free bootstrap templates

PRIVACY STATEMENT & COOKIES POLICY

TUNNELCONSULT is committed to protecting and respecting your privacy by ensuring the obligations under the General Data Protection (GDPR) are met. This privacy statement sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.  

By visiting www.tunnelconsult.com (our Site) you consent to our Privacy Statement and agree to the practices described in this statement. If you still have questions or concerns about your personal information and how it is used, please feel free to contact us (see contact details below).


I. NAME AND CONTACT DETAILS OF THE DATA CONTROLLER

Company: TUNNELCONSULT ENGINEERING SL 

Address: Camí de Can Calders, 10, 1st floor. 5th

ES 08173 Sant Cugat del Vallés

Barcelona (SPAIN)

Telephone: +34 935 907 120

Email: tunnelconsult@tunnelconsult.com

Website: www.tunnelconsult.com


II. GENERAL CONCEPTS OF DATA PROCESSING

II.1. Data we collect from you

We only process personal data, which is necessary for the functionality of our website including its content and performance. We process personal data with your consent. There is an exception in cases that make obtaining your consent impossible but the law allows us to use your personal data.

We treat your personal data with total confidentiality and comply with all relevant data protection laws. Your privacy is extremely important to us. We are committed to protecting any personal information you have given us against unauthorized or unlawful processing and by implying the latest safety standards.

As a privately owned and operated Spanish company we are fully committed to comply with the European General Data Protection Regulation (GDPR, Regulation EU 2016/679 of 27th April 2016) and the Spanish Data Protection Law (Ley Orgánica 3/2018, de 5 de diciembre, de Protección de Datos Personales y garantía de los derechos digitales).

We have implemented appropriate technical and organizational measures to ensure that we and our external service providers adhere to the principles of data protection as set out in the above regulations.

II.2. Definitions

The legislature demands that personal data is processed lawfully, fairly and in a transparent manner in relation to individuals (‘lawfulness, fairness and transparency’) as laid out in the GDPR Article (5)(1)(a). To ensure that you understand the legal definitions, we have listed the definitions that we use in our Privacy Statement here:

- Personal Data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. 

- Data Subject is any identified or identifiable natural person, whose personal data has been processed by the Data Controller responsible for this task.

- Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

- Restriction of Processing means the marking of stored personal data with the aim of limiting their processing in the future.

- Filling System means any structured set of personal data that is accessible according to specific criteria, whether centralized, de-centralized or dispersed on a functional or geographical basis.

- Data Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the Data Controller or the specific criteria for its nomination may be provided for by Union or Member State law.

- Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Data Controller;

- Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;

- Third Party means a natural or legal person, public authority, agency or body other than the data subject, Data Controller, processor and persons who, under the direct authority of the Data Controller or processor, are authorized to process personal data.

- Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

II.3. Legal basis for processing data

The processing of personal data is only permitted if a legal basis for processing the data exists. Processing shall be lawful only if and to the extent that at least one of the following applies: GDPR Article (6)(1)(a-f):

a. the data subject has given consent to the processing of his or her personal data for one or more specific purposes;

b. processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;

c. processing is necessary for compliance with a legal obligation to which the Data Controller is subject;

d. processing is necessary in order to protect the vital interests of the data subject or of another natural person;

e. processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller;

f. processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

II.4. Data storage, duration and deletion of personal data 

We retain Personal Data for the period needed to fulfill the purposes for which Personal Data was collected and as otherwise required or permitted by applicable law, such as in relation to our record retention obligations.

TUNNELCONSULT recognizes the right to erasure, also known as the right to be forgotten, laid down in the GDPR Article (17). Individuals should contact the Data Controller with requests for the deletion or removal of personal data.

These will be acted on provided there is no compelling reason for continued processing and that the exemptions set out in the GDPR do not apply.

These exemptions include where personal data is processed for the exercise or defense of legal claims and to comply with a legal obligation for the performance of a public interest task or exercise of official authority.


III. USE OF OUR WEBSITE

III.1. Collection of data

We hereby inform you about the personal data we collect when you visit our website. Personal data can be your name, address, email, user behaviour.

When you contact us by email, we collect your submitted personal data (possibly your company name, your name and email) to give you a reply. We do not keep personal data for longer than necessary or the processing of data is restricted, if there are legal data retention obligations.

III.2. Description of personal data collected from you

If you use our website just for informational use, that is, you have not provided us with personal data such as through contacting us directly by email or phone, we will only collect your personal data which the browser you are using transfers to us. In common with most websites, this site automatically logs certain information about every request made of it.

The use of your personal information (see below for more details) is necessary for TUNNELCONSULT to operate and improve its website, analyzing its use and ensuring its security. Our website collects very little personal information and we use it in ways that are compatible with your individual rights and freedoms.

In order to be able to view our website, we need to collect the following information that is technically required to display our website and to ensure the stability and security of our system.

– IP address

– Date and time stamp of the user attempt

– Time zone difference to Greenwich Mean Time (GMT)

– Content (the requested page)

– HTTP status code of the request

– The number of data bytes sent in response

– Referral source / Website the user comes from

– Browser type and language

– Operating system

– Internet Service Provider (ISP) of the user

The data is stored in the log files of our system. The data stored in the log files is used to produce usage statistics to improve system stability and functionality. We do not store these data together with other personal data of the user.

III.3. Lawful basis for processing collected data

We adhere to the principle as laid out in the GDPR Article (6)(1)(f).

III.4. Why we use data collected from you?

Your IP address is stored by our system to make the website available on your device therefore your IP address has to be stored for the duration of your session.

The data stored in log files is necessary for us to run our website and its essential functions. Furthermore, we use the data to optimize our website and to ensure the safety of our integrated information technology. We do not evaluate the data for marketing purposes.

We collect personal data to offer the services that you have requested. Because of that we have a legitimate interest in obtaining the data as laid out in GDPR Article (6)(1)(f).

III.5. For how long will we keep your personal data?

We keep personal data for the period needed to fulfil the purposes for which the personal data was collected and as otherwise required or permitted by applicable law. The personal data which was obtained while you visited our website is erased when your session ends.

III.6. Your rights to object and request erasure of your personal data

It is necessary to obtain data to access our website and store data into log files to run our website and ensure its security. Consequently, you do not have the option to object.


IV. USE OF COOKIES

IV.1. Description of personal data collected from you

In addition to the personal data mentioned above, we use cookies for our website. A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer's hard drive. Our cookies do not run programs or deliver viruses to your computer. One of the primary purposes of cookies is to provide a convenient feature to save you time. We use cookies to improve your online experience.

Cookies can be classified as either ‘session’(a) or ‘persistent’(b) cookies:

a. Session cookies are placed on your browser when you access a website and last for as long as you keep your browser open. They expire when you close your browser. These cookies allow website operators to link the actions of a user during a browser session. A browser session starts when a user opens the browser window and finishes when they close the browser window. Session cookies are created temporarily. Once you close the browser, all session cookies are deleted.

b. Persistent cookies remain on your device for the period of time specified in the cookie or until you manually delete them from your browser. You can delete a persistent cookie in the privacy and security settings of your browser.

IV.2. Lawful basis for processing the collected data

We use the strictly necessary cookies compliant to the data protection regulation as laid out in the GDPR Article (6)(1)(f).

If analytical cookies are used, they are placed with your consent as laid out in the data protection regulation GDPR Article (6)(1)(a).

IV.3. How we process data collected from you?

We only use third party cookies to provide a consistent and accurate service to the user. Some features may not function properly or be available to you without using these cookies. These cookies will not be used by Tunnelconsult to gather information for creating user profiles.

We use the following third party cookies for our website:

     Name: dlh_googlemaps

    Category: Necessary

    Type: Permanent

    Domain: www.tunnelconsult.com

    Purpose: After having given your consent to load Google Maps, this cookie is used to remember that Google Maps is shown without asking for consent every time you navigate to this page of the website.

    Expires: Expires after the period of time specified in the cookie or until you manually delete it from your browser.

IV.4. How to disable cookies in your web browser?

Cookies are stored on your computer. Therefore, you have complete control over the use of cookies. You may at any time restrict, disable or delete the cookies by adjusting your web browser settings. However, if you to this then, you may not be able to access some parts of the website, and some features may not function properly or be available to you.

If you are using Google Chrome: https://policies.google.com/technologies/managing?hl=en-US

If you are using Mozilla Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences

If you are using Microsoft Edge: https://support.microsoft.com/en-us/help/4468242/microsoft-edge-browsing-data-and-privacy-microsoft-privacy

If you are using Microsoft Internet Explorer: https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies

If you are using Safari: https://support.apple.com/en-gb/guide/safari/sfri11471/mac

If you are using Opera: https://help.opera.com/en/latest/web-preferences/#cookies


V. USING GOOGLE MAPS ON OUR WEBSITE

V.1. Description of the personal data we obtain from you 

We use Google Maps on our website so that you can comfortably use the services of the interactive map. When you activate the map on our website, Google will receive the information that you viewed the map on our website. In addition to this information, the data, which our website logs automatically when you visit our website, will also be transferred. 

The data will be obtained by Google irrespective of whether you have a Google account that you are logged into while visiting our website or not. If you are logged into your Google account the data will be linked to your account. 

If you do not want Google to create a link between your Google profile and your visited websites, log out before you activate the map on our website. Google stores the data for creating user profiles that are used for advertising, market research and to design their website to people’s needs. 

This kind of evaluation is used especially (even for users that are not logged in) for offering a better adjusted advertising to the user’s demand and to inform other users of the social networks about their activities on our website. 

You have the right to object to creating user profiles. If that is the case, please send your request to Google. 

VI.2. Lawful basis for processing Google Maps data 

We use Google Maps to show you the address of our offices. We base the use of Google Maps on: 

– GDPR Article (6)(1)(a): The data is obtained after the user gives us his consent. The user clicks on the map to activate it and is referred to this Privacy Statement and Google’s Privacy Policy as well as their Terms of Service. 

– GDPR Article (6)(1)(f): The processing of data through the use of Google Maps is based on our legitimate interest to improve the usability of our website. 

VI.3. How we process Google Maps data? For how long will we keep this data? Your rights to object and request erasure of your personal data 

Further information about the scope of data collection and the processing of data by the map provider is available in the privacy policy of Google. That is where you will also get additional information about your rights and the settings of your privacy protection: https://policies.google.com/?hl=en.


VI. CONTACT BY EMAIL

VI.1. Description of the personal data we obtain from you

When you contact us by email (see contact details above), we store the personal data that is transferred to us with your email for the purpose of solely communicate with you. 

In case you contact with us via email at careers@tunnelconsult.com and send us your CV, we collect the data contained in the attached document only for managing the recruitment process. We store your contact details (name, postal address, phone and/or mobile number, email), academic background, professional experience, and other necessary information included in the CV for the only purpose of assessing your skills and contact you if your profile matches with TUNNELCONSULT needs.

VI.2. Lawful basis for processing the collected data

When you contact us by email we process the data that you provide us with as laid out in the GDPR Article (6)(1)(f).

If the subject of your email communication is necessary for the performance of a contract with you or to take steps preparatory to such a contract, GDPR Article (6)(1)(b) sets out the legal basis for processing the data, in addition.

VI.3. How we process data collected from you?

The data provided within your email will only be used for the aforementioned purposes and will not be shared with any third party without your explicit consent.

The data gathered from the CV's 

VI.4. For how long will we keep your personal data?

The personal data that we collect when you communicate with us by e-mail, is stored in our mail server permanently unless you request for its erasure. 

VI.5. Your rights to object and request erasure of your personal data

If you contact us by email, you have the rights mentioned in the following chapter (VII. Rights of the Data Subject).

If you wish to exercise any of your rights in relation to your personal data, please send your request to tunnelconsult@tunnelconsult.com. We will consider and act upon any request in accordance with applicable data protection laws. If you wish to withdraw your consent to store your data, email us at tunnelconsult@tunnelconsult.com. All personal data that was collected from you will be deleted in accordance to the applicable law.


VII. RIGHTS OF THE DATA SUBJECT

If personal data is processed, you have the following rights as the data subject (as referred to in the GDPR) towards the Data Controller:

    1. the purposes of processing your personal data;

    2. the categories of personal data concerned;

    3. the recipients or categories of recipient to whom your personal data have been or will be disclosed;

    4. the envisaged period for which your personal data will be stored, or, if not possible, the criteria used to determine that period;

    5. the existence of the right to request from the Data Controller rectification or erasure of your personal data or restriction of processing your personal data or to object to such processing;

    6. the right to lodge a complaint with a supervisory authority;

    7. where the personal data are not collected from you, any available information as to their source;

    8. the existence of automated decision-making, including profiling, referred to in the GDPR Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.

Where personal data are transferred to a third country or to an international organization, you shall have the right to be informed of the appropriate safeguards pursuant to the GDPR Article 46 relating to the transfer.

VII.1. Right to rectification 

Pursuant to the GDPR Article 16, you have the right to obtain the rectification of inaccurate personal data without undue delay from the Data Controller. You have the right to have incomplete personal data completed.

VII.2. Right to restriction of processing

As mentioned in the GDPR Article 18, you have the right to obtain the restriction of processing your personal data from the Data Controller where one of the following applies:

    1. You have contested the accuracy of your personal data for a period, enabling the Data Controller to verify the accuracy of your personal data;

    2. The processing is unlawful and you oppose the erasure of your personal data and request the restriction of their use instead;

    3. The Data Controller no longer needs your personal data for the purpose of processing, but you require them for the establishment, exercise or defense of legal claims;

    4. You have objected to processing your personal data pursuant to Article 21(1) pending the verification whether the legitimate grounds of the Data Controller override yours.

If you have restricted the processing of your personal data, such personal data shall - with the exception of storage - only be processed by your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.

If you have obtained the restriction of processing your personal data according to the prerequisites mentioned above, you shall be informed by the Data Controller before the restriction of processing is lifted.

VII.3. Right to erasure

Pursuant to the GDPR Article 17, you have the following rights:

VII.3.1 Right to be forgotten

You have the right to obtain the erasure of personal data from the Data Controller, and the Data Controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

    1. for exercising the right of freedom of expression and information;

    2. for compliance with a legal obligation which requires processing by European Union or Member State law to which the Data Controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller;

    3. for reasons of public interest in the area of public health in accordance with points (h) and (i) of the GDPR Article 9(2) as well as Article 9(3);

    4. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with the GDPR Article 89(1) in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing;

    5. for the establishment, exercise or defense of legal claims.

VII.3.2 Personal Data disclosed to third party 

Where the Data Controller has made the personal data public and is obliged pursuant to paragraph 1 to erase the personal data, the Data Controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform that you have requested the erasure by Data Controller of any links to, or copy or replication of, those personal data.

VII.3.3 Exceptions

The Right to Erasure does not apply, if the processing is necessary:

    1. for exercising the right of freedom of expression and information;

    2. for compliance with a legal obligation which requires processing by European Union or Member State law to which the Data Controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller;

    3. for reasons of public interest in the area of public health in accordance with points (h) and (i) of the GDPR Article 9(2) as well as Article 9(3);

    4. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with the GDPR Article 89(1) in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing;

    5. for the establishment, exercise or defense of legal claims.

VII.3.4. Notification obligation

As per GDPR Article 19, if you have obtained the right to rectification or erasure of your personal data or restriction of processing, the Data Controller shall communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with the GDPR Article 16, Article 17(1) and Article 18 to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. You have the right to be informed about those recipients by the Data Controller if you request it.

VII.3.5. Right to data portability

As per GDPR Article 20, you have the right to receive your personal data, which you have provided to a Data Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another Data Controller without hindrance from the Data Controller to whom the personal data have been provided, where:

    1. The processing is based on consent pursuant to point (a) of the GDPR Article 6(1) or point (a) of the GDPR Article 9(2) or on a contract pursuant to point (b) of the GDPR Article 6(1); and

    2. The processing is carried out by automated means.

In exercising your right to data portability pursuant to paragraph 1, you have the right to have the personal data transmitted directly from one Data Controller to another, where technically feasible.

The right to data portability does not apply if the processing of personal data is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller.

VII.3.6. Right to object

As per GDPR Article 21, you have the right to object, on grounds relating to your particular situation, at any time to processing personal data concerning you which is based on point (e) or (f) of the GDPR Article 6(1), including profiling based on those provisions. The Data Controller shall no longer process the personal data unless the Data Controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.

Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.

If you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you have the right to object by automated means using technical specifications.

VII.3.7. Right to withdraw your consent

As per point (3) of the GDPR Article 7, you have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

VII.3.8. Automated individual decision-making, including profiling

As per GDPR Article 22, you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:

    1. is necessary for entering into, or performance of, a contract between you and a Data Controller;

    2. is authorised by European Union or Member State law to which the Data Controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests;

    3. is based on your explicit consent.

These decisions shall not be based on special categories of personal data referred to in the GDPR Article 9(1), unless point (a) or (g) of the GDPR Article 9(2) applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.

In the cases referred to in points (1) and (3), the data Data Controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the Data Controller, to express your point of view and to contest the decision.

VII.3.9. Right to lodge a complaint with a supervisory authority

As per GDPR Article 77 DSGVO, without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your personal data infringes this Regulation.

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78.

VIII. CHANGES TO THIS PRIVACY STATEMENT

We may update this Privacy Statement in accordance to the applicable law from time to time. We will always include the date of a new version so that you know when there has been a change. Last updated: June 2019


This Privacy Statement is effective as of June 14th, 2019

Last updated: 14th June 2019


© Copyright 2019 Tunnelconsult Engineering SL - All Rights Reserved
Terms of use   Privacy and Cookies policy