Data Protection and Privacy Policy

Confidentiality and Data Protection Policy

Cosmos Aromática Internacional S.A. is committed to due diligence and compliance with Data Protection regulations as implemented through Regulation 2016/679 regarding the protection of individuals with respect to the processing of personal data and the free movement of such data (General Data Protection Regulation, GDPR) and Organic Law 3/2018 on Data Protection and the Guarantee of Digital Rights (LOPDGDD).

Below is the detailed information about the confidentiality and Personal Data Protection policy in compliance with the provisions of the aforementioned regulations.

Data Controller’s information and contact details of the Data Protection Officer (DPO):

• Identity: Address to the attention of the DPO _R. Segrià
• Dirección / C. P: Autovía de l´Ametlla ( C17), Kmt 25,5; 08480 L´Ametlla del Vallés
• E-mail address: cosmos@cosmosaromatica.es
• Telephone: 34 93 843 00 00

Purposes of processing

The Entity will process the information provided by interested parties for the following purposes:

• Manage your attention, visit, and meeting at our facilities, as well as the management and delivery of the services/products contracted.
• Manage any type of request, suggestion, or query about our professional services made by interested parties.
• Informative and commercial communications: processing your data for the purpose of informing you about activities, articles of interest, and general information related to our activity and the services/products contracted.
• Manage data provided by job applicants through their Curriculum Vitae (CV) for the purpose of the selection and recruitment process.

For the proper outcome and management of the above purposes, the data subject consents to the processing of their data for the aforementioned purposes, all under the strictest compliance with Data Protection regulations and the policy we are detailing. At any time, you may exercise your rights (see specific section).

Data retention criteria

• Management of services/products contracted with the Entity: Personal data provided in contracts, offers, and/or service proposals, as well as that of other individuals whose involvement is necessary, will be kept for as long as the contracted services are in effect. Upon the completion of the contracted service(s), personal data will be retained in cases where liabilities with the Entity could arise and/or in compliance with other regulatory frameworks applicable to the Entity or a regulation with the force of law that requires the preservation of such data. Personal data will be maintained in a manner that allows the identification and exercise of the Rights of the affected individuals, and under the necessary technical, legal, and organizational measures to ensure the confidentiality and integrity of the data.
• Curriculum Vitae Management: The Entity, as a rule, keeps your Curriculum Vitae for a maximum period of one year; after this period, it will be automatically destroyed, in compliance with the principle of data quality.
• Others: the rest of the data and information provided by the user by any means will be retained for the time necessary to fulfill the purpose for which they were collected.

Legitimation

The legal basis that enables the Entity to process the personal data of users, clients, potential clients is based on the following grounds:

• The consent of the interested parties for the processing and management of any request for information or consultation about our services and products.
• The consent provided by job applicants for selection and recruitment purposes.
• The framework of provision and/or contracting of services/products with the Entity.
• The legitimate interest in sending you informative, commercial communications and/or promotional offers related to the Entity’s activity and the services/products contracted through email or any other means.

Recipients

Personal data is not transferred to third parties, except as required by law.

Origin

Personal data is obtained directly from the interested parties and our collaborators. The categories of personal data provided to us by our collaborators are as follows:

• Identification data.
• Postal or electronic addresses.
• Data provided and/or consented by the interested parties themselves, related and necessary for the management and delivery of the requested service/product. 

Rights

• Right of Access, Rectification, and Erasure: Interested parties have the right to obtain confirmation as to whether the Entity is processing personal data concerning them or not. Interested parties have the right to access their personal data, as well as to request the rectification of inaccurate data or to request their deletion when, among other reasons, the data is no longer necessary for the purposes for which it was collected.

• Right to Restriction and Objection: In certain circumstances, interested parties may request the limitation of the processing of their data, in which case we will only retain it for the exercise or defense of claims. In certain circumstances and for reasons related to their particular situation, interested parties may object to the processing of their data. The Entity will cease to process the data in this case, except for compelling legitimate reasons, or for the exercise or defense of possible claims.

These rights may be exercised through our Data Protection Channel, see the specific section for details.

Attention and Support

Interested parties may communicate any questions to the Entity regarding the processing of their personal data or interpretation of our policy by contacting the Data Protection Officer (DPO) at the address indicated at the beginning of this policy.