Website Privacy Policy
Website Privacy Policy
1. Introduction
The aim of the website privacy policy is to provide information regarding the specific rights and obligations of users (hereinafter, the “Users”) of the website, applications and any other digital platform or electronic media of GMF RAILWAY MAINTENANCE SERVICES, S.L., whose parent company is the aforementioned company, (hereinafter, GMF RAILWAY MAINTENANCE SERVICES, S.L. will be referred to interchangeably as “GMF“), in the following terms as “GMF”), in virtue of Regulation (UE) 2016/679 of the European Parliament and Council, of 27 April 2016, related to the protection of individuals in relation to the handling of personal data and the free circulation of this data(“RGPD in Spanish”) and the Personal Data Protection and Guarantee of Digital Rights Organic Law 3/2018, of 5 December 2018 (“LOPD in Spanish”).
In order to visit any of the GMF websites, applications and any other digital platforms or electronic media owned by GMF (hereinafter, to be referred to as a whole as the “Website”), the provision of your personal data is not required. However, it is possible that for certain interactions with GMF via the ‘Website’, it will be required.
By entering your information on any of the data collection forms, it implies acceptance of this policy, and it is understood that you have been informed of the website’s privacy policy and legal warning, and you agree to full compliance when browsing and using said website.
GMF may send your information to 3rd parties who help to provide IT services, such as platform providers, hosting services, websites, etc. In relation to the latter, GMF require that said third parties comply with current legislation, of which they shall be liable.
This policy is not applicable to third-party websites, including those to which you may have access via a link on the GMF website.
Should you have any queries in relation to the handling of your personal data, you may contact the COMSA CORPORACIÓN and/or its Data Protection Delegate at the following email address: lopd@comsa.com
2. Description of personal data handling
2.1. Via the Website, the data provided by Users will be handled
during browsing and when using said Website, as well as the information provided on corresponding forms.
For this purpose, via the completion of these forms, which may be included on the Website, the Users accept the inclusion and handling of personal data they provide, of which GMF is liable, and may exercise their relevant rights in accordance with the provisions of this policy.
2.2. For improved ease of use and transparency with the User, we have separated the data handling purposes and legal bases in three main sections, in function of the specific requirement of the User (see the following section: «Where we are», section: «Work with us», and section: «Ethics Channel»):
Where We Are Form:
The data provided by the User will be handled by GMF for the purpose of answering information requests, queries, consultations and/or other questions. When we need to contact you, we shall do so by email.
The handling of this data is based on the User consent (RGPD: 6.1 a) Consent provided by the User). The User may withdraw their consent at any time.
The data provided will be kept until your application has been processed and for a maximum period of 12 months.
Your data may be transferred to companies within the group, whose parent company is the COMSA CORPORACIÓN, for the purposes for which you have provided your consent, as well as to retain a comprehensive and centralised management of Users with the various companies within the COMSA CORPORACIÓN, and in order for the Users to be able to have access to their data via any of these companies, respecting in all cases applicable legislation regarding personal data protection, and without the need for Users to be informed every time a first notification is sent.
You are informed that GMF does not take automated decisions in relation to its Users.
Work With Us Form:
The information provided by the User (hereinafter, aka “Candidates”) through the Employment section of the GMF website will be redirected to the employment section of the COMSA CORPORACIÓN website (www.comsa.com) and will be processed by GMF and COMSA CORPORACIÓN for the purpose of including you in the recruitment selection processes that meet your profile.
The handling of this data is based on the User consent when providing your information (RGPD: 6.1 a) Consent provided by the User). The User may withdraw their consent at any time.
Similarly, you are informed that in the case of not being chosen for the position you have requested, or when your profile does not fit processes currently open, your information will be retained for future recruitment processes that may meet your profile for a maximum period of two (2) years from the time you provide your curriculum, “CV”) to GMF and COMSA CORPORACIÓN. Once this period expires, this information will be blocked in accordance with current legislation.
Your data may be transferred to companies within the COMSA CORPORACIÓN group, given that the CV tool used for recruitment selection is used by the whole group.
In the case of any amendments to your information, please inform us immediately in writing.
You are informed that the COMSA CORPORACIÓN does not take automated decisions in relation to its Candidates.
Ethics Channel Form:
The COMSA CORPORACIÓN handles information included in complaints that arrive via the COMSA CORPORACIÓN Ethics Channel, to which the GMF website redirect, and/or other existing communication channels, for the purpose of preventing, detecting and monitoring possible cases of the Group’s regulations and ethics, as well as to take appropriate measures in accordance with our compliance model. The legality related to this data handling arises from the existence of public interest (Art. 6.1e RGPD).
Data should be held on the complaints system only for the time required to decide upon the pertinence of initiating an investigation in relation to the complaint that is made. Three months after entering this information it shall be deleted, unless the purpose of its retention is to provide a record of the functioning of our compliance model. Complaints that have not been processed may only be recorded anonymously.
2.3. In addition, we inform you that the information on the databases may be used for the purposes of:
- Offering you a more personalised browsing experience, as a User of our website.
- To prepare statistics regarding countries and servers that regularly visit our website.
- To discover the times with the highest number of visits to the website, as well as to make specific changes to prevent access problems.
The handling of this data is based on legitimate interests (RGPD: 6.1 f) Satisfaction of legitimate interests), sought by the company responsible for handling the data, or by a third party, as long as the interests or rights and fundamental freedoms of the interested parties that require the protection of personal data, specifically, when the interested party is a minor, do not prevail over these interests.
You are informed that the COMSA CORPORACIÓN does not take automated decisions in relation to its Users.
3. Links
Within the framework of communications included in previous sections, we inform you that the GMF website may contain links, applications or functions shared with third parties, such as social networks or online communication systems.
GMF is not liable for the information gathered by these applications, functions or social networks held by third parties, as they have no capacity of management or control over them, with the legal warnings and privacy policies being applicable that may be contained on the third party websites or similar, and we advise you to make yourself aware and be in agreement with their legal conditions and privacy regulations before continuing use, or providing any type of personal information.
4. User Rights
You may exercise the rights acknowledged by the RGPD at any time, and specifically rights of access, rectification, cancellation, opposition, deletion and limitation of handling of your data and portability, and are not subject to automated decisions, where applicable.
The rights referred to in the previous paragraph, may be exercised by sending an email to lopd@comsa.com or to the postal address C/VIRIATO, 47, 08014, BARCELONA, attaching a copy of your DNI (National Identification Number) or any other document that provides proof of identity, and specifying which of the rights you wish to exercise in your application.
In the case of acting via a representative, you should also provide a document that confirms their representation and their identity document.
You may check the models, forms and further information regarding these rights at the official page of the Spanish Agency for Data Protection (www.aepd.es).
Furthermore, should you have provided your consent for data handling or for any specific purposes, you may withdraw this at any time.
You may make a claim to the Controlling Authority (Spanish Agency for Data Protection), if you believe that any of your rights under current legal provisions have been breached. However, in order to provide a better service, we would ask you to first contact GMF via the aforementioned customer service channels, in order to be able to handle your concern more quickly, as well as clarifying any queries you may have.
5. Website Use and Contents Users Liability
The person gaining access to the Website, as well as the use of information and contents contained therein, will have sole liability in relation to its access.
Therefore, the use of the information, images, contents, and/or highlighted products and accessible via the Website, will be subject to applicable legality, either state-wide or internationally, as well as to the principles of good faith and legal use by the Users, who will be required to make reasonable use of the services or contents, under the principle of good faith, and respecting current law, morality, public order, good behaviour, third party rights or those of GMF.
In relation to this, the User is liable for the authenticity of the information provided, agreeing that they shall be accurate, up-to-date and complete, for the purpose for which they are collected, and will be liable for any damages, lost income or future damage that may occur in relation to the inaccuracy of said data.
Furthermore, if the information provided in the corresponding forms belong to a third party, the User shall be solely liable for confirming the content and information in relation to the third party regarding the information contained in the Website’s legal warning and privacy policy.
6. GMF liability exclusion
GMF shall not be liable in any way due any failures in relation to the updating, veracity, authenticity and accuracy of the data that the User has provided, and of the consequences that may arise in relation to 3rd parties.
In relation to third-party data, the GMF is not liable for the information that the User has provided, without obtaining their consent.
7. Cookies
GMF will use storage and data recovery devices (‘Cookies’), when the User has provided their prior consent for this, in accordance with the information contained on the User’s browser pop-up screen when accessing the Website for the first time, and in relation to the other terms and conditions provided to the User in the GMF Cookies Policy, of which all Users should be aware.
8. Minors
Minors may not make use of the services available via the Website, without prior authorisation by their parents, guardians or legal representatives, who shall be solely liable for any acts carried out on the Website by minors in their charge, including the completion of forms with the personal data of said minors, and the ticking of boxes attached, where applicable.
9. Security Measures
GMF adopts the levels of security required by the RGPD, which are appropriate in relation to the nature of the data handled at the time.
However, technical security in a format such as the Internet is not impenetrable, and there may exist wilful acts by third parties, even when GMF takes all measures within its reach to prevent these acts.
10. Updates and review
This Policy will be reviewed and updated whenever necessary, to adapt to our practices, services and in relation to applicable legislation at the time. We recommend you to review this Policy each time you access our Website, in order to be properly informed in relation to how and why we handle your data.