Website Privacy Policy

1. Introduction

The aim of the Website Privacy Policy is to provide information regarding the specific rights and obligations of users (hereinafter, the “Users”) of the website, applications and any other digital platform or electronic media of COMSA CORPORACIÓN DE INFRAESTRUCTURAS, S.L. and the companies within the group whose parent company is the aforementioned company (hereinafter, COMSA CORPORACIÓN DE INFRAESTRUCTURAS, S.L. and/or the companies within its group will be referred to indistinctly as “COMSA CORPORACIÓN”), in virtue of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on  the protection of natural persons with regard to the processing of personal data and to the free movement of such data, and repealing Directive 95/46/CE (“GDPR”) and the Personal Data Protection and Guarantee of Digital Rights Organic Law 3/2018, of 5 December 2018 (“LOPDGDD in Spanish”).

In order to visit any of the COMSA CORPORACIÓN websites, applications and any other digital platforms or electronic media owned by COMSA CORPORACIÓN (hereinafter, to be referred to as a whole as the “Website”), the provision of your personal data is not required. However, it is possible that for certain interactions with COMSA CORPORACIÓN via the Website it will be required.

Entering data in any or some of the data collection sheets or forms implies acceptance of this Policy, understanding that you have been informed of the privacy policy and legal notice of the Website and that you agree to comply fully with it while browsing and participating in it.

COMSA CORPORACIÓN may send your information to 3rd parties who help to provide IT services, such as platform providers, hosting services, websites, etc. In relation to this, COMSA CORPORACIÓN require that said third parties comply with current legislation, of which they shall be liable. 

This Policy is not applicable to third-party websites, including those to which you may have access via a link on the COMSA CORPORACIÓN website.

Should you have any queries in relation to the processing of your personal data, you may contact COMSA CORPORACIÓN and/or its Data Protection Officer at the following email address: lopd@comsa.com.

2. Description of personal data processing

2.1. Via the Website, the data provided by Users will be processed during browsing and when using said Website, as well as the information provided on corresponding forms.

For this purpose, via the completion of these forms which may be included on the Website, the Users accept the inclusion and processing of personal data they provide, of which COMSA CORPORACIÓN is the controller, and may exercise their relevant rights in accordance with the provisions of this policy.

2.2. For improved ease of use and transparency with the User, we have separated the data processing purposes and legal bases in three main sections, in function of the specific requirement of the User (see the following section: «Where we are», section: «Work with us», and section: «Ethics Channel»):

• Where We Are Form:

The data provided by the User will be processed by COMSA CORPORACIÓN for the purpose of answering information requests, queries, consultations and/or other questions. When we need to contact you, we shall do so by email.

The processing of this data is based on the User consent (GDPR: 6.1 a) Consent provided by the User). The User may withdraw their consent at any time.

The data provided will be kept until your application has been processed and for a maximum period of 12 months.

Your data may be transferred to companies within the group, whose parent company is COMSA CORPORACIÓN, for the purposes for which you have provided your consent, as well as to retain a comprehensive and centralised management of Users with the various companies within COMSA CORPORACIÓN, and in order for the Users to be able to have access to their data via any of these companies, respecting in all cases applicable legislation regarding personal data protection, and without the need for Users to be informed every time a first notification is sent.

You are informed that COMSA CORPORACIÓN does not take automated decisions in relation to its Users.

• Work With Us Form:

The information provided by the User (hereinafter also referred to as “Candidates”) will be processed by COMSA CORPORACIÓN for the purpose of including you in the recruitment selection processes that meet your profile.

The processing of this data is based on the User consent when providing your information (GDPR: 6.1 a) Consent provided by the User). The User may withdraw their consent at any time.

Similarly, you are informed that in the case of not being chosen for the position you have requested, or when your profile does not fit processes currently open, your information will be retained for future recruitment processes that may meet your profile for a maximum period of two (2) years from the time you provide your curriculum, “CV”) to COMSA CORPORACIÓN. Once this period expires, this information will be blocked in accordance with current legislation.

Your data may be transferred to companies within the COMSA CORPORACIÓN group, given that the CV tool used for recruitment selection is used by the whole group.

In the case of any amendments to your information, please inform us immediately in writing.

You are informed that COMSA CORPORACIÓN does not take automated decisions in relation to its Candidates.

Ethics Channel Form:

COMSA CORPORACIÓN processes information included in reports that arrive through the COMSA CORPORACIÓN Ethics Channel for the purpose of receiving reports, to decide whether or not to initiate an investigation of the reported facts, to protect the whistleblower from retaliation and to adopt, if necessary, the appropriate corrective measures and/or to initiate legal actions against the reported persons and/or third parties, as well as to prove the proper functioning of the Compliance Model and to defend the interests of COMSA CORPORACIÓN. More information can be found in the Whistleblowing Management System Data Protection Policy.

2.3. In addition, we inform you that the information on the databases may be used for the purposes of:

  • Offering you a more personalised browsing experience as a User of our website.
  • To prepare statistics regarding countries and servers that regularly visit our website.
  • To discover the times with the highest number of visits to the website, as well as to make specific changes to prevent access problems.

The processing of this data is based on legitimate interests (GDPR: 6.1 f) Purposes of legitimate interests) pursued by the data controller or by a third party, provided that such interests are not overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the data subject is a child.

You are informed that COMSA CORPORACIÓN does not take automated decisions in relation to its Users.

3. Links

Within the framework of communications included in previous sections, we inform you that the COMSA CORPORACIÓN website may contain links, applications or functions shared with third parties, such as social networks or online communication systems.

COMSA CORPORACIÓN is not liable for the information gathered by these applications, functions or social networks held by third parties, as they have no capacity of management or control over them, with the legal warnings and privacy policies being applicable that may be contained on the third party websites or similar, and we advise you to make yourself aware and be in agreement with their legal conditions and privacy regulations before continuing use, or providing any type of personal information.

4. User Rights

You may exercise the rights acknowledged by the GDPR at any time, and specifically rights of access, rectification, cancellation, objection, erasure and restriction of processing of your data and portability, and are not subject to automated decisions, where applicable.

The rights referred to in the preceding paragraph may be exercised by sending a request to lopd@comsa.com or to the address C/ Viriato 47, 08014 Barcelona, providing a copy of your ID card or other document proving your identity and specifying in your request which of these rights you want to be satisfied.

In the case of acting via a representative, you should also provide a document that confirms their representation and their identity document.

You may check the models, forms and further information regarding these rights at the official page of the Spanish Agency for Data Protection (www.aepd.es).

Furthermore, should you have provided your consent for a specific processing or purpose, you may withdraw it at any time.

You may file a claim to the controlling authority (Spanish Agency for Data Protection) if you believe that any of your rights under current legal provisions have been breached. However, in order to provide a better service, we would ask you to first contact COMSA CORPORACIÓN through the service channels indicated above in order to be able to process your concern more quickly, as well as clarifying any queries you may have.

5. Website Use and Contents Users Liability

The person gaining access to the Website, as well as the use of information and contents contained therein, will have sole liability in relation to its access.

Therefore, the use of the information, images, contents and/or highlighted and accessible products via the Website will be subject to applicable legality, either state-wide or internationally, as well as to the principles of good faith and legal use by the Users, who will be required to make reasonable use of the services or contents, under the principle of good faith, and respecting current law, morality, public order, good manners and the rights of third parties or of COMSA CORPORACIÓN.

In relation to this, the User is liable for the authenticity of the information provided, agreeing that they shall be accurate, up-to-date and complete, for the purpose for which they are collected, and will be liable for any damages, lost income or future damage that may occur in relation to the inaccuracy of said data.

Furthermore, if the information provided in the corresponding forms belong to a third party, the User shall be solely liable for confirming the content and information in relation to the third party regarding the information contained in the Website’s legal warning and privacy policy.

6. COMSA CORPORACIÓN liability exclusion

COMSA CORPORACIÓN shall not be liable in any way due any failures in relation to the updating, veracity, authenticity and accuracy of the data that the User has provided, and of the consequences that may arise in relation to 3rd parties.

In relation to third-party data, COMSA CORPORACIÓN is not liable for the information that the User has provided without obtaining their consent.

7. Cookies

COMSA CORPORACIÓN will use storage and data recovery devices (‘Cookies’) when the User has provided their prior consent for this, in accordance with the information contained on the User’s browser pop-up screen when accessing the Website for the first time, and in relation to the other terms and conditions provided to the User in the COMSA CORPORACIÓN Cookies Policy, of which all Users should be aware.

8. Minors

Minors may not make use of the services available via the Website, without prior authorisation by their parents, guardians or legal representatives, who shall be solely liable for any acts carried out on the Website by minors in their charge, including the completion of forms with the personal data of said minors, and the ticking of boxes attached, where applicable.

9. Security Measures

COMSA CORPORACIÓN adopts the levels of security required by the GDPR, which are appropriate in relation to the nature of the data processed at the time.

However, technical security in a format such as the Internet is not impenetrable, and there may exist wilful acts by third parties, even when COMSA CORPORACIÓN takes all measures within its reach to prevent these acts.

10. Updates and review

This Policy will be reviewed and updated whenever necessary to adapt it to our practices, services and to the applicable legislation at the time. We recommend you review this Policy each time you access our Website in order to be properly informed about how and for what purpose we process your data.