SCOPE OF APPLICATION
David Neto-Transports, S.A. (previously designated TDN) respects the legal rules regarding the protection of personal data of its employees, suppliers and customers. In particular, those arising from national and Community legal provisions and deliberations of the National Data Protection Commission, namely Regulation EU 2016/679.
WORKERS' PERSONAL DATA
The processing of the worker's personal data, in the context of the employment relationship, arises on the one hand from the contractual content and on the other from the fulfilment of legal obligations, namely the provisions laid down in labour, tax and community legislation and before official supervisory bodies such as AT, Social Security or ACT.
The processing of employees' personal data is reserved only to the data controller designated at any time, with limited access duly justified in accordance with the law, and in any case safeguarding confidentiality.
At any time, the employee may at his or her request access his or her protected data and request its modification or correction in case of error or incompleteness.
Workers enjoy, in accordance with the law on information rights, access and opposition to the processing of their personal data. In order to exercise these rights of access and opposition, they must submit a written request to the data controller via e-mail firstname.lastname@example.org.
Employees may, in legal terms, exercise the right to forget their personal data, except in the cases provided for the fulfilment of legal obligations.
The treatment of workers’ clinical data obeys the treatment regime of sensitive data and is therefore exclusively access to the certified medical team, with the worker having access to them as long as he requests them directly to the working doctor.
With the conclusion of the employment contract, and throughout its execution, the employee gives his or her consent for his or her personal data to be stored in a secure digital form, processed and accessed in accordance with previously specified or punctually specified terms, as well as to be used for operational purposes, arising from the obligations towards DNT's clients, in the scope of his or her work, being however safeguarded to those clients the requirement of strict and scrupulous compliance with the provisions set out in these data protection rules.
PURPOSE OF PROCESSING WORKERS' PERSONAL DATA
Personal data of employees may be collected and processed by the Company for the following purposes:
CATEGORIES OF PERSONAL DATA TO BE COLLECTED
For the above purposes, the entity may collect and process personal data as well as the original and copies of the respective documents falling into the following categories:
Identification Data: Name; ID; C.C; Passport; Residence Certificate; NIF; NISS; Date of Birth; Place of Birth. Identification Addresses: Address; email. Family situation: Marital status; No. of dependents. Data relating to professional activity: Qualifications. Retribution data: NIB; IBAN. Biometric data: Fingerprint. Health Data: Aptitude Diagnosis Data. Other information needed to carry out the job: Driving licence; Tachograph card; ADR certificate; CAM certificate; European Health Card; Criminal Record.
RIGHTS OF THE DATA SUBJECT
The data subject acquires the following rights:
DATA RETENTION PERIOD
For the purpose of administrative management of workers, the data may be kept for one year after the termination of the employment relationship;
For the purposes of workers' wages and benefits, under tax law data may be kept for a maximum period of ten years after termination of employment;
The time limit for the respective data may be extended, for reasons of legal action, after the transfer of the data to the judicial institutions or after the final judgment has been passed;
For the purposes of pensions, welfare or the payment of subsequent supplementary benefits due at the time of termination of the employment relationship, the data strictly necessary to prove the quality of work, length of service and changes in remuneration may be kept for up to ten years after the corresponding purposes have not been achieved.
They are the recipients of the data:
Our records include data that were obtained in the contractual relationship with TDN and in the various interactions that took place following the contract.
Provision of services - where necessary, we process the data to comply with legal requirements in order to provide you with our services.
David Neto-Transports, S.A. will keep your personal data for the period strictly necessary to provide the Services, respective invoicing and fulfilment of legal obligations.
Your personal data may be communicated to TDN service providers for the purpose of providing services and to judicial, physical and regulatory authorities for the purpose of complying with legal requirements.
At any time, you have the right to access your personal data and, within the limits of the contract and the Regulations, to amend them, oppose their processing, withdraw consent and exercise the other rights provided for by law. If you withdraw your consent, this does not compromise the lawfulness of the processing carried out until that date.
You have the right to be notified, as provided for in the regulation, in the event of a violation of your personal data, and you can lodge a complaint with the authorities.
We ensure the protection and confidentiality of your personal data. We have taken the necessary technical and organisational measures to comply with the regulation, ensuring that the processing of your personal data is lawful, fair, transparent and limited to the authorised purposes. We take the measures we consider appropriate to ensure the accuracy, integrity and confidentiality of your personal data, as well as your other rights.
It is forbidden to photograph, film or make any kind of recording, or other process of copying and/or reproduction of personal documents, without the consent of the holder of the data, except in cases provided for by law or duly authorized by a competent authority for this purpose.
FINGERPRINT ATTENDANCE CONTROL EQUIPMENT
Purpose of using fingerprint attendance control equipment. The installation and use of fingerprint attendance control equipment is aimed at managing attendance within the entity. Registration and processing of personal data. For the use of fingerprint attendance control equipment, it is necessary for the system to collect employee's fingerprint data in advance, and record their name, employee number and category/section. When the employee uses the equipment, the system records the date and time of entry and exit of the period worked. Use of personal data Only the head of the entity and authorised officials, to the extent strictly necessary, may access and process the data. Attendance records will be handed over to administrative and financial processing staff for administrative, salary and benefit management. For the purpose of the disciplinary investigation, the respective data will possibly be transferred to the head of the disciplinary investigation. For the purpose of investigating crimes, and in cases where the provisions of the law must be complied with, the respective data will possibly be transferred to the judicial institution, criminal police bodies or other competent authorities.
PERSONAL DATA OF TRAINEES AND TRAINERS
The processing of the personal data of trainees and trainers occurs, on the one hand, from the contractual content and, on the other hand, from the fulfilment of legal obligations towards official bodies.
The processing of personal data of trainees and trainers is reserved only to the data controller designated at any time, with limited access duly justified under the terms of the law, and in any case safeguarding confidentiality.
At any time, the trainee/trainer may, at his request, access his protected data and request its modification or correction in case of error or incompleteness.
Trainees/trainers shall enjoy, in accordance with the law, the rights to information, access and opposition to the processing of their personal data. In order to exercise these rights of access and opposition, they have to submit a written request to the data controller via e-mail email@example.com.
The trainee/trainer may in legal terms exercise the right to forget his/her personal data, except in the cases foreseen for the fulfilment of legal obligations, with the conclusion of the training contract, and during all the execution, the trainee/trainer gives his/her consent that his/her personal data may be stored in a secure digital form, processed and accessed in the terms previously specified or punctually specified.
For trainees and trainers, the regime provided for in this regulation for workers, in terms of processing of collection, purpose of processing, category of data to be collected, storage periods, recipients of the data, that provided for workers' personal data, with the necessary adaptations and if applicable.
Workers enjoy, in accordance with the law, the rights to information, access and opposition. In order to exercise their right of access, they must submit a written request to the person responsible for processing the data by email firstname.lastname@example.org or request a separate form from the Human Resources department.
VIOLATION OF DATA PROTECTION RULES OF PROCEDURE
In the event of a leak of information, violation of the Internal Regulations of the Data Protection Policy, or any other form of illicit behaviour, this entity shall report the incident to the National Data Protection Commission (CNPD) within 72 hours.