Logo Posidonia Boats

Privacy policy

DATA CONTROLLER

The Data Controller is SEA CHARTER IBIZA SERVICIOS Y GESTIÓN S.L.U, Calle Agapito Llobet, Nº20, 07800, Ibiza (ILLES BALEARS).

Privacy principles:

From SEA CHARTER IBIZA SERVICIOS Y GESTIÓN S.L.U we commit to you to work continuously to guarantee privacy in the processing of your personal data, and to offer you at all times the most complete and clear information we can. We encourage you to read this section carefully before providing us with your personal data. If you are under fourteen years old, please do not provide us with your data without your parents' consent.

In this section we inform you about how we process data from people who have a relationship with our organization. Starting with our principles:

  • We do not request personal information, unless it is necessary to provide you with the services you request from us.
  • We never share personal information with anyone, except to comply with the law, or with your express authorization.
  • We will never use your personal data for purposes other than those expressed in this privacy policy.
  • Your data will always be processed with a level of protection appropriate to data protection legislation, and we will not subject them to automated decisions.

This privacy policy has been drafted taking into account the requirements of current data protection legislation:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons (GDPR).
  • Organic Law 3/2018, of December 5, on Personal Data Protection and guarantee of digital rights (LOPD).
  • Royal Decree 1720/2007, of December 21 (RLOPD).

This privacy policy is dated December 6, 2018. Due to changes in processing criteria, in order to facilitate its understanding or adapt it to current legality, we may modify this privacy policy. We will update its date so that you can verify its validity.

Treatments we carry out

EMPLOYEE TREATMENT

Legal Basis: GDPR: 6.1.b) Treatment necessary for the performance of a contract to which the data subject is party or for the application at the request of the latter of pre-contractual measures. GDPR: 6.1.c) Treatment necessary for compliance with a legal obligation applicable to the controller. Royal Legislative Decree 2/2015, of October 23, which approves the consolidated text of the Workers' Statute Law.

Treatment Purposes: - Management of hired personnel.

- Personal file. Time control. Training. Pension plans. Occupational risk prevention.

- Issuance of staff payroll.

- Management of union activity.

Group: Employees

Data Categories: - Name and surname, DNI/CIF/Identification document, personnel registration number, Social Security/Mutual number, address, signature and phone.

- Special categories of data: health data (sick leave, work accidents and degree of disability, without including diagnoses), union affiliation, for the exclusive purposes of payment of union dues (if applicable), union representative (if applicable), attendance records of own and third parties.

- Personal characteristics data: Sex, marital status, nationality, age, date and place of birth and family data. Family circumstances data: Start and end date, licenses, permits and authorizations.

- Academic and professional data: Qualifications, training and professional experience.

- Employment and administrative career detail data. Incompatibilities.

- Presence control data: date/time entry and exit, absence reason.

- Economic-financial data: Payroll economic data, credits, loans, guarantees, tax deductions, termination of benefits corresponding to the previous job position (if applicable), judicial withholdings (if applicable), other withholdings (if applicable). Banking data. Recipient Categories: - Entity entrusted with occupational risk management.

- General Treasury of Social Security.

- Trade union organizations.

- Financial entities.

- State Tax Administration Agency.

- Main contractors to whom we provide services as subcontractors.

International Transfers: No international transfers of data are foreseen.

Deletion Period: They will be kept for the time necessary to comply with the purpose for which they were collected and to determine the possible responsibilities that may arise from said purpose and from the processing of the data.

The economic data from this treatment activity will be kept under the provisions of Law 58/2003, of December 17, General Tax Law.

Security Measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.

CONTACT TREATMENT

Legal Basis: Data subject consent

Treatment Purposes: Attend to your request, send you information and follow up on the request.

Group: Contact persons, clients, suppliers

Data Categories: Name and surname, phone, email address

Recipient Categories: No data transfers to third parties are contemplated.

International Transfers: No international transfers of data are foreseen.

Deletion Period: Contact data will be kept for an indefinite period, or until the data subject requests its deletion.

Security Measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.

TREATMENT FOR ATTENDING TO PERSONAL RIGHTS (ARCO)

Legal Basis: GDPR: 6.1.c) Treatment necessary for compliance with a legal obligation applicable to the controller.

General Data Protection Regulation.

Treatment Purposes: Attend to requests in the exercise of the rights established by the General Data Protection Regulation.

Group: Natural persons who request it (employees, clients, suppliers, contact persons)

Data Categories: Name and surname, address, signature and phone.

Recipient Categories: They may be communicated to the Control Authority (Spanish Data Protection Agency) within the framework of an investigation for rights protection initiated by the data subject.

International Transfers: No international transfers of data are foreseen.

Deletion Period: They will be kept for a period of five years from the moment of the request.

Security Measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.

SELECTION PROCESS CANDIDATE TREATMENT (HR)

Legal Basis: GDPR: 6.1.b) Treatment necessary for the performance of a contract to which the data subject is party or for the application at the request of this of pre-contractual measures.

Treatment Purposes: Personnel selection and provision of job positions.

Group: Candidates presented to job provision procedures.

Data Categories: - Name and surname, DNI/CIF/Identification document, personnel registration number, address, signature and phone.

- Personal characteristics data: Sex, marital status, nationality, age, date and place of birth and family data.

- Academic and professional data: Qualifications, training and professional experience.

- Employment detail data.

Recipient Categories: No data transfers to third parties are foreseen.

International Transfers: No international transfers of data are foreseen.

Deletion Period: They will be kept for the time necessary to comply with the purpose for which they were collected and to determine the possible responsibilities that may arise from said purpose and from the processing of the data.

Security Measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.

SUPPLIER TREATMENT

Legal Basis: GDPR: 6.1.b) Treatment necessary for the performance of a contract to which the data subject is party or for the application at the request of the latter of pre-contractual measures.

GDPR: 6.1.c) Treatment necessary for compliance with a legal obligation applicable to the controller.

Royal Legislative Decree 2/2015, of October 23, which approves the consolidated text of the Workers' Statute Law.

Law 58/2003, of December 17, General Tax Law.

Treatment Purposes: - Acquisition of products and/or services we need for the development of our activity.

- Control of subcontractors if applicable.

Group: - Suppliers.

- Workers from our suppliers.

Data Categories: - Name and surname, DNI/NIF/Identification document, address, signature and phone.

- Employment detail data: job position. Occupational safety training.

- Economic financial and insurance data: Banking data.

Recipient Categories: - Financial entities. (Invoice payment)

- State Tax Administration Agency.

International Transfers: No international transfers of data are foreseen.

Deletion Period: They will be kept for the time necessary to comply with the purpose for which they were collected and to determine the possible responsibilities that may arise from said purpose and from the processing of the data, in accordance with Law 58/2003, of December 17, General Tax Law.

Security Measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.

CLIENT TREATMENT.

Legal Basis: GDPR: 6.1.a) The data subject gave consent to the processing of their personal data for one or more specific purposes.

GDPR: 6.1.b) Treatment necessary for the performance of a contract to which the data subject is party or for the application at the request of the latter of pre-contractual measures.

GDPR: 6.1.c) Treatment necessary for compliance with a legal obligation applicable to the controller.

Royal Legislative Decree 2/2015, of October 23, which approves the consolidated text of the Workers' Statute Law.

Law 58/2003, of December 17, General Tax Law.

Treatment Purposes: Supply of our products / services

Group: Clients

Data Categories: - Name and surname, DNI/NIF/Identification document, address, signature and phone.

- Economic financial and insurance data: Banking data

Recipient Categories: - Financial entities.

- State Tax Administration Agency.

International Transfers: No international transfers of data are foreseen.

Deletion Period: They will be kept for the time necessary to comply with the purpose for which they were collected and to determine the possible responsibilities that may arise from said purpose and from the processing of the data, in accordance with Law 58/2003, of December 17, General Tax Law.

Security Measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.

YOUR RIGHTS

You have the right to request a copy of your personal data from us, to rectify inaccurate data or complete it if it is incomplete, or if applicable delete it, when it is no longer necessary for the purposes for which it was collected.

You also have the right to limit the processing of your personal data and to obtain your personal data in a structured and readable format.

You can object to the processing of your personal data in some circumstances (in particular, when we do not have to process them to comply with a contractual requirement or another legal requirement, or when the purpose of the processing is direct marketing).

When you have given us your consent, you may withdraw it at any time. At that time we will stop processing your data or, if applicable, stop doing so for that specific purpose. If you decide to withdraw your consent, this will not affect any processing that has taken place while your consent was valid.

These rights may be limited; for example if to fulfill your request we would have to reveal data about another person, or if you ask us to delete some records that we are obliged to keep due to a legal obligation or a legitimate interest, such as the exercise of defense against claims. Or even in those cases where the right to freedom of expression and information must prevail.

You can contact us through any of the means indicated in the Data Controller section of this privacy policy, providing a copy of a document that certifies your identity (normally your ID).

Another of your rights is not to be subject to a decision based solely on automated processing, including profiling that produces legal effects or affects you.

Facing any violation of your rights, such as, for example, that we have not attended to your request, you have the right to file a complaint with the Control Authority on data protection. This may be the one in your country (if you live outside Spain) or the Spanish Data Protection Agency (if you live in Spain).

Additional information

Processing of your data outside the European Economic Area.

For the indicated treatments we may use services from the following providers outside the European Economic Area, but covered by the Privacy Shield agreement, approved by the data protection authorities of the European Union.

Facebook/ Instagram (FB Messenger): More information: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC

Whatsapp: Mobile instant messaging More information: https://www.privacyshield.gov/participant?id=a2zt0000000TSnwAAG

Links to third-party websites.

Our website may, on some occasions, contain links to other websites. It is your responsibility to make sure you read the data protection policy and the legal conditions that apply to each site.

Third-party data.

If you provide us with third-party data, you assume responsibility for informing them in advance according to what is established in article 14 of the GDPR.