The Privacy Policy is part of the Legal Notice that governs the Website: www.grupocyclus.com together with the Cookie Usage Policy.
The website www.grupocyclus.com is owned by CYCLUS GROUP and complies with the requirements derived from the Law 34/2002, of July 11, of Services of the Information Society and Electronic Commerce, and current regulations relating to the protection of personal data and, in particular, Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016, on the protection of natural persons with regard to the processing of personal data, on the free movement of such data and Organic Law 3/2018, of 5 December, on the Protection of Personal Data and guarantee of digital rights.
CYCLUS GROUP reserves the right to modify or adapt this Privacy Policy at any time. Therefore, we recommend that you review it each time you access the Web Page. In the event that a user has registered on the Website and accesses his/her account or profile, upon accessing the same, he/she will be informed in the event that there have been substantial modifications in relation to the processing of his/her personal data.
Who is the data controller?
The data collected or provided voluntarily through the Web Page, either by browsing it, as well as all those that you can provide us in the contact forms, via email or telephone, will be collected and processed by the File Manager, whose data are indicated below:
| Identity | CYCLUS GROUP (Inversiones Evfran, S.L.), which includes Innovaciones Técnicas y Recursos Constructivos, S.A. (ITERCON); Infraestructuras y Servicios Servitria, S.A. (SERVITRIA) and Alondra Servicios Inmobiliarios, S.L. (ALONDRA). |
| VAT ID | B97791826 |
| Mailing Address | C/.Jesús, 81 entresuelo – 46007 – Valencia (VALENCIA) |
| Phone | 963804304 |
| datos@grupocyclus.com | |
| URL: | www.grupocyclus.com |
If, for any reason, you wish to contact us on any matter related to the processing of your personal data or privacy (with our Data Protection Officer), you may do so through any of the means indicated above.
When, why, by whom, how, for what purpose and for how long do we process your personal data?
When and why?
You can browse most of our web pages without providing any personal information, but in some cases this information is necessary to provide you with the electronic services you request from us.
If we need to collect personal data to provide the service to you, we will process the information in accordance with the policy set out in this document and in the specific terms and conditions of the particular service in question (if any), which contain specific privacy statements about the use of the data and inform you why, for what purpose, how, for how long we process your personal data and what security measures we implement.
Who collects your data?
The collection and processing of personal data that you may provide to us is carried out by our company or, where appropriate, its data processors.
In the latter case, these processors are third parties who are contractually required to ensure that their activity complies with the law and implement appropriate security measures to protect such data.
Why?
The personal data that we request from you, or that you provide to us as a result of your browsing, is used to manage, provide and improve the services you have requested.
For example, we will process your personal data in order to manage the queries you send us, to manage your participation in personnel selection processes, to send you electronic communications if you so request and, where appropriate, for the preparation of statistics.
In this sense, we ask you for an email when you use our contact forms on the web. We only collect the sender’s personal data necessary to respond to you.
When you subscribe to our newsletters we also ask you for an email address in order to provide you with the service; in any case you can unsubscribe from the service whenever you wish and we provide you with the means to do so.
How do we treat your data?
We collect personal information only to the extent necessary to achieve a specific purpose. The information will not be used for a purpose incompatible with the one described.
We only disclose the information to third parties if it is necessary for the fulfillment of the purpose of the service and only to persons who need to know them. All this in order to provide the service by treating your personal data with confidentiality and reserve, in accordance with current legislation.
In any case, our company adopts security measures to protect data against possible abuse or unauthorized access, alteration or loss.
How long do we keep your data?
We store data only for the time necessary to fulfill the purpose of collection or further processing. The period of data retention will depend on the service and each service will indicate the duration of the processing of personal data.
At the end of this document we provide you with a table with the specific retention periods.
For what purposes will we process your personal data?
Customers:
We process your personal data in order to (1) manage your purchase or service provided; (2) maintain the contractual and pre-contractual relationship for billing, budgeting and tracking of the same and send you information by electronic means relating to your request; (3) sending communications on commercial information by electronic means that may be of interest, provided there is express authorization; (4) we may develop a business profile based on the information you provide us in order to offer products and services according to your interests. No automated decisions will be made on the basis of such a profile.
Suppliers:
We process your personal data for the purpose of (1) invoicing, (2) maintaining business contact, and, where appropriate, (3) sending you information by electronic means about our products or services.
Web or e-mail contacts:
We process your personal data in order to (1) answer your queries and requests; (2) manage the requested service or process your order; (3) send you commercial information by electronic means that may be of interest to you, subject to your express authorization; (4) we may create a commercial profile based on the information you provide us with in order to offer you products and services according to your interests. No automated decisions will be made on the basis of such a profile.
Social media contacts:
We process your personal data in order to (1) answer your queries and requests, (2) manage the requested service, answer your request or process your order and (3) interact with you and create a community of followers.
Job seekers:
We process your personal data in order to (1) count on you in the recruitment selection processes, (2) summon you for job interviews and evaluate your candidacy, (3) communicate your curriculum vitae to companies of the group, collaborators or related companies with the sole purpose of involving you in their selection processes, provided that you have given us your consent.
Participants in our contests:
We process your personal data in order to manage your participation in the contests we organize, as well as to publicize the winners of the contest and the awards ceremony.
Winning participants may be photographed or videotaped and disseminated in any of the media, our website or other media. Consequently, it is possible that the image of the participants may be captured, recorded and/or reproduced as an accessory to the main activity.
Web users:
By browsing our website we collect information about your browser, your device and the data on your use of our website as well as any information you provide to us when using our website. In an anonymized or aggregated form, we may record the IP address (the device’s Internet access identification number, which allows devices, systems and servers to recognize and communicate with each other).
The purpose of the processing is (1) to obtain practical knowledge about how users use our website to enable us to improve it; (2) to perform statistical analysis to help us improve our business strategy; (3) to perform web performance analysis and (4) for technical security and system diagnostics.
The data we collect is not related to a specific user and will be stored in our databases.
The aforementioned data, as well as any personal data you may provide to us, are stored by means of cookies that are collected in a pseudonymized format and are subject to the submission of objections to the processing of this personal data, as detailed in the Cookie Policy.
You can consult the Cookies Policy in the corresponding section.
Your browsing information may be stored by Google Analytics, so we refer to Google’s Privacy Policy, as it collects and treats such information.
Similarly, from our website you can provide the utility of Google Maps, which may have access to your location, in the event that it is allowed, in order to provide greater specificity on the distance and / or roads to our headquarters. In this regard, we refer to the privacy policy used by Google Maps, in order to know the use and processing of such data.
In order to provide information or services of interest based on the location of the User, we may access data relating to the geolocation of the User’s device in those cases where the user settings to that effect so permits.
The Portal may offer features to share content through third party applications such as Facebook, Instagram or Twitter. These applications may collect and process information related to the user’s browsing on the different websites. Any personal information collected through these applications may be used by third party users of these applications. Your interactions are subject to the privacy policies of the companies providing the applications.
The Portal may host blogs, forums, and other social networking applications or services in order to facilitate the exchange of knowledge and content. Any personal information provided by the user may be shared with other users of that service, over which we have no control.
Video surveillance:
We also inform you that we have a video surveillance system, whose function is to ensure the safety of people, property and facilities. The current legislation legitimizes the treatment carried out on the basis of legitimate interest, so that your image can be recorded with the mere fact of accessing our facilities.
These data may be communicated to the Forces and State Security Corps if necessary. The images will be kept for a maximum period of one (1) month from their capture.
What is the legitimacy for the processing of your data?
Customers:
The legal basis for the processing of your data is (1) the execution of a contract and maintenance of the contractual relationship and (2) your consent that is requested for the remission of offers of products and services through electronic means, without in any case the withdrawal of this consent conditions the execution of the contract.
Suppliers:
The legal basis for the processing of your data is the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures.
Web or email contacts:
The legal basis for the processing of your data is the consent of the person concerned.
In those cases where to make a request it is necessary to complete a form and make a “click” on the submit button, the completion of the same necessarily imply that it has been informed and has expressly given its consent to the content of the clause attached to the form or acceptance of the privacy policy.
All our forms have a check box that must be checked to access the services offered.
The purposes of the treatment will be the following:
a) Manage queries or requests for information that you send us through the Web Page, email or telephone.
b) Send communications, special promotions, news or actions that are of interest or request us even by electronic means. As this is an accessory purpose to the main one, you must check the box provided for this purpose.
The personal data you provide us by this means will not be communicated to third parties, being CYCLUS GROUP (Inversiones Evfran, S.L.), of which Innovaciones Técnicas y Recursos Constructivos, S.A. (ITERCON); Infraestructuras y Servicios Servitria, S.A. (SERVITRIA) and Alondra Servicios Inmobiliarios, S.L. (ALONDRA) are part, who will directly answer this type of queries.
Social network contacts:
The legal basis for the processing of your data is the acceptance of the contractual relationship with the relevant social network provider expressed when you register with their application and in accordance with their privacy policies, which is external to us.
Work with us:
In the event that you provide us with your curriculum vitae, either by means of the Web Page, e-mail or physically at the domicile or any of the CYCLUS GROUP companies, it will be incorporated into its database. The curriculum vitae will be stored for a period of 1 year, after which, if we have not contacted you, it will be deleted.
The legal basis for the processing will be based on the express consent given by the interested party for the processing of the data contained in the curriculum vitae when sending it and ticking the box provided for this purpose.
The purpose of the treatment is to incorporate you to present and future selection processes of CYCLUS GROUP or any entity belonging to the business group.
In the event that, finally, the interested party joins the CYCLUS GROUP or any of the entities belonging to the business group as an employee, his/her data will be included in a database owned by the same, in order to internally manage the employee-employer labor relationship.
Sending of bulletins (Newsletter):
The Web Page allows the option of subscribing to the bulletin or Newsletter, for this, it is necessary to provide us with an e-mail address to which it will be sent.
Such information will be stored in a CYCLUS GROUP database in which it will be registered until the interested party requests the cancellation of the same or, where appropriate, CYCLUS GROUP ceases to send the same.
The legal basis for the processing of this personal data is the express consent given by all interested parties who subscribe to this service by checking the box provided for this purpose.
The e-mail data will only be processed and stored for the purpose of managing the sending of the newsletter by users who request it.
Participants in our contests:
The legal basis for the processing of your data is your consent to register for the contest and accept the privacy policy and contest rules.
Personal data collected will not be disclosed to third parties.
Web users:
The legal basis for the processing of data is our (1) legitimate interest in knowing the navigation modes of our users to adapt to their interests and improve our relationship with them; as well as (2) their consent to browse our website and accept the terms of use of cookies.
To which recipients will your data be communicated?
Your data will not be disclosed to third parties outside the service we provide, unless legally required. Specifically, they will be communicated to the State Agency of Tax Administration, banks and financial institutions for the collection of the service provided or product purchased.
Your data may also be communicated to our service providers when necessary for the execution of the contract. In these cases, the data processor has committed by contract to use the data only for the purpose that justifies the treatment and maintain appropriate security measures.
What security measures do we apply?
Rest assured, we have adopted appropriate technical and organizational measures to ensure the confidentiality, integrity and availability in the processing of your personal data that we perform, in particular those that prevent the loss, misuse, alteration, unauthorized access and theft of personal data.
What are your rights when you provide us with your data?
You can exercise your rights of access, rectification, erasure, portability, limitation or opposition to the processing of your data, including the right to withdraw your consent, as detailed below:
Right of access: You can ask us if we are processing your data and how.
Right of rectification: You can ask us to update your personal data if it is incorrect, and delete it if you wish.
Right of limitation of processing: In this case they will only be kept by us for the exercise or defense of claims.
Right of opposition: Following your request to oppose the processing, we will stop processing the data in the manner you indicate, unless for compelling legitimate reasons, the exercise or defense of possible claims must continue to be processed.
Right to data portability: In case you want your data to be processed by another company, we will facilitate the portability of your data to the new data controller.
Right to erasure: You may request that we delete your data when it is no longer necessary for processing, you withdraw your consent, it is unlawful processing or there is a legal obligation to do so. We will analyze the case and apply the law.
If you need more information about your rights under the Law and how to exercise them, we recommend that you contact the Spanish Data Protection Agency (AEPD), which is the supervisory authority for data protection.
You may contact, if necessary, the Data Protection Officer prior to filing a complaint against the data controller before the AEPD.
In the event that we have not attended to the exercise of your rights, you may file a complaint with the AEPD.
We have forms for the exercise of rights that can be requested to the email mentioned above; you can also use those developed by the AEPD or third parties. These forms must be signed electronically or be accompanied by a photocopy of the DNI. If you act through a representative in the same way must be accompanied by a copy of your ID or electronic signature.
The forms must be submitted in person or sent by mail or email to the addresses listed in the section “Responsible”.
The maximum period for resolution is one month from receipt of your request.
How long will we keep your data?
The personal data will be kept as long as you maintain the relationship with us.
At the end of the same, the personal data processed for each of the purposes indicated will be kept for the legally stipulated periods. If there is no such legal period until the interested party requests its deletion or revokes the consent granted, or during the period that a judge or court may require them according to the statute of limitations for legal actions.
In each treatment or type of data, we provide a specific period, which can be found in the following table:
| Data related to | Document | Conservation |
| Customers and suppliers | Invoices | 4 years (statute of limitations), art. 66 Law 58/2003, General Taxation. 10 years (statute of limitations), Law 34/2015, of September 21, partially amending Law 58/2003, General Taxation (Art. 66 bis). Checks and investigations by the administration. |
| Customers and suppliers | Contracts | 5 years |
| Customers and suppliers | Contracts | General Tax Law, arts. 66 to 70 4 previous fiscal years (years) |
| Customers and suppliers | Parties subject to the Prevention of Money Laundering Act, documentation evidencing compliance with AML obligations | Law 10/2010 art. 25 10 years |
| Human Resources | Payrolls, TC1, TC2, etc. | 10 years, LO 7/2012 |
| Human Resources | Resumes | Until the end of the selection process, and up to 1 more year unless the interested party revokes consent or requests deletion. |
| Human Resources | Severance pay documents. Contracts. Temporary workers data. Worker’s file. | Law on offenses and penalties in the social order (RD 8/2000): art. 21 4 years |
| Human Resources | Daily record of the working day. | RD law 8/2019 4 years |
| Human Resources | Documentation or computer records accrediting compliance with ORP regulations. Documentation required for the obligation to pay Social Security contributions. | RDL 5/2000 art. 4 5 years |
| Human Resources | Digital tachograph: transfers and copies of data stored in memory. | Royal Decree 125/2017 of February 24. 1 year. |
| Marketing | Databases or web visitors. | For the duration of the treatment. |
| Access Control and Video Surveillance | Visitor registration | Instruction 1/1996 AEPD 30 days |
| Access Control and Video Surveillance | Video surveillance. In the case of an educational center (Placement in common areas of the school center for the protection of minors). | Art. 22.3 Ley Orgánica 3/2018, de 5 de diciembre, de Protección de Datos Personales y garantía de los derechos digitales 30 days Informe Jurídico AEPD 475/2014 10 days |
| Accounting | Accounting books and documents. Shareholders and board of directors agreements, company bylaws, minutes, board of directors regulations and delegated commissions. Financial statements, audit reports. Records and documents related to grants. | Commercial Code art. 30: 6 years |
| Prosecutor | Prescription of the verification of taxable income and deductions. | 10 years, Law 34/2015, of September 21, partially amending Law 58/2003, General Tax Law (Art. 66bis). |
| Prosecutor | Accounting books and other mandatory record books (IRPF, VAT, IS, etc.) as well as the documentary supports that justify the entries recorded in the books. Management of the company’s administration, rights and obligations related to the payment of taxes. Administration of dividend payments and tax withholdings. | 4 years, arts. 66 to 70, General Tax Law. |
| Health and Safety | Worker Medical Records. | 5 years |
| Environment | Information on chemical or substantially hazardous substances. | 10 years |
| Environment | Documents related to environmental permits While the activity is being carried out. | 3 years after closure of the activity 10 years (statute of limitations crime) |
| Environment | Records on recycling or waste disposal. | 3 years |
| Environment | Grants for clean-up operations must retain records of entitlements and obligations, receipts and payments. | 4 years |
| Environment | Accident reports. | 5 years |
| Insurance | Insurance policies. | 6 years (general rule) 2 years (damages) 5 years (personal) 10 years (life) |
| Shopping | Registration of all deliveries of goods or services, intra-community acquisitions, imports and exports for VAT purposes. | 10 years |
| Legal | Intellectual and Industrial Property Documents. Contracts and agreements. | 5 years |
| Legal | Permits, licenses, certificates | 6 years from the date of expiration of the permit, license or certificate. 10 years (criminal statute of limitations) |
| Legal | Confidentiality and non-competition agreements. | The term of the obligation or confidentiality is always the term of the obligation or confidentiality |
| Data protection regulations | Records and documents evidencing compliance with the requirements of data protection regulations (audits, reports, contracts, etc). | For the duration of data processing and thereafter for 3 years |
| Data protection regulations | Documentation accrediting that the requests for the exercise of rights of the interested parties are attended. | For 3 years after application |
| Data protection regulations | Logs/Records of access to information systems | 2 years |
| Data protection regulations | If processing is based on the data subject’s consent, proof of consent | For the duration of data processing and thereafter for 3 years |
| Complaints channel | Internal reporting Regulatory compliance program (corporate criminal liability) | LOPDGDD 3/2018, art. 24.4 3 months, unless the purpose of the conservation is to leave evidence of the functioning of the model of prevention of the commission of crimes by the legal person. 10 years (criminal statute of limitations) |
| Money laundering | The regulated entities shall keep for a minimum period of ten years the documentation formalizing compliance with the obligations set forth in this Law. In any case, the filing system of the regulated entities shall ensure the proper management and availability of the documentation, both for internal control purposes, as well as for timely and proper response to the requirements of the authorities. | 10 years Article 25 of Law 10/2010 of April 28, 2010, on the prevention of money laundering and terrorist financing. |
Medical history | Health centers are obliged to keep the clinical documentation in conditions that guarantee its correct maintenance and security, although not necessarily in the original support, for the proper care of the patient for the appropriate time for each case and, at least, five years from the date of discharge from each care process. Clinical documentation will also be kept for judicial purposes in accordance with current legislation. It will also be kept when there are epidemiological, research or organizational and operational reasons for the National Health System. It will be processed in such a way as to avoid, as far as possible, the identification of the persons concerned. In order to guarantee the future uses of the medical record, especially for health care purposes, it will be kept for the minimum period of time established in the basic state regulations, counted from the date of discharge from each health care process or from the patient’s death. | 5 years (minimum) Article 17 of Law 41/2002 of November 14, 2002, on patient autonomy and rights and obligations regarding clinical information and documentation. Law 10/2014, of 29 December, of the CA Valenciana (Health). |
| Traffic data related to Internet connections, e-mails and fixed and mobile telephone calls. | User identifier, IP address (source/destination), telephone number, IMSI and IMEI (source/destination), date and time of communication (start/end), identification of the type of service or communication used (voice, data, SMS or MMS,…). | 1 year Article 5 of Law 25/2007, of October 18, 2007, on the conservation of data relating to electronic communications and public communications networks. |
| Audit of accounts. | Statutory auditors and audit firms shall retain and keep for a period of five years from the date of the audit report, the documentation relating to each audit of accounts performed by them, including the auditor’s working papers that constitute the evidence and support for the conclusions contained in the report. | 5 years Article 24 of RDLeg. 1/2011 of July 1, which approves the revised text of the Audit Law. |
| Building access control. | Data included in automated files created to control access to buildings must be cancelled after 1 month from the date they were obtained. | 1 month Fifth rule of Instruction 1/1996, of March 1, 1996, of the Data Protection Agency, on automated files established for the purpose of controlling access to buildings. |
| Documents in the attorneys’ files. | As the actions that can be brought to demand professional liability from the lawyer are of a personal nature and no special one has been indicated, the statute of limitations period is, as of October 7, 2015, five years, so that during that period at least (unless there is an interruption in its computation) the finalized files must be kept. | 5 years Art. 1964.2 Civil Code, in wording given by Law 42/2015, of October 5, reforming the LEC. |
| Registration books and entry forms in hotel establishments. | The entry reports shall be grouped in log books of a minimum of 100 sheets and a maximum of 500. These log books shall be kept for three years at the disposal of the Security Forces and Corps, and then disposed of in a manner that does not allow access to the personal information contained therein. The registration includes data of minors under 14 years of age, the report is signed by the minor from 14 years of age, if the minor is under 14 years of age, the accompanying person signs the report. The data to be requested include: landline phone, cell phone, e-mail, number of travelers, relationship, if the establishment has Internet connection. The data also includes payment data: type (cash, credit card, payment platform, transfer…) identification of the payment method (card type and number, IBAN bank account, mobile payment solution, others), holder of the payment method, card expiration date, date of payment. | 3 years OM INT/1922/2003 of July 3, 2003, on log books and entry forms for travelers in hotel and catering establishments and other similar establishments. 3 years The data in the computer registry must be kept for a period of three years from the end of the service or service contracted (non-professional hosting is excluded from the registry and must be communicated). Royal Decree 933/2021, “Obligations of documentary registration and information of individuals or legal entities that carry out lodging and motor vehicle rental activities.” Updates Order INT/1922/2003, including the new types of lodging activities: short-stay tourist homes, internet portals. |
| Driver recognition centers. | The center shall keep for a period of ten years the content of the reports issued, including the opinions of the physicians, doctors and psychologists who have intervened in the examination, the complementary reports that, if necessary, have been submitted and, in the case referred to in Article 3.2, the documents that have been provided by the interested party. | 10 years Article 15.5 of Royal Decree 170/2010, of February 19, which approves the Regulation of examination centers designed to verify the psychophysical aptitudes of drivers. |