PRIVACY POLICY
The Privacy Policy forms part of the Legal Notice governing the Website: www.abessis.com along with the Cookie Usage Policy.
The website www.abessis.com is owned by AB6 Obres i serveis, S.L. and complies with the requirements derived from Law 34/2002, of July 11, on Information Society Services and Electronic Commerce, and current regulations regarding the protection of personal data, in particular, Regulation (EU) 2016/679 of the European Parliament and of the Council, of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and the free movement of such data, and Organic Law 3/2018, of December 5, on Personal Data Protection and guarantee of digital rights.
AB6 Obres i serveis, S.L. reserves the right to modify or adapt this Privacy Policy at any time. Therefore, we recommend that you review it each time you access the Website. In the event that a user has registered on the website and accesses their account or profile, upon accessing it, they will be informed if there have been substantial changes regarding the processing of their personal data.
Who is the DATA CONTROLLER?
The data collected or voluntarily provided by you through the Website, whether by browsing it, as well as all those you may provide in contact forms, via email, or by phone, will be collected and processed by the Data Controller, whose details are provided below:
Identity: AB6 Obres i serveis, S.L.
CIF: B62131180
Postal Address: Plaza Cánovas del Castillo, 1-5th floor – 46005 – Valencia (VALENCIA)
Telephone: 963527357
Email: laura.barbera@abessis.com
DPO Contact:
(where applicable)
URL: www.abessis.com
Commercial Registry
VALENCIA, Volume …, Book …, Folio …, Section …, Sheet V-….
If, for any reason, you wish to contact us regarding any matter related to the processing of your personal data or privacy (with our Data Protection Officer), you may do so through any of the means indicated above.
When, why, who, how, for what, and for how long do we process your personal data?
When and why?
You can browse most of our web pages without providing any personal information, but in some cases, this information is necessary to provide you with the electronic services you request.
If we need to collect personal data to provide you with the service, we will process the information according to the policy outlined in this document and the specific conditions of the particular service in question (if any), which contain specific privacy statements about the use of the data and inform you about why, for what, how, for how long we process your personal data, and what security measures we implement.
Who collects your data?
The collection and processing of personal data that you may provide are carried out by our entity or, where applicable, its data processors.
Regarding the latter case, these processors are third parties who are contractually required to ensure their activities comply with the law and implement appropriate security measures to protect such data.
For what purpose?
The personal data we request, or that you provide due to your browsing, are used to manage, provide, and improve the services you have requested.
For example, we will process your personal data to manage the inquiries you send us, to manage your participation in personnel selection processes, to send you electronic communications if you have requested them, and, where applicable, to compile statistics.
In this regard, we request an email address when you use our contact forms on the website. We only collect the sender’s personal data necessary to respond to you.
When you subscribe to our newsletters, we also request an email address to provide the service; in any case, you can manage your unsubscribe from the service whenever you wish, and we provide means for you to do so.
How do we process your data?
We collect personal information only to the extent necessary to achieve a specific purpose. The information will not be used for a purpose incompatible with the one described.
We only disclose the information to third parties if it is necessary for the fulfillment of the service’s purpose and only to those who need to know it.
All of this is done to ensure the service can be provided while processing your personal data with confidentiality and discretion, in accordance with current legislation.
In any case, our entity adopts security measures to protect the data against possible misuse or unauthorized access, alteration, or loss.
How long do we keep your data?
We keep the data only for the time necessary to fulfill the purpose of its collection or further processing. The retention period of the data will depend on the service, and the duration of the personal data processing will be indicated for each service.
At the end of this document, we provide you with a table containing the specific retention periods.
For what PURPOSES will we process your personal data?
– Customers:
We process your personal data for the purposes of (1) managing your purchase or service provided; (2) maintaining the contractual and pre-contractual relationship for billing, preparing quotes, and following up on them, as well as sending you information by electronic means regarding your request; (3) sending communications about commercial information by electronic means that may be of interest to you, provided there is express authorization; (4) we may create a commercial profile based on the information you provide to offer you products and services according to your interests. No automated decisions will be made based on this profile.
– Suppliers:
We process your personal data for the purposes of (1) billing, (2) maintaining commercial contact, and, where applicable, (3) sending you information by electronic means about our products or services.
– Website or email contacts:
We process your personal data for the purposes of (1) responding to your inquiries and requests; (2) managing the requested service or processing your order; (3) sending you commercial information by electronic means that may be of interest to you, provided there is express authorization; (4) we may create a commercial profile based on the information you provide to offer you products and services according to your interests. No automated decisions will be made based on this profile.
– Social media contacts:
We process your personal data for the purposes of (1) responding to your inquiries and requests, (2) managing the requested service, responding to your request, or processing your order, and (3) interacting with you and creating a community of followers.
– Job applicants:
We process your personal data for the purposes of (1) including you in recruitment selection processes, (2) scheduling job interviews and evaluating your candidacy, (3) sharing your curriculum vitae with group companies, collaborators, or related entities with the sole purpose of involving you in their selection processes, provided you have given us your consent.
– Participants in our contests:
We process your personal data to manage your participation in the contests we organize, as well as to publicize the contest winners and the award ceremony.
Participants who win may be photographed or recorded on video and published in any media, our website, or other communication channels. Consequently, it is possible that participants’ images may be captured, recorded, and/or reproduced incidentally to the main activity.
– Website users:
By browsing our website, we collect information about your browser, your device, and the data regarding your use of our website, as well as any information you provide while using our website. In an anonymized or aggregated form, we may record the IP address (device’s Internet access identification number, which allows devices, systems, and servers to recognize and communicate with each other).
The purpose of the processing is (1) to gain practical knowledge about how users utilize our website to enable us to improve it; (2) to perform statistical analyses to help us enhance our commercial strategy; (3) to conduct website performance analytics; and (4) for technical security and system diagnostics.
The data we obtain is not linked to a specific user and will be stored in our databases.
The aforementioned data, as well as any personal data you may provide, are stored through cookies collected in a pseudonymized format and are subject to objections to the processing of this personal data, as detailed in the Cookie Policy.
You can consult the Cookie Policy in the corresponding section.
Your browsing information may be stored via Google Analytics, so we refer you to Google’s Privacy Policy, as it collects and processes such information.
Likewise, our website may provide the utility of Google Maps, which could access your location if you allow it, to provide greater specificity about the distance and/or routes to our premises. In this regard, we refer you to the privacy policy used by Google Maps to understand the use and processing of such data.
To offer information or services of interest based on the User’s location, we may access data related to the geolocation of the User’s device in cases where the user’s settings permit it.
The Portal may offer functionalities to share content through third-party applications, such as Facebook, Instagram, or Twitter. These applications may collect and process information related to the user’s browsing on various websites. Any personal information collected through these applications may be used by third-party users of the same. Your interactions are subject to the privacy policies of the companies providing these applications.
The Portal may host blogs, forums, and other social networking applications or services to facilitate the exchange of knowledge and content. Any personal information provided by the user may be shared with other users of that service, over whom we have no control.
– Video surveillance:
We also inform you that we have a video surveillance system, the function of which is to ensure the safety of people, property, and facilities. Current regulations legitimize the processing carried out based on legitimate interest, so your image may be recorded simply by entering our premises.
This data may be disclosed to the State Security Forces and Bodies if necessary. The images will be stored for a maximum period of one (1) month from their capture.
What is the LEGAL BASIS for processing your data?
– Customers:
The legal basis for processing your data is (1) the execution of a contract and maintenance of the contractual relationship and (2) your consent requested for sending offers of products and services via electronic means, with the withdrawal of this consent in no way affecting the execution of the contract.
– Suppliers:
The legal basis for processing your data is the execution of a contract in which the data subject is a party or for the application of pre-contractual measures.
– Website or email contacts:
The legal basis for processing your data is the consent of the data subject.
In cases where completing a form and clicking the “send” button is necessary to make a request, doing so will necessarily imply that you have been informed and have expressly given your consent to the content of the clause attached to said form or acceptance of the privacy policy.
All our forms include a checkbox that must be checked to access the services offered.
The purposes of the processing will be as follows:
- a) Manage the inquiries or requests for information you send us through the Website, email, or phone.
- b) Send communications, special promotions, news, or actions that are of interest to you or that you request, including by electronic means. As this is an ancillary purpose to the main one, you must check the box provided for this purpose.
The personal data you provide through this means will not be disclosed to third parties, with AB6 Obres i serveis, S.L. directly responding to such inquiries.
– Social media contacts:
The legal basis for processing your data is the acceptance of the contractual relationship with the respective social network provider, expressed when registering with their application and in accordance with their privacy policies, which are external to us.
– Work with us:
In the event that you provide us with your curriculum vitae, whether through the Website, email, or physically at the address or any office of AB6 Obres i serveis, S.L., it will be incorporated into its database. The curriculum vitae will be stored for a period of 1 year, after which, if we have not contacted you, it will be deleted.
The legal basis for processing is based on the express consent given by the data subject for the processing of the data contained in the curriculum vitae by submitting it and checking the box provided for this purpose.
The purpose of the processing is to include you in current and future selection processes of AB6 Obres i serveis, S.L. or any entity belonging to the business group.
If the data subject ultimately joins AB6 Obres i serveis, S.L. or any of the entities belonging to the business group as an employee, their data will be incorporated into a database owned by the same, to internally manage the employee-employer relationship.
– Newsletter subscription:
The Website offers the option to subscribe to the newsletter of AB6 Obres i serveis, S.L. For this, it is necessary that you provide us with an email address to which it will be sent.
Such information will be stored in a database of AB6 Obres i serveis, S.L., where it will remain registered until the data subject requests its removal or, where applicable, AB6 Obres i serveis, S.L. ceases sending it.
The legal basis for processing this personal data is the express consent given by all those interested in subscribing to this service by checking the box provided for this purpose.
The email data will only be processed and stored for the purpose of managing the sending of the newsletter by the users who request it.
– Participants in our contests:
The legal basis for processing your data is your consent upon registering for the contest and accepting the privacy policy and contest rules.
The personal data collected will not be transferred to third parties.
– Website users:
The legal basis for processing the data is our (1) legitimate interest in understanding our users’ browsing patterns to adapt to their interests and improve our relationship with them; as well as (2) your consent when browsing our website and accepting the cookie usage terms.
To which RECIPIENTS will your data be disclosed?
Your data will not be transferred to third parties unrelated to the service we provide, except under legal obligation. Specifically, it will be disclosed to the State Tax Administration Agency, banks, and financial institutions for the payment of the service provided or product purchased.
Your data may also be disclosed to our service providers when necessary for the execution of the contract. In these cases, the data processor has committed by contract to use the data only for the purpose justifying the processing and to maintain appropriate security measures.
What SECURITY MEASURES do we apply?
You can rest assured that we have adopted appropriate technical and organizational measures to ensure the confidentiality, integrity, and availability in the processing of your personal data that we carry out, specifically those that prevent the loss, misuse, alteration, unauthorized access, and theft of personal data.
What are your RIGHTS when you provide us with your data?
You may exercise your rights of access, rectification, erasure, portability, restriction, or objection to the processing of your data, including the right to withdraw your consent, as detailed below:
- Right of access: You can ask us if we are processing your data and how.
- Right of rectification: You can ask us to update your personal data if it is incorrect, and delete it if you wish.
- Right to restriction of processing: In this case, we will only retain it for the exercise or defense of claims.
- Right to object: After your request to object to processing, we will stop processing the data in the manner you indicate, unless for compelling legitimate reasons or the exercise or defense of possible claims, it must continue to be processed.
- Right to data portability: If you want your data to be processed by another company, we will facilitate the portability of your data to the new controller.
- Right to erasure: You can request that we delete your data when it is no longer necessary for processing, you withdraw your consent, it is unlawful processing, or there is a legal obligation to do so. We will analyze the case and apply the law.
If you need more information about what rights you have under the law and how to exercise them, we recommend consulting the Spanish Data Protection Agency (AEPD), which is the supervisory authority for data protection matters.
You may, where applicable, contact the Data Protection Officer prior to filing a complaint against the data controller with the AEPD.
If we have not addressed your exercise of rights, you may file a complaint with the AEPD.
We have forms for exercising rights that can be requested at the email address mentioned above; you can also use those provided by the AEPD or third parties. These forms must be signed electronically or accompanied by a photocopy of your ID. If acting through a representative, it must also be accompanied by a copy of their ID or electronic signature.
The forms must be submitted in person or sent by postal mail or email to the addresses listed in the “Controller” section.
The maximum period for resolution is one month from the receipt of your request.
For how long will we RETAIN your data?
Personal data will be retained as long as you maintain a relationship with us.
Once this relationship ends, the personal data processed for each of the purposes indicated will be kept for the legally stipulated periods. If no legal period exists, it will be kept until the data subject requests its deletion or revokes the consent given, or for the period a judge or court may require it, considering the statute of limitations for legal actions.
For each processing or type of data, we provide a specific period, which you can consult in the following table:
| Data related to | Document | Retention |
| Customers and suppliers | Invoices | 4 years (statute of limitations), Art. 66 Law 58/2003, General Tax Law.
10 years (statute of limitations), Law 34/2015, of September 21, partially amending Law 58/2003, General Tax Law (Art. 66 bis). Administrative audits and investigations. |
| Contracts | 5 years | |
| Documents and records of tax significance | General Tax Law, Arts. 66 to 70
4 previous fiscal years |
|
| Entities subject to the Money Laundering Prevention Law, documentation proving compliance with AML obligations | Law 10/2010 Art. 25
10 years |
|
| Human Resources | Payrolls, TC1, TC2, etc. | 10 years, LO 7/2012 |
| Resumes | Until the end of the selection process, and up to 1 year more unless the data subject revokes consent or requests deletion. | |
| Severance compensation documents.
Contracts. Temporary workers’ data. Employee file. |
Law on offenses and penalties in the social order (RD 8/2000): Art. 21
4 years |
|
| Daily work schedule record. | RD Law 8/2019
4 years |
|
| Documentation or computer records proving compliance with OSH regulations.
Documentation required for the obligation to pay Social Security contributions. |
RDL 5/2000 Art. 4
5 years |
|
| Digital tachograph: data transfers and copies stored in memory. | Royal Decree 125/2017, of February 24. 1 year | |
| Marketing | Databases or website visitors. | For the duration of the processing. |
| Access control and | Visitor register | Instruction 1/1996 AEPD |
| Video surveillance | 30 days | |
| Video surveillance.
When it involves an educational center. (Placement in common areas of the school for the protection of minors). |
Art. 22.3 Organic Law 3/2018, of December 5, on Personal Data Protection and guarantee of digital rights
30 days AEPD Legal Report 475/2014 10 days |
|
| Accounting | Books and accounting documents.
Shareholders’ and board agreements, company bylaws, minutes, board regulations, and delegated committees. Financial statements, audit reports. Records and documents related to subsidies. |
Commerce Code Art. 30:
6 years |
| Tax | Statute of limitations for verifying tax bases and deductions. | 10 years, Law 34/2015, of September 21, partially amending Law 58/2003, General Tax Law (Art. 66bis) |
| Accounting books and other mandatory record books (IRPF, VAT, IS, etc.) as well as supporting documents justifying entries recorded in the books.
Management of the company’s administration, rights, and obligations related to tax payments. Administration of dividend payments and tax withholdings. |
4 years, Arts. 66 to 70, General Tax Law. | |
| Health and Safety | Workers’ Medical Records. | 5 years |
| Environment | Information on chemical or substantially hazardous substances. | 10 years |
| Documents related to environmental permits while the activity is ongoing. | 3 years after the activity ceases
10 years (criminal statute of limitations) |
|
| Records on recycling or waste disposal. 3 years | ||
| Subsidies for cleanup operations must retain documents of rights and obligations, receipts, and payments. | 4 years | |
| Accident reports. | 5 years | |
| Insurance | Insurance policies. | 6 years (general rule)
2 years (damages) 5 years (personal) 10 years (life) |
| Purchases | Record of all deliveries of goods or provision of services, intra-community acquisitions, imports, and exports for VAT purposes. | 10 years |
| Legal | Intellectual and Industrial Property Documents. Contracts and agreements. | 5 years |
| Permits, licenses, certificates | 6 years from the expiration date of the permit, license, or certificate.
10 years (criminal statute of limitations) |
|
| Confidentiality and non-compete agreements. | Always the duration of the obligation or confidentiality | |
| Data protection regulations | Records and documents proving compliance with data protection regulations (audits, reports, processor contracts, etc.) | For the duration of the data processing and thereafter for
3 years |
| Documentation proving that requests to exercise data subjects’ rights are addressed | For 3 years after the request | |
| Logs/Records of access to information systems | 2 years | |
| If the processing is based on the data subject’s consent, proof of consent | For the duration of the data processing and thereafter for
3 years |
|
| Whistleblowing channel | Internal complaints
Compliance program (corporate criminal liability) |
LOPDGDD 3/2018, Art. 24.4
3 months, unless the purpose of retention is to provide evidence of the operation of the crime prevention model by the legal entity. |
| 10 years (criminal statute of limitations) | ||
| Money laundering | Obligated entities shall retain for a minimum period of ten years the documentation formalizing compliance with the obligations established in this Law.
In any case, the filing system of obligated entities must ensure proper management and availability of the documentation, both for internal control purposes and for timely and appropriate response to requests from authorities. |
10 years
Article 25 of Law 10/2010 of April 28, on the prevention of money laundering and terrorist financing. |
| Medical history | Healthcare centers are obliged to retain clinical documentation under conditions that ensure its proper maintenance and security, though not necessarily in the original format, for proper patient care for the appropriate time in each case and, at a minimum, five years from the date of discharge of each care process.
Clinical documentation will also be retained for judicial purposes in accordance with current legislation. It will also be retained when there are epidemiological, research, or organizational and operational reasons for the National Health System. Its processing will be carried out in a way that avoids, as far as possible, the identification of the affected individuals. To ensure future uses of the medical history, especially for healthcare purposes, it will be retained for the minimum time established in basic state regulations, counted from the date of discharge of each care process or from the patient’s death. |
5 years (minimum)
Article 17 of Law 41/2002 of November 14, on patient autonomy and rights and obligations regarding information and clinical documentation. Law 10/2014, of December 29, of the Valencian Community (Health) |
| Traffic data related to internet connections, emails, and fixed and mobile telephony calls. | User identifier, IP address (origin/destination), phone number, IMSI and IMEI (origin/destination), date and time of the communication (start/end), identification of the type of service or communication used (voice, data, SMS, or MMS, etc.) | 1 year
Article 5 of Law 25/2007, of October 18, on the retention of data related to electronic communications and public communication networks. |
| Account auditing. | Account auditors and audit firms shall retain and safeguard for a period of five years, from the date of the audit report, the documentation related to each audit performed by them, including the auditor’s working papers constituting the evidence and basis for the conclusions stated in the report. | 5 years
Article 24 of RDLeg. 1/2011 of July 1, approving the consolidated text of the Account Auditing Law. |
| report. | ||
| Access control to
buildings. |
Data included in automated files created to control access to buildings must be deleted one month after being obtained. | 1 month
Rule five of Instruction 1/1996, of March 1, from the Data Protection Agency, on automated files established for the purpose of controlling access to buildings. |
| Documents in the
files of Lawyers. |
Since the actions that can be exercised to hold lawyers professionally liable are of a personal nature and no specific period is established, the statute of limitations for these is, as of October 7, 2015, five years, so during this period at least (unless its calculation is interrupted), completed files must be retained. | 5 years
Art. 1964.2 Civil Code, as amended by Law 42/2015, of October 5, reforming the LEC. |
| Guest Registers and entry forms in
hospitality establishments. |
Entry forms will be grouped into registers of a minimum of 100 sheets and a maximum of 500. These registers must be retained for three years, available to the Security Forces and Bodies, and then disposed of in a way that prevents access to the personal information contained therein.
The register includes data of minors under 14 years, the form is signed by the minor from 14 years old, if under 14, it is signed by the accompanying person. Data to be requested includes: landline phone, mobile phone, email, number of travelers, family relationship, whether the establishment has an internet connection. The data also includes payment details: type (cash, credit card, payment platform, bank transfer, etc.), payment method identification (card type and number, IBAN bank account, mobile payment solution, others), payment method holder, card expiration date, payment date. |
3 years
OM INT/1922/2003 of July 3, on registers and entry forms for travelers in hospitality establishments and similar. 3 years The computerized register data must be retained for a period of three years from the end of the contracted service or provision (non-professional lodging is exempt from registration but must report). Royal Decree 933/2021, “Obligations of documentary registration and information of natural or legal persons engaged in lodging and motor vehicle rental activities.” Updates Order INT/1922/2003, including new types of lodging activities: short-term tourist housing, internet portals.
|
| Driver recognition centers. | The center must retain for a period of ten years the content of the issued reports, including the opinions of the medical and psychological professionals involved in the recognition, complementary reports submitted, if any, and, in the case referred to in paragraph 2 of Article 3, also the documents provided by the data subject. | 10 years
Article 15.5 of Royal Decree 170/2010, of February 19, approving the Regulation of recognition centers intended to verify the psychophysical aptitudes of drivers. |