DATA PROTECTION POLICY

Web Privacy Policy

KAIRÓS SOCIEDAD COOPERATIVA DE INICIATIVA SOCIAL declares to respect the current Spanish and European legislation on personal data protection, specifically, the Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 and the Organic Law 3/2018, of December 5, on Personal Data Protection and guarantee of digital rights.

Your privacy and trust are important to us, so in this Privacy Policy we provide you with important information about how we treat your personal information. We recommend that you read the following carefully and, if after doing so you have any questions, you can consult us through the means we make available to you.

Responsible for the treatment

The Responsible for the processing of your personal data and owner of this website is KAIRÓS SOCIEDAD COOPERATIVA DE INICIATIVA SOCIAL (hereinafter, "KAIRÓS"), a company registered in the Book of Registration of Cooperative Societies of the Registry of Cooperatives, Central Section of Aragon, dependent on this Department of Economy, Treasury and Employment, in volume II, page 160-A and under the entry number 1, being classified as Associated Work Cooperative and with inscription number ARA-RC-160, provided with NIF nº F-50905124 and with registered office located in C/El Globo nº 14, local, 50015 Zaragoza.

In addition to the address above, if you wish to contact us you can do so through our:

Typology, purpose and legitimate basis for the processing of personal data

We collect personal data from:

  • Workers' data: the purpose of this data is to manage the employment relationship, prepare their pay slips, control the working day and other obligations deriving from the same. The data collected are identification data, special categories (health/disability), personal characteristics data, academic data and professions, employment detail data and economic data. The basis of legitimacy for the data processing is the relationship between the parties, the legal obligation to collect this type of data and the consent of the interested parties. The data retention period is set at five years from the end of the employment relationship, except for payrolls, TC1 and TC2, which must be kept for ten years.
  • Job seeker data: the purpose of this data is to manage selection processes. The data collected are identification data, personal characteristics data, academic data and professions and employment detail data. The basis of legitimacy for data processing is the pre-contractual relationship between the parties and the consent of the interested parties. The data retention period is set at six months from the end of the selection process.
  • User data: the purpose of data processing is the execution of a commercial contract or pre-contract and the provision of the requested services. For this purpose, identification data, property and economic data are requested. The legitimate basis for data processing is the legitimate interest of the data controller and the execution of a contract. The data will be deleted within five years after the end of the business relationship.
  • Training data: the purpose of the data processing is the execution of a contract and the management of the requested training. For this purpose, identification data, property data and financial data relating to customers who order training and students who attend are requested. The legitimate basis for the data processing is the legitimate interest of the data controller and the execution of a contract. The data will be deleted within five years from the end of the business relationship.
  • Suppliers' data: the purpose of this data is to manage commercial contracts for which identification data, financial or tax data and other data such as TC2 or civil insurance are collected. It is the execution of the contract or pre-contract itself that legitimizes us to process your data, which will be canceled within five years from the end of the business relationship.
  • Partner data: the purpose of the partners is to manage the entity internally. The processing of their data is legitimized in the business relationship between the parties.
  • Video surveillance data: the purpose of the processing is to ensure the security of our facilities. The basis of legitimacy for the processing of this data is the fulfillment of a mission carried out in the public interest. This data (image) will be deleted within 30 days.
  • Data relating to the exercise of rights: the purpose of the processing is to attend to the exercise of data protection rights. The basis of legitimacy is compliance with current legislation on data protection. These data will be minimized and will be kept at all times in compliance with the provisions of current data protection regulations.
  • Data relating to the complaints channel: the purpose of the processing is to process complaints received as a result of non-compliance with the document of Functions and Obligations of the personnel, Code of Ethics and other internal regulations. The basis that legitimizes the processing of this data is the legitimate interest of the data controller. These data will be minimized and will be kept for 7 days unless they must be investigated, in which case they will be kept for the duration of the investigation, the corresponding legal proceedings or the statute of limitations of the actions that may be exercised.
  • The use of Cookies: KAIRÓS may process the personal data collected through the cookies reported in the Cookies Policy. your personal data in this case will be processed for the purposes [improving web functionality, personalization, social media analysis]. The legitimate basis in this case is your consent.

Conservation periods

The personal data provided will be kept for as long as the relationship that may bind us, during the legal periods of conservation, or until the interested party requests its deletion or opposition. In general, a conservation period of five years from the end of the relationship between the parties is established. At the end of this period, we will proceed to the cancellation or confidential destruction of the same.

How do we share information with third parties?

We share personal information with third parties in order to provide services on the terms described in this Privacy Policy or when we believe it is permitted or required by law. When we share personal information, we do so in accordance with privacy and data security requirements.

KAIRÓS informs the data subject that some of our suppliers may process personal data as data processors, for example, in the case of:

  • Third party service providers, when necessary for the provision of services, coordination of activities, internal management, approval of suppliers, software support, systems and platforms, cloud hosting services and electronic communications. In such cases, access to your data by third parties will only be carried out when KAIRÓS maintains a contractual relationship with the data processor that guarantees confidentiality, the non-use of the personal information of users that we make available for purposes other than those indicated above, as well as compliance with our internal regulations on privacy and information security.
  • When such transfer of data is covered by a legal obligation or was required by the competent authorities to respond to legal requirements, criminal investigation of a possible illegal activity or claims that a content infringes the rights of third parties or to protect the rights, property or security of third parties, in the case of merger, sale, restructuring, acquisition, joint venture, assignment, transfer or other disposal, in whole or in part, of our business, assets or shares (e.g., assignments to the AEAT, TGSS...).

Likewise, the companies detailed at the beginning of this Privacy Policy may transfer information to entities belonging to KAIRÓS for business management purposes.

International transfers

In some cases KAIRÓS uses third party tools and services for the management of services. Some of these services may be owned by third parties resident outside the European Economic Area.

KAIRÓS tries to use secure tools whose servers are preferably located in Spain, or failing that, in a member state of the European Union, or that comply with the European legality according to the guidelines and recommendations of the Spanish Data Protection Agency, the European Commission and the Community reference agreements on international data transfer.

In the event that the international transfer of data is required, acceptance of this Privacy Policy means that as a User you expressly consent to such transfer.

Exercise of rights and claims before the Spanish Data Protection Agency (Agencia Española de Protección de Datos).

At any time the User may withdraw his/her consent and/or exercise his/her rights of access, rectification, suppression, limitation, opposition and portability provided for in the European regulations on personal data protection, by sending an e-mail to Info@kairos.coop or by mail to KAIRÓS, at C/El Globo nº 14, local, 50015 Zaragoza.

In such a case, the User must indicate the right he/she wishes to exercise and attach a copy of his/her ID card or any other valid identification documentation that legitimizes him/her to do so, including the one that allows his/her electronic identification.

If your rights are not effectively addressed, you may file a complaint with the Spanish Data Protection Agency.

Your commitment, the veracity of the data you provide us with

The User declares that the personal data provided to KAIRÓS are true.

As a User you must know that you are the only responsible for any damage or harm, direct or indirect, that could be caused to KAIRÓS as responsible for this website or to a third party if you send us false data or data of third parties without your prior consent causing deception, damage or harm.

In order for us to keep your data accurate and up to date, we ask the User to inform us of any changes that may occur in the data provided.

Consent of minors

It is forbidden by KAIRÓS the sending of personal data through this website or the means indicated therein by users under 14 years of age. In the event that KAIRÓS detects users who may be under the aforementioned age, it will not process their data and therefore will not respond to requests.

KAIRÓS reserves the right to request a copy of your ID card or equivalent document that proves your legitimacy in case it has well-founded suspicions about the User's underage status.

Applicable Security Measures

In order to protect the personal data of users, KAIRÓS ensures itself and controls its processors, in the implementation of technical and organizational measures appropriate to the state of the art to protect personal data, taking into account the scope, context and purposes of the processing, as well as the risks of varying likelihood and severity to the rights and freedoms of data subjects, seeking to be able to ensure the confidentiality, integrity, availability and resilience of systems and processing services.

Our information security policies and procedures are regularly reviewed and updated to meet the needs of our business, technological changes and regulatory requirements.

Applicable law and jurisdiction

KAIRÓS is based in Spain, so the content of this Privacy Policy has been drafted in accordance with Spanish legislation and applicable European Union regulations.

By accepting this Privacy Policy, you agree that claims or complaints against this entity arising from or related to the use of this website and more specifically with the processing of your personal data will be resolved by the court of competent jurisdiction located in Zaragoza. If it is KAIRÓS who has to make any kind of claim, it will do so before the competent court of the User's domicile or at the domicile of KAIRÓS (C/El Globo nº 14, local, 50015 Zaragoza) in the case of legal persons or non-consumer professionals.

If the User accesses this site from a location outside of Spain, the User is responsible for complying with all applicable local and international laws.

Last update

Privacy Policy last updated on January 23, 2022.