Privacy Policy

The General Data Protection Regulation (EU) 2016/679 lay down Data Protection legislation throughout the European Union, increasing the protection of individuals who hold personal data.

 

CONSTRUCCIONES FERROVIARIAS DE MADRID S.L. (COFEMA) has always been concerned about the protection of personal data. For this reason, we have updated our Privacy Policy in order to comply with the new regulations and to inform you about the changes that affect your rights:

 

Who is responsible for the processing of your personal data?

 

CONSTRUCCIONES FERROVIARIAS DE MADRID. S.L. (COFEMA), con domicilio en C/ Saturno, 2, 28936 Móstoles (MADRID) y CIF B84509223.

Email address, cfm@cofema.net.

Purpose of processing your personal data?

COFEMA collects data by different means (website, e-mail, electronic forms or forms and paper documents) within its activity, are processed for the following purposes:

  • Maintenance of the commercial and contractual relationship with its customers/suppliers.
  • Sending information about new products and/or services.
  • Sending newsletters.
  • Conducting customer satisfaction surveys.
  • To fulfil your order
  • Approval of suppliers.
  • Selection and recruitment of personnel.
  • Access control to the facilities.

 

How long do we retain your data?

In the case of suppliers, customers, collaborators and staff, we keep their data for the duration of the contractual relationship with us and, subsequently, for the period established in the applicable legislation in force.

In relation to personnel recruitment for roles or positions in which the candidate’s profile may fit, the data will be kept for the duration of the process and, in the event that the profile is of interest, it will be kept for a period of no more than one year, after which time it will be deleted or destroyed.

Regards to actions aimed at commercial prospecting, the data will be retained until the data subject shows his/her opposition to the processing or withdraws his/her consent.

 

In respect of access control and video surveillance via security cameras, the data will be retained for a maximum of 30 days.

 

Why do we process your personal data?

 

Your personal data are processed by COFEMA according to the following legal grounds:

  • Your consent or provided voluntarily by you by any means. In this respect, the personal data are voluntarily and lawfully collected and included in files. The collection of personal data is previously and duly informed.
  • Contractual relationship to maintain, develop and execute it, in the case of: (i) provision of services; (ii) employment, commercial, administrative relationship, among others.
  • For legitimate interest, always respecting your right to the protection of personal data, honour and privacy, for the development and dissemination of our products and services, to analyse the quality of the service offered and the degree of user satisfaction, as well as to carry out studies and statistical analyses.

 

How we might share your personal data?

 

Your personal data will be retained under strict security measures that guarantee their confidentiality and security. Additionally, personal data will only be transferred to the following entities and in accordance to the following purposes:

  • Entities and suppliers that provide services to the company, for the correct development and execution of its activities. These entities and suppliers are duly approved and agreed order processing agreement with us, in compliance with the data protection law.

For instance, services provided by suppliers which may involve the processing activities on behalf of COFEMA. For example, multidisciplinary professional services, logistics, legal advice, technological services, IT services, courier and delivery services, maintenance, security and surveillance, advertising and marketing, call centre, etc.

  • Public Administration, authorities and Courts in case of legal obligation to provide the data.

 

  • Companies belonging to the CAF Group: https://www.caf.net/es/compania/instalaciones.php, when necessary for the provision of services or the development of projects, within the framework of their activity.

 

What channels do we use to obtain your data?

 

COFEMA collects personal data by using the following ways.

 

  • E-mail.
  • Forms/questionnaires (web, electronic or paper format).
  • Exchange of business cards.
  • Railway sector events.

 

What categories of data do we process?

Depending on our relationship with you, we may process the following data:

  • Identification data.
  • E-mail addresses.
  • Business information.
  • Financial data.
  • Professional data, including academic data.
  • Special categories of personal data are not processed.

 

What type of security measures do we apply to process your personal data?

We apply proper security measures necessary to prevent theft, alteration or undue access to data, taking into account the state of the art, the costs of implementation, and the nature, scope, context and purposes of the processing, as well as risks of varying likelihood and severity for the rights and freedoms of natural persons.

In the case of outsourced services, we require to processor in order to adopt the appropriate technical and organisational measures to ensure a level of security in relation to the risks involved, as set out in art. 32 of the General Data Protection Regulation.

We also carry out Impact Assessments for those processing operations that may implies a risk to the rights and freedoms of individuals, in order to implement the necessary and appropriate measures to prevent a breach of confidentiality.

What are your rights?

 

Everyone has the right to know whether COFEMA processes their personal data. You also have the right to:

  • Access your personal data.
  • Request the rectification of inaccurate data.
  • Request erasure your personal data when, among other reasons, they are no longer necessary for the purposes for which they were collected.
  • Restrict the processing of your data, for reasons related to your particular situation, requesting that they not be processed by COFEMA.
  • In certain circumstances, you may request the limitation of the processing of your data, in which case they will only be retained for the exercise and claims.
  • Withdraw, the consent given, without affecting the lawfulness of the processing that has been carried out prior to such withdrawal.

When you exercise your rights of deletion, restriction, limitation or withdrawal of consent, COFEMA will stop processing the data, except for compelling legitimate reasons or the exercise or possible claims.

You may exercise all these rights by contacting us at the following addresses: CONSTRUCCIONES FERROVIARIAS DE MADRID, S.L, Calle Saturno 2, 28936 Móstoles Madrid or, if you prefer, via email to the following address: cfm@cofema.net

Remember that, whenever you exercise any of the rights we have described above, you must enclose with your request a copy of your ID card or equivalent document that allows us to verify your identity.

Finally, if you are disappointed with our respond, you may submit a complaint to the Spanish Data Protection Supervisory Authority (Agencia Española de Protección de Datos/AEPD), through the website www.aepd.es.