en

Privacy management

The new regulation (GDPR)

On 25 May 2018, the new European Union General Data Protection Regulation (GDPR) came into force. These regulations establish new, stricter rules on the collection, processing and safeguarding of personal data in companies operating in the EU that affect the management of their privacy.

In order to ensure the privacy of the personal data processed by GRI Renewable Industries, we have updated our privacy management by means of a new privacy policy.

Privacy Policy

The principles that holds GRI Renewable Industries’ privacy management according to the GDPR and are found in our Privacy Policy are as follows:

Purpose of the Processing: Personal data of workers, customers and suppliers will be treated in order to manage the commercial or employment relationship with GRI Renewable Industries and to comply with the necessary labor, tax and administrative obligations, as well as the commitments acquired.

Rights of the data subject: The tools to exercise the rights set out in the GDPR will be available to those interested.

Security: The data will be kept in a secure way avoiding its alteration, loss, treatment or unauthorized access.

Retention: The data will only be kept as long as they maintain the purpose for which they were collected. They will be removed after the stipulated storage period has elapsed.

Rights of the Data Subject

The rights of the data subject are those that can be exercised by any individual over the personal information held by GRI Renewable Industries. In order to facilitate the way in which the data subject can exercise his/her rights in relation to the personal data shared with GRI Renewable Industries the following procedure has been defined:

・What are the GDPR rights?

・Instructions for exercising them.

・Response times by GRI Renewable Industries.

Form and instructions for exercising GDPR rights as an data subject.

If you have any doubts about the procedure, please contact us at the following addres: PrivacyGRI@gri.com.es

Security Incident Communication

One of the key points of the principles associated with GRI Renewable Industries’ privacy management is the security of personal data. In relation to this point, we want to make available the following channel of communication for security incidents, which fulfills the following purposes:

・Agile communication for employees, customers or suppliers of possible security incidents.
・To have a single channel of reception of incidents to give a quick response to them.
・Ease of reporting an incident, in order to continuously improve data security.

The information of the incident will arrive by email to the Privacy Officer and will initiate the protocols for its remediation, as well as the communication to the affected parties if this is necessary.

Documentation

Access the documentation mentioned above in the following links:




Notification of Privacy Incidents





    Por favor, gira tu móvil para navegar