PRESENTATION ON SECURE ACCESS TO CEPSA THROUGH THE REDDES PLATFORM
COMPAÑÍA ESPAÑOLA DE PETRÓLEOS S.A. (CEPSA), in compliance with personal data protection regulations, makes this Privacy Policy available to users of the Cepsa access security presentation through the REDDES platform (hereinafter, "Platform"), to provide information on how we process your personal data and protect your privacy and information.
In accordance with the above, we inform the User of the following:
1. The personal data controller
COMPAÑÍA ESPAÑOLA DE PETRÓLEOS, S.A.(hereinafter, Cepsa). Tax ID Number: A28003119, with registered office: Paseo de la Castellana 259 A, 28046 Madrid, Spain.
2. Purpose of personal data processing
Personal identification data (first and last names, ID number, and email address), employment data (e.g. company you work for), provided at the time of registration on the Platform, as well as those provided in the future as a result of its development, will be incorporated into a register of treatments owned by CEPSA with the following purposes:
a) To provide the services of the REDDES Platform, which consist of enabling access to the security presentation on access to CEPSA's facilities by the personnel of the service companies contracted by CEPSA, so that they can access the company's industrial centers to provide the contracted service under adequate security conditions. The user is expressly informed that the provision of this service involves the necessary communication of information about completion of the presentation to the company in which the user works, and whose potential contracting for the provision of services has led, precisely, to the user being requested to take part in this Platform for the purpose of carrying out the talk.
b) Manage the User's data on the Platform, including the creation of the User ID.
c) Attend to any incidents that may arise. A User may be contacted if a suspected fraud or identity theft is detected.
d) Send communications by email related to the registration on the Platform.
e) Generate the report that certifies that the presentation was completed.
f) Comply with the legal obligations applicable to COMPAÑÍA ESPAÑOLA DE PETRÓLEOS S.A.
Due to the system implemented in this Platform, personnel from the suppliers contracted by CEPSA who wish to access CEPSA's industrial centers to provide the contracted service, shall register on the Platform to complete the security presentation for access to CEPSA's facilities. To do that, they must create their personal account in which their personal data and a password generated by the users themselves are included. This presentation is conducted in compliance with the Procedure on requirements for access of people and vehicles to Cepsa Group buildings and facilities (PR-231).
3. Third party personal data
If the data provided belongs to a third party, the User guarantees that they have informed the third party of this Privacy Policy and obtained the consent of this third party to furnish their data to CEPSA for the stated purposes. The Participant also confirms that the data provided is accurate and up-to-date, and assumes liability for any loss or damages, whether direct or indirect, that may be incurred as a result of non-compliance with this obligation.
4. Personal data storage period
The personal data provided will be retained as long as the individual remains a User of the Platform, and where appropriate, while the legal relationship between the contractor and CEPSA is maintained. Subsequently, the data will be deleted, without prejudice to due blocking of the same in anticipation of its necessity for the fulfillment of a legal obligation or for the formulation, exercise and defense of actions and claims.
5. Legitimacy for personal data processing
Legitimacy for data processing is based on:
a) Users have provided their personal data to access this Platform, formalize their registration in the training activity and access the security presentation on access to CEPSA's facilities, and data processing is necessary to provide the requested service. The basis of legitimacy of the processing is the execution of the legal relationship arising from the requested service, in accordance with the legal notice of the platform.
b) Data processing that occurs in the resolution of incidents in the use of the application will be legitimized by the legitimate interest of CEPSA for the proper functioning of the Platform, avoiding any illicit and/or incorrect practices. For further information on the legitimate interest invoked by CEPSA, please contact us at the following address dpo@cepsa.com .
6. Origin of the personal data
The personal data that CEPSA will process in order to access the Platform and complete the security presentation on access to CEPSA's facilities, have been provided directly by Users during the registration process, such as first and last names, ID number, email address and company for which they work. Users are responsible for the accuracy of the data and for updating it.
7. Transfers and recipients of personal data
All transfers specified below are necessary for the fulfillment of the aforementioned purposes, or are carried out in compliance with a legal obligation. Personal data can be transferred to:
a) If necessary, to companies of the Cepsa Group, which can be consulted at www.cepsa.es for administrative purposes and management of the relationship with the user, based on CEPSA's legitimate interest to that effect. The legitimate interest for the aforementioned purpose of assignment would consist of guaranteeing better organization and optimization, as well as unified management of the resources of the business group in cases in which, internally, it is necessary for the effective execution of the activity undertaken (in this case, completion of the security presentation on access to CEPSA's facilities through the Platform). Further information on this issue is available by contacting the company's DPO at dpo@cepsa.com .
b) CEPSA suppliers contracted for the development, maintenance and support of the platform, in particular RED DE DESARROLLO E-LEARNING, S.L., in charge of the processing.
c) The Public Administrations and Justice Administration, in compliance with the regulations applicable in each case and always for the legally established purposes.
d) The company in which users provide their services, which is the reason for their participation in this platform and the security presentation offered. Once the presentation has been completed, a report of completion is provided to the corresponding company in each case.
No international transfer of participants’ personal data is foreseen. However, in case of an international transfer, it will be carried out according to the criteria and requirements demanded by the regulations in force.
8. Rights of the Users
Users may exercise before CEPSA, where applicable, their rights to access, rectification, erasure, restrict processing, object, portability and objection to automated decision making and profiling. Users may withdraw their consent if they granted it for any specific purpose, and may modify their preferences at all times.
It is also noted that CEPSA has appointed a Data Protection Officer (DPO) to whom questions may be raised concerning the processing of personal data at their registered office and/or by email dpo@cepsa.com with the reference: “Data Protection”.
Additionally, the User is informed that they may address any type of claim regarding personal data protection to the Agencia Española de Protección de Datos (Spanish Data Protection Agency), www.aepd.es