.

The international transfers indicated in the records of cross-processing activities are made as long as the interested party provides data through the website of the person in charge or their social profiles or sends a communication to the person in charge or receives it from him.

No other international data transfers are planned.

8.- Deletion period

They will be kept for the time necessary to fulfill the purpose for which they were collected and to determine the possible responsibilities that may arise from said purpose and from the processing of the data.

As a guide, this table can be used:

  • 4 years: Law on Violations and Sanctions in the Social Order (obligations regarding affiliation, registration, cancellation, contributions, payment of salaries ...); Arts. 66 and following General Tax Law (accounting books ...).
  • 5 years: Art. 1964 Civil Code (personal actions without special term).
  • 6 years: Art. 30 Commercial Code (accounting books, invoices ...).
  • 10 years: Art. 25 Law on Prevention of Money Laundering and Financing of Terrorism.

9.- Data protection officer

It is not required for this treatment, due to the data processed and as its manager executes it, in accordance with the provisions of article 37 of the General Data Protection Regulation and in article 34 of the Organic Law 3 / 2018.

10.- Impact evaluation

An impact assessment has been carried out, in accordance with the provisions of article 35 of the General Data Protection Regulation and in article 28 of the Organic Law 3 / 2018.

11.- Risk analysis

A risk analysis on the security of the data has been prepared as an integral part of the impact assessment. The security measures are those referred to above. Periodically and whenever a change occurs, the effectiveness of the security measures implemented is reviewed and evaluated. This evaluation is also done whenever there is an update on the systems. For the logical measures, there is the collaboration of a computer team.

In the event that an interested party is to be hired or an internship scholarship is awarded, the appropriate treatment record will be previously prepared. For now, the only treatment carried out in this regard is the reception of applications.

1.- Collective

The people whose data are processed are interested in internships or jobs.

2.- Data Categories

The type of data that is treated for this activity is the following:

  • Identifying data: Name and surname; DNI, NIF or identification document; social security number; address, signature and telephone.
  • Special categories of data: health data (disabilities).
  • Personal characteristics data: Gender, marital status, nationality, age, date and place of birth and family data.
  • Academic and professional data: Qualifications, training and professional experience.
  • Job and career detail data.

3.- Purposes of the treatment

The purpose of the treatment is the selection of personnel.

The person in charge will analyze the documents sent by the candidate, all the content that is directly accessible through search engines (Bing, Yandex, Google, Baidu, DuckDuckGo, etc.), the profiles that he maintains on professional social networks (LinkedIn, Xing , Viadeo, etc.), the data obtained in the access tests and the information that you reveal in the job interview, with the aim of evaluating your candidacy and being able, where appropriate, to offer you a position. This analysis can be carried out to discover and evaluate the candidates you need for certain positions or assignments.

4.- Legal Basis

This data processing finds its legal justification in the fact that it is necessary for the execution of a contract in which the interested party is a party or for the application at the request of the latter of pre-contractual measures (art. 6.1.b of the General Data Protection Regulation). When it is mandatory to check the background of the interested party, the treatment will be based on compliance with a legal obligation applicable to the person responsible for the treatment (art. 6.1.c of the General Data Protection Regulation). The proactive search for candidates and details about them in third party databases is based on the legitimate interest of discovering them to fill positions or to know them better to know if the position fits their profile (art. 6.1.f of the General Data Protection Regulation). The processes will take into account the labor regulations and, especially, the Status of workers.

5.- Third parties with access to data

Data may be accessed, depending on the case, by the third parties indicated in the transversal treatments.

6.- Recipients category

No addressees are foreseen.

7.- International transfer

The international transfers indicated in the records of cross-processing activities are made as long as the interested party provides data through the website of the person in charge or their social profiles or sends a communication to the person in charge or receives it from him.

No other international data transfers are planned.

8.- Deletion period

They will be kept for the time necessary to fulfill the purpose for which they were collected and to determine the possible responsibilities that may arise from said purpose and from the processing of the data. In the event that the candidate is not selected, the person in charge may keep their CV stored for a maximum of two years to incorporate it into future calls, unless the candidate states otherwise or expresses their desire that it be kept for a longer time.

9.- Data protection officer

It is not required for this treatment, due to the data processed and as its manager executes it, in accordance with the provisions of article 37 of the General Data Protection Regulation and in article 34 of the Organic Law 3 / 2018.

10.- Impact evaluation

It is not required for this treatment, due to the data processed and as its manager executes it, in accordance with the provisions of article 35 of the General Data Protection Regulation and in article 28 of the Organic Law 3 / 2018.

11.- Risk analysis

A risk analysis has been prepared on the security of the data. The security measures are those referred to above. Periodically and whenever a change occurs, the effectiveness of the security measures implemented is reviewed and evaluated. This evaluation is also done whenever there is an update on the systems. For the logical measures, there is the collaboration of a computer team.

INFORMATION QUALITY AND SECURITY POLICY

Rhino Electric Motors SL, for the provision of the services it offers or directs, has implemented a quality and safety management system to try to achieve or exceed the quality expected by its users, contacts, clients, workers and suppliers.

The established processes were approved by the person in charge of the firm on August 20, 2019 and are reviewed with each relevant change and, at least, every twelve months. The main objectives of these processes are:

  • Mitigate risks, to minimize incidents, by maintaining technical and organizational security measures.
  • Guarantee the confidentiality, availability and integrity of both personal data and industrial secrets.
  • Be proactive in complying with the regulatory set applicable to the development of the activity.
  • Choose only suppliers that meet better or similar standards for quality and safety.
  • Maintain a secure record of assets and their changes.
  • Achieve high credibility and trust in third parties and suppliers.
  • Sensitize workers and collaborators about physical and logical security through a process of continuous training.

The person in charge expresses his total commitment to the system, with the aim of complying with this, the sectorial duties of confidentiality and secrecy and the regulatory set in terms of comprehensive quality and information security.