Data protection policy

This is the data protection policy of Huurre Ibérica S.A.U., a company that is part of Kingspan Group plc (hereinafter the Group). To consult the Group companies you can access this link.

It refers to the data it processes in the exercise of its productive and commercial activities in compliance with the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council, of April 27, 2016).

Who is responsible for the processing of personal data?

The person responsible for the processing of personal data is Huurre Ibérica S.A.U. (hereinafter, HUURRE), with CIF A17202375 and address at Carrer de Serinyà, 43, 17244 Cassà de la Selva, Girona, tel. 972463085, email huurre@huurreiberica.com, website www.huurreiberica.com.

For what purpose do we process the data?

At HUURRE we process personal data for the following purposes:

  • Contact: Answer queries from people who contact us through the contact forms on our website. We use them solely for this purpose.
  • Telephone attention: Provide telephone assistance to people who contact us by this means. To offer greater quality of service, conversations can be recorded, with the person with whom we communicate being previously warned.
  • Personnel selection: Reception of resumes sent to us by people interested in working with us and management of personal data generated by participation in personnel selection processes, with the purpose of analyzing the suitability of the candidates’ profile in depending on vacant or newly created positions. Our criterion is to keep for a maximum period of one year also the data of people who do not end up being hired in case, in the short term, a new vacancy or a new job arises. However, in the latter case, if the interested party requests it, we immediately delete the data.
  • Customer services:  Register new customers and additional data that may be generated as a result of the business relationship or provision of services with customers. In the contracting process, essential data is requested, which must include bank details (current account or credit card number) which will be communicated to banking entities that manage the collection (they can only be used for this purpose). The commercial relationship entails other treatments, such as incorporating the data into accounting, billing or information to the tax administration. HUURRE can carry out surveys of its clients to find out the degree of satisfaction and improve the provision of its services.
  • Information about our products and services: While maintaining a contractual relationship with its clients, HUURRE uses your contact information to communicate information specific to this relationship, information that may occasionally include references to our products and services, whether of a general nature or referring more specifically to the characteristics and needs of the client.
  • Other information on products and services: With the explicit authorization of the clients, once the contractual relationship has ended, the contact data is kept to send advertising related to our services or products, information of a general nature or specific to the characteristics of the client. This information is sent to those who, even if they have not been a client, request it from us or accept it by filling out our forms.
  • Advertising of products and services of companies in our group: Always with the prior and explicit authorization of the people indicated in the previous section, the contact information is used to send advertising, both of a general nature and adapted to the characteristics of the people, information on products or services from the companies in our group. Likewise, with the explicit consent of the interested party, contact information may be communicated to these companies so that they can directly send advertising for their products or services.
  • Management of our suppliers’ data: We register and process the data of suppliers from whom we obtain services or goods. They can be the data of people who act as self-employed workers and also data of representatives of legal entities. We obtain the data that is essential to maintain the commercial relationship, we use it solely for this purpose and make it the use typical of this type of relationship.
  • Users of our website: The navigation system and the software that enables the operation of our website collect the data that is ordinarily generated in the use of Internet protocols. This category of data includes, among others, the IP address or domain name of the computer used by the person connecting to the website. This information is not associated with specific users and is used for the exclusive purpose of obtaining statistical information on the use of the website. Our website uses cookies. You can read more information about the use of cookies from this link: Cookie policy.
  • Other data collection channels:  We also obtain data through face-to-face relationships and other channels such as receiving emails, through our profiles on social networks. In all cases, the data is used only for the explicit purposes that justify its collection and processing.
  • Video surveillance: When accessing our facilities, you are informed, where appropriate, of the existence of video surveillance cameras using approved signs. The cameras record images only from the points where this is justified in order to guarantee the safety of property and people and the images are used only for this purpose.

Which is the legal legitimacy for data processing?

The data processing we carry out has different legal bases, depending on the nature of each processing:

  • In compliance with a pre-contractual relationship: This is the case of the data of potential clients or suppliers with whom we have relations prior to the formalization of a contractual relationship, such as, for example, the preparation or study of budgets. This is also the case of the processing of data of people who have sent us their curriculum vitae or who participate in selective processes.
  • In compliance with a contractual relationship: This is the case of relationships with our clients and suppliers and all the actions and uses that these relationships entail.
  • In compliance with legal obligations: Data communications to the tax administration are established by regulations regulating commercial relations. It may be the case that data must be communicated to official bodies or to security bodies and forces, also in compliance with legal regulations that require collaboration with these public bodies.
  • Based on consent: When we send information about our products or services, we process the contact data of the recipients with their authorization or explicit consent. The navigation data that we may obtain through cookies is obtained with the consent of the person visiting our website, consent that can be revoked at any time by uninstalling these cookies. We communicate your data to other companies in our group also with the prior consent of each person.
  • For legitimate interest: The images we obtain with video surveillance cameras are processed for the legitimate interest of our company in preserving its assets and facilities. Our legitimate interest also justifies the processing of data we obtain from contact forms.

To whom is the data communicated?

As a general criterion, we only communicate data to administrations or public powers and always in compliance with legal obligations. When issuing invoices to clients, the data can be communicated to banking entities. In justified cases we will communicate the data to the security forces or competent judicial bodies. On the other hand, if consent has been given, the data may be communicated to other companies in the Group for the purposes indicated above. No data transfers are carried out outside the scope of the European Union (international transfer).

In another sense, for certain tasks we obtain the services of companies or people who provide us with their experience and specialization. On some occasions these external companies have to access personal data that is our responsibility. This is not exactly a transfer of data but rather a processing order. Only services are contracted from companies that guarantee compliance with data protection regulations. At the time of hiring, their confidentiality obligations are formalized and their performance is monitored. This may be the case of data hosting services, computer support services or legal, accounting or tax advice.

How long do we keep data?

We comply with the legal obligation to limit the data retention period to the maximum. Therefore, they are kept only for the time necessary and justified for the purpose for which they were obtained. In certain cases, such as the data contained in accounting documentation and billing, tax regulations require that data be kept until responsibilities in this matter are prescribed. In the case of data that is processed based on the consent of the interested person, it is kept until this person revokes consent. The images obtained by the video surveillance cameras are kept for a maximum of one month, although in the case of incidents that justify them, they will be kept for the time necessary to facilitate the actions of the security forces or judicial bodies.

What rights do people have in relation to the data we process?

As provided in the General Data Protection Regulation, the people whose data we process have the following rights:

  • To be informed when obtaining. When personal data is obtained from the same interested party, at the time of providing it, there must be clear information about the purposes for which it will be used, who will be responsible for the processing and the rest of the aspects derived from this processing.
  • Who knows if they are treated. Anyone has, first of all, the right to know if we process their data, regardless of whether a previous relationship has existed.
  • To access them. Very broad right that includes the right to know precisely what personal data is being processed, what is the purpose for which it is processed, the communications that, where appropriate, will be made to other people or the right to obtain a copy or to know the expected conservation period.
  • To request its rectification. It is the right to have inaccurate data that is processed by us rectified.
  • To request its deletion. In certain circumstances there is the right to request the deletion of data when, among other reasons, it is no longer necessary for the purposes for which it was obtained and justified its processing.
  • To request limitation of processing. Also in certain circumstances, the right to request limitation of data processing is recognized. In this case they will no longer be processed and will only be kept for the exercise or defense of claims, in accordance with the General Data Protection Regulation.
  • To portability. In the cases provided for in the regulations, the right to obtain one’s own personal data in a structured, commonly used machine-readable format is recognized, and to transmit it to another data controller if the interested person so decides.
  • To oppose the treatment. A person may cite reasons related to their particular situation, reasons that will mean that their data will no longer be processed to the degree or extent that it may cause them harm, except for legitimate reasons or in the exercise or defense of claims.
  • Not to receive commercial information. We will immediately respond to requests to not continue sending commercial information to people who have previously authorized us to do so.

How can you exercise or defend your rights?

The rights that we have just listed can be exercised by sending a written request to HUURRE at the postal address Carrer de Serinyà, 43, 17244 Cassà de la Selva, Girona, tel. 972463085, or by sending an email to huurre@huurreiberica.com, indicating in any case “Protection of personal data”.

If a satisfactory response has not been obtained in the exercise of rights, it is possible to file a claim with the Spanish Data Protection Agency, through the forms or other channels accessible from its website (www.agpd.en).