DATA PROTECTION AND PRIVACY POLICY

1.- INTRODUCTION

PAYPER S.A. is committed to ensuring that your personal information is protected and not misused.

This document explains who the controller is, the purposes for which your personal information will be processed, the legitimacy for the processing, how we collect it, why we collect it, how we use it, the rights you have and also explains the processes we have put in place to protect your privacy.

By providing us with your personal information and using our website, we consider that you have read and understood the terms relating to personal data protection information set out below.

PAYPER S.A. assumes responsibility for complying with current legislation on data protection, and aims to treat your data in a lawful, fair and transparent manner.

The applicable legislation is as follows:

• GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal date.

• LOPDGDD: Constitutional Law 3/2018 of 5 December on the Protection of Personal Data and Guarantee of Digital Rights.

• LSSI-EC: Law 34/2002 of 11 July on Information Society Services and Electronic Commerce.

2.- SCOPE

This document is applicable to all processing of personal data, whether manual or automated, carried out through this website or other devices and forms belonging to PAYPER S.A.

3.- WHO IS THE CONTROLLER?

The definition of Controller is described in the GDPR, and is as follows: “‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data”.
In other words, PAYPER S.A. is responsible for the processing of your personal data. This means that they have determined the objectives or purposes and established the necessary means of processing in order to protect your personal data.

• Company name: PAYPER S.A.
• Registered Office: Pol. Ind. "Vinyes del Mig", parc. 12-14, 25220 Bell-lloc d'Urgell (Lleida)
• E-mail: payper@payper.com
• Telephone: +34 973 216 040
• Fax: +34 973 205 893
• Tax ID number: A25011180
• Companies Register: registered in the Companies Register of Lleida, Volume 37, Folio 46, Page 492.
• Website: www.payper.com

If you have any queries, comments or concerns, or if you would like to make any suggestions about how we use personal information, you can email the PAYPER S.A. Data Protection Officer at rgpd@payper.com.

4.- FOR WHAT PURPOSE DO WE COLLECT YOUR PERSONAL INFORMATION?

The main reason for collecting your personal information is to facilitate and improve the service which you, as a customer, expect from us.

We collect your personal information to process your purchases and orders or requests from you, either through our website or applications, by telephone or on a paper form.

5.- TYPES OF PROCESSING

The following are the different types of processing that have been identified at PAYPER S.A.:

1. Customers:
   

   1. Purpose of processing: to establish and carry through the legal relationship with the customer related to the contracted services or products, the compliance of legal, accounting and tax persons and all those related to the established legal relationship, to answer their queries or for the management, control, administration, extension, carrying through and improvement of the relationship.

   2. Legitimation of the processing: the performance of a contract and the consent of the data subject.

   3. Data collected: given name and surname, ID card number or tax ID number, telephone number, postal address or e-mail address, signature or fingerprints, electronic signature, image or voice, revenue, income, investments, assets, bank details, goods supplied, goods received, financial transactions, compensation, indemnities, e-mail and IP address.

2. Potential customers / Contacts:
   

   1. Purpose of processing: to answer your questions or queries arising from your contact with the controller.

   2. Legitimation of the processing: the performance of a contract and the consent of the data subject.

   3. Data collected: given name and surname, ID card number or tax ID number, telephone number, postal address or e-mail address, signature or fingerprints, electronic signature, image or voice, activities and business, commercial licences, newsletter subscriptions and e-mail.

3. Suppliers

   1. Purpose of processing: to establish and carry through the legal relationship related to the services or products contracted with the provider, the compliance of legal, accounting and tax persons and all those related to the established legal relationship, to answer your queries and for the management, control, administration, extension, carrying through and improvement of the relationship.

   2. Legitimation of the processing: execution of a contract and consent of the data subject.

   3. Data collected: given name and surname, ID card number or tax ID number, telephone number, postal address or e-mail address, signature or fingerprints, electronic signature, image or voice, activities and business, commercial licences, bank details, goods supplied, goods received, financial transactions, compensation, indemnities and e-mail.

4. Human Resources Management

   1. Purpose of processing: management of the employment relationship with employees.

   2. Legitimation of processing: performance of a contract and legitimate interest of the controller or a third party.

   3. Data collected: given name and surname, ID card number or tax ID number, telephone number, postal address or e-mail address, social security or health insurance number, signature or fingerprints, electronic signature, image or voice, personal registration number, physical marks, marital status, age, mother tongue, sex, date of birth, place of birth, age, minority of age, nationality, physical characteristics, family data, education and qualifications, academic history, professional experience, professional associations or institutions, non-financial payroll data, employment history, income, revenue, loans, bank details, insurance, payroll data, taxes, deductions, pension plans, retirement, credit cards and e-mail.

5. Personnel Selection

   1. Purpose of processing: management of the data subject's application to the selection processes posted or to other vacant positions according to their professional profile that may arise in the future as part of the controller’s activities.

   2. Legitimation of processing: provision of the data subject's consent for registration with the recruitment service.

   3. Data collected: given name and surname, telephone number, e-mail address, CV, cover letter and any other personal data associated with the CV or professional profile.

6. Access Control / Video Surveillance

   1. Purpose of processing: to control access and manage the internal security of the controller's premises through the data provided for access control to the controller's buildings.

   2. Legitimation of processing: legitimate interest of the controller in ensuring the security of persons, goods and premises, which justifies processing of data by means of access control.

   3. Data collected: given name and surname, telephone number, ID number, e-mail address and access control.

6.- ORIGIN OF THE DATA

We collect personal information about you using different methods; in some cases you will contact us to share your personal information (for example, by sending an email), and in other cases, we collect your personal information using other methods.

We collect personal information that you provide to us through the PAYPER S.A. website, email, mobile phone, when you contract a service, when you fill in a form or others. In any case, at the time of collection, you will be informed of the controller, the purpose of the processing, the recipients of the information, as well as how to exercise your rights under current data protection legislation.

For example: you may provide us with information when you contact our customer service, place an order, register on our website, update your preferences and account information, fill out a questionnaire/form, etc.

Generally, the information you provide us with is identifying and economic data, such as: name and surname, company, country, position, sector of activity, e-mail address, contact telephone number and curriculum vitae.

For this reason, you undertake that the data provided to the controller are current, real and true and, therefore, you undertake to inform the controller of any update or change in said data.

If a third party's personal data are communicated, notification shall be issued in advance to that third party in accordance with the terms of Articles 13 and 14 of the GDPR, their prior express written consent shall be obtained and the data shall be processed for the purposes authorised by the third party.

Therefore, you are solely liable for any damage or loss caused to the controller or third parties by the processing of personal data of a third party, or of your data when it is false, erroneous, not current, inadequate, excessive or irrelevant.

We also collect and store limited personal information and anonymous aggregate statistics from all users who visit our website, whether you actively provide this information to us or are simply browsing our website. The information we collect includes the Internet Protocol (IP) address of the device you are using, the browser software you are using, your operating system, the date and time of access, the Internet address of the website through which you accessed our website and also information about how you use our website.

We use this information to find out how long our website takes to load, how it is used, the number of visits to the different sections and the type of information that most attracts visitors. It also helps to identify if the website is working correctly, and if we identify faults or errors in operation, to resolve these and improve the performance of our website, in order to offer a better service to all users.

This information is collected by means of cookies; for more information, please refer to the Cookie Policy which can be found on our website.

7.- TO WHICH RECIPIENTS ARE YOUR DATA COMMUNICATED?

Your data will NOT be communicated for all purposes; therefore, the controller will not disclose personal data to third parties, unless there is a legal obligation or we have the express consent of the data subject.

Specifically, personal data may be transferred to:

1. Public Administrations, Judges and Courts for compliance with the legal obligations to which the controller is subject due to its activity.

2. Financial institutions for the performance of the obligations arising from the contract between the controller and the data subject.

3. Third parties in all cases where this is necessary for the development, performance, execution and control of the contract between the controller and the data subject.

4. Processors; access which shall in no case entail a transfer of data, when it is necessary to access your personal data for the provision of the services that the controller has contracted with these processors, and with whom a processing contract has been signed.

8.- HOW LONG DO WE STORE YOUR PERSONAL INFORMATION?

We only store your personal information to the extent that we need to in order to be able to use it for the purpose for which it was collected, and in accordance with the legal basis for processing it in accordance with applicable law.

Once the relationship has ended, blocked information will be retained, without any use, for the legally established periods that are necessary for the formulation, bringing or defence of possible complaints, and will subsequently be deleted, unless there are grounds for retention.

9.- HOW CAN YOU EXERCISE YOUR RIGHTS?

Data protection legislation allows data subjects to exercise their rights of access, rectification, opposition, erasure, restriction of processing, portability, the right not to be subject to profiling or individualised decisions, and the right to withdraw consent without retroactive effect.

For this reason, we inform you that you can exercise your rights free of charge, by e-mail to rgpd@payper.com enclosing a copy of your ID card or equivalent supporting document.

The rights you can exercise are:

• Access: Consultation of personal data held by PAYPER S.A.

• Rectification: Modification of your data if they have changed, are inaccurate or incomplete.

• Erasure: Request to delete your data.

• Opposition: Request that your data not be processed.

• Restriction of processing: Request to restrict the processing of your data while:

  • They are checked for accuracy (challenge).

  • There is unlawful processing, but you do not want your data to be deleted.

  • PAYPER S.A. does not need your data, but you wish to keep them because they are necessary for the exercise of your defence or complaints.

  • Once a right of objection has been requested, it is being verified whether this right prevails over a public or legitimate interest affecting the data subject of opposition, data until resolution of the conflict.

• Portability: The right to receive the data provided by you in electronic format and those obtained during the contractual relationship with PAYPER S.A., as well as their transfer to another organisation.

• Revocation of consent: Request to revoke the consent given.

10.- HOW CAN I MAKE A COMPLAINT?

If you consider, for any reason, that PAYPER S.A. has not processed your data correctly in accordance with the regulations in force, you may contact the Data Protection Officer by e-mail at the following address rgpd@payper.com who will attend to and handle your complaint with the utmost diligence. If you consider this appropriate, you may also file a complaint with the Spanish Data Protection Agency (C/ Jorge Juan, nº6, 28001 Madrid).

11.- MINORS

The contents of this website are intended for persons over 18 years of age, so that persons under 18 years of age may not access it or provide us with personal data.

12.- AMENDMENTS TO THIS DATA PROTECTION INFORMATION

PAYPER S.A. may revise and update the data protection information in accordance with the applicable legislation, new case law or business practice, posting changes to this information on this website.

Date of last update: 22 July 2022.