Select Page

PRIVACY POLICY

In accordance with current data protection legislation, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter, the “GDPR”), as well as Organic Law 3/2018 of 5 December on the Protection of Personal Data and the Guarantee of Digital Rights (hereinafter, the “LOPDGDD”), users are hereby informed, in accordance with Articles 13 of the GDPR and 11 of the LOPDGDD, as follows:

I. DATA CONTROLLER

Who is responsible for processing your data?

Company name: CARBONES Y SEPIOLITAS S.L.
Tax ID (CIF): B80908460
Registered address: C/MIRASIERRA Nº5, 28220 – MAJADAHONDA (MADRID), Spain
Email: caryse@caryse.com
Website: www.caryse.com

II. PURPOSE

Why do we process your personal data?

At CARBONES Y SEPIOLITAS S.L., we process your information for the following purposes:

  • To ensure users can access and use the various contents available on the website.
  • To register users and provide access to the services available, including viewing our current job openings, submitting a CV for future vacancies, commercial support, and customer service.
  • To inform users, by any means, including by email, about Caryse products and services.
  • To carry out promotional activities relating to Caryse products, including sending commercial communications to the email address provided by the user.
  • Browsing data and cookies may also be processed in order to improve accessibility, personalise and analyse your browsing experience, and display advertising and content tailored to your interests, in line with our Cookie Policy, which must be accepted before browsing our website.
  • In addition, Caryse may use dissociated data in an anonymised form, preserving the user’s anonymity at all times, even after the business relationship has ended, for use in decision-making support systems and internal business management.

The personal data you provide will be kept for as long as the business relationship remains in force. However, for the sake of maximum transparency, please note that the general retention periods we apply are as follows:

  • Basic identification data (email address, first name, surname, telephone number, etc.): for the duration of the business relationship or until consent is withdrawn. In any event, such data will be deleted when it is no longer needed for the purpose for which it was collected.
  • Law on Social Order Infringements and Penalties (obligations relating to registration, deregistration, contributions, salary payments, etc.); Articles 66 et seq. of the General Tax Law (accounting books, etc.): four (4) years.
  • Personal actions without a specific limitation period (Article 1964 of the Spanish Civil Code): five (5) years.
  • Accounting, tax and employment records (Article 30 of the Spanish Commercial Code — accounting books, invoices, etc.): six (6) years.
  • Employment records: contracts, working time records, payroll receipts and contributions, identification documents: four (4) years. In the case of occupational risk prevention reports, records of illnesses or accidents, and contracts with prevention services: five (5) years.
  • Data subject to anti-money laundering and counter-terrorist financing legislation (Article 25): ten (10) years.
  • Recruitment processes: two (2) years from the date the CV is submitted.
  • Likewise, due to the sending of commercial information, even if the relationship between the parties ends, the Data Controller may continue to keep your information in order to send newsletters related to our products and services. You may exercise your rights at any time through whichever contact method is most convenient for you.
  • Aggregated and anonymised data: no retention period.
  • Despite these general retention periods, we regularly review our systems and delete any data that is no longer legally required.

III. LEGAL BASIS

What is the legal basis for processing your data?

Depending on the purpose for which your data is collected, processing is necessary for the following:

Managing the business relationship you have entered into with us

  • Performance of a contract (Article 6(1)(b) GDPR)
  • Consent of the data subject (Article 6(1)(a) GDPR)

Preparing a quotation tailored to your needs

  • Performance of a contract and/or pre-contractual relationship (Article 6(1)(b) GDPR)

Managing email communications with interested parties

  • Consent of the data subject (Article 6(1)(a) GDPR)
  • Legitimate interest (Article 6(1)(f) GDPR)

Carrying out recruitment processes

  • Consent of the data subject (Article 6(1)(a) GDPR)

Managing employees and the company’s internal human resources

  • Performance of a contract (Article 6(1)(b) GDPR)

Sending commercial communications

  • Consent of the data subject (Article 6(1)(a) GDPR)
  • Consent of the data subject (Article 20 of the Spanish Information Society Services and Electronic Commerce Act – LSSICE)
  • Legitimate interest (Article 6(1)(f) GDPR and Article 21.2 LSSICE)

Managing training activities

  • Performance of a contract (Article 6(1)(b) GDPR)
  • Consent of the data subject (Article 6(1)(a) GDPR)

All data collected is necessary for the provision of the service. However, any fields marked with an asterisk (*) are mandatory. If the required data is not provided, the Data Controller will not be able to provide the contracted service.

Finally, please note that only persons over the age of 14 may provide personal data on this website. In accordance with the LOPD and the LOPDGDD, if the data subject is under 14 years of age, the consent of a parent or legal guardian will be mandatory before we can process their personal data.

Likewise, only persons over the age of 18 may contract our services. If the person is under 18 years of age, the consent of a parent or legal guardian will be mandatory before we can provide the offered services, unless the minor is legally emancipated.

IV. RIGHTS OF DATA SUBJECTS

What data protection rights do I have?

In accordance with Articles 13 of the GDPR and 11.2.c) of the LOPDGDD, CARBONES Y SEPIOLITAS S.L. informs you that you may exercise any of the following rights by contacting us at caryse@caryse.com.

In any event, under current legislation you are entitled to the following rights in accordance with Articles 15 to 22 of the GDPR and Articles 12 to 18 of the LOPDGDD:

  • The right to request access to your personal data.
  • The right to request rectification or erasure.
  • The right to request restriction of processing.
  • The right to object to processing.
  • The right to data portability.

You may request the relevant forms to exercise your rights by emailing the address indicated in the Data Controller’s details above. In addition, you may lodge a complaint with the Spanish Data Protection Agency (AEPD). More information can be found in Section VIII of this document.

V. RECIPIENTS

Who will your data be shared with?

You will always be informed and, where required, your express consent will be requested before your personal data is disclosed or transferred internationally in accordance with current legislation (Articles 13.1.e) and 44 GDPR, as well as Articles 11.1 and 40 of Organic Law 3/2018, LOPDGDD). In this regard, please note that the third parties with whom the Data Controller works have their servers located within the EU, the EEA or Switzerland, and apply appropriate security measures to ensure proper and confidential processing of your data.

Outside the cases mentioned above, and unless legally required, your data will not be disclosed or communicated to any third party, except where legally предусмотрed or where strictly necessary for the provision of a service. In general terms, your data may be shared with:

  • Technology service providers.
  • Payment service providers.
  • Courier and parcel delivery companies.
  • Third parties or intermediaries acting as service providers on our behalf (accountants, advisers, freelance collaborators, etc.).
  • Data Processors, collaborators, or parties with a close business relationship with the Data Controller, solely for the purpose of providing our services.

CARBONES Y SEPIOLITAS S.L. may process your data jointly in order to offer a service tailored to your needs. Your data will not be transferred to third parties or used for any other purpose unless you have given your consent. You may contact the DPO at caryse@caryse.com.

Any data disclosure will be carried out under the strictest confidentiality and by applying the necessary safeguards, such as confidentiality agreements or adherence to the privacy policies published on the relevant third-party websites. Users may object to their data being disclosed to Data Processors by submitting a written request through any of the contact methods referred to above.

The Data Controller will not transfer or disclose your data to any third party, except where legally required or where the provision of a service involves the need for a contractual relationship with a Data Processor. In this regard, the User accepts that some of the personal data collected may be provided to such Data Processors (payment platforms, accountants, intermediaries, etc.) where necessary for the effective delivery of a contracted service or purchased product.

The User also accepts that, where services are provided, they may be wholly or partially subcontracted to other individuals or companies, which will be considered Data Processors and with whom the relevant confidentiality agreement has been signed, or which have adhered to their own privacy policies published on their respective websites. The User may object to the disclosure of their data to Data Processors by submitting a written request through any of the contact methods referred to above.

VI. SOURCE OF YOUR DATA

How did we obtain your data?

The personal data processed by CARBONES Y SEPIOLITAS S.L. comes from the data subject directly, in compliance with Articles 13 GDPR and 11 LOPDGDD referred to above, or from companies within the same group or partner companies. You may obtain further information by writing to caryse@caryse.com.

What categories of data do we process?

The categories of personal data processed include:

  • Identification data
  • First name
  • Surnames
  • DNI / NIE / Passport or equivalent identification document
  • Postal addresses
  • Email addresses
  • Contact telephone number (mobile / landline)
  • Commercial information: our own and third-party information

Sensitive data will be processed in accordance with Articles 9 GDPR and 9 LOPDGDD, and the data subject will in all cases be informed of which data will be used by the Data Controller.

VII. ADDITIONAL INFORMATION

Security measures: Users are informed that the Data Controller has adopted the technical and organisational security measures within its reach to prevent the loss, misuse, alteration, unauthorised access to, and theft of data, thereby ensuring the confidentiality, integrity and quality of the information, in accordance with current data protection legislation. Personal data collected through forms is processed only by the Data Controller’s staff or by designated Data Processors. The Website also uses SSL encryption, which allows users to securely send their personal data through the website’s contact or registration forms.

Confidentiality: Any information provided by the User will in all cases be treated as confidential and may not be used for purposes other than those described herein. The Data Controller undertakes not to disclose or reveal information regarding the User’s requests, the reasons for the advice sought, or the duration of the relationship with the User.

Accuracy of data: The User declares that all data provided is true and accurate and undertakes to keep it updated. The User shall be responsible for the accuracy of the data provided and will be solely liable for any conflicts or disputes arising from false or inaccurate data. In order for us to keep personal data up to date, it is important that the User informs the Data Controller of any changes.

Documentation prepared by LegalDPO (https://legaldpo.es/), based on the information provided by the Data Controller. The content reflects the legislation in force as of February 2023 and may vary in accordance with legislative changes or case law developments. It is the responsibility of the website owner to verify the legal validity of the content at all times.

VIII. SUPERVISORY AUTHORITY

At CARBONES Y SEPIOLITAS S.L., we make every effort to comply with data protection legislation, as personal data is one of our most valuable assets. However, please note that if you believe your rights have been infringed, you may lodge a complaint with the Spanish Data Protection Agency (AEPD), located at C/ Jorge Juan, 6, 28001 Madrid, Spain. More information about the AEPD is available at: http://www.agpd.es/