Ready to get started?
We’re going to assess your current challenges and show you how Infraspeak can make your operation truly intelligent, flexible and connected.Schedule a demo
INFRASPEAK is a company committed to the protection and confidentiality of the personal data of all its customers and suppliers.
This document describes how we collect and use personal data provided by customers and suppliers, in accordance with the General Data Protection Regulation.
THE INFRASPEAK acts as data controller (decides and uses personal data), co-responsible for data processing (decides jointly with other parties how it stores and uses personal data) or subcontractor (processes personal data on behalf of a responsible person).
However, in most cases, due to the nature of its activity, INFRASPEAK exclusively processes the data subject’s personal data in the name and on behalf of a responsible person, its Customer and/or Supplier, and in accordance with its instructions.
Thus, if the data subject is an employee who uses its platform, INFRASPEAK acts exclusively as a subcontractor with regard to the processing of your data. INFRASPEAK Customers, as responsible for the treatment, decide the purposes for which they use the Platform, as well as the means of collecting data on the magnitude of the platform’s functionalities.
All personal data that we store and process:
1. Are subject to a lawful, fair and transparent treatment;
2. They are collected for specific, explicit and legitimate purposes and cannot be further processed in a way that is incompatible with that purpose;
3. Are relevant for the purposes communicated to you and limited to that purpose;
4. They are accurate and up to date;
5. They are kept only for as long as is necessary for the purpose for which they were collected.
Personal data is defined as any information about a natural person that identifies him or her. Data where the identity has been anonymized is not considered personal data.
There are more sensitive “special categories” that require a higher level of protection.
INFRASPEAK personal collects, stores and processes, as responsible or subcontractor, the following categories of data:
– Personal information such as name, mobile phone number and, e-mail.
– Photograph (optional);
– Location Data (optional upon request by the Customer);
INFRASPEAK collects personal information from data subjects through the any of the following ways:
– Negotiation and signing of contracts with Customers and/or Suppliers;
– Filling in a form for that purpose, either on a digital platform or in paper;
– Track GPS location of the Customer’s Smartphones used by the data subjects;;
INFRASPEAK processes personal information when the treatment is permitted by law, either as a controller or as a processor. Normally, we use the data for the following purposes:
– Draft and signing of contracts;
– For creating access profiles in the INFRASPEAK app or any connected app;
– Assess the location of app users and equipment;
– Display the location of app users and equipments on a map;
INFRASPEAK processes your personal data based on the following legal grounds, depending on the case, and pursuant to art. 6 of the GDPR:
a) Consent provided by the data subject;
b) Necessity for the performance of a contract to which the data subject is a party, or for pre-contractual steps;
c) Necessity for the fulfillment of a legal obligation to which INFRASPEAK is subject;
d) Necessity for the purposes of the legitimate interests pursued by INFRASPEAK or by third parties, in this case it’s Customers and(or Suppliers;
We keep personal data for different periods, depending on the type of information, the period of the contract with our Customers, legal requirements regarding certain types of data, and other factors.
In general, we will stop processing the data of the data subjects when:
a) your employer is no longer an INFRASPEAK Customer; or
b) the data subject ceases to provide services, in whatever form, to the INFRASPEAK Customer.
If circumstances a) or b) occur and INFRASPEAK does not have a legal or contractual duty to preserve your information for a longer period, the holder’s data will be deleted.
If INFRASPEAK has to retain the information of the holder for the purpose of fulfilling a contractual or legal retention obligation, or to resolve disputes or enforce its rights, it undertakes to restrict access by specific persons or functions.
The data will only be used for the purposes for which they were collected. However, in specific cases, they may be used for other purposes, provided that this purpose still falls within the limits of the initial processing and the necessary safety conditions are guaranteed. Whenever such a circumstance occurs, INFRASPEAK will notify the data subject explaining all the reasons and legal basis for the new processing.
The data processed by INFRASPEAK is hosted in the EU and processed in the EU or in third countries that are considered to offer an adequate level of security by the European Commission, or by service providers that have concluded binding agreements that fully respect legality of transfers from third countries.
The data that INFRASPEAK collects can be processed in third countries, as understood in article 44 of the GDPR.
Right to Information
You have the right to be informed about how your data will be processed by INFRASPEAK in accordance with articles 13 and 14 of the GDPR.
Right of Access
You have the right to access your personal data and all information regarding the processing in question.
Right of Rectification
You have the right to request rectification of personal information that we hold about you that is out of date, incorrect or incomplete.
Right to Erasure (right to be forgotten)
You have the right to request the erasure of your personal data in certain situations. This allows you to ask INFRASPEAK to erase your personal information if there is no reasonable reason for us to continue to process it.
Right to Opposition to Processing
You have the right to object to the processing of your personal data when we are processing them based on legitimate interest.
Right to Restriction of Processing
You have the right to request restriction of processing of your personal data, for example, if you want us to verify its accuracy or grounds for processing.
INFRASPEAK ensures that the personnel authorized to process personal data have assumed a commitment to confidentiality or that they are subject to the appropriate legal obligations of confidentiality.
Recipients and Senders
If there is a need to contract external services, only subcontractors that present sufficient guarantees of execution of adequate measures to comply with the requirements imposed by the GDPR will be selected. These service providers are not authorized to use the data shared by INFRASPEAK for their own purposes, they only carry out the processing activities expressly identified by the INFRASPEAK terms established herein.
All service provider employees are bound by a duty of confidentiality.
If INFRASPEAK is subcontracted by another entity responsible for data processing, it expressly declares that it has adequate measures to comply with the requirements imposed by the GDPR. INFRASPEAK is not authorized to use the data shared by the controller for its own purposes, it only carries out the processing activities explicitly identified by the controller and under the terms established by it.
Personal data security measures
INFRASPEAK possess sufficient organizational and technical measures to comply with the requirements of the General Data Protection Regulation;
These include measures to prevent accidental data loss, prevent data access by unauthorized personnel, data alteration and disclosure.
To this end, access to data is limited to employees and service providers whose functions necessarily imply access to data. The processing activities carried out by them will be done under the terms stipulated by INFRASPEAK, being subject to confidentiality duties.
INFRASPEAK develops procedures to resolve any suspected breach of security and will notify its Customers and Suppliers in the event of any data breach, under the terms imposed by the GDPR.
Fees for Exercising Your Right
You will not have to pay any fee to access your personal information (or to exercise any other right), however, we may charge a minimal fee if your requests are clearly unfounded or excessive.
Alternatively, INFRASPEAK may, in these circumstances, refuse to comply with the request.
What we may need from you
INFRASPEAK may require specific information about you, in order to confirm your identity and guarantee your right of access to personal data. This is a security measure to ensure that your personal information is not disclosed to anyone who is not authorized to access it.
Right to withdraw consent
In situations where you have given your consent to the collection, processing and transfer of your personal data for a specific purpose, you have the right to withdraw your consent at any time. To withdraw your consent, please contact our Data Protection Responsible Person, whose details are below. After we receive notice, we will stop processing your personal information for the purposes originally agreed upon, unless we have another lawful basis for doing so.
A full copy of this Privacy Notice can be obtained digitally and a physical copy will be available at all times with the Legal Department