From the different entities that make up Izen Group (hereinafter, "Data Controller"), we want to give you all the details about how we process the personal data you provide to us when interacting with us. Thus, this privacy policy applies to all personal data provided to us by any means, specifically in places where there is a reference to this policy, including the forms provided on this website. For us, privacy is an essential value, and following the provisions of both Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC ("GDPR") and Spanish Organic Law 3/2018, of 5 December, on the Protection of Personal Data and guarantee of digital rights ("LOPDGDD"), we provide you below with both basic and then, further information on the processing of your data.  

Basic information on how we process your data

Data Controller	In order to use the services offered by Izen Group through its web pages, it is necessary to collect certain personal data. The data controller will be the specific company the Izen Group that manages the service in which the data is communicated. You can consult the information of the companies that integrate the Izen Group in our Legal Notice. Due to business decisions, this information may be updated at any time, so we encourage you to check it periodically.
Purposes of processing	Through this website we carry out part of our business, and for this purpose we may use your data for one of the following purposes: To manage, administer and improve the service provided through the website. To respond to any queries we receive through our website, the email address or telephone number provided, including the reception of your CV if you have sent it to us. To send information about our activities, and/or to send invitations about events organized by Izen Group. Manage the communications received through our Whistleblowing channel.
Lawfulness of the processing	Your consent, validly given by accepting the box indicated in the different contact forms with us, or by contacting us directly through the means indicated, or by accepting the installation of cookies on your device.
Data recipients - international transfers	Your data may be communicated between the different entities of Izen Group in order to fulfil the purpose for which they were collected. Your personal data may also be disclosed to public authorities in the event of a legal obligation on the part of the data controller or a request from such authorities. On the other hand, data communicated through the Whistleblowing channel will be communicated to the team carrying out the investigation of the reported action, and will be carried out through the Lefebvre tool. No international transfers of personal data are foreseen.
Data retention period	Personal data may be kept for as long as they are necessary to fulfil the purpose for which they are associated. Specifically: For enquiries or communications sent through the indicated means of contact, we will process the information for as long as these are active. In the case of CVs received, which we may receive through the means of contact indicated, we will keep them for a period of 2 years provided that you authorize us to do so. In the case of sending communication about our events or our activity, as long as you do not withdraw your consent. As for the information collected from your browsing through the website, you have all the information in our Cookies Policy. In relation to the communications received through our Whistleblowing channel, the personal data communicated will be processed for the time necessary to carry out the investigation and comply with legal obligations, and in no case will it be kept for a period of more than ten (10) years. Subsequently, we may keep them duly blocked for the legally established period of time in order to defend the interests of Izen Group against claims or legal obligations.
Rights of data subjects	You may exercise your rights of access, rectification, erasure and portability of your data, of restriction and objection to their processing, as well as the right not to be subject to automated individual decision-making, where appropriate and before Izen Group by contacting its Data Protection Officer via the e-mail address dpd@izen.es or via the postal address indicated in our Legal Notice.
Supervisory authority	In the event that you do not agree with the way in which Izen Group has handled your data or its actions in response to requests for access to your data, you can lodge a complaint with the Spanish Data Protection Agency (www.aepd.es).

  The data that you decide to provide us with (in the past or in the future) through any of the means provided, you provide freely and you accept that this personal data will be subject to the corresponding processing in each case depending on the basis for its lawfulness and the purpose for which you have provided it to us. In accordance with the provisions of the GDPR, below we provide you with more extensive information on the processing of your data that we will carry out, so that you have all the information you need to give us your valid consent. It is therefore essential that you read the following information carefully.

2. For what purpose will we process your data?

We use the personal data that you provide us with in the different means of contact that we offer on our website to manage the services we offer and to be able to respond to the queries that you submit to us, including receiving CVs, as well as sending information about our activity. These data allow us to maintain the relationship with users and respond to their requests, as well as the management, administration, provision and improvement of our services, and without them, we would not be able to provide services to you. Therefore, if you do not want us to process your data, you will not be able to use our services. They will also be used to manage, investigate and, if necessary, take the appropriate measures derived from those communications received through the Whistleblowing channel. The data you provide us with when you accept the installation of cookies are processed solely to enable your browsing through the website, as well as for the improvement, management and optimization of our website and our activity.

3. What personal data do we process?

In order to achieve the aforementioned purposes, we process the following categories of data:

• Identifying and contact data of the user: name and surname, email, as well as other data such as the area of activity and professional data in the event that you provide it voluntarily.
• Data included in your Curriculum Vitae; in case you contact us through our means of contact to take you into account in our selection processes.
• Personal data that you may include in your queries or in the communications you make to the Whistleblowing channel.
• Data derived from your browsing through the website.

4. Which lawful basis applies to the processing of your personal data?

The processing your data is based on your consent. We need to process your personal information in order to be able to respond to your application or to manage the CV you have sent us, through the means of contact provided (email and telephone number) and the forms provided for this purpose, as well as to send you information about our activities. Thus, by accepting the processing of data in the box indicated on the form used in each case, you give us your free, specific, informed and unambiguous consent to process the data to contact us in accordance with the provisions of article 6.1.a) GDPR. In the same way, and where appropriate, you consent to the use of the installation of cookies on your device. The processing carried out through the Whistleblowing channel will be carried out due to the application of legal obligations of the company or, where appropriate, the public interest in accordance with the Spanish Law 2/2023, of February 20, regulating the protection of persons who report regulatory and antibribery violations.

5. To whom do we disclose your data?

Your personal data may be disclosed to public authorities in the event that we have to comply with a legal obligation or receive a request from such authorities. On the other hand, and depending on the purpose for which they are being processed, it is likely that the personal data that you voluntarily submit to us will be communicated between the different entities that make up Izen Group in order to comply with each of them. No international data transfers are foreseen. The data communicated through the Internal Reporting Channel will be communicated to the team of the entity Labormatters Abogados in charge of carrying out the investigation of the reported action and will be managed through the Lefebvre Centinela tool. In all these cases, we will ensure that the processing of data is in full compliance with the law, and we will enter into all necessary agreements to ensure that the flow of personal data guarantees the confidentiality, integrity and availability of our users, clients and partners.

6. How long will we keep your data for?

We will keep the data for as long as is necessary to fulfil the purpose for which they were collected, to guarantee the provision of the service and to comply with our legal obligations, or until you withdraw your consent. For enquiries or communications sent through the means of contact established for this purpose, we will process the information for as long as these are active. We will keep your CV if you consider it appropriate and authorize us to do so by the means by which Izen Group contacts you, for a period of 2 years. In the case of sending communication about our activity, as long as you do not withdraw your consent. As for the duration of the installation of cookies, you can find all the information relating to this in our Cookies Policy. In relation to communications received through our internal information channel, the personal data communicated will be processed for the time necessary to carry out the investigation and comply with legal obligations, and in no case will they be kept for a period of more than ten (10) years. Once deleted by means of appropriate security measures, we will keep them duly blocked for the time necessary to respond to future claims and defend our interests.

7. How do we keep your data?

In compliance with our obligation of secrecy regarding the personal data collected, as well as our duty to safeguard them, we undertake to adopt the necessary security measures to prevent their modification, alteration, loss, processing or unauthorized access, in accordance with the provisions of the GDPR. At Izen Group we recognize and take very seriously our responsibility to protect your personal data. That is why we maintain security levels of personal data protection in accordance with the GDPR and we have established all the technical means at our disposal to prevent the loss, misuse, alteration, unauthorized access and theft of the data you have provided, without prejudice to inform you that Internet security measures are not 100% impregnable.

8. How can you manage the processing of your data?

Again, we remind you that you may exercise your rights of access, rectification, erasure and objection, as well as those of restriction and portability, at any of the addresses indicated in our Legal Notice, or by contacting the Data Protection Officer of the Izen Group by e-mail at dpd@izen.es, indicating what action on our part you are requesting. The exercise of all these rights is free of charge and, for the sake of transparency, we provide you with more information about these rights:

Rights	Content
Access	You can request information about what data we process about you, referring to the totality of the information or to specific data.
Rectification	One of the principles of the applicable regulations is the accuracy of the data, so you can request its rectification at any time, in order to keep them properly updated.
Erasure	You can request the erasure of your personal data, which will also be deleted if they are no longer necessary for the purpose for which they were collected or when you exercise your right to object to them. Except if they are necessary for compliance with a legal obligation, public interest, or for the exercise or defense of possible claims. The consequence of the deletion of the data will be the impossibility of the correct provision of services by Izen Group. In the case of sending CV, the deletion of data will mean that you can not be taken into account for selection processes.
Objection	In certain circumstances and for reasons related to your particular situation, you may object to the processing of your data. Izen Group will stop processing the data, except for compelling legitimate reasons, for the exercise or defense of possible claims, or to comply with our legal obligations.
Restriction of processing	In certain circumstances you may request to limit the processing of your data, in which case we will only retain them in order to comply with our legal obligations.
Portability	You can receive, in the most appropriate format in each case, the personal data you have provided to us.
Withdrawal of consent	You may withdraw your consent at any time without affecting the lawfulness of the processing. If you request deletion of your data, we will stop processing your data, but please note that we will no longer be able to provide you with services and that, in certain cases where we have the relevant lawful basis, we will continue to process your information after you have withdrawn your consent and requested deletion of your information.

  We also inform you that you have the right to file a complaint with the Spanish Data Protection Agency www.aepd.es. In any case, because of our strong commitment to privacy, we invite you to contact us directly to solve any question related to your personal data; we will be happy to be of service to you.

9. Modification of this personal data policy

Izen Group reserves the right to modify this policy to adapt it to future legislative or jurisprudential developments, as well as industry practices, previously informing users through our website. We recommend that you consult this page from time to time to review the most recent version. At the bottom of this document we indicate the date of the last update. The new privacy notice will be effective from the time of its publication. In no event will such changes affect any choices you have made about how the Izen Group may process your personal information. If at any time we wish to use your data in a manner different from that stated at the time of collection, we will notify you by e-mail, requesting your consent. Furthermore, Izen Group reserves the right to terminate the services it provides to those users who do not comply with the legal terms and conditions of use, as well as with the legislation in force.   Date of last update: February 2024.