Through the web www.nextsecure.es (hereinafter, the Web), the entity Grupo S21sec Gestión, S.A. (hereinafter, S21sec) provides services and offers its catalog of services and products under the conditions included therein. The Web is accessible from different devices and there are forms that require the fields established for this purpose to be completed.

S21sec has updated its Privacy Policy, which affects individuals and business partners, and which replaces the one that previously regulated the treatment of your data.

For S21sec, the privacy of people is important, so personal data will be treated in accordance with the principles of transparency, limitation of purpose, minimization of data, accuracy, integrity and confidentiality.

S21sec will previously notify any changes made in this Privacy Policy and will not make retroactive changes in the same that reduce your rights unless legally required. However, you can request at any time your withdrawal from the services offered on the Web if you are not satisfied with the modifications made.

In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council, of April 27, 2016, regarding the protection of natural persons with regard to the processing of personal data and the free movement of these data ( RGPD) and in the Organic Law 3/2018, of December 5, on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD), we inform you that the personal data you provide to S21sec will be incorporated into treatment activities, on the that the appropriate security, technical and organizational measures are applied.

Below, we detail the information about the treatment that S21sec performs on your personal data. 

WHO IS RESPONSIBLE FOR THE PROCESSING OF YOUR DATA?
 Grupo S21sec Gestión, S.A.
A-20686150
Zuatzu Business Park,
Urgull Building, 2nd local floor 10,
20018 – San Sebastián (Guipúzcoa)
Telephone: +34 902 020 222
Email: soporte.administrativo@s21sec.com

WHO IS THE DATA PROTECTION DELEGATE?
 The Data Protection Officer (DPD) is in charge of protecting the fundamental right to data protection and compliance with current regulations applicable to this matter in S21sec. You can contact the DPD of S21sec at the email address: dpo@s21sec.com, to resolve the issues related to the treatment of your personal data and the exercise of the rights conferred by current regulations on data protection, which they are explained later.

FOR WHAT PURPOSE DO WE PROCESS YOUR DATA?
 – In case of being a client of S21sec, this company will process the data provided in order to manage and develop the provision of services or supply of cybersecurity products, including training, detailed in the Contract or Offer of Provision of Services or Supply of Products signed with S21sec (hereinafter, the Contract), that is, to carry out all the actions that are necessary to adequately provide you with the services and / or products detailed in the Contract in the terms and with the scope provided in it, including, as the case may be, the provision of services through S21sec’s own and third-party electronic tools or systems (hereinafter, S21sec electronic tools), including the S21sec e-learning tool. As part of cybersecurity services, S21sec may send you “Information Alerts” that S21sec considers of interest to you.

In addition to providing you with our services and / or supplying you with products, we will also process the data to evaluate the capital solvency and carry out the accounting, tax and administrative management with our clients.

Likewise, for legitimate interests of S21sec, it will treat your data to carry out informative actions of market analysis and promotional, including invitation to events and webinars, as well as news of products and services that S21sec provides or may provide similar to those you have contracted, by postal mail, electronic mail and even by mobile services. We also prepare statistics on the use of services in order to improve them, detect deficiencies and incidents, and develop new services and / or tools. For these purposes, we will be able to prepare a commercial profile of clients, and we will not be able to make automated decisions based on said profile.

– If you have not yet contracted our services and / or products, S21sec may process the personal data you provide us in forms for the purposes indicated below:

or Contact you to offer you commercial information.
o Send you the documentation you request to the indicated email.
o Manage and publish comments on our website.
o Manage your registration for events or webinars, as well as manage access to it.
o Process your participation in raffles and / or contests and, where appropriate, for the delivery of the corresponding prize.

In any case, the data will be processed to manage and develop a relationship aimed at the provision of services and supply of cybersecurity products offered by S21sec.

In the event that you consent to receive advertising from S21sec, it may process your data to carry out informative market analysis and promotional actions, including invitation to events and webinars, as well as news of products and services that S21sec provides or may provide (mainly information on services that S21sec considers may be of interest to you), by post, email and even mobile services. You can revoke your consent at any time by email to dpo@s21sec.com.

– In the event that you use the website www.s21sec.com to send us your CV, filling in the forms established for this purpose or sending it to us by any other means; S21sec processes the data you provide us in order to manage your application for the selection processes for the vacant positions offered by S21sec.

The treatment of your data for purposes other than those detailed above will require your prior and explicit consent where appropriate.

Finally, as described in our Cookies Policy, we remind you that on the website owned by us www.s21sec.com we use cookies to analyze uses and measure our website in order to improve our services.

WHAT IS THE LEGITIMATION FOR THE PROCESSING OF YOUR DATA?
 The legal basis for the treatment of your data if you have contracted with S21sec to provide services and / or supply products, is the execution of the Contract. In this case, the processing of data based on legitimate interests of S21sec will be carried out, in any case, with the utmost rigor and respect for your privacy, rights and freedoms; without in any case being used for purposes that impair your rights in this regard. In the event that the processing of your data is based on the consent requested, it may be withdrawn at any time without, in any case, the withdrawal of this consent conditioning the execution of the Contract.

The legal basis for the treatment of your data if you are not a S21sec customer or have sent your CV to this company, is based on your consent.

TO WHICH RECIPIENTS WILL YOUR DATA BE COMMUNICATED?
In the event that you are a customer of the products and / or services of S21sec, it will communicate your data to the companies of the Sonae Group, based on our legitimate interest, which aims to centrally manage the data of our customers.

In the event of sponsored events, if we have your consent, we will transfer your personal data to S21sec partners that belong to the field of information technology in order for them to send you commercial communications about the products and services they offer.

It is possible that, from time to time, we communicate the curricular data that you have sent us to third parties, based on the legitimate interest that they have to assess and / or confirm the suitability of your profile for the job.

In other cases, data communications to third parties are not foreseen, except for those that are required by legal obligation. Said communications will be made, in any case, complying with all the legally established guarantees. However, if the possibility of transfer of your data for other circumstances is considered, S21sec will request your explicit consent if required.

Notwithstanding the foregoing, S21sec informs you that the provision of some of its services and / or products require storage at the facilities of S21sec or third parties and access by this or third parties to your data, S21sec committing to comply with the provisions in the applicable current legislation. For these purposes, S21sec will carry out treatment orders to third parties such as storage services on physical servers or in the cloud, maintenance services for computer systems and, where appropriate, services with third-party companies that S21sec could entrust processes to. selection carried out, etc. Said treatment orders may require international data transfers outside the European Economic Area (EEA), always being carried out to countries that are declared of an adequate level of protection by the European Commission or to entities certified under the EU-EE Privacy Shield. .UU. (Privacy Shield).

WHAT ARE YOUR RIGHTS WHEN YOU PROVIDE US WITH YOUR DATA?
Anyone has the right to obtain confirmation on whether S21sec is processing personal data that concerns them or not.
You can also exercise the rights conferred by current regulations: right of access, rectification, deletion and opposition, limitation of treatment, data portability and not to be subject to automated individualized decisions.
– Access: allows the owner of the data to obtain information on whether S21sec processes personal data that concerns him or her and, in this case, the right to obtain information on his / her personal data subject to treatment.
– Rectification: allows you to correct errors and modify the data that turns out to be inaccurate or incomplete.
– Deletion: allows the data to be deleted and stop being processed by S21sec unless there is a legal obligation to keep it and / or other legitimate reasons for its treatment by S21sec do not prevail in accordance with current regulations.
– Limitation: under the legally established conditions, it allows the data processing to be paralyzed, in such a way that S21sec avoids its treatment in the future, which will only keep it for the exercise or defense of claims.
– Opposition: allows the owner that in certain circumstances and for reasons related to their particular situation, they can oppose the processing of their data. S21sec will stop processing the data, except for legal reasons, or the exercise or defense of possible claims.
– Portability: allows the holder to receive their personal data and be able to transmit it directly to another person in charge in a structured, commonly used and machine-readable format. To exercise this right, the owner will need to provide a valid email.
Likewise, you have the right to revoke consent at any time for those purposes and / or uses based on it, without such withdrawal of consent affecting the legality of the treatment prior to its withdrawal.
In the event that you express your wish that your data not be processed for the remission of commercial communications, S21sec informs you that you can enroll in the advertising exclusion systems. To this end, you can consult the information published on the website of the Spanish Data Protection Agency (AEPD) as the competent control authority at https://www.aepd.es
You can exercise your rights by any means that allows you to prove the sending and receiving of the request, guaranteeing S21sec the adoption of the necessary measures to ensure the exercise of these rights for free. The request must be addressed to S21sec through the data included in the “Data Controller” section, indicating the reference “Data Protection”. The request must include: Name, surname and photocopy of your ID, request in which the request is specified and address for notification purposes.
If you are not satisfied with S21sec’s response to the exercise of your rights, you have the right to claim guardianship of them on the website of the AEPD: https://www.aepd.es. Before submitting said claim, you can contact the DPD through the following email address: dpo@s21sec.com.

HOW HAVE WE OBTAINED YOUR DATA? 
The personal data object of treatment by S21sec you have provided us directly by signing the Contract. However, in the event that S21sec had access to and processed data from natural persons (employees, collaborators, etc.) that are necessary as a result of the execution of the Contract, S21sec will only process the minimum data for their professional location and only with the purpose of the need to execute what is established in said Contract. S21sec informs you of the treatment of the following categories of data:

Identifying Data
Postal and electronic addresses
User data and passwords in the event that you use the electronic tools of S21sec.
Economic and / or billing data
Specially protected data is not processed
However, if you hire the training services of S21sec, this company will process the necessary academic data for this purpose.

We also obtain personal data when you provide it to us directly through forms. In this case, the data category is as follows:

Identifying Data
Postal, electronic and telephone addresses
Job and company
Other data: those that may be included in the message
Specially protected data is not processed

Likewise, we obtain personal data when you provide it directly to us by sending your CV to this company. In this case, the data category that we treat are the following:

Identifying Data
Postal, electronic and telephone addresses
Academic training
Professional experience
Economic data on applicable salary bands
Specially protected data is not processed

Accuracy of the data: by providing us with personal data, you guarantee that you are of legal age or that you exceed the age of fourteen years in accordance with current applicable legislation, that the data provided is true, exact, complete and updated, being responsible for any damage or loss , direct or indirect, that could be caused as a consequence of the breach of such obligation.

HOW DO WE PROCESS YOUR DATA? 
Your data will be processed on paper or digital media.

In accordance with the Contract, S21sec may contact you and carry out transactions by: (i) Email, (ii) Telephone calls and (iii) Use of S21sec electronic tools, which include the S21sec e-learning tool. .

At S21sec we are concerned about security and guarantee and protect your privacy. For this reason, we guarantee that the processing of your data is carried out under high levels of security and in accordance with our Corporate Information Security Policy.

In accordance with industry standards, we maintain technical and organizational measures against accidental or illegal destruction, accidental loss or alteration, unauthorized disclosure or access, and other illegal forms or procedures.

For these purposes, the transactions you make through our electronic systems will be transmitted through a secure SSL (Secure Socket Layering) server. When the letters “http” change to “https”, the “s” means that it is, in an SSL area; Your browser can also inform you of the security of the site through a pop-up message. The SSL security protocol encrypts personal information during data transport.

Notwithstanding the foregoing, the security of the information transmitted over the internet cannot be guaranteed. Users of electronic tools are responsible for maintaining the security of any password, username or any other form of identification to gain access to password protected areas of any of our services. In order to protect you as your information, we may suspend the use of any of the S21sec services, without prior notice, pending investigation, if a security breach is suspected.

FOR HOW LONG WILL WE KEEP YOUR DATA?

We will process and keep your data as long as it is necessary for the provision of the service object of the Contract and it is in force. Once the processing of your data is not necessary or the Contract has ended, we will keep it during the statutory limitation periods in accordance with tax, accounting and Civil Code application regulations. After the statutory limitation periods, we will delete and / or block them in accordance with our data retention and deletion policy.

In the event that you have not contracted our products and / or services, S21sec will keep the data that you provide us in forms for a period of 24 months, unless you revoke your consent or oppose the treatment. After this period, and if we have not maintained a relevant contact with you, we will proceed to delete your data from our systems. By “relevant contact” we mean, for example, communications between both parties (whether verbal or written) or when you actively interact by communicating with us.
In the event that you provide us with your curricular data, we will keep them until you revoke your consent or until 24 months after receipt if you have not expressed your willingness to keep them.