Privacy Policy

PRIVACY POLICY CPS INFRASTRUCTURES MOBILITY AND ENVIRONMENT

The purpose of this document is to inform the users of this website about the way in which personal data is collected and processed, providing relevant information during navigation and the use of the contact channels provided.

Access and use of the website implies that the user has been informed of the existence of this Data Privacy Policy. When a treatment requires a specific action (for example, the subscription to communications or the acceptance of unnecessary cookies), such action will be expressly requested through the mechanisms enabled for this purpose.

This Policy may be supplemented, when necessary due to the nature of the processing, with specific privacy notices. In particular, the processing of data in the context of applications and selection processes is regulated by a Selection Privacy Notice (“Work at CPS Infraestructuras Movilidad y Medio Ambiente, S.L.”) independent of this Policy, which shall prevail as applicable.

  • Responsible for the treatment

The personal data, if any, provided by the user will be processed by CPS Infraestructuras Movilidad y Medio Ambiente, S. L., with NIF B97500433 and address in Valencia (Spain), Paseo de las Facultades 1 (hereinafter, the “Company”).

You may contact the Company regarding privacy matters by e-mail at protecciondedatos@cps.es. For the purposes of notifications and complaints, the address will be the one indicated above.

  • Data processed and origin

Depending on the use of the website, the Company may process the personal data provided by the user through forms, e-mail or other available communication channels. Likewise, technical data essential for the operation, maintenance and security of the site, such as technical identifiers, IP address, date and time of access, and activity logs necessary for the prevention of misuse and information security, may be processed during browsing.

The user guarantees the truthfulness, accuracy and updating of the data provided. In the event that he/she provides data of third parties, he/she declares that he/she has a legitimate basis for doing so and that he/she has informed them, in advance, of the relevant data protection issues.

  • Purposes of processing and legal basis

The purposes for which personal data will be processed, and their legal basis, are as follows:

Respond to inquiries, requests and communications

The data provided through forms, email or other channels will be processed to manage the request, maintain the necessary communications and, where appropriate, to carry out pre-contractual actions or actions linked to a professional relationship. The legal basis for the processing will be the implementation of pre-contractual measures or the execution of a legal relationship of art. 6.1.b of the General Data Protection Regulation 2016/679, (hereinafter GDPR) where applicable, and/or the legitimate interest of the Company to properly manage the communications received and to respond to requests for information (art. 6.1.f GDPR). Where applicable, the processing may also be based on compliance with legal obligations (art. 6.1.c RGPD).

Subscription to newsletters or communications

In case of subscription, the data will be processed for the purpose of sending such communications. The legal basis will be consent (art. 6.1.a RGPD), which may be withdrawn at any time by the means provided without affecting the lawfulness of the processing prior to the withdrawal.

Technical management, operation and security of the website

Certain technical data associated with navigation may be processed to ensure the proper functioning of the site, information security, fraud prevention and incident management. The legal basis will be the legitimate interest of the Company in maintaining the security and integrity of the website and its systems (art. 6.1.f RGPD), applying criteria of minimization and purpose limitation.

Social networks

In the event that there are corporate profiles on social networks and the user interacts with them, the processing of data will be governed by the privacy policies of the corresponding social network. The Company will process the data derived from such interactions only for the ordinary management of its corporate presence and the attention of messages or queries.

Applications and selection processes

The processing of data in the context of applications and selection is regulated by the Recruitment Privacy Notice (“Trabaja en CPS Infraestructuras Movilidad y Medio Ambiente, S. L.,”). If a person sends his or her application through a channel other than the one provided (e.g. general mail), the Company will apply this Notice and make it available to the applicant to ensure compliance with the duty to provide information.

  • Data retention

Personal data will be kept for the time necessary to fulfill the purpose for which they were collected. When they are no longer necessary, they will be kept duly blocked when appropriate for compliance with legal obligations or for the formulation, exercise or defense of claims, during the applicable statute of limitations.

In case of subscription to communications, the data will be kept as long as the subscription is maintained, until the user withdraws his/her consent or, where appropriate, objects to the processing in the terms provided by law.

The technical data processed for security and operational purposes will be kept for the time strictly necessary to manage incidents, prevent misuse and ensure the security of the information, applying minimization criteria.

  • Recipients and data processors

In general, the Company will not communicate data to third parties unless there is a legal obligation or it is necessary to meet the request of the user or for the technical operation of the website.

The Company may rely on suppliers acting as processors to provide necessary services, such as corporate email, web hosting and technical support. In these cases, the corresponding contracts will be formalized in accordance with art. 28 RGPD and appropriate confidentiality and security measures will be required.

In the current configuration, the Company uses, among others, technology providers for email and web hosting (Microsoft as email provider and Arsys as web hosting provider). In any case, the user may request additional information on the categories of recipients through the privacy channel indicated.

When a legal requirement makes it necessary to communicate data to a third party (administrative, judicial or other competent authorities), the communication will be made only to the extent required by the applicable regulations.

  • International data transfers

If the use of technology providers involves international transfers outside the European Economic Area, such transfers will be made only when there is a valid mechanism in accordance with the GDPR (e.g., standard contractual clauses or other safeguards). The user may request additional information on the existence of international transfers and, where appropriate, on the applicable safeguards, through the privacy channel.

  • Rights of users

Data subjects may exercise the rights recognized in the RGPD and the LOPDGDD (Organic Law 3/2018, of December 5, on the Protection of Personal Data and guarantee of digital rights), in particular, the rights of access, rectification, erasure, limitation of processing, portability and opposition, as well as the right to withdraw consent when the processing is based on consent.

The exercise of rights may be made by means of a request addressed to the Company at the address indicated or by e-mail to protecciondedatos@cps.es, indicating the specific request. In order to prevent unauthorized access, the Company may request proof of identity when necessary to confirm the identity of the applicant.

The Company will respond within one month of receipt of the request, without prejudice to the possibility of extension when the complexity or number of requests justifies it, under the terms provided by the RGPD.

Likewise, the person concerned has the right to file a complaint with the competent supervisory authority, in Spain the Spanish Data Protection Agency (AEPD). If you wish to obtain more information about your rights, we suggest you visit their website https://www.agpd.es.

  • Cookies and similar technologies

This website may use cookies and similar technologies. Necessary technical cookies are used to enable the site to function. For the use of non-necessary cookies (e.g. analytical or personalization cookies), the consent of the user will be requested through the enabled mechanism and their configuration or removal will be allowed at any time.

Detailed information on the cookies used, their purpose and how to configure or reject cookies can be found in the Cookies Policy of the website.

  • Automated decisions

In general, the processing described in this Policy does not involve the adoption of exclusively automated decisions that produce legal effects on the user or significantly affect him/her in a similar way. In the event that a specific functionality incorporates relevant automated processing, it will be specifically informed in accordance with the requirements of the GDPR.

  • Safety measures

The Company applies appropriate technical and organizational measures to ensure a level of security appropriate to the risk, preserving the confidentiality, integrity and availability of personal data, and limiting access to authorized personnel and/or strictly necessary suppliers.

  • Updates

The Company may update this Policy to adapt it to regulatory changes, criteria of competent authorities or changes in the operation of the site. In case of relevant changes, the updated version will be published on the website.