Privacy Policy

Who is the data controller?

Controller identity: Onestic Innovación y Desarrollo, S.L. (B-97954036)
Physical address: C/ Roger de Lauria, 19, 4º B1-B2. 46002, Valencia, Spain.
Email: legal@onestic.com
Phone: +34 961 139 893
Data Protection Officer contact: david.ruiz@onestic.com

What personal data do we process?

In the context of the various processing activities carried out within the organisation, the following types of data are collected:

  • Identification data.
  • Academic and professional data.
  • Commercial information.
  • Employment details.

For what purposes do we process personal data?

At www.onestic.com personal data are processed for the following purposes:

  • Newsletter: To send information through the provided channels about news, updates, products, and services related to us or our sector.
  • Contact form / Quote form: To respond to information requests received about the products and services offered, as well as to answer any other questions submitted by users.
  • Careers / Send us your CV: To carry out internal personnel selection processes, both current and future.
  • Secrets: To generate secret links or random passwords for the secure transmission of confidential information.
  • Internal information system: To process personal data for the purpose of managing the internal information system or ethics channel, investigating reported facts and proposing corrective measures, preventing regulatory non-compliance and correcting those already detected, as well as contributing to the effective operation of the Organisation through the continuous improvement of internal processes for managing and controlling illegal conduct or conduct contrary to the organisation's ethical culture.

No profiles will be created from the personal data collected, nor will automated decisions be made.

What is the legal basis for processing?

The organisation may process personal information on the following grounds:

  • Consent: By accessing our website and filling in forms or sending us data through the electronic contact channels indicated, you accept this Privacy Policy. We therefore rely on the user's consent for processing their data. Additionally, we inform you that we will only use personal information pursuant to this Privacy Policy and, as a general rule, we will request your consent for uses other than those for which you originally provided it. Finally, you may withdraw your consent at any time by contacting us through the means indicated in this privacy policy.
  • Internal information system: The processing purpose is legitimised by a legal obligation: Law 2/2023 of 20 February, regulating the protection of persons who report regulatory violations and the fight against corruption (Spanish whistleblowing law).

To respond to requests, the data subject must provide the minimum information requested. Otherwise, the request cannot be processed.

How long do we retain personal data?

At www.onestic.com personal data are retained for the following periods:

  • The period established by law.
  • The period necessary to fulfil operational obligations.

Data will be retained for as long as necessary to fulfil the purpose for which they were collected and to determine any liabilities that may arise from that purpose and from the processing of the data, in accordance with the regulations set out above, as well as the periods established in applicable archiving and documentation regulations.

In the case of the "secrets.onestic.com" website, any processing of data carried out through this medium will be retained for a maximum period of 14 days.

In the case of the Internal Information System, data will be retained for as long as necessary to fulfil the purpose for which they were collected. In any event, once three months have elapsed since the data were entered, they will be deleted from the reporting system, unless the purpose of retention is to provide evidence of the operation of the model for preventing the commission of offences by the legal entity. Once the aforementioned period has elapsed, the data may continue to be processed by the body responsible for investigating the reported facts, but will no longer be stored in the internal reporting information system.

Who do we share personal data with?

To fulfil the purposes described above, personal data may be shared with: service providers who provide services on our behalf.

We inform you that, as a general rule, no international transfers outside the European Economic Area (EEA) are made. In the event that a transfer of data outside the EEA takes place, the organisation will have adequate safeguards in place to carry out such transfer, pursuant to the requirements set out by the General Data Protection Regulation (GDPR).

In the case of the Internal Information System, personal data collected may be communicated to the competent public authority and to third parties where necessary for the adoption of disciplinary measures or for the handling of any applicable judicial proceedings.

What rights can you exercise?

Under European data protection law, you have the following rights:

  • Access: the right to request information from the controller about whether your personal data are being processed.
  • Rectification: the right to request the modification of data that are inaccurate or incomplete.
  • Objection: the right to object to the processing of your personal data or to request that it cease.
  • Automated individual decisions: the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you.
  • Restriction: the right to suspend the processing of your personal data in certain circumstances.
  • Erasure / Right to be forgotten: the right to erasure of the data subject's personal data.
  • Portability: the right to request that the controller provide your personal data in a structured, commonly used format to another controller.

The maximum period for resolving a request is 30 days from receipt; this may be extended by a maximum of 2 months where necessary.

You may exercise your rights through the following means:

  • By email to legal@onestic.com, providing documentation proving the applicant's identity (copy of the front of a national identity document or equivalent).
  • By postal mail to C/ Roger de Lauria, 19, 4º B1-B2. 46002, Valencia, Spain, providing documentation proving the applicant's identity (copy of the front of a national identity document or equivalent).

In any case, you may request the protection of the Spanish Data Protection Agency (Agencia Española de Protección de Datos — AEPD), the competent supervisory authority in Spain, through its website.

Changes to this Privacy Policy

This Privacy Policy may occasionally be revised in order to reflect changes in applicable legislation, update our personal data collection and use procedures, or to account for the introduction of new services or the removal of others. These changes will take effect from the date of their publication on the website, so it is important that you regularly review this Privacy Policy in order to stay informed of any changes that have been made.