Last updated: March 22, 2024

DATA CONTROLLER

CORAC is on a mission to make people’s working lives simpler, more pleasant, and more productive. Our first priority is to ensure your data is secure, and we are committed to protecting it as one of our most important responsibilities. To achieve this, we’ve implemented procedures to ensure that your information is handled responsibly and in compliance with applicable data protection and privacy laws. We appreciate your trust and will act accordingly.

At CORAC, we take data security very seriously. Transparency is a core value of our company, so we strive to be as clear and open as possible about how we handle security. This document aims to describe the services, policies, processes, and procedures in place to make CORAC a secure and reliable service for all our users.

PURPOSE OF DATA PROCESSING

Our Privacy Policy has been designed in accordance with the EU General Data Protection Regulation 2016/679 of the European Parliament and of the Council of April 27, 2016, concerning the protection of individuals regarding the processing of personal data and the free movement of such data, which repeals Directive 95/46/EC (General Data Protection Regulation), and with Organic Law 3/2018 of December 5, on Personal Data Protection and Guarantee of Digital Rights.

By providing us with your data, you declare that you have read and understand this Privacy Policy, giving your unequivocal and express consent for the processing of your personal data in accordance with the purposes and terms expressed herein. CORAC© may modify this Privacy Policy to adapt it to legislative, jurisprudential, or interpretative changes by the Spanish Data Protection Agency.

These privacy terms may be supplemented by the Legal Notice, Cookie Policy, and General Terms, where applicable for specific products or services, should such access involve special aspects of personal data protection.

The processing of your personal data responds to the following purposes:

• Performance of contracts and compliance with legal obligations.
• Legitimate interest and attention to the consents granted by the data subjects.
• Provision and billing of services to clients.
• Marketing and commercial communications of proprietary services.
• Service quality improvement.
• Security and protection of personal data.
• Supervision and control of the application of procedures necessary for contract execution or compliance with legal obligations.
• Compliance with retention, payment, or tax reporting obligations.
• Compliance with applicable regulations on occupational risk prevention.
• Compliance with applicable regulations on personal data protection.

DATA RETENTION PERIOD

We will retain your personal data from the moment you give us consent until you withdraw it or request limitation of processing. In such cases, we will keep your data blocked for the legally required time.

LEGAL BASIS AND DATA COLLECTED

The legal basis for processing your data is the express consent provided through a positive and affirmative action (filling in the corresponding form and checking the acceptance box for this policy) when you provide us with your personal data.

CONSENT TO PROCESS YOUR DATA

By completing the forms, checking the "I Accept the Privacy Policy" box, and clicking to submit the data, or by sending emails to the Company through the accounts enabled for that purpose, the User acknowledges having read and expressly accepted this privacy policy and grants unequivocal and express consent for the processing of their personal data in accordance with the purposes indicated.

CATEGORIES OF DATA

The entity only collects and processes personal data necessary to provide a personalized and quality service, thus respecting the data minimization principle established in the GDPR.

When providing services, we may process different categories of personal data, ultimately conditioned by the purpose and scope of the services requested by clients who will act as Data Controllers or Data Processors, as appropriate.

These categories of data may only be processed within the scope of the contract formalized with the client, thus adhering to the purpose limitation principle.

In the context of providing services to clients, CORAC© may process special categories of personal data as a Data Processor, depending on the scope and object of the projects executed.

SECURITY MEASURES

As part of our commitment to ensuring the security and confidentiality of your personal data, we inform you that the necessary technical and organizational measures have been adopted to ensure the security of personal data and prevent their alteration, loss, unauthorized processing, or access, taking into account the state of technology, the nature of the stored data, and the risks to which they are exposed, in accordance with Art. 32 of GDPR EU 679/2016.

DATA DISCLOSURE

No data disclosures or international data transfers are foreseen, except those authorized by tax, commercial, and telecommunications legislation and in cases where a judicial authority requires it.

USER RIGHTS

Any data subject has the right to obtain confirmation of whether we are processing personal data concerning them. Data subjects have the right to access their personal data, as well as to request the correction of inaccurate data or, where appropriate, request its deletion when, among other reasons, the data is no longer necessary for the purposes for which it was collected.

In certain circumstances, data subjects may request the limitation of the processing of their data, in which case we will only retain it for the exercise or defense of claims. For reasons related to their particular situation, data subjects may object to the processing of their data.

The Data Controller will cease to process the data, except for compelling legitimate reasons or for the exercise or defense of possible claims. According to current legislation, you have the following rights: the right to request access to your personal data, the right to request its correction or deletion, the right to request limitation of its processing, the right to object to processing, the right to data portability, and the right to revoke consent given.

You also have the right to file a complaint with the Spanish Data Protection Agency.

To exercise your rights, please contact the Data Controller and request the form corresponding to the right you wish to exercise. Optionally, you can contact the relevant Supervisory Authority for additional information about your rights. Contact details for exercising your rights are provided at the beginning of this document. Remember to include a copy of a document that enables us to identify you.

ELECTRONIC COMMUNICATIONS

In accordance with Law 34/2002 of July 11 on Information Society Services and Electronic Commerce, by completing the data collection form and checking the “I accept to receive electronic communications” box, you are giving express consent to receive information about CORAC© via email, phone, fax, or other electronic means.